A network device identifies an Internet Protocol Security (IPsec) tunnel that connects the network device to a remote device and determines that dead peer detection (DPD) is enabled at the network device. The network device receives a first DPD request message from the remote device via the IPsec tunnel, and sends a first DPD response message to the remote device via the IPsec tunnel. The network device determines that a workload of the network device satisfies a threshold amount, and sends one or more encapsulating security payload (ESP) packets that include traffic flow confidentiality (TFC) payload data to the remote device via the IPsec tunnel. The network device determines that the workload of the network device does not satisfy the threshold amount. The network device receives a second DPD request message from the remote device and sends a second DPD response message to the remote device via the IPsec tunnel.