SlideShare a Scribd company logo

Triggering QUIC, presented by Geoff Huston at IETF 123

APNIC, profile picture
APNIC

Geoff Huston, APNIC Chief Scientist, presented on 'Triggering QUIC' at IETF 123 held in Madrid, Spain from 19 to 25 July 2025.

Internet
1 of 32
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Triggering QUIC Geoff Huston AM APNIC July 2025 1
What’s QUIC? 2 • An end-to-end encrypted transport protocol, providing more flexibility, faster connection setup, and a larger set of transport services than TCP • Operates over UDP port 443
Triggering QUIC in HTTP Method 1 - Use content-level Alt-Svc controls to trigger the client to use the QUIC transport protocol (if it can): • Add Alt-Svc: h3=“:443” to the HTML headers 3
Setting Expectations • Chrome has a dominant share of browser instances - roughly, some 65%* • Chrome has been supporting a switch to QUIC via the Alt-Svc directive since 2020 * Oberlo.com 4
Setting Expectations • Chrome has a dominant share of browser instances - roughly, some 65%* • Chrome has been supporting a switch to QUIC via the Alt-Svc directive since 2020 * Oberlo.com So, we should expect up to 65% of clients will try to connect using QUIC if the server signals it supports QUIC – right? 5
The Alt-Svc Trigger • This trigger is only effective when the client contacts this server for the second time • But HTTP/1.1 and HTTP/2.0 use session persistence to keep the original TCP/TLS session open, so the condition where a client needs to open a new connection is less likely to occur • The per-server Alt-Svc information is cached by the user for only 24 hours by default 6
The Alt-Svc Trigger • This trigger is only effective when the client contacts this server for the second time • But HTTP/1.1 and HTTP/2.0 use session persistence to keep the original TCP/TLS session open, so the condition where a client needs to open a new connection is less likely to occur • The ser server Alt-Svc information is cached by the user for only 24 hours by default So, QUIC use will only be visible when a server is visited by a client for a second time AFTER the keep-alive expires. 7
APNIC’s measurement We need to trigger the conditions of a second fetch in the measurement: • Set the server keepalive time to 1 second • Request the same web object a total of 8 times using 2 second intervals between requests 8
Triggering QUIC in HTTP Method 2 - Use the DNS to trigger QUIC: • Set up an HTTPS record for the service name, with value: alpn=“h3” • This allows Safari to use QUIC from the first access 9
Safari supports QUIC (using Method 2) • Apple’s Safari is now supporting QUIC, using an HTTPS query/response in the DNS, where the apln directive can specify the use of the HTTP/3 protocol to access this service • QUIC can be triggered immediately (no wait for the second visit), so presumably, if the client performs a DNS HTTPS query, and the response indicates that the server supports QUIC, then the client should use QUIC for the connection 10
Setting Expectations • Chrome has a dominant share of browser instances - roughly, some 65%* • Apple Safari is now supporting QUIC, using the DNS HTTPS trigger • So, a QUIC-aware server platform should be seeing up to 85% of its sessions using QUIC • This figure is probably not achievable as the content level control requires some precise conditions for the “second” visit: • long enough between visits for the session keepalive timer to expire • Short enough such that the local cache of server capabilities has not expired * https://gs.statcounter.com/browser-market-share 11
Cloudflare’s Numbers – 31% 12 Month Time Series QUIC 12
Cloudflare’s Numbers – 31% 12 Month Time Series QUIC That result is less than half of the maximum possible result if this is just alt-svc directive being used to trigger QUIC 13
APNIC’s Numbers – 70% Playing with keepalive parameters! First Fetch – mainly Safari clients Second and Subsequent Fetches – mainly Chrome clients are added here 14
Method 2 - DNS HTTPS Query Rate Safari Chrome Others Total Most Safari browsers consistently query for a DNS HTTPS record Around 3% of Chrome browsers query for the HTTPS record How many users are generating DNS HTTPS Queries? 15
Chrome Browser HTTPS Query Rate There is a strong weekly pattern in this data where weekend query rates are lower than weekday query rates Query rates halved between October 2024 and May 2025, then rose across June 2025 16
Chrome Browser HTTPS Query Rate There is a strong weekly pattern in this data where weekend query rates are lower than weekday query rates Query rates halved between October 2024 and May 2025, then rose across June 2025 Why is Chrome’s use of the DNS HTTPS query so low? Is this Chrome, or the user’s local network environment? 17
QUIC Use • If QUIC access is supported by the current releases by both the major browsers, then we should see a high QUIC use rate when the ability to use QUIC is signaled by both methods (alt-svc and DNS HTTPS) • What do we see? 18
Global QUIC Use 19 100% 0%
Global QUIC Use First Fetch – mainly Safari clients Second and Subsequent Fetches – mainly Chrome clients are added here 20
Global QUIC Use It’s likely that there is some form of national-level block on UDP port 443 traffic in China and Iran 21
Global QUIC Use It looks like this network-level block has been variously turned on and off over the past few years in Iran 22
