Quick UDP Internet connections

Fast Track

QUIC Challenges

Despite all its benefits, QUIC still has some issues. For example, it remains to be seen how well outgoing connections will work on UDP port 443. Especially in combination with HTTP/3, on which it is based, the question arises, for example, as to the extent to which dropped connections at firewalls or stateless packet filters (ACLs) will occur at hotspots or on corporate networks.

Intrusion prevention systems and proxies could also be a problem with QUIC. Support for QUIC first needs to find its way into these products. A fallback to HTTP/2 or even HTTP/1.1 and consequently to TCP/443 is likely to be the way out in some cases. COVID-19, in combination with various security products and the partly proprietary protocols of video conferencing software products, has revealed that UDP-based protocols in next-generation firewalls pass through multiple security checks. However, rate limits in UDP connections can also be a challenge. For example, UDP Flood Protection can have a negative effect on bulk transfers over UDP.

Don't forget that the Apache web server does not yet have a QUIC feature – except for a development version for NGINX (released in January 2022). Because of the interaction of transport and session layers, the protocol as a whole is quite complex. To what extent QUIC's congestion control will have an effect on local data networks with high bandwidths remains to be seen. The implementation of QUIC in userspace is both a curse and a blessing. The new protocol versions do not require a kernel update on the client side, just an application update.

Conclusions

QUIC is likely to show its strengths in particular when accessing cloud applications and websites where the content is distributed across different target servers. High-latency communication relationships can also benefit from the integrated TLS handshake and 0-RTT feature. Additionally, interesting application scenarios are conceivable in the environment of latency-critical communication such as VoIP or sequential database access. Remote access by VPN could open up another field of application. Some manufacturers currently still resort to the UDP-based Datagram Transport Layer Security (DTLS), TLS, or IPsec framework. Because of the requirement for encryption with TLS 1.3, QUIC offers a genuine alternative.

One disadvantage is the higher CPU load compared with TCP and TLS. It would take a great deal of stargazing to forecast how many manufacturers and open source projects will switch to QUIC and the extent to which UDP communication will conquer today's networks.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus