Home > front end >  Why is QUIC protocol is said to be built on UDP when it uses TLS packets which runs on TCP?
Why is QUIC protocol is said to be built on UDP when it uses TLS packets which runs on TCP?

Time:04-08

I was researching on QUIC protocol and my professor asked me this question. QUIC is said to be built on UDP and uses TLS packets. TLS itself requires reliable connection that is TCP. So, why QUIC is not said to be built on TCP? PS: Please correct me if my concepts are wrong and if possible, please explain in deep how QUIC packets work.

CodePudding user response:

QUIC includes TLS in it to allow it to be used over UDP in the same way as TCP works.

Why bother reinventing TCP and not just use TCP? Well TCP is kind of “stuck” as it’s slow to roll out new changes that fundamentally change how TCP works. Enhancing it to allow new features like multiplex streams will take a loooong time to roll out everywhere TCP is supported.

QUIC is built over simple UDP packets and everything else is handled at either end by QUIC and all the routers and networks in the middle don’t need to know about these new QUIC features.

CodePudding user response:

QUIC is said to be built on UDP and uses TLS packets.

QUIC (RFC 9000) does not use TLS "packets".

Technically, TLS uses the term "record" to indicate a block of bytes that defines how the protocol is framed. A record specifies the TLS protocol version, the length of the record, etc. Inside TLS frames there are one or more TLS messages that specify cryptographic information or commands.
The TLS records are transported by TCP.

What QUIC does instead is to reuse some of the TLS messages, but nothing of the TLS record layer.

For example, in TCP the first bytes sent by a client are typically a TLS record that wraps the ClientHello message.

In QUIC, instead, the first bytes are a QUIC Initial packet, that wraps a CRYPTO frame, that wraps the ClientHello message, and all of these bytes must fit into a UDP datagram (they typically do, and the Initial packet even carries a PADDING frame to make the initial bytes at least 1200).
Refer to RFC 9001 for more details about how TLS is used in QUIC).

More broadly about QUIC, it is based on UDP but borrows many TCP features (retransmissions, flow control, etc.) that basically make it an alternative to TCP in the sense that it is a reliable network protocol, with security (encryption) features built-in, borrowed by TLS.

TCP is clear-text and relies on TLS layered on top to provide encryption. QUIC is a mix of TCP features and TLS features (there is no clear-text QUIC), without layering.

When you say "Why QUIC is not said to be built on TCP?", I say "QUIC is not built on TCP, it is built on UDP. However, QUIC borrows TCP features that make QUIC provide similar functionalities as TCP, in particular reliability and flow control, that are not provided by UDP".

For example, in Jetty we have implemented HTTP/1.1 and HTTP/2 (that are TCP-based protocols) on top of QUIC, using a single, persistent, QUIC stream.
This shows that QUIC can be indeed a replacement for TCP, as it can carry protocols that were designed for TCP.

  • Related