Module 11 of 21 · Applied

When UDP is the right choice, and how QUIC changes the picture

16 min read 4 outcomes Scenario quiz

By the end of this module you will be able to:

  • Explain what UDP provides and what it deliberately omits
  • Describe QUIC's key additions over bare UDP: TLS integration, streams, and connection migration
  • Choose transport by delivery contract and control ownership, not by protocol reputation
  • Explain the manageability tradeoffs QUIC creates for network operations and middleboxes

Real-world deployment · 2012 to 2015

How Google deployed QUIC and measured the results at scale

Starting around 2012, Google began developing a new transport protocol internally. They called it QUIC. The initial motivation was specific: TCP's head-of-line blocking meant that one lost packet stalled all HTTP/2 streams sharing a connection, even streams that had no relationship to the lost packet. For a search results page loading dozens of resources in parallel, one loss event degraded everything.

Google deployed QUIC in Chrome and on their servers, then measured latency improvements in production. Their 2015 research found that for the 1% of worst-case connections (highest latency), QUIC reduced Google Search latency by approximately 8%. YouTube users on QUIC saw rebuffer rates drop by around 18%. These are not typical-case improvements; they are tail-latency improvements where users experience degraded service most.

The reason QUIC could achieve this while using UDP as its substrate: QUIC handles recovery per stream rather than per connection. A lost packet affects only the stream it belongs to. Other streams continue uninterrupted. That is a fundamental difference from HTTP/2 over TCP, where all streams share a single byte stream.

TCP is reliable and well-understood. Why would Google invest years building a new transport protocol on top of UDP, and what specific problems did they measure it solving?

QUIC can survive address changes that break TCP

QUIC connection IDs decouple the connection from the network four-tuple.

Connection identity decides whether a network swap breaks the connection Two stacked rows compare TCP and QUIC under the same network event. The top row TCP shows BEFORE on WiFi with 4-tuple key 10.0.0.5:49152 → 93.184.216.34:443, then a swap arrow labelled 'switch WiFi to cellular', then AFTER on cellular with a different 4-tuple and a BROKEN status tag. The bottom emphasised row QUIC shows BEFORE on WiFi with Connection ID a3-7f-92-c0, the same swap with a PATH_CHALLENGE annotation, and AFTER on cellular with the same Connection ID and a SURVIVES status tag. Each row's identifier label appears above the AFTER stage; the outcome sentence sits below. RFC 9293 §3.10.2 TCP 4-TUPLE KEY src IP : src port → dst IP : dst port BEFORE Client: WiFi 10.0.0.5 CONNECTION KEY 10.0.0.5:49152 → 93.184.216.34:443 ACTIVE switch WiFi → cellular AFTER Client: Cell 100.65.0.7 CONNECTION KEY 100.65.0.7:51200 → 93.184.216.34:443 BROKEN new tuple ≠ old tuple. Connection terminates. Application must reconnect. RFC 9000 §9 QUIC CONNECTION ID CID = a3-7f-92-c0 (chosen by endpoint, persists) BEFORE Client: WiFi 10.0.0.5 CONNECTION KEY CID a3-7f-92-c0 ACTIVE switch WiFi → cellular, send PATH_CHALLENGE AFTER Client: Cell 100.65.0.7 CONNECTION KEY CID a3-7f-92-c0 SURVIVES CID unchanged. Path validated. Streams continue uninterrupted. built by ransfordsnotes.com

TCP identifies a connection by the 4-tuple; an IP change breaks it. QUIC identifies a connection by Connection ID; the same connection survives a network swap.

11.1 UDP: eight bytes and a delivery attempt

UDP (User Datagram Protocol), defined in RFC 768, has a header of exactly eight bytes: source port (2 bytes), destination port (2 bytes), length (2 bytes), and checksum (2 bytes). That is the entire protocol overhead.

UDP provides message-oriented delivery. Each UDP datagram is sent as a single unit and received as a single unit, or not at all. There is no connection establishment, no acknowledgement, no ordering, no retransmission, and no congestion control. The application gets a datagram delivery service and owns everything else.

This is not a weakness; it is a design decision. When an application needs the lowest possible per-message overhead, or when it can handle losses better than TCP's recovery mechanism, or when it needs to implement its own timing and ordering strategy, UDP provides the simplest possible foundation.

User Datagrams are to be used for sending data with a minimal amount of protocol mechanism.

RFC 768 - Introduction

The RFC 768 introduction states the design intent directly. UDP deliberately omits the mechanisms that make TCP reliable. Applications that use UDP are expected to own the parts of the protocol contract that their workload requires.

