As an IT professional, you’re probably accustomed to user complaints about the speed and stability of their VPN connections. Employees need to quickly access systems and stream video calls but are constantly getting disconnected or experiencing disruptions of service due to poor VPN performance. Have you ever stopped to think about why this is? This blog post will explain how VPNs work, why they gobble up bandwidth, and what you can do about it.
What is a VPN?
Virtual Private Networks (VPNs) are virtual tunnels that connect networks to one another in order to enable communication. VPNs were introduced years ago as a point solution to enable branches and remote employees to connect to the corporate network, from time to time. However, with today’s growing volumes of traffic and skyrocketing remote connectivity needs, VPNs are a bulky, slow and insecure solution for remote connectivity.
How Do VPNs Work?
VPNs typically work by “stacking” network protocols one on top of another in order to transport payloads between private networks over the public internet. Three of the most common VPN protocols today are IPSec, PPTP and L2TP.
These protocols operate differently from one another at the technical level, but the following statements are generally true for all of them:
(a) They are stateful protocols and require a “heavy” negotiation and a “handshake” before the connection is established.
(b) They typically require “exotic” network configuration like UDP 500, TCP 1701 and IP protocol number 50 – which are not typically open in firewalls along the way, and some countries may even block them entirely.
(c) As these protocols “stack” the user payload inside of them, they typically bloat the payload and can add anywhere from 10 to 25 percent of overhead!
In addition, VPN packets are routed through the public internet’s best effort route. This is not always the most optimized and efficient way to connect to a given site, which could result in latency and low performance.
As a result, connecting and routing may take a very long time, during which the user cannot access business resources and be productive. Even a simple reconnect due to a network failure could take an extended amount of time.
This is especially problematic when users need to connect to a variety of different sites. When establishing a VPN connection, the user is required to choose which site to connect to before the session starts. For example, “US-WEST” vs “US-EAST.” If resources are needed from another site, the user must disconnect and then reconnect, adding even more wasted time and inefficiency.
Who is Impacted by VPN Performance?
All users are impacted if they have to connect through VPNs. However, poor VPN performance especially affects users who:
- Require real-time streaming, like video calls or online games
- Use applications that require low latency, like RDP and CAD
- Operate in environments with limited bandwidth
Connectivity with Cyolo
The Cyolo solution uses the HTTP/2 over TLS protocol to transport user payloads. HTTP/2 is a stateless protocol, which means it does not require a heavy handshake in the beginning. As a result, HTTP/2 does not add a lot of overhead to the payloads. TLS is one of the most popular protocols on the internet and thus it is seldom blocked.
Since this typical internet protocol is not blocked or stateful, access is provided to all approved sites immediately, without having to choose which site to connect to or requiring the user to disconnect from one site in order to connect to another. This ensures a smooth process that powers business agility.
In addition, encapsulation takes place directly over HTTP/2 over TLS, which adds only minimal bloat to the packets and contributes to quick and optimized routing. Finally, when routing these packets, they are optimized over the congestion-free AWS network to ensure speed and stability.
VPN vs. Cyolo ZTNA 2.0 – A Comparison
Let’s look at a comparison of the two connectivity solutions.
| VPNs | Cyolo ZTNA 2.0 | |
| Protocol | IPSec/L2TP/PPTP | HTTP/2 |
| Connection Establishment | Stateful – requires negotiation | Stateless |
| Site Connection | Single – one site at a time | Multiple – all sites at any time |
| Encapsulation | Many additional layers | Minimal |
| Routing | Best effort | Optimized |
Distributed systems, cloud connectivity and remote work all require IT systems to find new and more innovative ways to ensure a secure and efficient connection for employees.
To learn how to replace your VPN with zero trust in 4 simple steps, click here or schedule a meeting with our team.
