So I've had poor streaming quality for the past few days in netflix. Almost all of my streaming was happening at 480p, it was buffering a good bit, and just poor loading times, all of which is very atypical of my 80Mbps download capabilities. I changed a few things in my PFSense around the same time these issues came up so I did about 3 hours of digging on my network to try to alleviate the issue before generating a phone call to my ISPs support team to figure out the issue. Nothing work, so I called my buddy that lives down the street from me and he's having the same speedtests: 250Kbps on fast.com, ~75 Mbps on speedtest and ~5 Mbps on the 2nd hop speedtest that our ISP hosts. That's right, the 2 hop speedtest was 1/15th the speed of the WAN speedtest located in the same city.
But no. The issues were that I was using a firewall. I never used the words PFSense, but my firewall was the reason that all the issues were happening on my network. Because I had a firewall everything was broken and it was only my fault. Forget the fact my friend had the issue. Forget the fact that the speed test on the 2 hop 'intranet' was slow and the WAN was perfectly fine...it was my firewalls fault.
When I put my computer behind a VPN on my firewall? Everything is fine. As soon as I go through the WAN naturally, it's slow as dirt. But. it's. the. firewalls. fault.
I'm just writing this because I'm pissed with the tech I just got off the phone with. I forgot to test it straight from my laptop to the modem before I hung up so I did that afterwards and it was -the worst test of the night-. I called back and had a tech scheduled to come out.
The second on had the CMD on it to prove I was on the WAN IP connection directly to the modem. And remember, when not on the VPN that's two hops away. My VPN runs out of Chicago and I'm in the southeast so it probably had >6 hops to get back to their speedtest.
Nah man don't you see? My firewall is making my internet slow. Forget that all of that came through the same firewall, it's what's breaking my WAN connection.
I guess this is a good thing to remember in the future. Now we all know to tell whatever yahoo answers a support call that we aren't using a firewall. For fear of burning down the building.
How do you think I feel. I'm spending my lunch break at home -right now- waiting on this guy to get here just to tell him that their router is the issue. I've been down this path 2 other times with this same company... one time they didn't even know the first routers next hop was to Kansas.... I'm in the southeast. It took them ~3 weeks to fix that.
After a few hours of looking at the issue the technician determined that my modem had an incorrect frequency. When I connected my laptop to the modem and connected the VPN and had zero issues I asked how that was frequency related and he responded "I just don't know, let me change the frequency." So he did some things on the line, came back and said give it 24 hours and it should get better. Internet sucked that night, sucked the next morning, but by lunch it was fine.
If a VPN is faster than direct access, which is actually not uncommon, it's because your ISP is pulling tricks.
I don't really want to throw this onto the forum because some people will flip out again, but every single ISP in the world does throttling. There is no such thing as net neutrality.
Do the test for yourselves:
Set the DNS server in your router to Google or Cisco (OpenDNS). At this point, every single DNS resolve request that goes through your router, will be directed to google or cisco right?
Wrong! Your ISP is hijacking your port 53 DNS resolve requests. Don't believe that, do the test with iphost or a similar tool to determine the actual IP of your DNS resolver, you'll see that it's not google and not cisco. Fallback? Nope, cisco and google are always on!
Install DNSCrypt, set your internal DNS host to 127.0.x.x, that being the internal resolver set in DNSCrypt. DNSCrypt will listen to port 53 on 127.0.x.x and then redirect the DNS resolve request in https over port 443 to the DNS resolver of your choice. By default it's cisco (OpenDNS), but you can also set it to any of the independent resolvers found in the included CSV file. Some are not tracking and not censored, at least they claim to be.
Run the test again, and you'll see two things: your internet speed goes up, and your DNS resolver is the DNS resolver of your choice. Because your ISP doesn't see your DNS requests any more, so it costs them more to throttle your acces to certain sites.
It doesn't always solve the problem though, a lot of ISP's use DPI to determine throttling and censorship rules.
It also doesn't solve everything, like you probably want to combine it with DNSSEC to know for sure that you're talking to the right server lol.
But DNSCrypt is easy and available for everyone without big effort, and it solves most of the problems with dishonest ISP's.
You're about a week too late and 3 feet under the joke there Zoltan, though the explanation may help someone who found this by googling and having legit issues.
Edit: but the ISP isn't going to throttle a 2 hop speedtest on their internal servers.