Results 1 to 2 of 2
  1. #1
    Join Date
    Sep 2013

    Default FreeBSD IPsec Network Performance UDP Question


    I am new at FreeBSD and I am trying to configure my 10Gbps network infrastructure using FreeBSD and IPsec. However, with IPsec I am coming across major network performance restrictions. With out IPsec I am clearly getting line rate speeds. When I turn on IPsec no matter if it is with encryption or just using authentication headers and simple tunneling I am getting network performance degradation of going from 9.7Gbps to at most 2.7 Gbps with packet loss using UDP traffic. With Linux it is actually much smoother. The error log messages are:

    _ipip_input: packet dropped because of full queue
    ipsec4_common_input_cb: queue full; proto 51 packet dropped
    ipsec4_common_input_cb: queue full; proto 51 packet dropped
    _ipip_input: packet dropped because of full queue

    And these messages simply repeat continually. I cannot help but think this issue maybe tunable. I have noticed a few other people having similar issues but I have yet seen a fix to this. Maybe someone out there may have some ideas or suggestions.



  2. #2
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008


    And what is the role of untangle in this problem? Damned google search!!!!
    The world is divided into 10 kinds of people, who know binary and those not

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

SEO by vBSEO 3.6.0 PL2