SlideShare a Scribd company logo
A quick look at QUIC
Geoff Huston AM
APNIC Labs
Today I want to talk about..
• What QUIC is
• How much QUIC is out there
• Why QUIC is so interesting (to me!)
Today I want to talk about..
• What QUIC is
• How much QUIC is out there
• Why QUIC is so interesting (to me!)
QUIC is a mashup of TCP and TLS
HTTP
Multi-stream
TLS
Session Encryption
TCP
Data stream integrity
Congestion Control
HTTP
QUIC
Multi-stream
Encryption
Data stream integrity
Congestion Control
UDP
IP
HTTP/2
QUIC
HTTP/3
e2e encrypted
e2e encrypted
TCP is..
A transport protocol that constructs a reliable full duplex adaptive
streaming service on top of an unreliable IP datagram service
• Uses a coordinated state between the two end systems without any network
intervention or mediation
• Uses a sliding window to allow lost data to be resent
• Uses ACK-clocking to regulate the sending behaviour to match network path
capacity estimate
TCP isn’t…
• Fully independent of the underlying platform’s transport services
• Fully multi-stream (it has head-of-line blocking)
• Fully multi-path (yes, MP-TCP exists, but there are some outstanding issues here!)
• Address agile
• Free from on-the-wire network intervention (TCP control parameters
are sent in the clear)
• Has e2e encryption as a second step / afterthought
• Everything for everyone – it relies on the application to perform data
framing and in-band control
QUIC is…
Constructed upon a transport level framing protocol that offers applications
access to the basic IP datagram services offered by IP through the use of
UDP
All other transport services (data integrity, session control, congestion control,
encryption) are shifted upwards in the protocol stack towards the application. A host
platform may provide a QUIC API as part of the host library, but the application can
also provide its own QUIC service independent of the host
QUIC is…
So much more than just “encrypted TCP over UDP”
• Support for multi-stream multiplexing that avoids head-of-line blocking and
exploits a shared congestion and encryption state
• Faster - Combines transport and encryption setup exchange in a single 3-way
exchange at session start, and supports fast reopen
• Customisable - QUIC implementations can use individual flow controllers per
flow
• QUIC places its transport control fields inside the encryption envelope, so
QUIC features minimal exposure to the network
• Supports record and Remote Procedure Call service models as well as bit-
streaming and datagram services
QUIC is address agile
• NATs are potentially hostile to QUIC because of the outer UDP
wrapper
• A NAT may rebind a QUIC session (shift the externally visible address/port of a
host during a session), as NATs are not generally aware of UDP streaming
states
• QUIC uses a persistent “connection ID”
• If a host receives a QUIC frame with the same connection ID and a new source
IP address / port it will send a challenge by way of a random value that should
be echoed back. This is all performed within the e2e encryption envelope.
That way a QUIC e2e session can map into new address/port associations on
the fly
QUIC also…
• Is IP fragmentation intolerant – QUIC uses PMTUD, or defaults to
1,200 octet UDP payloads
• Never retransmits a QUIC packet – retransmitted data is sent in the
next QUIC packet number – this avoids ambiguity about packet
retransmission
• Extends TCP SACK to 256 packet number ranges (up from 3 in TCP
SACK)
• Separately encrypts each QUIC packet – no inter-packet dependencies
on decryption
• May load multiple QUIC packets in a single UDP frame
QUIC flow structuring
A QUIC connection is broken into
“streams” which are reliable data flows –
each stream performs stream-based loss
recovery, congestion control, and
relative stream scheduling for bandwidth
allocation
QUIC also supports unreliable encrypted
datagram delivery
QUIC and Remote Procedure Calls
• By associating each RPC request/reply with a new stream, QUIC can
support asynchronous RPC transactions using reliable messaging
• This can handle lost, mis-ordered and duplicated RPC messages without
common blocking or throttling
QUIC and Load Balancing
• This assumes that a front-end load balancer is capable of performing load
balancing on UDP flows using the UDP connection 5-tuple
• If the remote end performs NAT rebinding the load balancer will be thrown
by this shift, and it has no direct visibility into the e2e session to uncover
the connection ID
• Using UDP to carry sustained high-volume streams may not match the
internal optimisations used in server content delivery networks
NAT
Load Balancer
Server A
Server B
Source Address A
Source Address B
NAT re-binding
QUIC and Load Balancing
• This assumes that a front-end load balancer is capable of performing load
balancing on UDP flows using the UDP connection 5-tuple
• If the remote end performs NAT rebinding the load balancer will be thrown
by this shift, and it has no direct visibility into the e2e session to uncover
the connection ID
• Using UDP to carry sustained high-volume streams may not match the
internal optimisations used in server content delivery networks
• If we really want large scale QUIC with front-end load balancing and if we
still need to tolerate NATs then we will need to think about how the end
point can share the connection ID state with its front-end load balancer,
or how to terminate the QUIC session in the front-end and use a second
session to a selected server
QUIC and DOS
• Very little lies outside the encryption envelope in QUIC
• Which means all incoming packets addressed to the QUIC port need
to be decrypted
• But the QUIC session uses symmetric crypto so the packet decode
overhead is far smaller than an asymmetric crypto load for the same
packet rate
• It’s not the best answer, but it’s not disastrous either!
QUIC is:
• A logical evolutionary step for transport services, providing more
flexibility, faster connection setup, and a larger set of transport
services
• It’s what we should expect from a capable modern transport
protocol!
Today I want to talk about..
• What QUIC is
• How much QUIC is out there
• Why QUIC is so interesting (to me)
Triggering QUIC in HTTP
Use the DNS to trigger QUIC:
• Set up an HTTPS record for each server name, with value: alpn=“h3”
Use content-level controls to trigger QUIC:
• Add Alt-Svc: h3=“:443” to the HTML headers
