Zscalerのブログ

Zscalerの最新ブログ情報を受信

購読する
Products & Solutions

QUIC: The Secure Communication Protocol Shaping the Internet’s Future

image
ISMEET SINGH
October 08, 2024 - 8 分で読了

As the internet has evolved dramatically in the last few decades, so too has the underlying technology that powers it. QUIC is one of those exciting innovations: it’s a new transport protocol developed by Google that promises faster, more secure, and more reliable internet experiences. In this blog, we’ll dive into what makes QUIC such a game-changer, its advantages, and why it might be the future of internet communication.

Initially designed and deployed in 2012 by Google, QUIC is a general-purpose transport layer network protocol. As a communication protocol, QUIC aims to improve the performance of web applications that use Transmission Control Protocol (TCP). The Internet Engineering Task Force (IETF) and Google developed QUIC based on Internet Protocol (IP) and usually layered with User Datagram Protocol (UDP). 

Although its name was initially derived from the acronym for "Quick UDP Internet Connections,” in the IETF's use of the word QUIC is not an acronym: it is simply the name of the protocol. While UDP is faster due to its lack of connection overhead, it is also less reliable. TCP, on the other hand, ensures reliability but at the cost of speed due to its complex handshake and retransmission mechanisms.

The overall design goals of the QUIC protocol at its inception were to enhance performance, reduce latency, and improve security for network-based products and services. Indeed, browser-based and mobile applications perform better with this protocol.  

HTTP request speed over TCP+TLS vs. over QUIC
Graphic credit: Google

In a nutshell, QUIC was designed to combine the speed of UDP with the reliability and security features typically associated with TCP, along with the encryption capabilities of TLS (Transport Layer Security).

Key Features of QUIC 

HTTP Semantics

Faster connection establishment

One of QUIC's main advantages is its reduced latency. Traditional TCP requires a multi-step handshake to establish a connection and additional steps to set up encryption via TLS. QUIC compresses these processes into a single handshake, which leads to faster connection times. In fact, QUIC eliminates the need for separate handshakes for TLS and transport, combining them into one. This significantly reduces the time it takes to establish secure connections.

Multiplexing without head-of-line blocking 

A well-known issue with TCP is head-of-line (HOL) blocking, where the loss of a single packet forces all subsequent packets to wait until the lost packet is retransmitted. QUIC solves this problem by using independent streams, allowing multiple streams to exist within a single connection. This means that a packet lost in one stream doesn’t block others, leading to more efficient data transfer.

Built-in encryption

QUIC was built with security in mind from the outset. Unlike TCP, where encryption is optional (via TLS), QUIC mandates encryption for all connections. This ensures that data transferred over QUIC is always encrypted and secure, providing a safer browsing experience.

Smoother handling of network changes

With mobile devices constantly switching between networks (e.g., from Wi-Fi to cellular), connection disruptions can occur. In traditional TCP, a change in network requires the connection to be re-established. QUIC, however, has built-in mechanisms to handle network changes smoothly without needing to start the connection process again, providing better resilience and maintaining performance for a better user experience.

Reduced latency for repeated connections

Since QUIC connections are identified by a unique ID rather than the IP address, reconnecting to a server you’ve connected to before is much faster. The server can recognize the connection by its ID and skip certain handshake steps, reducing the overall latency, especially in high-latency networks.

Multiplexing comparison HTTP/2 vs. HTTP/3

Why QUIC Matters

Faster web browsing

QUIC was initially developed to improve the performance of Google's services, especially for mobile users. However, its benefits extend to the broader web. With faster connections and better data handling, web applications can load faster, which is especially crucial in regions with slow or unreliable internet connections.

Better streaming and gaming experiences 

One area where QUIC shines is in real-time applications like video streaming, gaming, and video conferencing. The low-latency, high-speed nature of QUIC ensures smoother video streams and fewer disruptions in live services. Additionally, the ability to seamlessly transition between networks without reconnecting makes QUIC ideal for mobile applications.

Increased security by default

With encryption baked into the protocol itself, QUIC helps improve the overall security of internet traffic. As more web services and applications adopt QUIC, the internet as a whole becomes more secure, protecting users from eavesdropping and other cyberthreats.

