Total sum of data usage on VPN or without VPN

Work from home peoples are complaining the “internet is slow” and to them, it’s because there are more people online gaming, watching online series.

ISP’s said: yes there’s more data, but not at levels straining the infrastructure.

So… Since most “work from home” go through VPN, my thought is that the employer’s company network is strained, because everyone is working from home & over VPN.

…

That got me interested in numbers:

How much extra data is used on the entire internet, (so not just from your / the user’s perspective… Because that’s around 10-15%, if what I found online is correct)

So for example:

• A) everyone works from the office:

– Employee computer talks to a server.

– Server exchanges data. 1gb is 1gb.

• B) everyone works from home:

– Employee computer talks to the companies VPN,

– Company VPN talks to a server,

– Server exchanges data back 1gb is 1.15gb.

– Company VPN as a middleman sends it to the employee 1.15gb is 1.32gb

– Total network usage: 2.47gb

Is that roughly correct, or am I missing something

The amount of data and where it flows is going to be different depending on how the company has implemented work-from-home. Taking their usual work laptop or PC home will place different loads on the network than if they leave their work PC at work and control it remotely. Then there are the companies that use primarily virtual instances (Citrix), and the companies where most of the resources are in the cloud somewhere, with varying methods of access. For example, if your company uses the cloud, and remote working means connecting directly to the cloud from home, the load on the corporate network will drop dramatically.

IMO, the total amount of data be transferred isn’t anything other than a curiosity. Corporate networks, even for the smallest networks, are not a single, flat entity. For instance, one “side” of the VPN server will be connected to the internal network with access to the servers and/or desktops. But the VPN server connections facing the Internet that users connect to from home should be on a completely different part of the network that shares nothing with the internal cooperate network since it is accessible from the Internet. The amount of traffic between the VPN server and the Internet has no effect on the performance on the internal corporate network (but the inside connection does). And where this connection is located relative to the corporate firewall can vary.

What matters is how well the different links, switches, routers and other devices can handle the current workload. From a network tech’s perspective, there isn’t any such thing as “the network” - it’s a bunch of different kinds of bits and bobs that each have to be managed, cared for and fixed when borked. I might tell a user “the network is overloaded”, but in my head it’s “g0/1 is getting buffer overruns”.

That’s pretty far out. The VPN overhead is negligible.

IMO, there are several factors at play here:

- increased number of users: kids not going to school; students attending remote (streaming) lectures; people not able to work (as they can’t work remotely) surfing, watching videos etc; employees working from home who generate additional traffic (you wouldn’t necessarily have Youtube running if you were in the office, but you can do so at home); etc.

- the exchange between the VPN entry point and the generic “company server” more often than not never uses the Internet; more likely, they are in the same data center (different network segments) and the traffic goes over dedicated links inside the DC.

- many companies employ split tunneling for their VPN, especially with the advent of cloud-based services (think Office365, Google Docs); in other words, the only traffic going through the work VPN is the traffic that has to go through the VPN (i.e. to reach a company internal server), while a lot / most of the regular “office” usage goes over the Internet (same as it would do when being in the office)

- in many cases, company-dedicated or collocated DCs have direct (peering) links to major Internet exchanges; in other words, if your company DC is located in Frankfurt and you want to access AWS, the traffic doesn’t go Frankfurt - USA -Frankfurt, but rather Frankfurt-Frankfurt.

- many (most?) ISPs oversubscribe their connection; you pay for (let’s say) a 1 Gbps connection; so do your 20 neighbors in the same building/block; all this goes out through a single 10 Gbps connection. This works normally, as not all people try to use their 1 Gbps (or even part of it) at the same time - but with everyone being at home the whole day, this might hit the physical limit of the uplink. IMO, this is the most frequent case resulting in “poor connection”.

- depending on which ISP you use, which ISP your company uses, how peering (see above) between them is set up, how routing is in place, you may have vastly different (subjective) performance.

Total network usage with a VPN increases about 10% due to overhead. It’s not more than double.

See this diagram.

When I’m in the office, my workstation connects directly to the server. My data stays entirely on the right side of the diagram. Those connections are huge and fast. Gigabit connections, probably.

Using a VPN from home adds extra stops along the way. Through the firewall, router, and VPN server. The problem is, those connections aren’t sized for everyone to use them all the time. They will be the bottleneck. That internet connection will be slower than the LAN connections inside the office.

Thanks for your insight.

So when people are complaining about “internet issues”
“Connection timing out/ disconnecting, ping over 200ms”
when working from home in these time with extreme numbers of remote working.

While:

• National oversight of the national data network (those who would throttle normal internet users so that government, defense, hospitals, etc… Have priority) is saying there is higher data use, but in no way causing issues.

• ISP’s are saying there are no significant issues.

• gamers and people streaming videos (those “taking too much internet away from those working from home” ) notice no issues / slowdowns.

