Quick UDP Internet Connections (QUIC) is an ideal protocol for improving network quality and addressing video staling issues in scenarios with weak network signals or frequent switch between Wi-Fi and cellular networks. You can use QUIC to accelerate the delivery of audio and video content while maintaining data security during transmission. This topic describes how to add a QUIC listener to an Application Load Balancer (ALB) instance to forward QUIC requests with data transmission encrypted.
Introduction to QUIC
QUIC provides the same level of security as SSL, and supports connection multiplexing. In scenarios of weak connections, high network latency, and high packet loss rate, QUIC ensures service availability. QUIC can implement different congestion control algorithms at the application layer regardless of the operating system or kernel. Compared with TCP, QUIC supports flexible adjustments based on service requirements. QUIC is a suitable alternative when TCP optimization encounters bottlenecks.
As short videos and live streaming services become more popular, streaming platforms require high bandwidth and low network latency to meet business requirements. QUIC can minimize network latency, reduce video buffering, accelerate the delivery of audio and video content, and secure data transfer.
Supported QUIC protocol types
ALB supports gQUIC and iQUIC. HTTP/3 is an application-layer protocol based on iQUIC. HTTP/3 uses iQUIC to implement multiplexing, congestion control, packet loss detection, and retransmission. HTTP/3 supports faster connection establishment, eliminates head-of-line blocking issues, and supports connection migration in scenarios of client IP address changes.
ALB supports gQUIC versions Q46, Q43, and Q39, which require Google Chrome 74 to 81.
ALB supports version h3 of HTTP/3, which requires Google Chrome 87 or later.
Use scenarios
Scenario | Description |
Use only a QUIC listener | All clients must support HTTP/3. |
Use a QUIC listener together with an HTTPS listener | ALB negotiates with clients to preferentially use HTTP/3. If HTTP/3 is not supported by a client, HTTPS or HTTP/2 is used. For more information, see the following topics: |
Prerequisites
An ALB instance is created. For more information, see Create and manage an ALB instance.
At least one SSL server certificate is deployed on the ALB instance.
A backend server group is created. For more information, see Create and manage a server group.
Procedures
This topic describes two procedures to show you how to add a QUIC listener. You can choose one as needed.
Manual creation: You can create a QUIC listener and configure advanced features based on business requirements.
Quick creation: You can use a template to quickly create a QUIC listener. You only need to specify a listener protocol, a listener port, a server certificate, and a backend server group.
Manual creation
Step 1: Create a listener
To create a QUIC listener, perform the following steps:
Log on to the ALB console.
Use one of the following methods to open the listener configuration wizard:
On the Instances page, find the ALB instance that you want to manage and click Actions in the Create Listener column.
On the Instances page, click the ID of the NLB instance that you want to manage. On the Listener tab, click Create Listener.
On the Configure Listener wizard page, set the following parameters and click Next.
Parameter
Description
Listener Protocol
Select a listener protocol.
In this example, QUIC is selected.
Listener Port
Select the port on which the ALB instance listens. The ALB instance listens on the port and forwards requests to backend servers.
Valid values: 1 to 65535.
NoteOn the same ALB instance, the ports of listeners that use the same protocol must be unique. HTTP listeners and HTTPS listeners must use different ports.
Listener Name
Enter a name for the listener.
Tag
Configure the Tag Key and Tag Value parameters to add a tag. You can add one or more tags.
After you specify tags, you can filter listeners by tag on the Listener tab.
Advanced Settings
You can click Modify to configure the advanced settings.
Idle Connection Timeout Period
Specify a timeout period for idle connections. Unit: seconds. Valid values: 1 to 600. Default value: 15. To specify a longer timeout period, go to the Quota Center console.
If no request is received within the specified timeout period, ALB closes the connection. When another request is received, ALB establishes a new connection.
Connection Request Timeout
Specify a request timeout period. Unit: seconds. Valid values: 1 to 600. Default value: 60. To specify a longer timeout period, go to the Quota Center console.
If no response is received from the backend server within the request timeout period, ALB returns the HTTP 504 error code to the client.
Compression
If you enable compression, specific types of files are compressed. If you disable compression, no file is compressed.
Brotli supports all file types.
