Networking

QUIC

Quick UDP Internet Connections - modern transport protocol for secure, multiplexed, and low-latency connections

QUIC (Quick UDP Internet Connections)

QUIC is a transport layer protocol developed by Google that runs over UDP to provide secure, multiplexed, and low-latency connections. Think of it as TCP’s faster, more efficient cousin that learned from decades of internet evolution.

Core Characteristics

  • Built on UDP (port 443 typically) but provides TCP-like reliability
  • Always encrypted - TLS 1.3 is baked into the protocol (no plaintext QUIC exists)
  • Multiplexed streams prevent head-of-line blocking (unlike HTTP/2 over TCP)
  • Connection migration allows seamless handoffs between networks (WiFi to cellular)
  • 0-RTT connection resumption for returning clients

Key Advantages Over TCP

  • Faster connection establishment: 1-RTT for new connections, 0-RTT for resumed connections (vs TCP’s 3-way handshake + TLS negotiation)
  • No head-of-line blocking: Lost packet in one stream doesn’t block other streams
  • Built-in encryption: Cannot be deployed without security (addresses middlebox tampering)
  • Connection migration: Survives IP address changes (mobile users switching networks)
  • Improved congestion control: More responsive algorithms than traditional TCP

Protocol Comparison

Feature TCP + TLS QUIC
Connection Setup 2-3 RTTs 0-1 RTT
Encryption Optional/Separate Mandatory/Integrated
Head-of-line Blocking Yes No
Connection Migration No Yes
Middlebox Issues Common Reduced
Stream Multiplexing Application layer Transport layer

Real-World Implementation

  • HTTP/3 uses QUIC as its transport protocol (replacing TCP)
  • Major adoption by Google services, Facebook, Cloudflare, and CDN providers
  • Supported by modern browsers (Chrome, Firefox, Safari, Edge)
  • Particularly beneficial for mobile applications and video streaming
  • Used extensively for web performance optimization in high-latency environments

Network Engineering Considerations

  • Runs over UDP, so firewall rules must allow UDP/443 traffic
  • Some corporate firewalls/middleboxes may block or interfere with QUIC
  • Fallback to HTTP/2 over TCP is standard practice when QUIC fails
  • Connection IDs replace traditional 5-tuple identification (allows connection migration)
  • Requires modern load balancers that understand QUIC connection semantics

Vocabulary

  • 0-RTT: Zero Round Trip Time - ability to send application data immediately on connection resumption
  • Connection Migration: Maintaining active connection when client IP address changes
  • Head-of-line Blocking: When one delayed packet blocks processing of subsequent packets
  • Multiplexing: Multiple independent streams within single connection
  • Connection ID: QUIC’s method of identifying connections (replaces IP:Port tuple)

Notes

  • QUIC is not just “UDP with extras” - it’s a complete transport protocol that happens to use UDP as delivery mechanism
  • Mission-critical for modern web performance - reduces page load times by 5-10% on average
  • Remember: HTTP/3 = HTTP over QUIC (exam tip: know the relationship)
  • Corporate networks may need policy updates to fully support QUIC traffic
  • Connection migration is particularly valuable for mobile/tactical scenarios where network handoffs are common
  • Unlike TCP, QUIC connections are identified by Connection IDs, not IP/port tuples - this enables the migration capability