Common UDP use cases include DNS queries (short request-response, latency-sensitive, application can retry), VoIP (Voice over Internet Protocol) and video conferencing (packet loss is preferable to the delay of retransmission for real-time audio), online gaming (position updates become stale faster than retransmission can deliver them), and streaming media (the application manages buffering and playback timing).

Choose the delivery contract, not the protocol reputation

TCP, UDP, and QUIC differ in what the transport owns and what the application must still prove.

Each transport draws a different line between protocol and application Three columns compare UDP, TCP (emphasis), and QUIC. Each column has three stacked blocks. The top block names the protocol, the RFC, the header size, and the cost framing. The middle block is white with the brand-red left accent and lists what the protocol provides: UDP gives port multiplexing, checksum, and message framing; TCP gives connection state, reliable byte stream, in-order delivery, and congestion control; QUIC gives multiplexed streams, per-stream recovery, integrated TLS 1.3, and connection migration. The bottom block is deemphasised neutral grey and lists what the application still owns under each protocol. RFC 768 UDP 8-byte header minimal overhead PROVIDES Port multiplexing Checksum (optional v6) Message framing APP STILL OWNS Connection state Reliability and recovery Ordering and dedup Congestion control RFC 9293 TCP 20-byte minimum reliable cost PROVIDES Connection state Reliable byte stream In-order delivery Congestion control APP STILL OWNS Message boundaries Per-stream recovery Migration across IPs RFC 9000 QUIC variable header per-stream cost PROVIDES Multiplexed streams Per-stream recovery Integrated TLS 1.3 Connection migration APP STILL OWNS Application semantics Stream priority policy 0-RTT replay policy built by ransfordsnotes.com

Choose a transport by what you can afford to own. UDP gives the application everything; TCP gives a reliable byte stream; QUIC gives independent reliable streams plus connection migration.

UDP is powerful precisely because it does so little. QUIC shows what happens when you add the specific parts that real applications actually need, without being constrained by TCP's original design decisions.

11.2 QUIC: UDP with transport state

QUIC, defined in RFC 9000, is a general-purpose transport protocol. It runs over UDP but adds the reliability, ordering, flow control, and congestion control that TCP provides. It also adds multiplexed streams and integrates TLS 1.3 cryptographic handshake behaviour directly into the transport handshake.

The multiplexed streams are the key difference from HTTP/2 over TCP. Each stream has independent flow control and recovery. A lost packet affects only the stream carrying that packet. Other streams in the same QUIC connection are unaffected. In TCP, all streams share a single byte stream, so any packet loss stalls everything waiting for the gap to be filled.

QUIC also supports 0-RTT (zero round-trip time) resumption for connections to servers the client has connected to before. In this mode, the client can send application data in the very first packet, before the handshake completes. TCP with TLS 1.3 requires at least one RTT for the handshake. QUIC 0-RTT removes that cost for repeat connections, at the cost of some replay protection limitations.

QUIC is a secure general-purpose transport protocol.

RFC 9000 - Section 1, Overview

The framing 'UDP-based' is deliberate. QUIC uses UDP as a datagram substrate but replaces TCP's entire connection model. QUIC implementations include flow control, congestion control, connection management, and TLS 1.3. UDP contributes only the checksum and port multiplexing.

QUIC loss recovery is scoped to the affected stream

A lost packet can delay one QUIC stream while other streams on the same connection continue.

QUIC scopes loss; TCP shares the stall across every stream Two stacked tracks show the same three streams (A HTML, B image, C CSS) over twelve time slots. The top track is HTTP/2 over TCP: at slot 4 a packet on stream B is lost, and streams A and C also enter a waiting state until the retransmit at slot 7 closes the gap. The bottom track is HTTP/3 over QUIC (emphasised): the same loss on B causes only B to wait while A and C continue delivering packets in every slot. A legend below the tracks explains the four glyphs: delivered packet, lost, waiting, retransmit. RFC 7540 + RFC 9293 HTTP/2 over TCP single byte stream: gap blocks every stream STREAM A A A A A A A A STREAM B B B B B retx B B B STREAM C C C C C C C C RFC 9114 + RFC 9000 HTTP/3 over QUIC per-stream recovery: only B waits STREAM A A A A A A A A A A A A A STREAM B B B B B retx B B B STREAM C C C C C C C C C C C C C delivered packet lost waiting (stalled) retransmit built by ransfordsnotes.com

QUIC scopes a lost packet to its own stream. HTTP/2 over TCP stalls every stream waiting for the gap in the byte stream to fill.

QUIC provides the transport foundation. HTTP/3 shows what that foundation enables at the application layer, particularly for web page loading on unreliable connections.

11.3 HTTP/3: the application layer on QUIC

HTTP/3, defined in RFC 9114, is the version of HTTP designed to run over QUIC. Where HTTP/2 runs over TCP (and suffers head-of-line blocking when packets are lost), HTTP/3 runs over QUIC streams and gets stream-independent recovery.