(This second method requires a subsequent query in a distinct HTTP session to allow the client
to use the Alt-Svc capability.)
Triggering QUIC in HTTP
Use the DNS to trigger QUIC:
• Set up an HTTPS record for each server name, with value: alpn=“h3”
Use content-level controls to trigger QUIC:
• Add Alt-Svc: h3=“:443” to the HTML headers
First Fetch
Second Fetch
Setting Expectations
• Chrome has a dominant share of browser instances - roughly, some 65%*
• And Chrome has been supporting a switch to QUIC via the Alt-Svc
directive since 2020
* Oberlo.com
Setting Expectations
• Chrome has a dominant share of browser instances - roughly, some 65%*
• And Chrome has been supporting a switch to QUIC via the Alt-Svc
directive since 2020
• And Apple Safari is now supporting QUIC, using the DNS apln directive
• So a QUIC-aware server platform should be seeing some 85% of its
sessions using QUIC – right?
* https://gs.statcounter.com/browser-market-share
Cloudflare’s Numbers
Cloudflare reports a far lower level of QUIC use
APNIC’s QUIC measurement
• We have configured a server to support QUIC sessions
• We support both DNS and content triggers
• The content trigger requires us to measure across multiple fetches
within each measurement
• Which means that we need to carefully set the HTTP/2 session keepalive
timer to make this work as intended
Server Session Keepalive Timers
• After much searching under many rocks we were advised that a
server keepalive timer value of 1 second is too small, as the server
drops the QUIC connection too aggressively and the browser client
then drops back to using HTTP/2
• The default value of 65 seconds for the server keepalive interval
seems to be too long
• So we used a server keepalive value of 20 seconds…
QUIC Use
Playing with keepalive
parameters!
First Fetch – mainly Safari clients
Subsequent Fetches – mainly Chrome clients
QUIC Use – July 2023
National Filtering of QUIC?
National Filtering of QUIC?
Other Measures: Network Traffic Volume
Presentation to RIPE 86: The New Encrypted Protocol Stack and How to Deal with it – Bart van de Velde, Cisco
Today I want to talk about..
• What QUIC is
• How much QUIC is out there
• Why QUIC is so interesting (to me)
Network Traffic Volume
Presentation to RIPE 86: The New Encrypted Protocol Stack and How to Deal with it – Bart van de Velde, Cisco
Measuring QUIC Performance
In this test (between the
same endpoints) over a
Starlink circuit, TCP CUBIC
underperforms badly,
while TCP BBR and QUIC
both perform reasonably
well
Why is QUIC important?
Because QUIC is fast
Because QUIC encrypts everything
• No visible transport control settings
• No visible Server Name Indication in the crypto-setup
• No visible traffic profile other than inter-packet timing
• And if you use a MASQUE-based VPN then there no residual visibility!
Because QUIC is an application capability
• QUIC can interact with the platform through the UDP API, so all of QUIC can
be implemented within the application. This gives the application more
control over its service outcomes and reduces external dependencies
What does this mean for TCP?
It’s not looking all that good for TCP’s prospects
• QUIC not only does faster start up, but it supports multi-channel in a
frictionless manner
• QUIC resists network operator efforts to perform traffic shaping
through direct manipulation of TCP control parameters
• QUIC allows the application service provider to control the congestion
behaviour of its sessions
What does this mean for TCP?
Normally you would expect any transition from TCP to QUIC to take forever
BUT:
• QUIC gives benefit to adopters through more responsive web services
• QUIC does a better job of hiding content, which is a benefit to the service
operator
• QUIC has fewer external dependencies
• QUIC can be deployed on a piecemeal basis
So it all may be over for TCP in a very small number of years!
What does this mean for the Internet?
• IP was a network protocol that provided services to attached
devices
• The network service model used by IP was minimal
• Packets may be dropped, fragmented, duplicated, corrupted and/or
reordered on their path through the network
• It’s left to the edge systems to recover from this network behaviour.
• Efforts to expand the network’s role have foundered
• QoS has just got nowhere!
• Various forms of source-directed forwarding are resisted by network
operators who want control over traffic engineering
• Networks took up a role of defending the network resource against
aggressive application behaviour
• Some networks enabled user surveillance
media
network
TCP Transport
apps
$$$
The new Networking Space
And this is why QUIC is so interesting – it is pushing both network
carriage and host platform into commodity roles in networking and
allowing applications to effectively customize the way in which they
want to deliver services and dominating the entire networked
environment
QUIC is the application’s view of what Transport should be!
media
network
TCP Transport
apps
media
network
UDP Transport
apps
Internal
Transport +
session security
$$$
QUIC and value transform
in the network stack
What does this mean for the Internet?
• The relationship between applications, hosts and networks has
soured into mutual distrust and suspicion
• The application now defends its integrity by wrapping up as much of
the service transaction with encryption and indirection
• QUIC (and MASQUE) is an intrinsic part of this process of wrapping up
traffic in encryption and redirection
• For the network operator there is little left to see
• And I suspect that there is no coming back from here!
What can a Network Operator Do?
• When all customer traffic is completely obscured and encrypted?
• Traffic Shaping?
• Regulatory Requirements for traffic interception?
• Load Balancing / ECMP
The new Internet Space
“What you can’t dominate, you commoditise*”
• Vertically integrated service providers have faded away into history - the
deregulated competitive service industry continues to specialize rather
than generalize at every level
• Carriage is no longer an inescapable monopoly - massively replicated
content can be used as a substitute for many carriage service elements
• Control over the platform is no longer control over the user. Operating
systems have been pushed back into a basic task scheduling role, while
functions are being absorbed into the application space
* A related quote is Peter Thiel’s “Competition is for losers!”
Thanks!

