On occasions over the last few months, IS has been contacted with regard to network performance issues in relation to the VPN (the GlobalProtect VPN). As a result we have built up some recommendations that may be helpful to others experiencing this.
To start with, our VPN is unlikely to be the root cause of any performance issue. Whilst there are many places whose VPN gateway has suffered because of the increased usage during the lockdown period; this is because they typically utilise a separate hardware device to provision the VPN and this is sized for the usual usage pattern.
In our case, our VPN gateway shares the hardware with the main university firewall and so shares its capacity – essentially bandwidth that was previously available for on campus usage is now available for VPN usage (it’s a bit more complex than that, but is a reasonable approximation). In addition the firewall went through a hardware refresh last year, so it is currently running on relatively new hardware and has plenty of capacity available.
There are many ways of testing the bandwidth available via a network connection, but to keep things simple the suggestion is to use the test at https://speedtest.net/. Bear in mind that we’re not so much trying for an accurate test, but a relative speed :-
- Measure using the above speedtest with the VPN turned off. The result will be in megabits per second (or Mbps).
- Measure again with the VPN turned on.
- Finally calculate the relative speed with :-
percentage = ( (VPN turned on) / (VPN turned off) ) * 100
This will give a percentage result indicating what proportion of your basic Internet speed is available with the VPN turned on. A good result is anywhere more than 80%.
If you get a reasonable result, and your VPN performance is still poor bear in mind that the overall speed of the network connection has a bearing – whilst some things will work fine (if sluggishly) below 10Mbps, other things will start to break when things get too slow.
If your overall performance is poor, you may have no other option than to upgrade or change your ISP to get better performance. But bear in mind the next section!
Whatever variety of wireless you are running at home, it can be subject to interference issues. And these are not always constant – interference can change according to the time of day (and the usage of wireless).
Firstly wireless is a shared media – my phone right now can see over a dozen wireless networks to connect to, and whilst not everyone lives in such a dense environment, any busy wireless network nearby will have an effect on how much traffic can travel through your wireless network.
Secondly wireless does not necessarily travel very well – walls (especially thick brick or stone walls) can attenuate the signal and cause a severe impact to wireless performance. For example, my home office is upstairs and at the back, whereas my wireless routers are downstairs at the front – trying to use wireless from my home office would be an exercise in frustration at the continual disconnections and abysmal performance.
So our very first recommendation is to plug your PC directly into your broadband router with a cable; even as just a test to confirm (or not) that the wireless network is problematic.
Dangling a cable all the way through a house (or flat) is not a sensible (or safe) solution, so for years I have been using a TP-Link powerline adapter – two boxes which plug into a wall power socket, and effectively “bridge” a network cable across the house power lines. A link to a similar produce can be found here (other suppliers exist; other products exist; all relevant disclaimers about this not being an official recommendation, etc).
Domestic routers tend to be engineered to prioritise economy than robustness and longevity.
In some cases such routers can get slower over time if they are left on continuously. It can be worth trying to restart the router (remove power, wait 5 seconds, restore power) to see if that improves matters. If it does, you can restart it on a regular basis – once a month or once a week.
In other cases, if you have an older router it may have started to go wrong or simply one of it’s internal components might not be keeping up with the amount of bits going through it. There is not much you can do about this other than to replace the router.
If your ISP supplied the router and it is quite old (5 years or more), it may be worth asking your ISP if an upgraded router is available.
How healthy is your PC? Particularly if it is a self-managed device (i.e. one you own).
If you are lucky enough to be able to have a spare PC or laptop (or can borrow one from someone else in the family), it may be worth installing GlobalProtect onto it and retrying the speed test. If borrowing from one of the family, make sure that their VPN connection is turned off (there is no need to uninstall it!) – two VPNs turned on at the same time will yield surprising and unfortunate results!
The other possibility is to try and borrow something from IS, although at the current stage of the academic year they may be in rather short supply.
Virgin Media Cable
Virgin is a popular choice for supplying an Internet connection given the available speeds they provide. However we believe (and JANET – the university’s ISP) that Virgin Media has an intermittent problem relating to VPN traffic performance being routed to the academic networks – it isn’t just us.
Many people will not notice because the difference between 150Mbps and 200Mbps isn’t sufficient to cause a significant problem, but in some cases it can.
There is not a great deal IS can do about this – we can’t log faults for connections that we are not the customer for! JANET themselves are in contact with Virgin, but it may help if you are experiencing issues to :-
- Run through the various steps contained within to try and indicate that the problem is with Virgin.
- Emphasise to Virgin that the we (the university) does not believe the VPN gateway to be the root cause of the problem and non-Virgin customers do not see a huge performance hit when using the VPN.
Virgin are unlikely to escalate the call priority for just one person, but if they receive a pattern of similar calls it increases the chances of more senior engineers (and perhaps managers setting policy) paying attention.