Jump to content
Not connected, Your IP: 3.139.69.138

Recommended Posts

My ISP recently upgraded my connection from 50mbps down & up to 300 down/100 up.  So been trying to maximize my throughput while connected to airvpn and haven't been able to achieve more than 150-160 mbps download (able to get 100 up).

 

Using my pfsense router, I max out at about 110/100, but that's expected as the h/w I have isn't going to do any better.  So I installed Eddie on Windows 10 (Intel i5 processor @ 3.2Ghz, 16GB RAM) and I can't get anymore than 150-160/100, but it's barely taxing the CPU (~20%) so it seems like there's more to be had.  I've set the ovpn buffers to 512K to get the 150/100.  I've noticed two things:

 

Any speedtest I do seems to burst out of the gate at 200+ then levels out very quickly to 150-160 steady.  On the status page for airvpn, it seems the top speeds for any users are always around ~150mbps.  So am I chasing the impossible here?  I know the web site says there are no limits, but is there a max per user (and if there was and it's 150mbps, I'm definitely not complaining), but I just don't want to keep tweaking things if there's nothing more to gain than the 150 I'm currently achieving.

Share this post


Link to post

Hello,

 

we do not enforce any cap on bandwidth, you are just meeting physical limitations. Our servers are connected to 1 Gbit/s ports and 150 Mbit/s means 300 Mbit/s on the server. In general, our infrastructure and above all our prices/business plans are designed to reliably provide 40-160 Mbit/s per client (i.e. 20-80 on the client side) - and 16 Mbit/s (server side) in the "worst case scenario" (i.e. if everybody connects at the same time AND requires maximum bandwidth constantly).

 

Given the current oversize (redundancy) of Air infrastructure, however, you can easily reach (as you have experienced) 300-400 Mbit/s (which translates into 150-200 Mbit/s on the client side) with some care to pick a properly "not heavily loaded" server.

 

Consider that currently it would not make much sense to get 10 Gbit/s ports for our servers, because of computation limits in encrypting/decrypting AES-256-CBC in a single core.

 

Kind regards

Share this post


Link to post

Bursting and then leveling out at a slower speed is a common trick of ISPs.

 

I propose that many ISPs actually do what they can to make speed tests look quite speedy: Prioritizing that traffic, allowing full speed always (not bursting and then slowing down).  It would be a trivial matter for them.

 

But, since you are using openvpn they can't see what you're doing.  Therefore, they'll treat it like other traffic and allow a short burst at your "up to" speed (or max speed allowed by hardware), then slow it down to what they consider acceptable speeds.

 

Keep in mind that openvpn runs on 1 core only.  If you've got a dual core CPU, with hyperthreading 4 cores, then it makes sense that you'll see 20% overall CPU usage with 1 core pretty much maxed.  Is that what you see?

Share this post


Link to post

hmmm, no, ISP's don't treat VPN traffic like other traffic. Used to be that way but not any more. Heavily encrypted traffic like seen on VPN is handled differently and sent on a different route through the ISP network because it can't be immediately classified, it gets a lower priority and is shunted off through servers in the ISP network which are slower, have more limited bandwidth, and have higher latency before it hits the internet beyond the ISP network thus a person gets lower throughput ('connection speed') on VPN through their ISP network to begin with. 'Burst speed' for an ISP applies to normal priority traffic, not that with lower priority. In addition all non-classifiable traffic (such as heavily encrypted VPN traffic) in a ISP network is immediately placed at average throughput and never peak. This is a standard thing in all ISP networks world wide, its designed in. The reason for what seems like the 'burst speed' on VPN you mentioned is not 'burst speed' at all, its throughput at average but as soon as the encrypted VPN traffic is detected it shunted off through those other servers where it 'slows' down thus giving the appearance to some that 'burst speed' was interactive. In reality the VPN traffic started at the average of the ISP allowed throughput and then slowed down due to what I explained above, there was never any 'burst speed' involved.

 

Share this post


Link to post

 

But, since you are using openvpn they can't see what you're doing.  Therefore, they'll treat it like other traffic and allow a short burst at your "up to" speed (or max speed allowed by hardware), then slow it down to what they consider acceptable speeds.