…
So would it be a fair assumption to think the issue is more likely to be in the connection between the home workers and their company, VPN, cloud service, etc…

Understood.

But why would the only group noticing these issues be people working from home.

• third party / network oversight sees no problems.

• ISP’s see no problems (okay, these might be lying.)

• gamers & people watching online video also see no issues. (I’d imagine someone playing an online shooter to complain when their game glitches / lags. Or video buffering every minute.

National oversight of the national data network (those who would throttle normal internet users so that government, defense, hospitals, etc… Have priority)

There is no such government oversight, at least not in the USA. There is a legal framework where certain agencies can demand to be moved to the head of the repair queue when service has been disrupted such as by a hurricane, but I don’t think it works the way you are thinking - it is worded more at fixing things physically damaged. You pre-register that you are “special”, and then when telephone poles are knocked down, you tell the ISP directly “fix me first”. This is very similar to how the electrical utilities have always worked. There is no national entity involved when something happens, at least not that I know of.

The military and other critical parts of the government have their own national networks totally separate from anything civilians use. They have their own fiber, their own routers, everything. It is expected that anyone who has critical life network needs outside their facilities (and I would not expect that to include hospitals) have made their own arrangements for resiliency and redundancy in disasters. For example, a hospital that depends on the Internet to provide care will have problems after tornadoes, earthquakes and hurricanes so they really should not depend on the Internet minute to minute. ISPs each monitor their own networks and take corrective action on their own, or in cooperation with the ISPs they are connected to/through.

I tend to use the Internet off and on all through a 24 hour day. I have not seen any issues. None of my monitoring tools have noticed anything unusual. And one of the places I watch to see how things are going the main discussion is over legalities and concepts, and no discussion of any actual problems (the NANOG mailing list).

Where I am seeing problem discussions is corporate network operators simply not having enough VPN server capacity. Some are running out of licenses, but the big vendors have stepped up to provide free licenses for the duration.

Any problems are likely to be “last mile” problems - the local neighborhood having high workload causing congestion, the same as you would see during a blizzard with everyone home at once. Or the connection from the ISP to the corporate VPN server simply not being big enough because the company previously didn’t need to pay for such a large capacity.

The Internet and corporate networks are quite complex. Every possible cause of problems will show up eventually. Trying to sum the potential problems of the Internet up in a few sentences is taking it too far to be useful, IMO.

But why would the only group noticing these issues be people working from home.

Prove that statement is true. Would you know if some random multinational corporate network is have connectivity problems from the USA to branch offices in South America? What you see on the news is far from the total sum of what is actually happening.

The simpler explanation is that corporations didn’t buy VPN servers big enough for everyone to work from home at once. When a server is overloaded, the options are limited. Other services, such as corporate teleconference systems, are also stressed.

The gaming load right now is somewhat high usage, but nothing exceptional compare to the holidays or when a very popular new game is released, or needs 27GB of downloads for every person to update to a new version.

- Undersized company-side infrastructure (designed to have 10-20% of people working remotely, facing 95% every day) - this is the biggest likely cause

- Qualitative changes in demand (all meetings happen over video conferencing rather than in person - see above about the cloud-based services, which might get overloaded themselves)

- Subjective perception (“I really want to work and this thing is too slow”)

- Expectation vs. reality (“This thing was much faster when I was in the office”)

- Undersized home-side infrastructure (“this router was running fine when I was surfing alone, now that my entire family is hammering it, it’s kind of bad”)

I’m not in the US.

Here there is a none government research group that monitors, studies, the network of our (public) ISP’s.

And provide internet to universities, school, government (who, also have their own secondary / seperate network.)

This group would be the ones saying we’ll yea, the network of the ISP’s can’t handle the load from everyone being at home, because of budget cuts & lack of investment.

See see… That’s why we’re here.

Fact that they didn’t suggests that things run normally.

But OT, like you said… Likely source is corporate network, VPN server capacity / licencing.

Simply based off of various platforms were people complain / give help regarding their internet.

If there are problems with ISP x, you have various busses of people coming in.

• damn internet, YouTube keeps buffering,

• I have a bad k/d ratio bacause damn internet.

• lady stopped moving between 2 moans and left me hanging.

• my messaging app messages won’t go through.

Now it was only those working from home,

And most other groups pitching in with advice, or saying gaming is fine only 10ms, etc.

I was wondering, which is why I put in the disclaimer about the USA.

Most of the time, corporate “VPN Servers” are appliances bought from companies like Fortinet and Cisco. When they have reached capacity, it isn’t a matter of spinning up another virtual server, a physical box may have to be purchased. Running licensed software on a virtual machine to act as a VPN server solution is increasing slightly, but having a direct path to the Internet from a VM Host NIC gives most network security people heartburn. It is easier to ensure security when things fail or work improperly when there is physical isolation. Some corporate network security people won’t even an Internet connection to run as a VLAN through a switch that carries Intranet traffic - you have to use physically independent hardware for anything carrying Internet traffic.