FreeBSD IPsec Network Performance UDP Question

[joemart]

Hello,

I am new at FreeBSD and I am trying to configure my 10Gbps network infrastructure using FreeBSD and IPsec. However, with IPsec I am coming across major network performance restrictions. With out IPsec I am clearly getting line rate speeds. When I turn on IPsec no matter if it is with encryption or just using authentication headers and simple tunneling I am getting network performance degradation of going from 9.7Gbps to at most 2.7 Gbps with packet loss using UDP traffic. With Linux it is actually much smoother. The error log messages are:

Code:

_ipip_input: packet dropped because of full queue
ipsec4_common_input_cb: queue full; proto 51 packet dropped
ipsec4_common_input_cb: queue full; proto 51 packet dropped
_ipip_input: packet dropped because of full queue

And these messages simply repeat continually. I cannot help but think this issue maybe tunable. I have noticed a few other people having similar issues but I have yet seen a fix to this. Maybe someone out there may have some ideas or suggestions.

Thanks,

Joe

[dwasserman]

And what is the role of untangle in this problem? Damned google search!!!!