VPNs encrypt traffic to make a connection safe and private, but this can create a tradeoff between security and performance, as some VPN features can introduce latency.
After reading this article you will be able to:
Related Content
Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!
Copy article link
A virtual private network (VPN) is an Internet security service that allows users to access the Internet as though they were connected to a private network. VPNs encrypt Internet communications and keep user activity anonymous.
People use VPNs when they need an extra layer of privacy and security on the Internet; for this reason, VPNs are very popular with companies that have remote or globally distributed workforces. But VPNs have a built-in drawback: they can often create latency.
On the Internet, latency refers to the amount of time between a user action and a resulting response —for instance, the delay between when a user clicks a link to view an image and when the browser displays that image. Suppose Bob clicks a link and it takes several seconds before the image loads. In this case, Bob’s request is experiencing significant latency.
One of the primary causes of Internet latency is the physical distance between locations where data is accessed and delivered. When a user makes an Internet request, the farther the request and subsequent response have to travel, the more latency the user will experience. For example, if Alice in California makes a request to a website that has its content in a CDN server a few miles away, the request and response will be very fast because there is only a short distance to cover.
However, if Alice makes a request to a website server located in South Korea, the request and response will take significantly longer. Much like taking an international flight with many connections along the way, each request and response must travel through a series of routers as it travels from point A to point B. Each of these ‘hops’ from one router to another introduces more latency. Learn more about latency >>
VPNs can increase latency by introducing extra travel time for requests and responses. For example, suppose Bob is a remote employee in Oregon and he uses a Texas-based VPN service to connect to his corporate network. Every time Bob’s computer communicates over the Internet, it must send a request all the way to Texas, and then his VPN service will decrypt the request and forward it to the web server. The web server will then send a response back to the VPN server in Texas, and finally the VPN will encrypt this response and send it to Bob in Oregon.
This means even if Bob is trying to communicate with a data center a few miles from his home, his request will have to travel all the way from Oregon to Texas and back again, and so will the response. This is known as the trombone effect, and it can introduce a lot of latency.
Server load can also increase latency, and connecting to a VPN introduces a new opportunity for users to experience server load issues. Suppose Alice is connecting to a VPN server at the same time as 1,000 other users, and the server only has enough capacity to handle 300 requests at a time. The server will likely get overloaded and start queueing or dropping requests, slowing load times for Alice and many of the VPN’s other users. This experience is especially common with free and discount VPN service.
With a VPN, all communication between the user and the VPN is encrypted. The encryption process takes time, and depending on the type of encryption used, this may add noticeable latency to Internet communications. There is a tradeoff between VPN encryption strength and latency; typically, the most secure encryption protocols are more time-consuming and create the greatest amount of latency. (It should be noted that some newer encryption protocols such as TLS 1.3 aim to correct this by speeding up the encryption process.)
The two most popular encryption protocols used by VPNs are IPsec, which runs on the network layer of the OSI model, and SSL (also known as TLS), which runs on the application layer. When choosing a VPN provider, customers will have to decide which protocol they prefer.
IPsec and SSL provide very similar performance rates, but the IKEv2/IPsec protocol provides slightly faster connection negotiation speeds, giving it a slight performance edge.
One caveat here is that SSL VPNs may perform better when there are firewalls involved. Since SSL VPN traffic is indistinguishable from normal HTTPS Internet traffic, it is less likely to get blocked or rate limited by a firewall.
Under specific circumstances, VPNs can increase speeds for certain services. ISPs sometimes throttle, or artificially slow down, specific types of traffic; for example, several major ISPs have throttled streaming entertainment services like Netflix. If an ISP throttles communication speeds with a specific service, a VPN could circumvent this throttling, because the VPN encryption will prevent the ISP from knowing which services the user is communicating with.
Cloudflare Zero Trust is an identity and access management (IAM) product that monitors user access to any domain, application, or path hosted on Cloudflare. It integrates with single sign-on (SSO) (identity) providers like Okta and Google Auth while allowing administrators to alter and customize user permissions.
Many businesses are starting to use remote access services to replace their corporate VPNs, because they are much easier to use and do not encounter all of the same latency issues as VPNs. Since Cloudflare Zero Trust leverages Cloudflare's global network, customers can expect speedy performance from anywhere in the world, integrated with a powerful Zero Trust security solution. To get started with a free version of Cloudflare Zero Trust, see our Developer documentation.