More Related Content

What's hot

Wireless Investigations using Xplico
Wireless Investigations using XplicoWireless Investigations using Xplico
Wireless Investigations using Xplico
Chris Harrington
 
Cisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationCisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA Configuration
Hamed Moghaddam
 
Module 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionModule 1: ConfD Technical Introduction
Module 1: ConfD Technical Introduction
Tail-f Systems
 
Module 5: YANG Tutorial - part 1
Module 5: YANG Tutorial - part 1Module 5: YANG Tutorial - part 1
Module 5: YANG Tutorial - part 1
Tail-f Systems
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdf
Protect724v2
 
VLAN vs VXLAN
VLAN vs VXLANVLAN vs VXLAN
VLAN vs VXLAN
GLC Networks
 
NREGS- Bihar (E-Shakti)
NREGS- Bihar (E-Shakti)NREGS- Bihar (E-Shakti)
NREGS- Bihar (E-Shakti)
Nirmal Prakash
 
Technical Overview of QUIC
Technical  Overview of QUICTechnical  Overview of QUIC
Technical Overview of QUIC
shigeki_ohtsu
 
IPv6
IPv6IPv6
Presentation f5 – beyond load balancer
Presentation   f5 – beyond load balancerPresentation   f5 – beyond load balancer
Presentation f5 – beyond load balancer
xKinAnx
 
Automating with NX-OS: Let's Get Started!
Automating with NX-OS: Let's Get Started!Automating with NX-OS: Let's Get Started!
Automating with NX-OS: Let's Get Started!
Cisco DevNet
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN Technology
Cisco Canada
 
DIY Netflow Data Analytic with ELK Stack by CL Lee
DIY Netflow Data Analytic with ELK Stack by CL LeeDIY Netflow Data Analytic with ELK Stack by CL Lee
DIY Netflow Data Analytic with ELK Stack by CL Lee
MyNOG
 

What's hot (13)

Wireless Investigations using Xplico
Wireless Investigations using XplicoWireless Investigations using Xplico
Wireless Investigations using Xplico
 
Cisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationCisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA Configuration
 
Module 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionModule 1: ConfD Technical Introduction
Module 1: ConfD Technical Introduction
 
Module 5: YANG Tutorial - part 1
Module 5: YANG Tutorial - part 1Module 5: YANG Tutorial - part 1
Module 5: YANG Tutorial - part 1
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdf
 
VLAN vs VXLAN
VLAN vs VXLANVLAN vs VXLAN
VLAN vs VXLAN
 
NREGS- Bihar (E-Shakti)
NREGS- Bihar (E-Shakti)NREGS- Bihar (E-Shakti)
NREGS- Bihar (E-Shakti)
 
Technical Overview of QUIC
Technical  Overview of QUICTechnical  Overview of QUIC
Technical Overview of QUIC
 
IPv6
IPv6IPv6
IPv6
 
Presentation f5 – beyond load balancer
Presentation   f5 – beyond load balancerPresentation   f5 – beyond load balancer
Presentation f5 – beyond load balancer
 
Automating with NX-OS: Let's Get Started!
Automating with NX-OS: Let's Get Started!Automating with NX-OS: Let's Get Started!
Automating with NX-OS: Let's Get Started!
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN Technology
 
DIY Netflow Data Analytic with ELK Stack by CL Lee
DIY Netflow Data Analytic with ELK Stack by CL LeeDIY Netflow Data Analytic with ELK Stack by CL Lee
DIY Netflow Data Analytic with ELK Stack by CL Lee
 

Similar to AusNOG 2023: A quick look at QUIC

40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC
APNIC
 
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdfA Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
APNIC
 
Introduction to QUIC
Introduction to QUICIntroduction to QUIC
Introduction to QUIC
Shuya Osaki
 
QUIC protocol.pptx
QUIC protocol.pptxQUIC protocol.pptx
QUIC protocol.pptx
SHIVAMPANDEY138243
 
Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptxPresentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
AlessandroNuzzi1
 
Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptxPresentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
AlessandroNuzzi1
 
