Blog de Zscaler
Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler
SuscribirseQUIC: The Secure Communication Protocol Shaping the Internet’s Future
As the internet has evolved dramatically in the last few decades, so too has the underlying technology that powers it. QUIC is one of those exciting innovations: it’s a new transport protocol developed by Google that promises faster, more secure, and more reliable internet experiences. In this blog, we’ll dive into what makes QUIC such a game-changer, its advantages, and why it might be the future of internet communication.
Initially designed and deployed in 2012 by Google, QUIC is a general-purpose transport layer network protocol. As a communication protocol, QUIC aims to improve the performance of web applications that use Transmission Control Protocol (TCP). The Internet Engineering Task Force (IETF) and Google developed QUIC based on Internet Protocol (IP) and usually layered with User Datagram Protocol (UDP).
Although its name was initially derived from the acronym for "Quick UDP Internet Connections,” in the IETF's use of the word QUIC is not an acronym: it is simply the name of the protocol. While UDP is faster due to its lack of connection overhead, it is also less reliable. TCP, on the other hand, ensures reliability but at the cost of speed due to its complex handshake and retransmission mechanisms.
The overall design goals of the QUIC protocol at its inception were to enhance performance, reduce latency, and improve security for network-based products and services. Indeed, browser-based and mobile applications perform better with this protocol.
In a nutshell, QUIC was designed to combine the speed of UDP with the reliability and security features typically associated with TCP, along with the encryption capabilities of TLS (Transport Layer Security).
Key Features of QUIC
Faster connection establishment
One of QUIC's main advantages is its reduced latency. Traditional TCP requires a multi-step handshake to establish a connection and additional steps to set up encryption via TLS. QUIC compresses these processes into a single handshake, which leads to faster connection times. In fact, QUIC eliminates the need for separate handshakes for TLS and transport, combining them into one. This significantly reduces the time it takes to establish secure connections.
Multiplexing without head-of-line blocking
A well-known issue with TCP is head-of-line (HOL) blocking, where the loss of a single packet forces all subsequent packets to wait until the lost packet is retransmitted. QUIC solves this problem by using independent streams, allowing multiple streams to exist within a single connection. This means that a packet lost in one stream doesn’t block others, leading to more efficient data transfer.
Built-in encryption
QUIC was built with security in mind from the outset. Unlike TCP, where encryption is optional (via TLS), QUIC mandates encryption for all connections. This ensures that data transferred over QUIC is always encrypted and secure, providing a safer browsing experience.
Smoother handling of network changes
With mobile devices constantly switching between networks (e.g., from Wi-Fi to cellular), connection disruptions can occur. In traditional TCP, a change in network requires the connection to be re-established. QUIC, however, has built-in mechanisms to handle network changes smoothly without needing to start the connection process again, providing better resilience and maintaining performance for a better user experience.
Reduced latency for repeated connections
Since QUIC connections are identified by a unique ID rather than the IP address, reconnecting to a server you’ve connected to before is much faster. The server can recognize the connection by its ID and skip certain handshake steps, reducing the overall latency, especially in high-latency networks.
Why QUIC Matters
Faster web browsing
QUIC was initially developed to improve the performance of Google's services, especially for mobile users. However, its benefits extend to the broader web. With faster connections and better data handling, web applications can load faster, which is especially crucial in regions with slow or unreliable internet connections.
Better streaming and gaming experiences
One area where QUIC shines is in real-time applications like video streaming, gaming, and video conferencing. The low-latency, high-speed nature of QUIC ensures smoother video streams and fewer disruptions in live services. Additionally, the ability to seamlessly transition between networks without reconnecting makes QUIC ideal for mobile applications.
Increased security by default
With encryption baked into the protocol itself, QUIC helps improve the overall security of internet traffic. As more web services and applications adopt QUIC, the internet as a whole becomes more secure, protecting users from eavesdropping and other cyberthreats.
The evolution of HTTP/3
QUIC plays a pivotal role in the development of HTTP/3, the latest version of the Hypertext Transfer Protocol. HTTP/3 runs on top of QUIC, rather than TCP, further enhancing the speed, security, and reliability of web browsing. As HTTP/3 becomes more widely adopted, QUIC will play an integral role in shaping the future of the web.