From the application developer's perspective, HTTP/3 looks similar to HTTP/2. The same semantics apply: methods, headers, status codes, bodies. The transport difference is invisible at the HTTP level. The practical benefit is reduced latency on lossy paths and faster connection setup on repeat visits via 0-RTT.

Connection migration is another QUIC feature. A QUIC connection is identified by a connection ID, not by the 4-tuple of source IP, source port, destination IP, destination port. This means a mobile client can switch from WiFi to a cellular network without reconnecting. The connection ID stays constant even when the underlying IP address changes.

QUIC improves privacy and transport agility, but it also moves information that network devices used to inspect into encrypted endpoints. Operations teams need to design for that tradeoff.

11.4 What QUIC changes for network operations

RFC 9312 is the operator's guide to QUIC manageability. The central change is the wire image: what a network device can infer by looking at packets. TCP exposes sequence numbers, acknowledgements, and many control behaviours. QUIC encrypts most transport control information, leaving a much smaller stable surface visible to the network.

That is intentional. It improves privacy and prevents middleboxes from freezing the protocol by depending on internal fields. The tradeoff is that traditional devices can no longer inspect the same transport details they used for troubleshooting, traffic optimisation, or policy. Operators must rely more on endpoint telemetry, flow metadata, server logs, explicit load-balancer support for QUIC connection IDs, and synthetic tests.

Connection migration also changes load-balancing assumptions. A TCP connection is tied to the 4-tuple. QUIC uses connection IDs so a client can move networks while preserving the connection. That is powerful for mobile users, but any load balancer or DDoS control that assumes the 4-tuple is the connection identity needs a QUIC-aware design.

Common misconception

UDP is unreliable, therefore bad.

UDP provides a delivery attempt without built-in recovery. Whether that is good or bad depends entirely on the application. DNS, VoIP, online gaming, and streaming all choose UDP or QUIC deliberately. A real-time audio stream should not retransmit a 20 ms audio frame that would arrive 150 ms late. The application handles loss by concealing it, not by waiting for a retransmit that arrives too late to use.

11.5 Check your understanding

A video conferencing app uses UDP. A packet containing 20 ms of audio is lost. Should the app retransmit it?

QUIC uses UDP as its substrate. A developer says 'QUIC is basically UDP with encryption.' What is wrong with this?

A mobile client has an active QUIC connection to a server. The user switches from WiFi to a cellular network and gets a new IP address. What happens to the QUIC connection?

Core distinctions

  • UDP provides an 8-byte header and message-oriented delivery with no connection state, ordering, or recovery. The application owns any guarantees it needs.
  • UDP is the right choice when the application can handle loss better than TCP retransmission would, or when per-message overhead must be minimal.
  • QUIC adds reliable, ordered, multiplexed streams, integrated TLS 1.3, congestion control, and connection migration on top of UDP. It solves TCP's head-of-line blocking problem.
  • HTTP/3 over QUIC gives independent per-stream recovery. A lost packet affects only its stream, not the entire connection.
  • QUIC deliberately encrypts most transport control information. That improves privacy and protocol evolution, but operators need endpoint telemetry and QUIC-aware load balancing to replace assumptions built around TCP's visible wire image.

Standards and sources cited in this module

  1. RFC 768, User Datagram Protocol

    Introduction and Header Format

    One-page original UDP specification. Quoted in Section 11.1 for the stated design intent of minimal protocol mechanism.

  2. RFC 9000, QUIC: A UDP-Based Multiplexed and Secure Transport

    Section 1, Overview; Section 9, Connection Migration

    Defines QUIC transport. Quoted in Section 11.2 for the overview framing. Section 9 is the basis for the connection migration description.

  3. RFC 9114, HTTP/3

    Section 1, Overview of HTTP/3

    Defines HTTP/3 over QUIC. Referenced in Section 11.3 for the HTTP/3 description and head-of-line blocking contrast with HTTP/2.

  4. RFC 9312, Manageability of the QUIC Transport Protocol

    Full specification

    Explains QUIC's wire image and the operational consequences for network operators and middlebox vendors. Referenced in Section 11.4.

  5. Langley, A. et al. (2017). The QUIC Transport Protocol: Design and Internet-Scale Deployment

    SIGCOMM 2017, Section 5: Performance Evaluation

    Google's production deployment data. Used in the opening case study for the measured latency and rebuffer improvements.

You now know the transport options. Module 12 separates routing (how the network learns paths) from forwarding (how individual packets follow those paths), and shows why BGP hijacks like the 2008 Pakistan-YouTube incident are possible.

Module 11 of 21 · Applied stage