The evolution of HTTP/3 

QUIC plays a pivotal role in the development of HTTP/3, the latest version of the Hypertext Transfer Protocol. HTTP/3 runs on top of QUIC, rather than TCP, further enhancing the speed, security, and reliability of web browsing. As HTTP/3 becomes more widely adopted, QUIC will play an integral role in shaping the future of the web.

QUIC Uses Cases Summary

Focus area

Use case

How QUIC helps

Mobile & Web Applications

Both voice and video traffic which originates within these applications requires low latency and reliable data transmissions.

QUIC’s use of independent streams and congestion control mechanisms make it a good choice for these applications.

IOT devices + Internet of Vehicles (IOV)

  • IoT devices often use protocols such as TCP and MQTT for communication and can be prone to high latency and packet loss.
  • Real-time data exchange to provide services like traffic management, vehicle tracking, and safety features.

QUIC's low latency, multiplexing capabilities, and resilience to packet loss and packet reordering ensure reliable and efficient communication between vehicles and infrastructure components.

Cloud Computing

Delivery of computing resources over the Internet with faster pace and security.

With QUIC, cloud apps benefit from low latency and end-to-end encryption, improving the user experience and security.

eCommerce applications

These applications require secure and reliable data transmission.

QUIC's use of Transport Layer Security (TLS) encryption and reliable HTTP3 streams ensure data is transmitted securely, making it a good choice for apps storing and transmitting sensitive financial data.

Connection Migration

Consistent end user experience even if the client IP address or network conditions change during a session.

QUIC supports connection migration, which means that if a user's IP address changes or the client reconnects using a new network, the connection can continue without needing to be re-established.

 

How network and IT administrators are handling QUIC 

Most admins currently choose one of the following options when it comes to QUIC-based traffic:

  • Block QUIC at the firewall and have the device fall back to standard TCP-based TLS so the firewall can perform TLS inspection
  • Block QUIC at the web browser

Zscaler also currently advises customers as a best practice to block QUIC and fallback to TCP and enable SSL/TLS inspection. Doing so does not negatively impact user experience.

How our customers block QUIC depends on how they are forwarding traffic to Zscaler’s proxy-based edge network. They have three choices that mirror the options above:

  • Zscaler Client Connector (Z-Tunnel 1.0): Customers sending only Zscaler Client Connector traffic using  Z-Tunnel 1.0 to Zscaler can create a block rule on the device firewall to block UDP ports 80 and 443. Typically done by an IT admin, the actual method will differ by organization.
  • GRE or IPSec tunnel and Zscaler Client Connector (Z-Tunnel 2.0): Customers sending outbound internet traffic to Zscaler through a GRE or IPSec tunnel, or Zscaler Client Connector using Z-Tunnel 2.0 can block QUIC by creating a Zero Trust Firewall filtering rule. The rule will block QUIC UDP flows and force the web browser to default to TCP on ports 80/443.
  • Block QUIC traffic at the browser: IT administrators with Google Apps admin access can create a policy to block all QUIC traffic for Chrome users.

You can learn more about managing QUIC-based traffic in our product documentation. Zscaler’s engineering team is currently working to inspect traffic using the QUIC protocol with a goal of introducing this capability in 2025.

What’s Next for the QUIC Protocol? 

MASQUE (Multiplexed Application Substrate over QUIC Encryption) aims to develop mechanisms for proxied communications, i.e., when a client connecting to an entry server has a directive, that effectively creates a tunnel to another server. This is often used by VPNs to enable users to browse the web without revealing their real IP addresses. 

MASQUE is similar to some aspects of the Tor Project’s network of nodes, but uses QUIC to anonymize network traffic. It is also designed for operation by large providers, whereas Tor is designed for a large number of small providers. It is also used in systems like Apple’s Private Relay to provide a level of network address anonymization.

Conclusion: The Road Ahead for QUIC

QUIC is more than just a faster way to browse the web—it represents a fundamental shift in how data is transferred across the internet. By combining the best of TCP and UDP, along with encryption and better handling of modern network conditions, QUIC is set to become the foundation of faster, more secure, and more reliable internet experiences.

As HTTP/3 continues to gain traction and more companies adopt QUIC, we are likely to see significant improvements in everything from everyday web browsing to advanced applications like cloud gaming, live streaming, and IoT communications. The future of the internet is bright—and QUIC is shining a large swath of light on the path forward.

form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。