Presentazione Prelaurea - Alessandro Nuzzi.pdf
Presentazione Prelaurea - Alessandro Nuzzi.pdfPresentazione Prelaurea - Alessandro Nuzzi.pdf
Presentazione Prelaurea - Alessandro Nuzzi.pdf
AlessandroNuzzi1
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 9
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 9CCNA (R & S) Module 01 - Introduction to Networks - Chapter 9
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 9
Waqas Ahmed Nawaz
 
Future Internet protocols
Future Internet protocolsFuture Internet protocols
Future Internet protocols
Olivier Bonaventure
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layers
Olivier Bonaventure
 
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2Building the Internet of Things with Thingsquare and Contiki - day 2 part 2
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2
Adam Dunkels
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101
HungWei Chiu
 
Google QUIC
Google QUICGoogle QUIC
Google QUIC
Felipe Rayel
 
Presentazione Laurea Nuzzi Alessandro.pptx
Presentazione Laurea Nuzzi Alessandro.pptxPresentazione Laurea Nuzzi Alessandro.pptx
Presentazione Laurea Nuzzi Alessandro.pptx
AlessandroNuzzi1
 
HTTP/3
HTTP/3HTTP/3
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
G Prachi
 
Windows Communication Foundation (WCF)
Windows Communication Foundation (WCF)Windows Communication Foundation (WCF)
Windows Communication Foundation (WCF)
Betclic Everest Group Tech Team
 
.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7
Karel Zikmund
 
BWE in Janus
BWE in JanusBWE in Janus
BWE in Janus
Lorenzo Miniero
 
2017_IMC_QUIC.pptx
2017_IMC_QUIC.pptx2017_IMC_QUIC.pptx
2017_IMC_QUIC.pptx
Brian Zein
 

Similar to AusNOG 2023: A quick look at QUIC (20)

40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC
 
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdfA Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
 
Introduction to QUIC
Introduction to QUICIntroduction to QUIC
Introduction to QUIC
 
QUIC protocol.pptx
QUIC protocol.pptxQUIC protocol.pptx
QUIC protocol.pptx
 
Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptxPresentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
 
Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptxPresentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
 
Presentazione Prelaurea - Alessandro Nuzzi.pdf
Presentazione Prelaurea - Alessandro Nuzzi.pdfPresentazione Prelaurea - Alessandro Nuzzi.pdf
Presentazione Prelaurea - Alessandro Nuzzi.pdf
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 9
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 9CCNA (R & S) Module 01 - Introduction to Networks - Chapter 9
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 9
 
Future Internet protocols
Future Internet protocolsFuture Internet protocols
Future Internet protocols
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layers
 
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2Building the Internet of Things with Thingsquare and Contiki - day 2 part 2
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101
 
Google QUIC
Google QUICGoogle QUIC
Google QUIC
 
Presentazione Laurea Nuzzi Alessandro.pptx
Presentazione Laurea Nuzzi Alessandro.pptxPresentazione Laurea Nuzzi Alessandro.pptx
Presentazione Laurea Nuzzi Alessandro.pptx
 
HTTP/3
HTTP/3HTTP/3
HTTP/3
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
Windows Communication Foundation (WCF)
Windows Communication Foundation (WCF)Windows Communication Foundation (WCF)
Windows Communication Foundation (WCF)
 
.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7
 
BWE in Janus
BWE in JanusBWE in Janus
BWE in Janus
 
2017_IMC_QUIC.pptx
2017_IMC_QUIC.pptx2017_IMC_QUIC.pptx
2017_IMC_QUIC.pptx
 

More from APNIC

Career Development Advice for Network Engineers across the Pacific, presented...
Career Development Advice for Network Engineers across the Pacific, presented...Career Development Advice for Network Engineers across the Pacific, presented...
Career Development Advice for Network Engineers across the Pacific, presented...
APNIC
 
DASH, presented by Elly Tawhai at PacNOG 33
DASH, presented by Elly Tawhai at PacNOG 33DASH, presented by Elly Tawhai at PacNOG 33
DASH, presented by Elly Tawhai at PacNOG 33
APNIC
 
IP address - Past, Present and Future presented by Paul Wilson
IP address - Past, Present and Future presented by Paul WilsonIP address - Past, Present and Future presented by Paul Wilson
IP address - Past, Present and Future presented by Paul Wilson
APNIC
 
Trust and Security, presented by Geoff Huston
Trust and Security, presented by Geoff HustonTrust and Security, presented by Geoff Huston
Trust and Security, presented by Geoff Huston
APNIC
 
'Secure and Sustainable Internet Infrastructure for Emerging Technologies'
'Secure and Sustainable Internet Infrastructure for Emerging Technologies''Secure and Sustainable Internet Infrastructure for Emerging Technologies'
'Secure and Sustainable Internet Infrastructure for Emerging Technologies'
APNIC
 
Seizing the IPv6 Advantage: For a Bigger, Faster and Stronger Internet
Seizing the IPv6 Advantage: For a Bigger, Faster and Stronger InternetSeizing the IPv6 Advantage: For a Bigger, Faster and Stronger Internet
Seizing the IPv6 Advantage: For a Bigger, Faster and Stronger Internet
APNIC
 
Measuring and Understanding the Route Origin Validation (ROV) in RPKI
Measuring and Understanding the Route Origin Validation (ROV) in RPKIMeasuring and Understanding the Route Origin Validation (ROV) in RPKI
Measuring and Understanding the Route Origin Validation (ROV) in RPKI
APNIC
 
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
APNIC
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
APNIC
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at  CaribNOG 27APNIC Updates presented by Paul Wilson at  CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
APNIC
 

More from APNIC (20)

Career Development Advice for Network Engineers across the Pacific, presented...
Career Development Advice for Network Engineers across the Pacific, presented...Career Development Advice for Network Engineers across the Pacific, presented...
Career Development Advice for Network Engineers across the Pacific, presented...
 
