« Previous 1 2 3
Quick UDP Internet connections
Fast Track
QUIC Challenges
Despite all its benefits, QUIC still has some issues. For example, it remains to be seen how well outgoing connections will work on UDP port 443. Especially in combination with HTTP/3, on which it is based, the question arises, for example, as to the extent to which dropped connections at firewalls or stateless packet filters (ACLs) will occur at hotspots or on corporate networks.
Intrusion prevention systems and proxies could also be a problem with QUIC. Support for QUIC first needs to find its way into these products. A fallback to HTTP/2 or even HTTP/1.1 and consequently to TCP/443 is likely to be the way out in some cases. COVID-19, in combination with various security products and the partly proprietary protocols of video conferencing software products, has revealed that UDP-based protocols in next-generation firewalls pass through multiple security checks. However, rate limits in UDP connections can also be a challenge. For example, UDP Flood Protection can have a negative effect on bulk transfers over UDP.
Don't forget that the Apache web server does not yet have a QUIC feature – except for a development version for NGINX (released in January 2022). Because of the interaction of transport and session layers, the protocol as a whole is quite complex. To what extent QUIC's congestion control will have an effect on local data networks with high bandwidths remains to be seen. The implementation of QUIC in userspace is both a curse and a blessing. The new protocol versions do not require a kernel update on the client side, just an application update.
Conclusions
QUIC is likely to show its strengths in particular when accessing cloud applications and websites where the content is distributed across different target servers. High-latency communication relationships can also benefit from the integrated TLS handshake and 0-RTT feature. Additionally, interesting application scenarios are conceivable in the environment of latency-critical communication such as VoIP or sequential database access. Remote access by VPN could open up another field of application. Some manufacturers currently still resort to the UDP-based Datagram Transport Layer Security (DTLS), TLS, or IPsec framework. Because of the requirement for encryption with TLS 1.3, QUIC offers a genuine alternative.
One disadvantage is the higher CPU load compared with TCP and TLS. It would take a great deal of stargazing to forecast how many manufacturers and open source projects will switch to QUIC and the extent to which UDP communication will conquer today's networks.
Infos
- IETF on QUIC: https://www.ietf.org/blog/whats-happening-quic/
- RFC 8999: https://datatracker.ietf.org/doc/html/rfc8999
- RFC 9000: https://datatracker.ietf.org/doc/html/rfc9000
- RFC 9001: https://datatracker.ietf.org/doc/html/rfc9001
- RFC 9002: https://datatracker.ietf.org/doc/html/rfc9002
- QUIC implementations: https://github.com/quicwg/base-drafts/wiki/Implementations
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.