[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


ISP v.s. VPN line speeds

Posted on 2014-12-15
Medium Priority
Last Modified: 2014-12-22
I have a user who is telling me that on the VPN download = 8.71 mbps, upload speed = 7.94 mbps

Without VPN his home ISP offers, download = 92.47 mbps, upload speed = 9.65 mbps

Is this possible?
Question by:operationsIT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 11

Expert Comment

ID: 40500929
Unless you use split-tunneling, when your user is connected via VPN, he is limited by the speeds available to YOUR network - that is, the network where the VPN terminates. How big is the Internet pipe at your office?
Do you have any throttling or bandwidth usage limitations in effect for your VPN solution?
LVL 31

Expert Comment

ID: 40500940
Of course it is possible.
The simplest case is:
The same user can have on other side of VPN tunnel also 100/10Mbps link, so effective transfer between two VPN locations would be 10/10Mbps. Download speed on one side - is limited by upload speed of other side of VPN tunnel. There's protocol overhead, decryption and encryption of traffic, it all takes time, so speed is always slower then unencrypted line (9.65Mbps - 7,94Mbps), etc...
LVL 26

Expert Comment

by:Fred Marshall
ID: 40501082
As Predrag Iovic says... the VPN is limited by the *lower* of the upload speed at one end and corresponding download speed at the other end.  Then you apply this rule in both directions.

Perhaps less well known is that latency can have a major effect on apparent speed if the latency is large - such as half-way around the world.  In that case, latency affects hand-shaking speed which, in turn, affects actual throughput.  There are products being offered to help in those cases.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 40508994
@rharland2009 - the office pipe is 100M
We do not have split tunnel so the VPN users are using our network pipe.

@Predrac jovic/fmarshall - Can you give me an example of this "the VPN is limited by the *lower* of the upload speed at one end and corresponding download speed at the other end.  Then you apply this rule in both directions."
LVL 11

Accepted Solution

rharland2009 earned 1000 total points
ID: 40509008
What they mean is this - your home user has a 100 down/10 up connection, for example.
Your office location at the other end of the VPN ALSO has a 100 down/10 up connection.
Home user connects via VPN. Without split-tunneling, this means that all traffic - both to the office resources AND the internet - traverses the VPN tunnel created between the two connections.
Home user, while connected to the VPN, does a download speed test.
Even though the office has a 100M pipe, the traffic to and from the home client while testing is constrained to 10M best case - because the internet traffic to the home client still has to traverse the 10M upstream link FROM the office to the home client.
LVL 26

Assisted Solution

by:Fred Marshall
Fred Marshall earned 1000 total points
ID: 40510292
Let's assume that you have one site "A" that has 100 up / 100 down just to make it unrealistic but simple.
Let's also assume that you have another site "B" that has 10 up / 10 down.  More realistic maybe and also simple.

Now set up a VPN between the two.

Traffic from A to B can go up from A at 100 if theres some buffering "in the pipe".  
But that same traffic coming into B is limited at 10.
So, overall, the effective data rate from A to B is 10.
But you may have expected this because you know that B's down speed is 10.

Traffic from B to A can go up from B at 10.
Traffic from B to A might go down at A at 100 but only in bursts if that because B's up rate limits what can arrive.
So, overall, the effective data rate from B to A is 10.

Now let's make it a little more interesting and avoid any confusion because of the equal numbers I used above.  The numbers below are more typical of commodity / consumer connections with ADSL or even with cable connections:

Let's assume that you have one site "C" that has 5 up / 10 down.
Let's also assume that you have another site "D" that has 3 up / 10 down.

Traffic from C to D can go up from C at 5 if there's some buffering "in the pipe".  
And, that same traffic coming into D is limited to 10.
So, overall, the effective data rate from C to D is 5 because that's all C can provide.
This is a case where the upload speed at C limits.

Traffic from D to C can go up from D at 3.
Traffic from D to C might go down at C at 10 but only in bursts if that because D's up rate of 3 limits what can arrive at C.
So, overall, the effective data rate from D to C is 3 because that's all that D can provide.

Then, of course, there has to be handshaking and even perhaps some data sharing that's bigger "coming back".  (A file backup verification process might do that).  
- If most of the data is going UP from the site with slowest up speed then that will dominate.
- if some of the data is going up from the site with the highest up speed, then that will affect the speed and you won't achieve the higher up speed over all.

Author Closing Comment

ID: 40512992
Great thank you for the details!

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question