@@ -115,3 +115,109 @@ and some places in the codebase still use the "swarm" terminology.
115115{{% /notice %}}
116116
117117[ definition_switch ] : /reference/glossary/#switch
118+
119+ ## QUIC
120+
121+ QUIC is a new transport protocol that provides an always-encrypted, stream-multiplexed
122+ connection built on top of UDP. It started as an experiment by Google between Google
123+ services and Chrome in 2014, and was later standardized by the IETF in
124+ [ RFC 9000] ( https://datatracker.ietf.org/doc/html/rfc9000 ) ,
125+ [ RFC 9001] ( https://datatracker.ietf.org/doc/html/rfc9001 ) , and
126+ [ RFC 9002] ( https://datatracker.ietf.org/doc/html/rfc9002 ) .
127+
128+ ### Key challenges with TCP
129+
130+ 1 . Head-of-line blocking (HoL blocking): TCP is a single byte stream exposed by the
131+ kernel, so streams layered on top of TCP experience head-of-line (HoL) blocking.
132+
133+ {{% notice "info" %}}
134+ In TCP, head-of-line blocking occurs when a single packet is lost, and packets delivered
135+ after that need to wait in the kernel buffer until a retransmission for the lost packet
136+ is received.
137+ {{% /notice %}}
138+
139+ 2 . Ossification: Because the header of TCP packet is not encrypted, middleboxes can
140+ inspect and modify TCP header fields and may break unexpectedly when they encounter
141+ anything they don’t understand. This makes it practically impossible to deploy any
142+ changes to the TCP protocol that change the wire format.
143+
144+ 3 . Handshake inefficiency: TCP spends one network round-trip (RTT) on verifying the
145+ client's address. Only after this can TLS start the cryptographic handshake, consuming
146+ another RTT. Setting up an encrypted connection therefore always takes 2 RTTs.
147+
148+ QUIC was designed with the following goals in mind:
149+
150+ - Making the transport layer aware of streams, so that packet loss doesn't cause HoL blocking
151+ between streams.
152+ - Reducing the latency of connection establishment to a single RTT for new connections, and to
153+ allow sending of 0 RTT application data for resumed connections.
154+ - Encrypting as much as possible. This eliminates the ossification risk, as middleboxes aren't
155+ able to read any encrypted fields. This allows future evolution of the protocol.
156+
157+ ### Comparing HTTP/2 and HTTP/3
158+
159+ In addition to defining the QUIC transport, the IETF also standardized a new version of HTTP that runs on top of QUIC: HTTP/3 (
160+ [ RFC 9114] ( https://datatracker.ietf.org/doc/html/rfc9114 ) ). HTTP/3 combines the advantages
161+ of the existing transfer protocols HTTP/2 and HTTP over QUIC in one standard for faster and
162+ more stable data transmission.
163+
164+ The following diagram illustrates the OSI model for HTTP/2 and HTTP/3 [ 1] :
165+
166+ ![ HTTP/2 & HTTP/3 OSI model] ( https://cloudspoint.xyz/wp-content/uploads/2022/03/http3.png )
167+
168+ A web browser connection typically entails the following ** (TCP+TLS+HTTP/2)** :
169+
170+ 1 . Transport layer: TCP runs on top of the IP layer to provide a reliable
171+ byte stream.
172+ - TCP provides a reliable, bidirectional connection between two end systems.
173+ 2 . Security layer: A TLS handshake runs on top of TCP to
174+ establish an encrypted and authenticated connection.
175+ - Standard TLS over TCP requires 3 RTT. A typical TLS 1.3 handshake takes 1 RTT.
176+ 3 . Application layer: HTTP runs on a secure transport connection to transfer
177+ information and applies a stream muxer to serve multiple requests.
178+ - Application data starts to flow.
179+
180+ In contrast, HTTP/3 runs over [ QUIC] ( ##what-is-quic ) , where QUIC is similar to
181+ TCP+TLS+HTTP/2 and runs over UDP. Building on UDP allows HTTP/3 to bypass the challenges
182+ found in TCP and use all the advantages of HTTP/2 and HTTP over QUIC.
183+
184+ ### What is QUIC?
185+
186+ QUIC combines the functionality of these layers. Instead of TCP, it builds on UDP.
187+ When a UDP datagram is lost, it is not automatically retransmitted by the kernel.
188+ QUIC therefore takes responsibility for loss detection and repair itself. By using
189+ encryption, QUIC avoids ossified middleboxes. The TLS 1.3 handshake is performed in
190+ the first flight, removing the cost of verifying the client’s address and saving an
191+ RTT. QUIC also exposes multiple streams (and not just a single byte stream), so
192+ no stream multiplexer is needed at the application layer. Part of the application
193+ layer is also built directly into QUIC.
194+
195+ In addition, a client can make use of QUIC's 0 RTT feature for subsequent connections
196+ when it has already communicated with a certain server. The client can then send
197+ (encrypted) application data even before the QUIC handshake has finished.
198+
199+ ### QUIC in libp2p
200+
201+ libp2p only supports bidirectional streams and uses TLS 1.3 by default.
202+ Since QUIC already provides an encrypted, stream-multiplexed connection,
203+ libp2p directly uses QUIC streams, without any additional framing.
204+
205+ To authenticate each others' peer IDs, peers encode their peer ID into a self-signed
206+ certificate, which they sign using their host's private key. This is the same way peer
207+ IDs are authenticated in the
208+ [ libp2p TLS handshake] ( https://github.com/libp2p/specs/blob/master/tls/tls.md ) .
209+
210+ {{% notice "note" %}}
211+
212+ To be clear, there is no additional security handshake and stream muxer needed as QUIC
213+ provides all of this by default. This also means that establishing a libp2p connection between
214+ two nodes using QUIC only takes a single RTT.
215+
216+ {{% /notice %}}
217+
218+ Following the multiaddress format described earlier, a standard QUIC connection will
219+ look like: ` /ip4/127.0.0.1/udp/65432/quic/ ` .
220+
221+ ## References
222+
223+ [ 1] [ What is HTTP/3 by Cloudspoint] ( https://cloudspoint.xyz/what-is-http3/ )
0 commit comments