Global QUIC Use It looks like there is some form of network-level block operating in China, but its effects are not uniform across all China’s networks 23
QUIC Use • If QUIC access is supported by the current releases by both the major browsers then we should see a high QUIC use rate when the ability to use QUIC is signaled by both methods (alt-svc and DNS HTTPS) • What do we see? • In most locales the alt-svc method of triggering QUIC is supported by browsers and network infrastructure • What about the DNS HTTPS method of triggering QUIC? • Who uses a DNS HTTPS query? • Are HTTPS responses being filtered by DNS infrastructure in some cases? 24
The DNS HTTPS record • The HTTPS record can also contain ipv4hint and ipv6hint attributes • Any A and AAAA records for a name will be used by a client in preference to these hint attributes • But if there is no A and no AAAA record in the zone, then a HTTPS- aware client will be forced to use these address hint attributes • Let’s try that, and allow the client to use either HTTP/2 OR HTTP/3: test_name IN HTTPS 1 . alpn="h2,h3" ipv4hint=192.0.2.1 ipv6hint=2001:db8::1 25
DNS HTTPS Use Rate How many users can use DNS HTTPS responses? All Chrome Safari Others Samples 13,177,108 9,487,295 3,602,160 87,653 - DNSHTTPSQuery 3,708,895 28.1% 157,695 1.7% 3,506,664 97.3% 44,536 50.8% WebFetch(h2/h3) 3,480,873 26.4% 5,957 0.1% 3,469,867 96.3% 5,049 5.8% WebFetch(QUIC) 2,710,668 20.6% 4,793 0.1% 2,701,516 75.0% 4,359 5.0% Data collected over a 24-hour period (7/7/2025) Few Chrome users (1.7%) perform an HTTPS query, and even fewer (0.1%) followup with a fetch of the web object. Most Safari users (97.3%) perform an HTTPS query, and most (96.3%) followup with a fetch of the web object. Fewer users (75%) prefer to use QUIC to perform web object retrieval when given the choice. 26
DNS HTTPS Use Rate How many users can use DNS HTTPS responses? All Chrome Safari Others Samples 13,177,108 9,487,295 3,602,160 87,653 - DNSHTTPSQuery 3,708,895 28.1% 157,695 1.7% 3,506,664 97.3% 44,536 50.8% WebFetch(h2/h3) 3,480,873 26.4% 5,957 0.1% 3,469,867 96.3% 5,049 5.8% WebFetch(QUIC) 2,710,668 20.6% 4,793 0.1% 2,701,516 75.0% 4,359 5.0% Data collected over a 24-hour period (7/7/2025) Few Chrome users (1.7%) perform an HTTPS query, and even fewer (0.1%) followup with a fetch of the web object. Most Safari users (97.3%) perform an HTTPS query, and most (96.3%) followup with a fetch of the web object. Fewer users (75%) prefer to use QUIC to perform web object retrieval when given the choice. 27 Why is Safari not using QUIC in 25% of cases?
DNS HTTPS Use Rate How many users can use DNS HTTPS responses? All Chrome Safari Others Samples 13,177,108 9,487,295 3,602,160 87,653 - DNSHTTPSQuery 3,708,895 28.1% 157,695 1.7% 3,506,664 97.3% 44,536 50.8% WebFetch(h2/h3) 3,480,873 26.4% 5,957 0.1% 3,469,867 96.3% 5,049 5.8% WebFetch(QUIC) 2,710,668 20.6% 4,793 0.1% 2,701,516 75.0% 4,359 5.0% Data collected over a 24-hour period (7/7/2025) Few Chrome users (1.7%) perform an HTTPS query, and even fewer (0.1%) followup with a fetch of the web object. Most Safari users (97.3%) perform an HTTPS query, and most (96.3%) followup with a fetch of the web object. Fewer users (75%) prefer to use QUIC to perform web object retrieval when given the choice. Chrome uses alt-svc and not DNS HTTPS Safari uses DNS HTTPS 28
Does Safari also use alt-svc? Data collected over a 24-hour period (10/7/2025) Most Chrome users (91.6%) perform a QUIC retrieval on the subsequent fetch. Few Safari users (2.9%) perform a QUIC retrieval in the subsequent fetch, indicating that the browsers are NOT following the alt-svc directive All Chrome Safari Others Samples 14,163,673 9,788,178 4,251,430 124,065 TCP First Fetch 14,055,816 99.2% 9,787,962 100.0% 4,151,937 97.7% 115,917 93.4% QUIC First Fetch 107,857 0.8% 216 0.0% 99,493 2.3% 8,148 6.6% QUIC 2ndFetch 9,183,332 64.8% 8,966,915 91.6% 122,086 2.9% 94,331 76.0% How many users can use QUIC when there is only an alt-svc directive and no DNS HTTP record? 29
Does Safari also use alt-svc? Data collected over a 24-hour period (10/7/2025) Most Chrome users (91.6%) perform a QUIC retrieval on the subsequent fetch. Few Safari users (2.9%) perform a QUIC retrieval in the subsequent fetch, indicating that the browsers are NOT following the alt-svc directive All Chrome Safari Others Samples 14,163,673 9,788,178 4,251,430 124,065 TCP First Fetch 14,055,816 99.2% 9,787,962 100.0% 4,151,937 97.7% 115,917 93.4% QUIC First Fetch 107,857 0.8% 216 0.0% 99,493 2.3% 8,148 6.6% QUIC 2ndFetch 9,183,332 64.8% 8,966,915 91.6% 122,086 2.9% 94,331 76.0% How many users can use QUIC when there is only an alt-svc directive and no DNS HTTP record? 30 No, Safari does not appear to use the alt-svc directive
Conclusions/Questions • If you want to serve content over QUIC you have to support BOTH QUIC trigger methods of a DNS HTTP record AND an alt-svc directive to signal QUIC capability to Chrome and Safari clients. • Why doesn’t Chrome also use the HTTPS query? • Are they concerned about the greater DNS query load that would result from such a change? • Why doesn’t Safari also use the alt-svc directive? • Why do 24% of Safari users NOT perform a QUIC fetch despite a HTTPS record being queried? • Why do 2% of Safari users perform an initial QUIC fetch when there is no DNS HTTPS trigger? 31
Thanks! 32

