Understanding QUIC: A New Communication Protocol
Hello everyone, today we will explore the QUIC protocol and its underlying mechanisms. QUIC aims to improve upon existing communication protocols by addressing some of their limitations. It introduces several new concepts and integrates existing ones to enhance performance and security.
HTTP2 Communication Model
Basic Concepts
Before diving into QUIC, let's quickly review the HTTP2 communication model. The application layer, close to the user, employs the HTTP2 protocol, which includes features like multiplexing and traffic control. While HTTP2 itself doesn't mandate encryption, it is generally implemented using TLS.
TLS and TCP
The TLS layer handles encryption, identity verification, and ensures data integrity and confidentiality. It essentially encrypts the data. Data from the application layer then proceeds to the transmission layer, which traditionally uses TCP for reliable transmission, managing connection establishment, congestion control, and flow control.
IP Layer
The data then proceeds to the network layer, which is the IP layer. This is the fundamental structure upon which traditional web communication is built.
QUIC's Architecture
Integration and Improvements
QUIC integrates several functionalities, including the multiplexing and flow control of HTTPS, TCP's congestion and flow control mechanisms, and TLS encryption. TLS is still present, but functions as a component of QUIC, handling a smaller part of the process.
HTTP3
Because QUIC integrates and improves so many features, a new HTTP protocol, HTTP3, was created to work directly with it. HTTP3 retains the basic HTTP language, delegating many HTTP2 functions to QUIC.
UDP Dependency
Operating systems do not currently support the QUIC protocol natively. Therefore, QUIC relies on existing transmission protocols. Since QUIC aims to improve TCP, it utilizes UDP. UDP does not guarantee ordered transmission like TCP. Also, using UDP is not popular with operators.
QUIC's Layered Structure
Application Layer Implementation
QUIC is often implemented within the application layer, despite technically being a transport layer protocol. This allows for faster and wider deployment without waiting for OS upgrades. QUIC relies on other elements to function.
Data Packet Structure
QUIC's data packet structure can be complex. The structure consists of IP package inside which is a UDP section. Inside of that one or more QUIC packages can be found. Inside the QUIC packages, one or more QUIC needles reside. Finally, the application data is placed inside the needle.
Pig Analogy
To understand the process, imagine a pig being cut into pieces of pork. These pork pieces, representing streams of application data, are combined into "needles." These needles are then sealed into "QUIC bags," each with a unique number. This distribution is a key feature of QUIC.
Head-of-Line Blocking
Each QUIC bag has its own independent number. This allows for forwarding of necessary QUIC bags without halting the entire process, which solves the TCP's head-of-line blocking problem. If a bag is lost, only the data stream within that bag is affected; others continue without waiting for retransmission. However, if the lost data is critical for rendering a page, like CSS, the page will still be incomplete.
0-RTT Connection
Reducing Round Trip Time
QUIC aims to reduce round trip time (RTT). HTTP2, with TLS 1.2, requires at least 3 RTTs for connection establishment. Using TLS 1.3 reduces it to 2 RTTs. HTTPS3 with QUIC integrates TCP and TLS handshakes, reducing it to 1 RTT.
ERTT and 0 RTT
QUIC supports 0 RTT for connection resumption, where encrypted parameters are reused. ERTT (encrypted RTT) is for the initial connection, while 0 RTT is for subsequent reconnections.
Initial Handshake
QUIC's ERTT handshake involves an initial client hello and a server hello for encrypted initialization (initial crypto). After these, information is exchanged in encrypted form. This faster exchange generates the secret medicine quicker than TLS.
Long and Short Headers
The initial QUIC bags use long headers, while subsequent bags after the ERTT secret medicine exchange use short headers, designed for efficiency. Short headers are smaller and more efficient.
Handshake Completion
The service sends security information and certificates, usually divided into multiple packages. The customer responds with "finish," and the service responds with "handshakedown," signaling completion.
Data Transmission and QPAC
QPAC Compression
Official data transmission, including HTTP3 data, uses a flow type called QPAC. QPAC is a compression format based on HPAC, designed to integrate with QUIC.
Encrypted Handshake
The most critical process is the ERTT, where all information is integrated. Handshake is already an encrypted communication step. For 0 RTT, the client sends the token and encrypted data, allowing for a direct response.
Implications for Users and ISPs
Enhanced Security
QUIC encrypts not only HTTP data but also handshake information like packet numbers and ECK/ZEN, enhancing security for users. This makes it difficult for ISPs to detect or block specific traffic.
Connection ID
The connection ID is crucial. Traditional TCP relies on the four elements (source/destination IP and port) to establish a connection. If any of these change, a reconnection is needed.
Maintaining Connection
QUIC adds a connection ID to avoid repeated disconnections, especially when switching networks (e.g., Wi-Fi to 4G). The client and server agree on this ID, using it to identify the logical connection.
Traffic Limiting and ACK
Inherited Traditions
QUIC inherits traffic limiting from TCP and HTTP2. During the handshake, parties exchange Quick Transport Parameters to set data flow restrictions.
Acknowledgement (ACK)
QUIC uses an ACK mechanism similar to TCP. This mechanism informs the other party about what data has been received and what needs to be retransmitted.
Conclusion
QUIC theoretically solves many problems, especially in high-latency, lossy network environments. It will play a role, but faces deployment challenges. Widespread adoption requires funding, policies, and solutions for practical issues.
{#