QUIC Uses Cases Summary
Focus area | Use case | How QUIC helps |
Mobile & Web Applications | Both voice and video traffic which originates within these applications requires low latency and reliable data transmissions. | QUIC’s use of independent streams and congestion control mechanisms make it a good choice for these applications. |
IOT devices + Internet of Vehicles (IOV) |
| QUIC's low latency, multiplexing capabilities, and resilience to packet loss and packet reordering ensure reliable and efficient communication between vehicles and infrastructure components. |
Cloud Computing | Delivery of computing resources over the Internet with faster pace and security. | With QUIC, cloud apps benefit from low latency and end-to-end encryption, improving the user experience and security. |
eCommerce applications | These applications require secure and reliable data transmission. | QUIC's use of Transport Layer Security (TLS) encryption and reliable HTTP3 streams ensure data is transmitted securely, making it a good choice for apps storing and transmitting sensitive financial data. |
Connection Migration | Consistent end user experience even if the client IP address or network conditions change during a session. | QUIC supports connection migration, which means that if a user's IP address changes or the client reconnects using a new network, the connection can continue without needing to be re-established. |
Global QUIC Adoption Trends
While the benefits of QUIC are compelling, there’s still resistance to its adoption due to the inability to inspect traffic using the protocol, unlike with TCP-based traffic. Later in this blog we lay out the options available to network and IT administrators for dealing with QUIC-based network traffic. While the usage may appear on the surface limited, the reality is that QUIC adoption has been swift in nations where the majority of the population accesses the internet via cellular networks.
- QUIC is used by 8.2% of all websites globally.
- HTTP/3 is used by 31.1% of all websites globally.
- As per APNIC, the world map of QUIC support below shows this level of support for QUIC across various nations. China is the only major economy with a level of QUIC support below 20%.
How network and IT administrators are handling QUIC
Most admins currently choose one of the following options when it comes to QUIC-based traffic:
- Block QUIC at the firewall and have the device fall back to standard TCP-based TLS so the firewall can perform TLS inspection
- Block QUIC at the web browser
Zscaler also currently advises customers as a best practice to block QUIC and fallback to TCP and enable SSL/TLS inspection. Doing so does not negatively impact user experience.
How our customers block QUIC depends on how they are forwarding traffic to Zscaler’s proxy-based edge network. They have three choices that mirror the options above:
- Zscaler Client Connector (Z-Tunnel 1.0): Customers sending only Zscaler Client Connector traffic using Z-Tunnel 1.0 to Zscaler can create a block rule on the device firewall to block UDP ports 80 and 443. Typically done by an IT admin, the actual method will differ by organization.
- GRE or IPSec tunnel and Zscaler Client Connector (Z-Tunnel 2.0): Customers sending outbound internet traffic to Zscaler through a GRE or IPSec tunnel, or Zscaler Client Connector using Z-Tunnel 2.0 can block QUIC by creating a Zero Trust Firewall filtering rule. The rule will block QUIC UDP flows and force the web browser to default to TCP on ports 80/443.
- Block QUIC traffic at the browser: IT administrators with Google Apps admin access can create a policy to block all QUIC traffic for Chrome users.
You can learn more about managing QUIC-based traffic in our product documentation. Zscaler’s engineering team is currently working to inspect traffic using the QUIC protocol with a goal of introducing this capability in 2025.
What’s Next for the QUIC Protocol?
MASQUE (Multiplexed Application Substrate over QUIC Encryption) aims to develop mechanisms for proxied communications, i.e., when a client connecting to an entry server has a directive, that effectively creates a tunnel to another server. This is often used by VPNs to enable users to browse the web without revealing their real IP addresses.
MASQUE is similar to some aspects of the Tor Project’s network of nodes, but uses QUIC to anonymize network traffic. It is also designed for operation by large providers, whereas Tor is designed for a large number of small providers. It is also used in systems like Apple’s Private Relay to provide a level of network address anonymization.
Conclusion: The Road Ahead for QUIC
QUIC is more than just a faster way to browse the web—it represents a fundamental shift in how data is transferred across the internet. By combining the best of TCP and UDP, along with encryption and better handling of modern network conditions, QUIC is set to become the foundation of faster, more secure, and more reliable internet experiences.
As HTTP/3 continues to gain traction and more companies adopt QUIC, we are likely to see significant improvements in everything from everyday web browsing to advanced applications like cloud gaming, live streaming, and IoT communications. The future of the internet is bright—and QUIC is shining a large swath of light on the path forward.
References:
- https://quicwg.org/
- https://datatracker.ietf.org/doc/html/rfc9000
- https://en.wikipedia.org/wiki/QUIC
- https://ietf-wg-masque.github.io/
- https://datatracker.ietf.org/wg/masque/about/
- https://news.ycombinator.com/item?id=26839343
- https://w3techs.com/technologies/details/ce-quic
IETF QUIC RFC documents:
¿Este post ha sido útil?
Reciba las últimas actualizaciones del blog de Zscaler en su bandeja de entrada
Al enviar el formulario, acepta nuestra política de privacidad.