ISP v.s. VPN line speeds

Posted on 2014-12-15
Medium Priority
Last Modified: 2014-12-22
I have a user who is telling me that on the VPN download = 8.71 mbps, upload speed = 7.94 mbps

Without VPN his home ISP offers, download = 92.47 mbps, upload speed = 9.65 mbps

Is this possible?
Question by:operationsIT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 11

Expert Comment

ID: 40500929
Unless you use split-tunneling, when your user is connected via VPN, he is limited by the speeds available to YOUR network - that is, the network where the VPN terminates. How big is the Internet pipe at your office?
Do you have any throttling or bandwidth usage limitations in effect for your VPN solution?
LVL 30

Expert Comment

ID: 40500940
Of course it is possible.
The simplest case is:
The same user can have on other side of VPN tunnel also 100/10Mbps link, so effective transfer between two VPN locations would be 10/10Mbps. Download speed on one side - is limited by upload speed of other side of VPN tunnel. There's protocol overhead, decryption and encryption of traffic, it all takes time, so speed is always slower then unencrypted line (9.65Mbps - 7,94Mbps), etc...
LVL 26

Expert Comment

by:Fred Marshall
ID: 40501082
As Predrag Iovic says... the VPN is limited by the *lower* of the upload speed at one end and corresponding download speed at the other end.  Then you apply this rule in both directions.

Perhaps less well known is that latency can have a major effect on apparent speed if the latency is large - such as half-way around the world.  In that case, latency affects hand-shaking speed which, in turn, affects actual throughput.  There are products being offered to help in those cases.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 40508994
@rharland2009 - the office pipe is 100M
We do not have split tunnel so the VPN users are using our network pipe.

@Predrac jovic/fmarshall - Can you give me an example of this "the VPN is limited by the *lower* of the upload speed at one end and corresponding download speed at the other end.  Then you apply this rule in both directions."
LVL 11

Accepted Solution

rharland2009 earned 1000 total points
ID: 40509008
What they mean is this - your home user has a 100 down/10 up connection, for example.
Your office location at the other end of the VPN ALSO has a 100 down/10 up connection.
Home user connects via VPN. Without split-tunneling, this means that all traffic - both to the office resources AND the internet - traverses the VPN tunnel created between the two connections.
Home user, while connected to the VPN, does a download speed test.
Even though the office has a 100M pipe, the traffic to and from the home client while testing is constrained to 10M best case - because the internet traffic to the home client still has to traverse the 10M upstream link FROM the office to the home client.
LVL 26

Assisted Solution

by:Fred Marshall
Fred Marshall earned 1000 total points
ID: 40510292
Let's assume that you have one site "A" that has 100 up / 100 down just to make it unrealistic but simple.
Let's also assume that you have another site "B" that has 10 up / 10 down.  More realistic maybe and also simple.

Now set up a VPN between the two.

Traffic from A to B can go up from A at 100 if theres some buffering "in the pipe".  
But that same traffic coming into B is limited at 10.
So, overall, the effective data rate from A to B is 10.
But you may have expected this because you know that B's down speed is 10.

Traffic from B to A can go up from B at 10.
Traffic from B to A might go down at A at 100 but only in bursts if that because B's up rate limits what can arrive.
So, overall, the effective data rate from B to A is 10.

Now let's make it a little more interesting and avoid any confusion because of the equal numbers I used above.  The numbers below are more typical of commodity / consumer connections with ADSL or even with cable connections:

Let's assume that you have one site "C" that has 5 up / 10 down.
Let's also assume that you have another site "D" that has 3 up / 10 down.

Traffic from C to D can go up from C at 5 if there's some buffering "in the pipe".  
And, that same traffic coming into D is limited to 10.
So, overall, the effective data rate from C to D is 5 because that's all C can provide.
This is a case where the upload speed at C limits.

Traffic from D to C can go up from D at 3.
Traffic from D to C might go down at C at 10 but only in bursts if that because D's up rate of 3 limits what can arrive at C.
So, overall, the effective data rate from D to C is 3 because that's all that D can provide.

Then, of course, there has to be handshaking and even perhaps some data sharing that's bigger "coming back".  (A file backup verification process might do that).  
- If most of the data is going UP from the site with slowest up speed then that will dominate.
- if some of the data is going up from the site with the highest up speed, then that will affect the speed and you won't achieve the higher up speed over all.

Author Closing Comment

ID: 40512992
Great thank you for the details!

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question