# FreeBSD IPsec Network Performance UDP Restraints Question



## danmart (Sep 12, 2013)

Hello,

I am new at FreeBSD and I am trying to configure my 10 Gbps network infrastructure using FreeBSD and IPsec. However, with IPsec I am coming across major network performance restrictions. Without IPsec I am clearly getting line rate speeds. When I turn on IPsec no matter if it is with encryption or just using authentication headers and simple tunneling I am getting network performance degradation of going from 9.7 Gbps to at most 2.7 Gbps with packet loss using UDP traffic. With Linux it is actually much smoother.  The error log messages are:


```
_ipip_input: packet dropped because of full queue
ipsec4_common_input_cb: queue full; proto 51 packet dropped
ipsec4_common_input_cb: queue full; proto 51 packet dropped
_ipip_input: packet dropped because of full queue
```

And these messages simply repeat continually. I cannot help but think this issue may be tunable. I have noticed a few other people having similar issues but I have yet seen a fix to this. Maybe someone out there may have some ideas or suggestions.

Thanks,

Joe


----------

