VPNs are great for so many reasons: they allow you to remain more anonymous, minimize tracking, unlock geo-restricted content, and even help you wank away to obscure furry fetish porn — all without your ISP knowing it. However one of the biggest complaints you will hear online goes something like this:
- “When I use insert_company_name my speed drop from X to Y”
- “company1 is so slow, I switched to company2 and my speeds are a lot better”
When you see these types of comments, most people logically assume that company1 oversells their bandwidth and runs servers at 100% capacity, so it’s slow for everyone, while company2 does not. It’s a logical assumption, but in most cases it could not be further from reality.
Computer Networking 101
Contrary to popular belief, the Internet is not a series of tubes. It’s a massive collection of independently owned networks that are all interconnected based on a set of rules.
These interconnections reside in the physical world in the form of fiber-optic cables that lie under the sea, as well as on land. The cables are joined at Internet Exchanges, which are massive data-centers scattered throughout the globe. Inside these data-centers there are very expensive routers that route packets from one network to the other based on rules set out by the owners of these networks.
When you request a webpage, stream a video, or do literally anything on the Internet, you have to be able to reach a very specific server which can be located anywhere in the world. A connection is then opened by your computer/phone/”smart toaster” to an IP address. To your device this looks rather simple: connect to this IP, and download some data. The simplicity is deceiving, as in order for you to actually connect to that specific IP address, your connection has to transit though several computer networks, which could span the entire globe. A traceroute utility can help you visualize this hidden complexity.
Let’s start off with a simple example: ovh.com
This is pretty much the best case scenario. As you can see, the request stays entirely within a single network (AS16276). There is very little chance for things to go wrong along the way, as a single company controls all of the network’s infrastructure. It also helps that the server we’re testing from is in the same building as the website of the hosting provider, this is why you see sub-millisecond latency.
Now let’s look at something on the opposite side of the planet, by which I mean New Zealand.
You will notice that the connection went through 3 different networks (AS16276, AS4826, and AS37999), however there were a lot more hops in between and so the whole trip took ~192ms. Even more impressively, your connection visited the following cities along the way before reaching it’s final destination — a data center in Auckland:
- Montreal
- Newark
- Ashburn
- Los Angles
- Cross the Pacific Ocean
- Auckland
You can identify each physical location by looking for airport codes in the hostnames of different routers.
All of this is accomplished in 0.19s, that’s pretty damn cool. As you can probably imagine, however, there is a lot of room for things to go wrong along the way as nothing made by humans works perfectly 100% of the time except… nope… nothing is coming to mind.
The connection had to transit through 3 different networks, and at least 17 different routers. A problem between any 2 routers can cause your connection to be slowed down, or broken entirely.
Causes of bad speeds
“Uhh great, how does this relate to VPNs?”, you may be asking. Well, VPN speeds can be affected by many factors. We’re going to discuss the most common ones below. These can be broken down into 2 categories:
- Outside of user’s control
- Within user’s control
Slow Speeds — Outside of User’s Control
Global networking
When you connect to a VPN server, it’s no different than accessing a website. The VPN server can be located right next to you, or it can be found on the other side of the planet. The further away you are from the server, the more networks your connection has to transit through in order to reach the destination. The more networks (and individual routers) in between, the higher the chance of something going wrong. These problems can include, but are not limited to:
- Physical cable breakage —someone tries to dig for treasure in their backyard and accidentally severs a physical cable. They blame it on Russian spies and avoid prosecution, but the damage is done, the cable is broken.
- Network saturation — Each physical line (fiber optic/copper cable) has a capacity limit. If that limit is reached, the average network throughput goes down. This should not be confused with network saturation of the actual server. The saturation can occur between any 2 routers along the way. The saturation may not be physical in nature, but a contractual one. The upstream provider only paid for 10GBps, while the physical line can allow for more traffic to transit through it.
- Bad routing — Border Gateway Protocol (BGP) is not perfect, and neither are people. The route may not be the most optimal one to reach a specific destination. For example, under normal circumstances, your favorite VPN server may be 5 hops away. If the route changes, which can happen multiple times a day, your connection may take a less optimal route. This may add latency and therefore reduce speeds.
Typically speaking, a VPN provider has very little to no control over these aspects. In some cases, routing paths can be adjusted by the hosting company at the request of the VPN provider, but that’s about it.
Misconfigured VPN server
Almost every VPN provider sets up and manages their own VPN servers. Depending on the skill level of their network engineers, this can be done well, or extremely poorly. I won’t go into detail here, but unless the operators are complete idiots, a poorly setup server is a fairly unlikely scenario. However, given that there are over 200 VPN companies out there, many of which are entirely operated by very small teams (a couple of people), it’s not outside the realm of possibility.
