NordLynx, our brand new WireGuard®-based protocol, is delighting users with its high speeds and excellent security and privacy. Before releasing it, however, we needed to observe it under field conditions, tweak configurations, and polish the client side. After testing it on Linux, we were ready to release it to other major platforms, like Windows, Mac, iOS, and Android.
Apr 23, 2020 · 5 min read
We were aware that, due to the WireGuard® architecture, NordLynx should be way faster than any VPN protocol in the same category. However, we couldn't base our technological decisions on guessing, so we ran quite a few tests – 256,886 to be exact – to understand the prospective performance of Nordlynx. Here are the findings that prove just how fast NordLynx really is.
First, a bit of background.
To get a better idea behind such extensive speed testing, let’s start by looking at the methodology we used.
Our goal was to understand how a VPN protocol impacts the connection speed. We specified four scenarios that cover the majority of possible behavioral patterns of using VPN:
To put the speed tests to work, we created a Docker image equipped with configurations of three VPN protocols (NordLynx, OpenVPN, and IKEv2) and the Ookla’s Speedtest CLI tool. After the image is mounted on a virtual machine (VM), every two minutes it:
The test target consists of a combo of a VPN server country to connect to (chosen from a list¹) and a Speedtest server country (chosen from a list).
To get data that would allow us to compare VPN connection speed per protocol, we ran 47 VMs on 9 different providers² in 19 different cities³ in 8 different countries⁴.
Every test attempt generated a line in the dataset that included:
This way, we performed around 8200 speed tests daily for a month. (Fig. 1)
As you can see in the figure below, there were slightly more tests performed with OpenVPN than with the other two protocols. This can be explained by unequal server distribution per protocol in our network. Currently, OpenVPN is the most popular protocol among NordVPN users. Hence, there are more servers in our network that support OpenVPN than servers that support IKEv2 and NordLynx.
Before jumping to the results, let’s take a quick discourse back to the internet fundamentals.
A network packet path from a user’s computer to a target server (web, game, or any other content server) consists of quite a few steps:
There are many factors that can affect the download and upload speed at each step. This makes an always perfectly fast and stable connection nearly impossible.
Our devices have a certain limit of throughput, depending on the model. For example, if you have an iPhone 11 equipped with Wi-Fi 6, a theoretical throughput limit for it is 10 Gbps. Older models with Wi-Fi 5 or Wi-Fi 4 would limit your internet connection speed to 2.34 Gbps and 450 Mbps, respectively.
Moving further, your Wi-Fi router has hardware limitations as well. Both the router and the phone can be heavily loaded at the time you run a speed test. Your ISP can be overwhelmed by the number of people trying to watch Tiger King on Netflix in 4K while working from home.
And we’re just scratching the surface here. There are dozens of other factors affecting speed throughout the path (Fig. 3), but we don’t need to cover them all right now. The point is, we needed to test as many cases as possible. That’s why we performed such a massive number of tests and looked at value distributions instead of absolute numbers.
Remember the scenarios mentioned in the beginning? Now let’s take a look at the speed test results for them.
Scenario: The client is connected to the closest VPN server, and the content server is as close to the VPN server as possible.
To test this scenario, all randomly selected targets (VPN server, VM location, and Speedtest server) were located in the US. Here are the download speeds we observed:
These histograms tell us a few things. First, NordLynx obviously has higher mean and median values in download speed. IKEv2 stands second and OpenVPN third.
Another important thing to notice is the variance of each histogram. What is happening here? As mentioned earlier, there are numerous factors affecting the connection speed. Knowing this, we can say that the VPN protocol is lifting the upper bound of the download speed. The higher the upper bound, the greater variance we see in the download speed distribution, as there’s a wider range of potential speed reduction due to noisy environmental conditions.
Scenario: The client is connected to a VPN server overseas, but the content server is as close to the client as possible
This example includes results from the tests performed using a VM and a Speedtest server located in the UK, and a VPN server located in the US. Here’s what we got:
We can see how increasing the length of the path between a user and a content server while having a VPN server in the middle adds so much overhead that the protocol itself plays a lesser role in the download speed. Both mean and median values are still higher for NordLynx, but the difference is not as impressive as in the first scenario.
Scenario: The client is connected to the closest VPN server, but the content server is far from the VPN server
The third example includes results where both the virtual machine and the VPN server are located in the US while the Speedtest server is located in the UK.
These histograms are a bit harder to read. The winners in terms of the download speed aren’t as obvious as before. However, it makes one thing very clear: the distance between a VPN server and a content server makes up for a large portion of the speed reduction.
Instead of moving to the last scenario, we’ll stop here and focus on distance. To better visualize its impact, we added more information to the existing dataset: the distance between the country of a VPN server and the country of a Speedtest server.
Each point in the plot represents an average download speed for the distance between a VPN server and a Speedtest server. What we see here is pretty exciting: if you connect to a VPN server close to you and download content from a CDN in range of a few thousand kilometers, you can expect almost up to 2x higher download speed with NordLynx! But of course, as the distance grows longer, the difference in download speed decreases.
What about the upload speed? As you can see in the visualization below, the results are very similar.
Backed by the results of this extensive speed testing, we can say that the download and upload speeds can get up to two times faster with NordLynx compared to OpenVPN and IKEv2. That applies when the distance between a VPN server and a content server is up to a few thousand kilometers. You may ask: have you looked at the confidence of the results? The short answer is yes. To get all the details, check out this blog post on measurement accuracy.
There will be more exciting things regarding VPN speed coming in the near future. But for now, we want to give everyone a possibility to take a closer look at the results we’ve gathered by making the entire dataset with 256,886 rows of our speed testing data public. So feel free to dig deeper, draw your own conclusions, and share them with us.
¹ US, CA, DE, HK, SG, AU, UK, NL, FR, JP, SE
² 100TB, ALTUHOST, DigitalOcean, GloboTech, Linode, ONEPROVIDER, Online SAS, OVH, Vult.
³ Amsterdam, Atlanta, Chicago, Dallas, Frankfurt, New York, London, Hong Kong, Los Angeles, Miami, Montreal, Paris, San Jose, Seattle, Singapore, Stockholm, Sydney, Tokyo, Toronto
⁴ FR, GB, US, DE, NL, JP, SG, AU