More Related Content

PDF
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
APNIC
 
PDF
AusNOG 2023: A quick look at QUIC
APNIC
 
PDF
40th TWNIC Open Policy Meeting: A quick look at QUIC
APNIC
 
PDF
QUIC, presented by Geoff Huston at the 42nd TWNIC IP Open Policy Meeting
APNIC
 
PPTX
.NET Conf 2022 - Networking in .NET 7
Karel Zikmund
 
PDF
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
APNIC
 
PDF
HTTP 2.0 – What do I need to know?
Sigma Software
 
PDF
PAC 2019 virtual Scott Moore
Neotys
 
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
APNIC
 
AusNOG 2023: A quick look at QUIC
APNIC
 
40th TWNIC Open Policy Meeting: A quick look at QUIC
APNIC
 
QUIC, presented by Geoff Huston at the 42nd TWNIC IP Open Policy Meeting
APNIC
 
.NET Conf 2022 - Networking in .NET 7
Karel Zikmund
 
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
APNIC
 
HTTP 2.0 – What do I need to know?
Sigma Software
 
PAC 2019 virtual Scott Moore
Neotys
 

Similar to Triggering QUIC, presented by Geoff Huston at IETF 123 (20)

PPTX
2017_IMC_QUIC.pptx
Brian Zein
 
PDF
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
nullowaspmumbai
 
PDF
Advance Malware CnC by Avkash k and dhawal shah
Avkash Kathiriya
 
PDF
Introduction to WebSockets
Gunnar Hillert
 
PDF
Network
Ynon Perek
 
PDF
HTTP/3
Daniel Stenberg
 
PDF
Extending Your Applications to the Edge with CDNs
Salesforce Developers
 
PPT
Juglouvain http revisited
marctritschler
 
PPTX
Training Webinar: Enterprise application performance with server push technol...
OutSystems
 