DASH, presented by Elly Tawhai at PacNOG 33
DASH, presented by Elly Tawhai at PacNOG 33DASH, presented by Elly Tawhai at PacNOG 33
DASH, presented by Elly Tawhai at PacNOG 33
 
IP address - Past, Present and Future presented by Paul Wilson
IP address - Past, Present and Future presented by Paul WilsonIP address - Past, Present and Future presented by Paul Wilson
IP address - Past, Present and Future presented by Paul Wilson
 
Trust and Security, presented by Geoff Huston
Trust and Security, presented by Geoff HustonTrust and Security, presented by Geoff Huston
Trust and Security, presented by Geoff Huston
 
'Secure and Sustainable Internet Infrastructure for Emerging Technologies'
'Secure and Sustainable Internet Infrastructure for Emerging Technologies''Secure and Sustainable Internet Infrastructure for Emerging Technologies'
'Secure and Sustainable Internet Infrastructure for Emerging Technologies'
 
Seizing the IPv6 Advantage: For a Bigger, Faster and Stronger Internet
Seizing the IPv6 Advantage: For a Bigger, Faster and Stronger InternetSeizing the IPv6 Advantage: For a Bigger, Faster and Stronger Internet
Seizing the IPv6 Advantage: For a Bigger, Faster and Stronger Internet
 
Measuring and Understanding the Route Origin Validation (ROV) in RPKI
Measuring and Understanding the Route Origin Validation (ROV) in RPKIMeasuring and Understanding the Route Origin Validation (ROV) in RPKI
Measuring and Understanding the Route Origin Validation (ROV) in RPKI
 
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at  CaribNOG 27APNIC Updates presented by Paul Wilson at  CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 

Recently uploaded

Dewanstudio Project Portfolio 2023 show case
Dewanstudio Project Portfolio 2023 show caseDewanstudio Project Portfolio 2023 show case
Dewanstudio Project Portfolio 2023 show case
DEWANSTUDIO.COM
 
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
ffg01100
 
Why Your Business Needs a Professional Web Design Company UAE
Why Your Business Needs a Professional Web Design Company UAEWhy Your Business Needs a Professional Web Design Company UAE
Why Your Business Needs a Professional Web Design Company UAE
adelewhite125
 
Megalive99 Situs Betting Online Gacor Terpercaya
Megalive99 Situs Betting Online Gacor TerpercayaMegalive99 Situs Betting Online Gacor Terpercaya
Megalive99 Situs Betting Online Gacor Terpercaya
Megalive99
 
Tarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur On Data Breaches and Privacy FearsTarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur
 
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirtsJarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
exgf28
 
Steps involved in the implementation of EDI in a company
Steps involved in the implementation of EDI in a companySteps involved in the implementation of EDI in a company
Steps involved in the implementation of EDI in a company
sivaraman163206
 
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
ffg01100
 
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai AvailableChennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
shamrisumri
 
PSD to Wordpress Service Providers in 2024
PSD to Wordpress Service Providers in 2024PSD to Wordpress Service Providers in 2024
PSD to Wordpress Service Providers in 2024
Bestdesign2hub
 
Book dating , international dating phgra
Book dating , international dating phgraBook dating , international dating phgra
Book dating , international dating phgra
thomaskurtha9
 
Corporate Minimal Newspaper Headline Style Newsletter.pptx
Corporate Minimal Newspaper Headline Style Newsletter.pptxCorporate Minimal Newspaper Headline Style Newsletter.pptx
Corporate Minimal Newspaper Headline Style Newsletter.pptx
byubyu7
 
Bai-Tập-Tiếng-Anh-On-Tập-He lớp 1- lớp 5 hot nhất
Bai-Tập-Tiếng-Anh-On-Tập-He lớp 1- lớp 5  hot nhấtBai-Tập-Tiếng-Anh-On-Tập-He lớp 1- lớp 5  hot nhất
Bai-Tập-Tiếng-Anh-On-Tập-He lớp 1- lớp 5 hot nhất
Thiên Đường Tình Yêu
 
2023. Archive - Gigabajtos selfpublisher homepage
2023. Archive - Gigabajtos selfpublisher homepage2023. Archive - Gigabajtos selfpublisher homepage
2023. Archive - Gigabajtos selfpublisher homepage
Zsolt Nemeth
 
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptxDraya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
ashishkumarrana9
 
workbook and project U5 1ºsecundaria.pdf
workbook and project U5 1ºsecundaria.pdfworkbook and project U5 1ºsecundaria.pdf
workbook and project U5 1ºsecundaria.pdf
anya2024forgya
 
