Hello,
I am new at FreeBSD and I am trying to configure my 10Gbps network infrastructure using FreeBSD and IPsec. However, with IPsec I am coming across major network performance restrictions. With out IPsec I am clearly getting line rate speeds. When I turn on IPsec no matter if it is with encryption or just using authentication headers and simple tunneling I am getting network performance degradation of going from 9.7Gbps to at most 2.7 Gbps with packet loss using UDP traffic. With Linux it is actually much smoother. The error log messages are:
Code:_ipip_input: packet dropped because of full queue ipsec4_common_input_cb: queue full; proto 51 packet dropped ipsec4_common_input_cb: queue full; proto 51 packet dropped _ipip_input: packet dropped because of full queue
And these messages simply repeat continually. I cannot help but think this issue maybe tunable. I have noticed a few other people having similar issues but I have yet seen a fix to this. Maybe someone out there may have some ideas or suggestions.
Thanks,
Joe