VPN server network saturation
When people think “slow speeds” they usually blame network interface saturation of the server, concluding that the VPN provider is “overselling” the servers and keeping them at maximum capacity without adding additional servers. Given the amount of shoddy VPN operations that are out there, “overselling” in this way is very likely with small scale providers that operate a handful of servers. However, for medium to large scale VPN providers, adding another 5–50 servers in a location is not a huge cost. This ensures that no server is running at capacity.
If you look at Windscribe’s server status page, you will see that none of our data-centers (which host multiple Windscribe servers) operate at above 60% capacity, and the vast majority of locations are well below 30%. By keeping the average usage low, we can make sure that the VPN server itself will not be the bottleneck, even if we experience a sudden spike in usage.
ISP Interference
Although you may think that your Internet service provider is there to provide you Internet access, their actual objective is to make your life as miserable as possible — and charge you for it. If you think that they provide you with unrestricted and unfiltered Internet access, you’re living in the dream world, especially if that world is in China, Turkey, Russia or most of the Middle East.
In extreme examples, ISPs block whole sections of the Internet, usually at the request of the government, or — scarier still — because they’re owned by the government. You may think that if you live in “the West”, your ISP is different, but that’s not actually the case. Here are just some examples:
- Verizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controls
- YouTube, Netflix Videos Found to Be Slowed by Wireless Carriers
- EFF study confirms Comcast’s BitTorrent interference
This is just the tip of the iceberg. If ISPs actively police the type of packets they carry on their network, it’s not far-fetched to assume that this monitoring goes beyond Netflix and Torrenting, especially since a VPN is usually the go-to countermeasure that combats this type of throttling.
Slow Speeds — Within User’s Control
A commonly omitted category of slow speed causes is the end-user’s network and device itself.
Network Issues
Your home network is an extension of the Internet. It has a router, and therefore creates another “hop” your connection has to transit through. In a traceroute, your home router will be the first hop. If your home router is the bottleneck, it doesn’t matter how fast or slow all the subsequent networks are, you will not have a good time. Your router can be a bottleneck for several reasons:
- Old router— Old routers have weak CPUs. If you’re running a VPN on an ancient router, there is a very high chance that it will be the ultimate bottleneck for speeds. You can verify this by connecting to the same location in our apps, while being disconnected on the router. If the speeds are better, your router is to blame and should be punished.
- Misconfigured router— Not everyone is a certified network engineer, but that doesn’t stop some people from fiddling with router settings they do not understand. Enabling various firewalls and intrusion detection systems will cause the router to inspect all traffic for possible threats. As a result, encrypted VPN tunnels can/will be slowed down or broken entirely. Try resetting your router to factory defaults and see if there is an increase in speeds.
- Initial slow speeds — If your initial Internet connection is below 3mbit, using a VPN may make it entirely unusable, as you have very little room for speed loss, which is usually inevitable.
Device Issues
Computers, much like humans, are in many ways unique. Every user of every device installs a unique combination of software, modifies their settings, etc., so no two devices are the same. Device configuration can affect connectivity and speeds in many different ways:
- OS updates — Every OS update is a chance for something to go wrong. Some updates can even break parts of your computer, rendering them dysfunctional — as has happened several times with past Windows updates. The inverse of that is equally true, where an OS update can resolve “unfixable” issues.
- Disabling critical services — Some people disable system services thinking that it will “speed up the computer”. Some of these services are required for VPNs to function optimally, or at all. For example, if you disable the RasMan or SstpSvc Windows services, IKEv2 connectivity is impossible, and you will use the much slower OpenVPN protocol.
- 3rd party anti-virus or firewall — AV software these days does a lot more than scan files on disk for viruses. It hooks into the OS on a very deep level and monitors all activity that’s happening on your computer. Sometimes this can go deep enough to include network interfaces as well. When AV software tries to inspect encrypted network traffic it can slow down the connection, or break the tunnel entirely. If you use this type of anti virus software, try disabling the “SSL Scanning” feature in the settings. Better yet, remove it entirely and practice common sense.
The scenarios mentioned above are not exhaustive, but I hope it helps to illustrate the amount of moving parts and that all of them have to perform amicably for you to have decent throughput over the tunnel. If you continue to have speed issues, there are a few additional things you can try (at least with Windscribe’s software):
- Connect to a different location — We offer servers in over 110 different data centers. If you recall the “Computer Networking 101” you should understand why this is important. Rule of thumb: connecting to (geographically) closer location will usually yield faster speeds due to lower latency.
- Try different protocols/ports— We offer 5 different connection protocols, and over 20 different connection ports. Depending on the network you are on, some will perform better than others, or not at all. If you’re struggling, we recommend trying them all until you find one that works well for you. There is no 1 size fits all.
- Nuclear Option — If you are sure that you’re not on a restricted network and you are still unable to connect or experiencing glacial speeds, sometimes starting from scratch is the best solution. Reinstalling the OS has been reported to fix “unfixable” issues. Your mileage may vary.