PPTX
Improve Customer Experience with Multi CDN Solution
Cloudxchange.io
 
PDF
Nginx, PHP, Apache and Spelix
Harald Zeitlhofer
 
PDF
Architecting Low Latency Applications Alberto Gonzalez
Alberto González Trastoy
 
PDF
Building high performance microservices in finance with Apache Thrift
RX-M Enterprises LLC
 
PPTX
Securely Publishing Azure Services
BizTalk360
 
PDF
WebRTC DataChannels demystified
Victor Pascual Ávila
 
PPTX
WebRTC Seminar Report
srinivasa teja
 
PDF
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
 
PPTX
Securing management, control & data plane
NetProtocol Xpert
 
PDF
A New Internet? Introduction to HTTP/2, QUIC and DOH
APNIC
 
PDF
Networking in the Penumbra presented by Geoff Huston at NZNOG
APNIC
 
2017_IMC_QUIC.pptx
Brian Zein
 
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
nullowaspmumbai
 
Advance Malware CnC by Avkash k and dhawal shah
Avkash Kathiriya
 
Introduction to WebSockets
Gunnar Hillert
 
Network
Ynon Perek
 
HTTP/3
Daniel Stenberg
 
Extending Your Applications to the Edge with CDNs
Salesforce Developers
 
Juglouvain http revisited
marctritschler
 
Training Webinar: Enterprise application performance with server push technol...
OutSystems
 
Improve Customer Experience with Multi CDN Solution
Cloudxchange.io
 
Nginx, PHP, Apache and Spelix
Harald Zeitlhofer
 
Architecting Low Latency Applications Alberto Gonzalez
Alberto González Trastoy
 
Building high performance microservices in finance with Apache Thrift
RX-M Enterprises LLC
 
Securely Publishing Azure Services
BizTalk360
 
WebRTC DataChannels demystified
Victor Pascual Ávila
 
WebRTC Seminar Report
srinivasa teja
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
 
Securing management, control & data plane
NetProtocol Xpert
 
A New Internet? Introduction to HTTP/2, QUIC and DOH
APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
APNIC
 
Ad

More from APNIC (20)

PPTX
APNIC Report, presented at APAN 60 by Thy Boskovic
APNIC
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
PDF
DNSSEC Made Easy, presented at PHNOG 2025
APNIC
 
PDF
BGP Security Best Practices that Matter, presented at PHNOG 2025
APNIC
 
PDF
APNIC's Role in the Pacific Islands, presented at Pacific IGF 2205
APNIC
 
PDF
IPv6 Deployment and Best Practices, presented by Makito Lay
APNIC
 
PDF
Cleaning up your RPKI invalids, presented at PacNOG 35
APNIC
 
PDF
The Internet - By the numbers, presented at npNOG 11
APNIC
 
PDF
Transmission Control Protocol (TCP) and Starlink
APNIC
 
PDF
DDoS in India, presented at INNOG 8 by Dave Phelan
APNIC
 
PDF
Global Networking Trends, presented at the India ISP Conclave 2025
APNIC
 
PDF
Make DDoS expensive for the threat actors
APNIC
 
PDF
Fast Reroute in SR-MPLS, presented at bdNOG 19
APNIC
 
PDF
DDos Mitigation Strategie, presented at bdNOG 19
APNIC
 
PDF
ICP -2 Review – What It Is, and How to Participate and Provide Your Feedback
APNIC
 
PDF
APNIC Update - Global Synergy among the RIRs: Connecting the Regions
APNIC
 
PDF
Measuring Starlink Protocol Performance, presented at LACNIC 43
APNIC
 
PDF
Prop-154: Resizing of IPv4 assignments for IXPs
APNIC
 
APNIC Report, presented at APAN 60 by Thy Boskovic
APNIC
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
DNSSEC Made Easy, presented at PHNOG 2025
APNIC
 
BGP Security Best Practices that Matter, presented at PHNOG 2025
APNIC
 
APNIC's Role in the Pacific Islands, presented at Pacific IGF 2205
APNIC
 
IPv6 Deployment and Best Practices, presented by Makito Lay
APNIC
 
Cleaning up your RPKI invalids, presented at PacNOG 35
APNIC
 
The Internet - By the numbers, presented at npNOG 11
APNIC
 
Transmission Control Protocol (TCP) and Starlink
APNIC
 
DDoS in India, presented at INNOG 8 by Dave Phelan
APNIC
 
Global Networking Trends, presented at the India ISP Conclave 2025
APNIC
 
Make DDoS expensive for the threat actors
APNIC
 
Fast Reroute in SR-MPLS, presented at bdNOG 19
APNIC
 
DDos Mitigation Strategie, presented at bdNOG 19
APNIC
 
ICP -2 Review – What It Is, and How to Participate and Provide Your Feedback
APNIC
 