GZIP supports the following file types:
text/xml,text/plain,text/css,application/javascript,application/x-javascript,application/rss+xml,application/atom+xml,application/xml, andapplication/json.
NoteIf a client request allows both Brotli and GZIP compression, ALB will use Brotli compression which is more efficient.
If a client request allows only GZIP compression, and at least one file is in a format not supported by GZIP, ALB will not compress any files.
Add HTTP Header
You can select the following options:
Add X-Forwarded-For to preserve client IP addresses: Add the X-Forwarded-For header to preserve the client IP addressIf you select
Add X-Forwarded-For to preserve client IP addresses, ALB can add anX-Forwarded-Forheader to or remove theX-Forwarded-Forheader from the request before forwarding the request to a backend server.Add (default)
If you choose Add, ALB adds the IP address of the last hop to the X-Forwarded-For header in the request before forwarding the request to a backend server. If the request does not contain the X-Forwarded-For header, ALB creates an X-Forwarded-For header whose value is the IP address of the last hop and adds the header to the request. The X-Forwarded-For header in the request may contain multiple IP addresses which are separated by commas (,).
Remove
If you choose Remove, ALB removes the
X-Forwarded-Forheader from the request before forwarding the request to a backend server.
If you do not select
Add X-Forwarded-For to preserve client IP addresses, ALB does nothing about theX-Forwarded-Forheader in the request before forwarding the request to a backend server.
Format:
X-Forwarded-For: <client-ip-address>, <proxy1>, <proxy2>, …Add SLB-ID to preserve SLB instance IDs: Add the SLB-ID header to preserve the ID of the ALB instance.Add X-Forwarded-Proto to preserve listener protocols: Add the X-Forwarded-Proto header to preserve the listener protocol.Add X-Forwarded-Port to preserve SLB listener ports: Add the X-Forwarded-Port header to preserve the listener port.Add X-Forwarded-Host to preserve client domain names: Add the X-Forwarded-Host header to preserve the domain name of a client that accesses ALB.
NoteOnly upgraded ALB instances support adding the
X-Forwarded-ForandX-Forwarded-Client-srcportheaders when you create a QUIC listener.
Step 2: Add an SSL certificate
Configure an SSL certificate to ensure that data transmission is encrypted and the identities of users are verified by a trusted authority. For more information, see Certificate Management Service.
It takes some time to upload, load, and verify a new certificate. After it is added to ALB, a certificate takes about 1 to 3 minutes to take effect.
In the Configure SSL Certificate step, select a server certificate or click Create SSL Certificate in the Server Certificate drop-down list to purchase a new certificate. Click Next.
If no server certificate is available, click Create SSL Certificate to create one. For more information, see Purchase an SSL certificate and Upload an SSL certificate.
Step 3: Select a server group
In the Select Server Group step, select a server group, view the backend servers, and then click Next.
Step 4: Review the configuration
In the Configuration Review step, confirm the configurations and click Submit.
Quick creation
If you select this method, you only need to specify a listener protocol, a listener port, a server certificate, and a server group.
Log on to the ALB console.
In the top navigation bar, select the region where the ALB instance resides.
On the Instances page, find the ALB instance that you want to manage and click its ID.
Click the Listener tab. On the Listener tab, click Quick Create Listener.
In the Quick Create Listener dialog box, configure the parameters and click OK. The following table describes the parameters.
Parameter
Description
Listener Protocol
Select a listener protocol. QUIC is selected in this example.
Listener Port
The frontend port that is used to receive and forward requests to backend servers.
You can select a commonly used port, or enter a port number. Valid values: 1 to 65535.
Server Certificate
Select a server certificate from the drop-down list.
If no server certificate is available, click Create SSL Certificate to create one. For more information, see Purchase an SSL certificate and Upload an SSL certificate.
Resource Group
Select a resource group for the server group.
Server Group
Select a server group type from the left-side drop-down list and select a server group from the right-side drop-down list.
References
To use advanced forwarding features provided by ALB, see Manage forwarding rules for a listener.
If you encounter any abnormal status code returned by ALB, see ALB status codes.
If you experience any health check errors, see Troubleshoot ALB health check issues.
For instructions on accelerating content delivery by configuring QUIC listeners, see Use QUIC to accelerate the delivery of video and audio content.