As you may know, I do ntopng consulting, and support companies in their implementation of ntop solutions. For some time now, ntopng users have noticed a high amount of QUIC traffic in their respective networks.
Most people don’t really know what QUIC is, which is why I’d like to take this as an opportunity to briefly introduce the QUIC protocol, which is appearing more and more frequently on networks.
Here’s the explanation that can be found in Wikipedia:
QUIC (originally an acronym for Quick UDP Internet Connections) is a reliable, connection-oriented and encrypted transport layer network protocol based on the User Datagram Protocol (UDP). QUIC was originally developed by Google Inc. and introduced for standardization on July 20, 2016, and is described in RFC 9000.
QUIC was invented to create a faster alternative to the current TCP HTTP/2 with TLS/SSL connection. The aim was to speed up all accesses made via TCP HTTP/TLS. Of course, the new protocol also has to take current security standards into account, while at the same time being very flexible.
QUIC connections are always encrypted (currently with TLS 1.3), have a knowledge of streams, support transparent client migration (this means that if the client changes IP, the connection still remains active and does not have to be rebuilt), and that when establishing a connection QUIC requires one less RTT.
QUIC uses port UDP 443. But if it’s closed by a firewall it switches to TCP 443 and must then be supported by the application (the first browser to support it was Google Chrome).
Speaking of Chrome, QUIC is already supported by all common browsers, Facebook and YouTube rely on QUIC, and even Snapchat sits on top of QUIC. QUIC is currently used mainly for HTTP, but DNS over QUIC and SMB over QUIC already exist.
You can perhaps understand why you find so much QUIC traffic in ntopng if you take a look at HTTP internet traffic worldwide as shown in this illustration (taken on 03.05.2024):
Legend:
Dark green: over 80%
Light green: 60% – 80%
Yellow: 50% – 60%
Orange: 30% – 40%
Red: under 10%
Source: https://stats.labs.apnic.net/quic
I hope that with this blog post I’ve been able to provide you with an initial understanding of what QUIC is.
Did you read this article because you’re knowledgeable about networking? Do you have the skills necessary to monitor networks? We’re currently hiring for roles like this as well as other roles here at Würth Phoenix.