Overall Latency
In general, clients on the network have the best web browsing experience when the total time to retrieve web resources is under 300ms. This total time to obtain web resources (such as documents, images, and stylesheets) includes both the time to retrieve a DNS response and the time needed to establish a connection with the server indicated in the DNS response. Secure Access aims to minimize the distance that a DNS packet must travel from a client device to our DNS resolvers. However, we do not control the responsiveness of those web servers or how traffic from various locations on the Internet is routed.
TOTAL TIME = Time to retrieve DNS response + Time to retrieve a web resource
There are two factors to consider when optimizing DNS response time: the distance between the VA and the Secure Access Anycast DNS resolvers, and the distance between the client and the VA.
The VA, when deployed, will forward all externally-bound DNS requests to the Secure Access DNS resolvers, 208.67.222.222 and 208.67.220.220. Therefore, when determining the latency between the VA and the closest Secure Access data center, we recommend an average DNS response time under 150ms for the best user experience.
When determining where to deploy VAs in your environment, you will want to take into account the distance between the clients that will utilize the VAs and the VAs themselves. For optimal performance, an average ping time between a client and the VM host on which the VA lives should not exceed 50ms.