6 Reasons to Use a VPN | 3S VPN Server App
6 Reasons to Use a VPN | 3S VPN Server App6 Reasons to Use a VPN | 3S VPN Server App
6 Reasons to Use a VPN | 3S VPN Server App
VPN Server
 
Build a Professional Resume using Canva , Tanapat Limsaiprom
Build a Professional Resume using Canva , Tanapat LimsaipromBuild a Professional Resume using Canva , Tanapat Limsaiprom
Build a Professional Resume using Canva , Tanapat Limsaiprom
TanapatLimsaiprom1
 
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
shamrisumri
 
SlideEgg_200767-ICC Mens T20 World Cup 2024.pptx
SlideEgg_200767-ICC Mens T20 World Cup 2024.pptxSlideEgg_200767-ICC Mens T20 World Cup 2024.pptx
SlideEgg_200767-ICC Mens T20 World Cup 2024.pptx
NandakumarP24
 

Recently uploaded (20)

Dewanstudio Project Portfolio 2023 show case
Dewanstudio Project Portfolio 2023 show caseDewanstudio Project Portfolio 2023 show case
Dewanstudio Project Portfolio 2023 show case
 
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
 
Why Your Business Needs a Professional Web Design Company UAE
Why Your Business Needs a Professional Web Design Company UAEWhy Your Business Needs a Professional Web Design Company UAE
Why Your Business Needs a Professional Web Design Company UAE
 
Megalive99 Situs Betting Online Gacor Terpercaya
Megalive99 Situs Betting Online Gacor TerpercayaMegalive99 Situs Betting Online Gacor Terpercaya
Megalive99 Situs Betting Online Gacor Terpercaya
 
Tarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur On Data Breaches and Privacy FearsTarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur On Data Breaches and Privacy Fears
 
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirtsJarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
 
Steps involved in the implementation of EDI in a company
Steps involved in the implementation of EDI in a companySteps involved in the implementation of EDI in a company
Steps involved in the implementation of EDI in a company
 
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
 
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai AvailableChennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
 
PSD to Wordpress Service Providers in 2024
PSD to Wordpress Service Providers in 2024PSD to Wordpress Service Providers in 2024
PSD to Wordpress Service Providers in 2024
 
Book dating , international dating phgra
Book dating , international dating phgraBook dating , international dating phgra
Book dating , international dating phgra
 
Corporate Minimal Newspaper Headline Style Newsletter.pptx
Corporate Minimal Newspaper Headline Style Newsletter.pptxCorporate Minimal Newspaper Headline Style Newsletter.pptx
Corporate Minimal Newspaper Headline Style Newsletter.pptx
 
Bai-Tập-Tiếng-Anh-On-Tập-He lớp 1- lớp 5 hot nhất
Bai-Tập-Tiếng-Anh-On-Tập-He lớp 1- lớp 5  hot nhấtBai-Tập-Tiếng-Anh-On-Tập-He lớp 1- lớp 5  hot nhất
Bai-Tập-Tiếng-Anh-On-Tập-He lớp 1- lớp 5 hot nhất
 
2023. Archive - Gigabajtos selfpublisher homepage
2023. Archive - Gigabajtos selfpublisher homepage2023. Archive - Gigabajtos selfpublisher homepage
2023. Archive - Gigabajtos selfpublisher homepage
 
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptxDraya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
 
workbook and project U5 1ºsecundaria.pdf
workbook and project U5 1ºsecundaria.pdfworkbook and project U5 1ºsecundaria.pdf
workbook and project U5 1ºsecundaria.pdf
 
6 Reasons to Use a VPN | 3S VPN Server App
6 Reasons to Use a VPN | 3S VPN Server App6 Reasons to Use a VPN | 3S VPN Server App
6 Reasons to Use a VPN | 3S VPN Server App
 
Build a Professional Resume using Canva , Tanapat Limsaiprom
Build a Professional Resume using Canva , Tanapat LimsaipromBuild a Professional Resume using Canva , Tanapat Limsaiprom
Build a Professional Resume using Canva , Tanapat Limsaiprom
 
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
 
SlideEgg_200767-ICC Mens T20 World Cup 2024.pptx
SlideEgg_200767-ICC Mens T20 World Cup 2024.pptxSlideEgg_200767-ICC Mens T20 World Cup 2024.pptx
SlideEgg_200767-ICC Mens T20 World Cup 2024.pptx
 

