There's a lot to unpack here. Setting some context, as of today our (Meta) Internet egress to end users hovers at around 89% QUIC. The reason that is not closer to 100% mostly stems from certain products not completely utilizing QUIC yet, though every one of our platforms uses it to some degree.
Could it be that the major constraint is networks blocking UDP? Our data shows it's not a significant issue. QUIC successfully operates 97+% of the time across all our enabled surfaces. Instances of UDP blocking are mostly isolated to smaller networks and are not widespread. If we look at the data in most networks where UDP is known to work, the usage of QUIC approaches 100%. We are able to achieve such high numbers due to the fact that we control the client and server for the vast majority of our traffic and so we can more proactively use QUIC. For third party clients who use more cautious policies, the numbers are not as high. The percentage of HTTP/3 by browser as seen by our servers currently is roughly: Microsoft Edge: ~83% Chrome Desktop: ~75% Chrome Mobile: ~70% Firefox: ~60% Safari/Mobile Safari: ~40% Firefox Mobile: 30% We use the same alt-svc and HTTPS record strategy for all our major domains. This indicates that there are likely improvements to be made in both advertising QUIC's availability but more importantly browsers using it more proactively than they currently are. It's important to note that "QUIC adoption" can be perceived differently depending on the perspective. When viewed as a percentage of Internet traffic, it is quite impressive how much share it has taken in a relatively short period of time. This is of course because the majority of Internet traffic is video traffic from a relatively small number of content providers whose first party apps comprise the majority of usage. This first party app setup, combined with CDN control, is the easiest way to achieve high QUIC usage rates. If one defines QUIC adoption as something like "percentage of sites primarily using QUIC", then things get more complicated. The Internet is still made up of an extremely large distribution of individual sites, and after you pass "hypergiant" types the infrastructure story changes. There is usually less vertical integration and thus more moving pieces for a heavy lift like changing out the base protocol. This is where many small impediments can start to accrue and stall out adoption. I have a lot less visibility into the challenges here so I would prefer others speak to them more, but I imagine they are significant. Compounded with the fact that these sites are more likely to rely on third party clients like browsers it is not surprising to me that we have not seen a seismic shift. No hats! Matt Joras On Mon, Jun 24, 2024 at 11:54 AM Paul Vixie <paul= [email protected]> wrote: > > > John Lampe wrote on 2024-06-24 10:48: > > > > > > On Mon, Jun 24, 2024 at 1:19 PM Paul Vixie > > <[email protected] > > <mailto:[email protected]>> wrote: > > > > I've blocked UDP in every edge network I've operated since the late > > 1980s because it could be used to facilitate firewall bypass in the > > style of quic. I might not be alone. Quic is something I'll expect > > my ALG to use, because it's a great thing. > > > > > > Many (most?) large govt agencies are just blocking it outright on the > > firewall. THe same with large corporations. I feel like security tooling > > may not be up to snuff and it's easier to just force the connection over > > TLS...simpler for sure... > i think a lot of current protocol/software developers are ready to move > to a post-national post-corporate world where only end users hold sway, > and they see no reason to negotiate with those of us who dis-want that. > to that community, DoH and QUIC and ECH are necessary, desirable, and > inevitable. some have told me to "just secure your (my) endpoints". > > i predict that the next equilibrium will be that secure private networks > will only allow off-net traffic for their own servers (dns, webproxy, > etc) and will force all other off-net traffic (IoT, end users) through > on-net proxies where traffic can be inspected. some countries will have > to relax their employee/employer surveillance laws to reach that state. > > to return to the topic at hand, i think "why isn't QUIC growing?" is a > non-sequitur because there's no noncontroversial reason why it should. > QUIC is a well engineered protocol which is deploying smoothly so far. > but since its motives include activism, it will never be universal. > > -- > P Vixie > >