APNIC Update - Global Synergy among the RIRs: Connecting the Regions
APNIC
 
Measuring Starlink Protocol Performance, presented at LACNIC 43
APNIC
 
Prop-154: Resizing of IPv4 assignments for IXPs
APNIC
 
Ad

Recently uploaded (20)

PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PPTX
durere- in cancer tu ttresjjnklj gfrrjnrs mhugyfrd
Serban Elena
 
PPTX
cyber security Workshop awareness ppt.pptx
exobhatiary
 
PDF
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
PPTX
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PPTX
CSharp_Syntax_Basics.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxx
nhdqw45qfd
 
PDF
“Google Algorithm Updates in 2025 Guide”
soohhhnah
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PPTX
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
 
PPTX
Digital Literacy And Online Safety on internet
riksa rifqi
 
PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
Funds Management Learning Material for Beg
NKKumar16
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
durere- in cancer tu ttresjjnklj gfrrjnrs mhugyfrd
Serban Elena
 
cyber security Workshop awareness ppt.pptx
exobhatiary
 
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
CSharp_Syntax_Basics.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxx
nhdqw45qfd
 
“Google Algorithm Updates in 2025 Guide”
soohhhnah
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
 
Digital Literacy And Online Safety on internet
riksa rifqi
 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 

Triggering QUIC, presented by Geoff Huston at IETF 123

  • 1. Triggering QUIC Geoff Huston AM APNIC July 2025 1
  • 2. What’s QUIC? 2 • An end-to-end encrypted transport protocol, providing more flexibility, faster connection setup, and a larger set of transport services than TCP • Operates over UDP port 443
  • 3. Triggering QUIC in HTTP Method 1 - Use content-level Alt-Svc controls to trigger the client to use the QUIC transport protocol (if it can): • Add Alt-Svc: h3=“:443” to the HTML headers 3
  • 4. Setting Expectations • Chrome has a dominant share of browser instances - roughly, some 65%* • Chrome has been supporting a switch to QUIC via the Alt-Svc directive since 2020 * Oberlo.com 4
  • 5. Setting Expectations • Chrome has a dominant share of browser instances - roughly, some 65%* • Chrome has been supporting a switch to QUIC via the Alt-Svc directive since 2020 * Oberlo.com So, we should expect up to 65% of clients will try to connect using QUIC if the server signals it supports QUIC – right? 5
  • 6. The Alt-Svc Trigger • This trigger is only effective when the client contacts this server for the second time • But HTTP/1.1 and HTTP/2.0 use session persistence to keep the original TCP/TLS session open, so the condition where a client needs to open a new connection is less likely to occur • The per-server Alt-Svc information is cached by the user for only 24 hours by default 6
  • 7. The Alt-Svc Trigger • This trigger is only effective when the client contacts this server for the second time • But HTTP/1.1 and HTTP/2.0 use session persistence to keep the original TCP/TLS session open, so the condition where a client needs to open a new connection is less likely to occur • The ser server Alt-Svc information is cached by the user for only 24 hours by default So, QUIC use will only be visible when a server is visited by a client for a second time AFTER the keep-alive expires. 7
  • 8. APNIC’s measurement We need to trigger the conditions of a second fetch in the measurement: • Set the server keepalive time to 1 second • Request the same web object a total of 8 times using 2 second intervals between requests 8
  • 9. Triggering QUIC in HTTP Method 2 - Use the DNS to trigger QUIC: • Set up an HTTPS record for the service name, with value: alpn=“h3” • This allows Safari to use QUIC from the first access 9
