I am a software developer and I sometimes want to work from home but to write code over on a VPN is just tortuously slow. I have tried several different things to try and make it more reasonable. On VNC I try and tweak it so that it is as light as possible. I tried X11 forwarding and I have tried just using a pure terminal. None of these are something I can stand for more than a few minutes.
Rather than just be a complainer I thought I would take some measurements with traceroute in both directions to see how bad it really was. Now I have the numbers but I am not sure if they are bad enough to warrant some action from the IT professionals in our company or whether they will just see me as the complainer (ie. nobody else complains about this). So here are the numbers.
Tracing from my client machine back to my server:
$ tracert myserver
Tracing route to myserver.myco.com [169.129.70.27]
over a maximum of 30 hops:
1 663 ms 685 ms 404 ms 169.129.85.51
2 456 ms 295 ms 265 ms 169.129.85.40
3 421 ms 409 ms 423 ms 41.41.125.109
4 395 ms 411 ms 412 ms 41.41.125.122
5 433 ms 409 ms 438 ms 169.129.74.51
6 652 ms 404 ms 354 ms myserver.myco.com [169.129.70.27]
Trace complete.
So the median is 404 ms and no dropped packets but it seems like all the latency occures right away with the first hop median of 663 ms… hmmm…
Tracing from my server machine back to my client:
> traceroute 169.129.85.51
traceroute to 169.129.85.51 (169.129.85.51), 30 hops max, 46 byte packets
1 169.129.169.51 (169.129.169.51) 0.274 ms 0.185 ms 0.185 ms
2 169.129.174.11 (169.129.174.11) 14.497 ms 14.437 ms 15.937 ms
3 41.3.125.121 (41.3.125.121) 24.215 ms 24.863 ms 24.213 ms
4 41.3.125.110 (41.3.125.110) 85.694 ms 87.208 ms 83.187 ms
5 169.129.85.51 (169.129.85.51) 85.937 ms * 89.498 ms
So the max latency in this direction is 89.5 ms with one packet dropped but the progression from each stop seems more reasonable a it starts out small at the first hop and increases through each hop.
So is this something that I should ask to have fixed or is this typical beviour for a VPN into a corporate network?
UPDATE
So I was able to reduce the time in half (roughly). I noticed when I was pinging around that it seems like they route all traffic through NY and then send it back here which seems to take roughly 200ms each leg. So I decided to play them at there own game and I started a VNC session on the servers in NY thus eliminating one leg of the trip. It is still not perfect but it is tolerable. It would be really nice if they just let us access our servers here directly then the latency would be reduced by half again and would be really snappy… Anyway, learned some networking stuff tonight!
Best Answer
As a comparison, when I play first person shooters online typical latency (ping times) where I'm at range from 20ms to 150ms. Even lower numbers are possible (though rare). Anything more than that and players start getting angry at you for causing lag / throwing registration off. The players in a game may be spread all over the country, and those numbers tend to hold true for most everyone. Anything over 150ms and something's not right.
For a VPN connection to your place of work where you should be physically close enough to visit the office in person, you ought to be able to stay near the low end of that range. That said, read the tracert carefully. I work at a college, and I recently traced from home (on campus at the time!) to a campus server less than a block away. I was on a DSL line, and the college's provider is a fiber line from Time Warner. We're in rural Nebraska, and the packets hopped through Denver and then to Texas before the two providers' networks finally peered, and then routed through Chicago on the way back to town. That's quite a trip just to pull packets from less than 1/4 mile away. I switched over to a Time Warner cable line to match the college's ISP, and my tracert's got a whole lot more reasonable — it still hops to Lincoln, but it's down to 10ms on average and much of that is just moving through my 6yr old wireless router. So you might see if a friend with a different ISP can get better results.
The slowness in one direction but not the other also indicates to me that it likely has to do with your company's gateway, specifically the content filter if there is one. Those can add significant overhead (read: latency) to processing packets. It's likely your IT staff specifically bypassed the content filter for VPN traffic in one direction, but did not (or perhaps could not without rendering the filter moot) bypass the traffic in the other direction.