I have submitted a ticket. Sadly in two weeks nothing has changed. I figured before I bark up the wrong tree I might just find out what the experience of others are, since I’ve only heard bad things regarding zscaler. I am having some trouble communicating to support, that it’s not just a single app but everything due to the latency and speed.
If you visit https://www.ip2location.com, do you see your IP as in Singapore or Sydney?
I will see if I can get any updates. So far our rollout has been painfully slow, it almost seems halted. There are many issues, we still require the Cisco vpn for domain controller full access. Currently it seems the packet loss inside of the datacenter is a big issue. We were initially told it wouldn’t tunnel all traffic but seems tunnel v2 has been selected, tunneling everything. Meaning if I sit at home with 1gbps fibre. I now only have 140Mbps.
Our worst performance was on DTLS, down about 70% from our typical throughout.
We have done hours of PCAPS/MTRs for them to review showing the 50% loss across tunnel 2.0, 1.0 and TWLP. We don’t have any GRE tunnels and moved everyone from 1.0 to 2.0 based on their recommendation and 2.0 is about 20% slower than 1.0.
We are starting to play around with MTU to see if that helps
Architecturally both private access and internet access works differently.
Check speedtest.zscaler.com and ip.zscaler.com from your pc to see wgere are you connected and check if that makes sense to your phisycal location.
This only works for public internet applications.
Private apps are influenced by private access policies / settinga setup by your organization
It was fixed last year. But the problem was the IP showed as Broome on ip2location, now it’s back where it should be, out at Dubbo.
For us it has at least.
DTLS can be a bit tricky if you have a DTLS hostile/UDP hostile network. I have seen for example Tmobile block DTLS completely. Feel free to shoot me a PM if you want with the case number and I will take a look. I have worked a lot with customers on performance issues as I primarily work in Healthcare which has a lot of latency sensitive applications.
This speed test is really odd. The latency is shows seems to be low but things that took 5ms are 11ms when the speed test says the latency is 6ms. The public speedtest shows slower than the tunnel speed test.
Public speed test will always show slower. Traffic gets throttled or dropped which is why Zscaler gives you a speed test that doesn’t have that issue.
Performance is very subjective but you could also use ZDX to see a deep trace on just where latency exists.
You can also run a speed test to compare traffic using the address 127.0.0.1:9000/?ztest?q=@ this speed test will show you Ztunnel traffic vs direct traffic download & upload speeds.
I will have a look into ZDX. Public speed test I get around 60-80% of the line speed. The 127.0.0.1 zscaler speedtest I get around 25-60% of the line speed for non tunneled traffic (according to it) which I find extremely odd.
This is the one that shows me that the tunnel traffic is faster than not tunneled. The standard one doesn’t work.