Does Your VPN Performance Slow You Down? Here’s Why

Eran Shmuely

Eran Shmuely

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on pinterest

As an IT professional, you’re probably accustomed to user complaints about the speed and stability of their VPN connections. Employees need to quickly access systems and stream video calls but are constantly getting disconnected or experiencing disruptions of service due to poor VPN performance. Have you ever stopped to think about why this is? This blog post will explain how VPNs work, why they gobble up bandwidth, and what you can do about it.

What is a VPN?

Virtual Private Networks (VPNs) are virtual tunnels that connect networks to one another in order to enable communication. VPNs were introduced years ago as a point solution to enable branches and remote employees to connect to the corporate network, from time to time. However, with today’s growing volumes of traffic and skyrocketing remote connectivity needs, VPNs are a bulky, slow and insecure solution for remote connectivity.

How Do VPNs Work?

VPNs typically work by “stacking” network protocols one on top of another in order to transport payloads between private networks over the public internet. Three  of the most common VPN protocols today are IPSec, PPTP and L2TP. 

These protocols operate differently from one another at the technical level, but the following statements are generally true for all of them:

(a) They are stateful protocols and require a “heavy” negotiation and a “handshake” before the connection is established.

(b) They typically require “exotic” network configuration like UDP 500, TCP 1701 and IP protocol number 50 – which are not typically open in firewalls along the way, and some countries may even block them entirely. 

(c) As these protocols “stack” the user payload inside of them, they typically bloat the payload and can add anywhere from 10 to 25 percent of overhead! 

In addition, VPN packets are routed through the public internet’s best effort route. This is not always the most optimized and efficient way to connect to a given site, which could result in latency and low performance.

As a result, connecting and routing may take a very long time, during which the user cannot access business resources and be productive. Even a simple reconnect due to a network failure could take an extended amount of time.

This is especially problematic when users need to connect to a variety of different sites. When establishing a VPN connection, the user is required to choose which site to connect to before the session starts. For example, “US-WEST” vs “US-EAST.” If resources are needed from another site, the user must disconnect and then reconnect, adding even more wasted time and inefficiency.

Who is Impacted by VPN Performance?

All users are impacted if they have to connect through VPNs. However, poor VPN performance especially affects users who:

  • Require real-time streaming, like video calls or online games
  • Use applications that require low latency, like RDP and CAD
  • Operate in environments with limited bandwidth

Connectivity with Cyolo

The Cyolo solution uses the HTTP/2 over TLS protocol to transport user payloads. HTTP/2 is a stateless protocol, which means it does not require a heavy handshake in the beginning. As a result, HTTP/2 does not add a lot of overhead to the payloads. TLS is one of the most popular protocols on the internet and thus it is seldom blocked.

Since this typical internet protocol is not blocked or stateful, access is provided to all approved sites immediately, without having to choose which site to connect to or requiring the user to disconnect from one site in order to connect to another. This ensures a smooth process that powers business agility.

In addition, encapsulation takes place directly over HTTP/2 over TLS, which adds only minimal bloat to the packets and contributes to quick and optimized routing. Finally, when routing these packets, they are optimized over the congestion-free AWS network to ensure speed and stability.

VPN vs. Cyolo ZTNA 2.0 – A Comparison

Let’s look at a comparison of the two connectivity solutions.

VPNs Cyolo ZTNA 2.0
Protocol IPSec/L2TP/PPTP HTTP/2
Connection Establishment Stateful – requires negotiation Stateless 
Site Connection Single – one site at a time Multiple – all sites at any time
Encapsulation Many additional layers Minimal
Routing Best effort Optimized

 

Distributed systems, cloud connectivity and remote work all require IT systems to find new and more innovative ways to ensure a secure and efficient connection for employees.

To learn how to replace your VPN with zero trust in 4 simple steps, click here or schedule a meeting with our team.

 

 

Subscribe to our Blog

Get the latest posts in your email

LIVE WEBINAR: Compliance is Tough. A Zero Trust Approach Can Make It Easier

Zero Trust Whitepaper

5 Things to Consider Before Adopting a Zero Trust Strategy

highlights3

Can You Trust Your Zero Trust Provider?

More Articles

Subscribe to our Blog

Subscribe to our Blog

Get the latest posts in your email