 

hmmm, no, ISP's don't treat VPN traffic like other traffic. Used to be that way but not any more. Heavily encrypted traffic like seen on VPN is sent on a different route through the ISP network because it can't be immediately classified, it gets a lower priority and is shunted off through servers in the ISP network that have more limited bandwidth and higher latency b3efore it hits the internet beyond the ISP network thus a person gets lower throughput ('connection speed') on VPN through their ISP network. Burst speed for an ISP applies to normal traffic, not that with lower priority. This is a standard thing in all ISP networks, its designed in. 

 

I can partially agree with that as I've felt, for example, that my ISP purposely routes traffic to Air's servers via crazy routes just to be stinky.  Let's just say I want to use an Air server in the same state I live in but it routes it halfway across the country then back to my state.  I have to keep on my toes to find good routes.

 

But, usually I can get my line max speed over VPN so I can't agree that I get slower speed and whatnot.  A good way to test your theory is simply to use SSH, SSL even better perhaps, to test if your ISP gives you better performance.  An ISP would have to classify SSL 443 as https traffic - it shouldn't be low priority.  But, If plain UDP gives the best performance (as it does for me) then I believe that's proof your ISP isn't treating VPN traffic unfairly.

 

Anyway, the point I was making was that ISPs prefer speed test traffic so that the customer thinks they have fast internet.  Do you disagree with that?

Share this post


Link to post

I understand what you are saying, but given the fact that ISP's now also detect VPN use (because an OpenVPN based connection has a unique signature) the testing on VPN through the ISP network under the conditions you outline are still going to get shunted off and given a lower priority through the ISP network. I do this type of stuff for a living, we have many contracts with different ISP's all around the world to test their networks for compliance and one of the test scenarios used actually involves making sure non-classifiable traffic (which VPN traffic is) is given a lower priority by the system as its designed to do. Its not a theory, I am intimately familiar with it and can assure you with 100% certainly that VPN traffic is given a lower priority in the ISP network.

 

yes, ISP's use internet speed tests to make the user believe they have a certain level of throughput (which is actually the correct term, and not 'connection speed' which is actually a marketing term invented by ISP's many years ago). Actually what ISP's sell is bandwidth which is not the same as throughput, and guess what internet speed tests actually test (and poorly at best) - yep, bandwidth, which is what ISP's happen to actually sell so people look at a speed test site for testing thinking its testing throughput when in reality its not. I explained some of this over in this post > https://airvpn.org/topic/22210-long-time-pia-user/?do=findComment&comment=59571

Share this post


Link to post

Keep in mind that openvpn runs on 1 core only.  If you've got a dual core CPU, with hyperthreading 4 cores, then it makes sense that you'll see 20% overall CPU usage with 1 core pretty much maxed.  Is that what you see?

 

Indeed, yes.  150-160mbps seems to use about 80-85% of one core or about 20% of the total CPU.

Share this post


Link to post

Hello,

 

we do not enforce any cap on bandwidth, you are just meeting physical limitations. Our servers are connected to 1 Gbit/s ports and 150 Mbit/s means 300 Mbit/s on the server. In general, our infrastructure and above all our prices/business plans are designed to reliably provide 40-160 Mbit/s per client (i.e. 20-80 on the client side) - and 16 Mbit/s (server side) in the "worst case scenario" (i.e. if everybody connects at the same time AND requires maximum bandwidth constantly).

 

Given the current oversize (redundancy) of Air infrastructure, however, you can easily reach (as you have experienced) 300-400 Mbit/s (which translates into 150-200 Mbit/s on the client side) with some care to pick a properly "not heavily loaded" server.

 

Consider that currently it would not make much sense to get 10 Gbit/s ports for our servers, because of computation limits in encrypting/decrypting AES-256-CBC in a single core.

 

Kind regards

 

I'm curious.  I've started using torrents seriously for the first time.  I can get 160-170Mbps downloading quite comfortably via my connection (3 AirVPN connections load balanced via pfsense on a 200/200 connection), but uploading I've never seen more than 2Mbps.  This could be because I can't compete with seedboxes but I'm wondering now if I'm maxing out my AirVPN connection i.e. is the 160Mbps a total limit per user or is it each way i.e. if I'm downloading at 160Mbps does this mean I'll never be able to get good seeding speeds and should maybe limit downloads to 100Mbp?

 

Or should I be able to get 160Mbps both ways?

 

Also, given I'm using 3 connections at a time - is my theoretical max 3x160Mbps if I had the luxury of a better connection?

 

Thanks

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...