  • 10. Safari supports QUIC (using Method 2) • Apple’s Safari is now supporting QUIC, using an HTTPS query/response in the DNS, where the apln directive can specify the use of the HTTP/3 protocol to access this service • QUIC can be triggered immediately (no wait for the second visit), so presumably, if the client performs a DNS HTTPS query, and the response indicates that the server supports QUIC, then the client should use QUIC for the connection 10
  • 11. Setting Expectations • Chrome has a dominant share of browser instances - roughly, some 65%* • Apple Safari is now supporting QUIC, using the DNS HTTPS trigger • So, a QUIC-aware server platform should be seeing up to 85% of its sessions using QUIC • This figure is probably not achievable as the content level control requires some precise conditions for the “second” visit: • long enough between visits for the session keepalive timer to expire • Short enough such that the local cache of server capabilities has not expired * https://gs.statcounter.com/browser-market-share 11
  • 12. Cloudflare’s Numbers – 31% 12 Month Time Series QUIC 12
  • 13. Cloudflare’s Numbers – 31% 12 Month Time Series QUIC That result is less than half of the maximum possible result if this is just alt-svc directive being used to trigger QUIC 13
  • 14. APNIC’s Numbers – 70% Playing with keepalive parameters! First Fetch – mainly Safari clients Second and Subsequent Fetches – mainly Chrome clients are added here 14
  • 15. Method 2 - DNS HTTPS Query Rate Safari Chrome Others Total Most Safari browsers consistently query for a DNS HTTPS record Around 3% of Chrome browsers query for the HTTPS record How many users are generating DNS HTTPS Queries? 15
  • 16. Chrome Browser HTTPS Query Rate There is a strong weekly pattern in this data where weekend query rates are lower than weekday query rates Query rates halved between October 2024 and May 2025, then rose across June 2025 16
  • 17. Chrome Browser HTTPS Query Rate There is a strong weekly pattern in this data where weekend query rates are lower than weekday query rates Query rates halved between October 2024 and May 2025, then rose across June 2025 Why is Chrome’s use of the DNS HTTPS query so low? Is this Chrome, or the user’s local network environment? 17
  • 18. QUIC Use • If QUIC access is supported by the current releases by both the major browsers, then we should see a high QUIC use rate when the ability to use QUIC is signaled by both methods (alt-svc and DNS HTTPS) • What do we see? 18
  • 20. Global QUIC Use First Fetch – mainly Safari clients Second and Subsequent Fetches – mainly Chrome clients are added here 20
  • 21. Global QUIC Use It’s likely that there is some form of national-level block on UDP port 443 traffic in China and Iran 21
  • 22. Global QUIC Use It looks like this network-level block has been variously turned on and off over the past few years in Iran 22
  • 23. Global QUIC Use It looks like there is some form of network-level block operating in China, but its effects are not uniform across all China’s networks 23
  • 24. QUIC Use • If QUIC access is supported by the current releases by both the major browsers then we should see a high QUIC use rate when the ability to use QUIC is signaled by both methods (alt-svc and DNS HTTPS) • What do we see? • In most locales the alt-svc method of triggering QUIC is supported by browsers and network infrastructure • What about the DNS HTTPS method of triggering QUIC? • Who uses a DNS HTTPS query? • Are HTTPS responses being filtered by DNS infrastructure in some cases? 24
  • 25. The DNS HTTPS record • The HTTPS record can also contain ipv4hint and ipv6hint attributes • Any A and AAAA records for a name will be used by a client in preference to these hint attributes • But if there is no A and no AAAA record in the zone, then a HTTPS- aware client will be forced to use these address hint attributes • Let’s try that, and allow the client to use either HTTP/2 OR HTTP/3: test_name IN HTTPS 1 . alpn="h2,h3" ipv4hint=192.0.2.1 ipv6hint=2001:db8::1 25