AusNOG 2023: A quick look at QUIC

  • 1. A quick look at QUIC Geoff Huston AM APNIC Labs
  • 2. Today I want to talk about.. • What QUIC is • How much QUIC is out there • Why QUIC is so interesting (to me!)
  • 3. Today I want to talk about.. • What QUIC is • How much QUIC is out there • Why QUIC is so interesting (to me!)
  • 4. QUIC is a mashup of TCP and TLS HTTP Multi-stream TLS Session Encryption TCP Data stream integrity Congestion Control HTTP QUIC Multi-stream Encryption Data stream integrity Congestion Control UDP IP HTTP/2 QUIC HTTP/3 e2e encrypted e2e encrypted
  • 5. TCP is.. A transport protocol that constructs a reliable full duplex adaptive streaming service on top of an unreliable IP datagram service • Uses a coordinated state between the two end systems without any network intervention or mediation • Uses a sliding window to allow lost data to be resent • Uses ACK-clocking to regulate the sending behaviour to match network path capacity estimate
  • 6. TCP isn’t… • Fully independent of the underlying platform’s transport services • Fully multi-stream (it has head-of-line blocking) • Fully multi-path (yes, MP-TCP exists, but there are some outstanding issues here!) • Address agile • Free from on-the-wire network intervention (TCP control parameters are sent in the clear) • Has e2e encryption as a second step / afterthought • Everything for everyone – it relies on the application to perform data framing and in-band control
  • 7. QUIC is… Constructed upon a transport level framing protocol that offers applications access to the basic IP datagram services offered by IP through the use of UDP All other transport services (data integrity, session control, congestion control, encryption) are shifted upwards in the protocol stack towards the application. A host platform may provide a QUIC API as part of the host library, but the application can also provide its own QUIC service independent of the host
  • 8. QUIC is… So much more than just “encrypted TCP over UDP” • Support for multi-stream multiplexing that avoids head-of-line blocking and exploits a shared congestion and encryption state • Faster - Combines transport and encryption setup exchange in a single 3-way exchange at session start, and supports fast reopen • Customisable - QUIC implementations can use individual flow controllers per flow • QUIC places its transport control fields inside the encryption envelope, so QUIC features minimal exposure to the network • Supports record and Remote Procedure Call service models as well as bit- streaming and datagram services
  • 9. QUIC is address agile • NATs are potentially hostile to QUIC because of the outer UDP wrapper • A NAT may rebind a QUIC session (shift the externally visible address/port of a host during a session), as NATs are not generally aware of UDP streaming states • QUIC uses a persistent “connection ID” • If a host receives a QUIC frame with the same connection ID and a new source IP address / port it will send a challenge by way of a random value that should be echoed back. This is all performed within the e2e encryption envelope. That way a QUIC e2e session can map into new address/port associations on the fly
  • 10. QUIC also… • Is IP fragmentation intolerant – QUIC uses PMTUD, or defaults to 1,200 octet UDP payloads • Never retransmits a QUIC packet – retransmitted data is sent in the next QUIC packet number – this avoids ambiguity about packet retransmission • Extends TCP SACK to 256 packet number ranges (up from 3 in TCP SACK) • Separately encrypts each QUIC packet – no inter-packet dependencies on decryption • May load multiple QUIC packets in a single UDP frame
  • 11. QUIC flow structuring A QUIC connection is broken into “streams” which are reliable data flows – each stream performs stream-based loss recovery, congestion control, and relative stream scheduling for bandwidth allocation QUIC also supports unreliable encrypted datagram delivery
  • 12. QUIC and Remote Procedure Calls • By associating each RPC request/reply with a new stream, QUIC can support asynchronous RPC transactions using reliable messaging • This can handle lost, mis-ordered and duplicated RPC messages without common blocking or throttling
  • 13. QUIC and Load Balancing • This assumes that a front-end load balancer is capable of performing load balancing on UDP flows using the UDP connection 5-tuple • If the remote end performs NAT rebinding the load balancer will be thrown by this shift, and it has no direct visibility into the e2e session to uncover the connection ID • Using UDP to carry sustained high-volume streams may not match the internal optimisations used in server content delivery networks NAT Load Balancer Server A Server B Source Address A Source Address B NAT re-binding
  • 14. QUIC and Load Balancing • This assumes that a front-end load balancer is capable of performing load balancing on UDP flows using the UDP connection 5-tuple • If the remote end performs NAT rebinding the load balancer will be thrown by this shift, and it has no direct visibility into the e2e session to uncover the connection ID • Using UDP to carry sustained high-volume streams may not match the internal optimisations used in server content delivery networks • If we really want large scale QUIC with front-end load balancing and if we still need to tolerate NATs then we will need to think about how the end point can share the connection ID state with its front-end load balancer, or how to terminate the QUIC session in the front-end and use a second session to a selected server
  • 15. QUIC and DOS • Very little lies outside the encryption envelope in QUIC • Which means all incoming packets addressed to the QUIC port need to be decrypted • But the QUIC session uses symmetric crypto so the packet decode overhead is far smaller than an asymmetric crypto load for the same packet rate • It’s not the best answer, but it’s not disastrous either!
  • 16. QUIC is: • A logical evolutionary step for transport services, providing more flexibility, faster connection setup, and a larger set of transport services • It’s what we should expect from a capable modern transport protocol!
  • 17. Today I want to talk about.. • What QUIC is • How much QUIC is out there • Why QUIC is so interesting (to me)
  • 18. Triggering QUIC in HTTP Use the DNS to trigger QUIC: • Set up an HTTPS record for each server name, with value: alpn=“h3” Use content-level controls to trigger QUIC: • Add Alt-Svc: h3=“:443” to the HTML headers (This second method requires a subsequent query in a distinct HTTP session to allow the client to use the Alt-Svc capability.)
  • 19. Triggering QUIC in HTTP Use the DNS to trigger QUIC: • Set up an HTTPS record for each server name, with value: alpn=“h3” Use content-level controls to trigger QUIC: • Add Alt-Svc: h3=“:443” to the HTML headers First Fetch Second Fetch
  • 20. Setting Expectations • Chrome has a dominant share of browser instances - roughly, some 65%* • And Chrome has been supporting a switch to QUIC via the Alt-Svc directive since 2020 * Oberlo.com
  • 21. Setting Expectations • Chrome has a dominant share of browser instances - roughly, some 65%* • And Chrome has been supporting a switch to QUIC via the Alt-Svc directive since 2020 • And Apple Safari is now supporting QUIC, using the DNS apln directive • So a QUIC-aware server platform should be seeing some 85% of its sessions using QUIC – right? * https://gs.statcounter.com/browser-market-share
  • 22. Cloudflare’s Numbers Cloudflare reports a far lower level of QUIC use
  • 23. APNIC’s QUIC measurement • We have configured a server to support QUIC sessions • We support both DNS and content triggers • The content trigger requires us to measure across multiple fetches within each measurement • Which means that we need to carefully set the HTTP/2 session keepalive timer to make this work as intended
  • 24. Server Session Keepalive Timers • After much searching under many rocks we were advised that a server keepalive timer value of 1 second is too small, as the server drops the QUIC connection too aggressively and the browser client then drops back to using HTTP/2 • The default value of 65 seconds for the server keepalive interval seems to be too long • So we used a server keepalive value of 20 seconds…
  • 25. QUIC Use Playing with keepalive parameters! First Fetch – mainly Safari clients Subsequent Fetches – mainly Chrome clients
  • 26. QUIC Use – July 2023
  • 29. Other Measures: Network Traffic Volume Presentation to RIPE 86: The New Encrypted Protocol Stack and How to Deal with it – Bart van de Velde, Cisco
  • 30. Today I want to talk about.. • What QUIC is • How much QUIC is out there • Why QUIC is so interesting (to me)
  • 31. Network Traffic Volume Presentation to RIPE 86: The New Encrypted Protocol Stack and How to Deal with it – Bart van de Velde, Cisco
  • 32. Measuring QUIC Performance In this test (between the same endpoints) over a Starlink circuit, TCP CUBIC underperforms badly, while TCP BBR and QUIC both perform reasonably well
  • 33. Why is QUIC important? Because QUIC is fast Because QUIC encrypts everything • No visible transport control settings • No visible Server Name Indication in the crypto-setup • No visible traffic profile other than inter-packet timing • And if you use a MASQUE-based VPN then there no residual visibility! Because QUIC is an application capability • QUIC can interact with the platform through the UDP API, so all of QUIC can be implemented within the application. This gives the application more control over its service outcomes and reduces external dependencies
  • 34. What does this mean for TCP? It’s not looking all that good for TCP’s prospects • QUIC not only does faster start up, but it supports multi-channel in a frictionless manner • QUIC resists network operator efforts to perform traffic shaping through direct manipulation of TCP control parameters • QUIC allows the application service provider to control the congestion behaviour of its sessions
  • 35. What does this mean for TCP? Normally you would expect any transition from TCP to QUIC to take forever BUT: • QUIC gives benefit to adopters through more responsive web services • QUIC does a better job of hiding content, which is a benefit to the service operator • QUIC has fewer external dependencies • QUIC can be deployed on a piecemeal basis So it all may be over for TCP in a very small number of years!
  • 36. What does this mean for the Internet? • IP was a network protocol that provided services to attached devices • The network service model used by IP was minimal • Packets may be dropped, fragmented, duplicated, corrupted and/or reordered on their path through the network • It’s left to the edge systems to recover from this network behaviour. • Efforts to expand the network’s role have foundered • QoS has just got nowhere! • Various forms of source-directed forwarding are resisted by network operators who want control over traffic engineering • Networks took up a role of defending the network resource against aggressive application behaviour • Some networks enabled user surveillance media network TCP Transport apps $$$
  • 37. The new Networking Space And this is why QUIC is so interesting – it is pushing both network carriage and host platform into commodity roles in networking and allowing applications to effectively customize the way in which they want to deliver services and dominating the entire networked environment QUIC is the application’s view of what Transport should be! media network TCP Transport apps media network UDP Transport apps Internal Transport + session security $$$ QUIC and value transform in the network stack
  • 38. What does this mean for the Internet? • The relationship between applications, hosts and networks has soured into mutual distrust and suspicion • The application now defends its integrity by wrapping up as much of the service transaction with encryption and indirection • QUIC (and MASQUE) is an intrinsic part of this process of wrapping up traffic in encryption and redirection • For the network operator there is little left to see • And I suspect that there is no coming back from here!
  • 39. What can a Network Operator Do? • When all customer traffic is completely obscured and encrypted? • Traffic Shaping? • Regulatory Requirements for traffic interception? • Load Balancing / ECMP
  • 40. The new Internet Space “What you can’t dominate, you commoditise*” • Vertically integrated service providers have faded away into history - the deregulated competitive service industry continues to specialize rather than generalize at every level • Carriage is no longer an inescapable monopoly - massively replicated content can be used as a substitute for many carriage service elements • Control over the platform is no longer control over the user. Operating systems have been pushed back into a basic task scheduling role, while functions are being absorbed into the application space * A related quote is Peter Thiel’s “Competition is for losers!”