  • 26. DNS HTTPS Use Rate How many users can use DNS HTTPS responses? All Chrome Safari Others Samples 13,177,108 9,487,295 3,602,160 87,653 - DNSHTTPSQuery 3,708,895 28.1% 157,695 1.7% 3,506,664 97.3% 44,536 50.8% WebFetch(h2/h3) 3,480,873 26.4% 5,957 0.1% 3,469,867 96.3% 5,049 5.8% WebFetch(QUIC) 2,710,668 20.6% 4,793 0.1% 2,701,516 75.0% 4,359 5.0% Data collected over a 24-hour period (7/7/2025) Few Chrome users (1.7%) perform an HTTPS query, and even fewer (0.1%) followup with a fetch of the web object. Most Safari users (97.3%) perform an HTTPS query, and most (96.3%) followup with a fetch of the web object. Fewer users (75%) prefer to use QUIC to perform web object retrieval when given the choice. 26
  • 27. DNS HTTPS Use Rate How many users can use DNS HTTPS responses? All Chrome Safari Others Samples 13,177,108 9,487,295 3,602,160 87,653 - DNSHTTPSQuery 3,708,895 28.1% 157,695 1.7% 3,506,664 97.3% 44,536 50.8% WebFetch(h2/h3) 3,480,873 26.4% 5,957 0.1% 3,469,867 96.3% 5,049 5.8% WebFetch(QUIC) 2,710,668 20.6% 4,793 0.1% 2,701,516 75.0% 4,359 5.0% Data collected over a 24-hour period (7/7/2025) Few Chrome users (1.7%) perform an HTTPS query, and even fewer (0.1%) followup with a fetch of the web object. Most Safari users (97.3%) perform an HTTPS query, and most (96.3%) followup with a fetch of the web object. Fewer users (75%) prefer to use QUIC to perform web object retrieval when given the choice. 27 Why is Safari not using QUIC in 25% of cases?
  • 28. DNS HTTPS Use Rate How many users can use DNS HTTPS responses? All Chrome Safari Others Samples 13,177,108 9,487,295 3,602,160 87,653 - DNSHTTPSQuery 3,708,895 28.1% 157,695 1.7% 3,506,664 97.3% 44,536 50.8% WebFetch(h2/h3) 3,480,873 26.4% 5,957 0.1% 3,469,867 96.3% 5,049 5.8% WebFetch(QUIC) 2,710,668 20.6% 4,793 0.1% 2,701,516 75.0% 4,359 5.0% Data collected over a 24-hour period (7/7/2025) Few Chrome users (1.7%) perform an HTTPS query, and even fewer (0.1%) followup with a fetch of the web object. Most Safari users (97.3%) perform an HTTPS query, and most (96.3%) followup with a fetch of the web object. Fewer users (75%) prefer to use QUIC to perform web object retrieval when given the choice. Chrome uses alt-svc and not DNS HTTPS Safari uses DNS HTTPS 28
  • 29. Does Safari also use alt-svc? Data collected over a 24-hour period (10/7/2025) Most Chrome users (91.6%) perform a QUIC retrieval on the subsequent fetch. Few Safari users (2.9%) perform a QUIC retrieval in the subsequent fetch, indicating that the browsers are NOT following the alt-svc directive All Chrome Safari Others Samples 14,163,673 9,788,178 4,251,430 124,065 TCP First Fetch 14,055,816 99.2% 9,787,962 100.0% 4,151,937 97.7% 115,917 93.4% QUIC First Fetch 107,857 0.8% 216 0.0% 99,493 2.3% 8,148 6.6% QUIC 2ndFetch 9,183,332 64.8% 8,966,915 91.6% 122,086 2.9% 94,331 76.0% How many users can use QUIC when there is only an alt-svc directive and no DNS HTTP record? 29
  • 30. Does Safari also use alt-svc? Data collected over a 24-hour period (10/7/2025) Most Chrome users (91.6%) perform a QUIC retrieval on the subsequent fetch. Few Safari users (2.9%) perform a QUIC retrieval in the subsequent fetch, indicating that the browsers are NOT following the alt-svc directive All Chrome Safari Others Samples 14,163,673 9,788,178 4,251,430 124,065 TCP First Fetch 14,055,816 99.2% 9,787,962 100.0% 4,151,937 97.7% 115,917 93.4% QUIC First Fetch 107,857 0.8% 216 0.0% 99,493 2.3% 8,148 6.6% QUIC 2ndFetch 9,183,332 64.8% 8,966,915 91.6% 122,086 2.9% 94,331 76.0% How many users can use QUIC when there is only an alt-svc directive and no DNS HTTP record? 30 No, Safari does not appear to use the alt-svc directive
  • 31. Conclusions/Questions • If you want to serve content over QUIC you have to support BOTH QUIC trigger methods of a DNS HTTP record AND an alt-svc directive to signal QUIC capability to Chrome and Safari clients. • Why doesn’t Chrome also use the HTTPS query? • Are they concerned about the greater DNS query load that would result from such a change? • Why doesn’t Safari also use the alt-svc directive? • Why do 24% of Safari users NOT perform a QUIC fetch despite a HTTPS record being queried? • Why do 2% of Safari users perform an initial QUIC fetch when there is no DNS HTTPS trigger? 31