Quick UDP Internet Connection (QUIC) is a network protocol that can accelerate access from clients, especially in scenarios where network connections are weak, or connections are frequently switched between Wi-Fi and cellular networks. QUIC can achieve connection multiplexing without reconnections, accelerate access, and secure data transfer.

Background information

QUIC provides the same level of security as SSL, and supports connection multiplexing and zero round trip time resumption (0-RTT). In scenarios of weak connections, high network latency, and packet loss, QUIC ensures service availability. QUIC can implement different congestion control algorithms at the application layer regardless of the operating system or kernel. Compared with TCP, QUIC supports flexible adjustments based on service requirements. QUIC is a suitable alternative when TCP optimization encounters bottlenecks.

As short videos and live streaming services become more and more popular, streaming platforms require high bandwidth and low network latency to meet their business requirements. QUIC can minimize network latency, solve video buffering, accelerate the delivery of audio and video content, and secure data transfer. Application Load Balancer (ALB) supports the following versions of QUIC: Q46, Q44, Q43, Q39, Q36, and Q35.

Scenarios

When you use Chrome to access ALB, ALB distributes requests to a backend server based on the domain name example.com that you associate with a listener. The listener that is used to distribute requests varies in the following scenarios:
  • If both an HTTPS listener and a QUIC listener are added to the ALB instance, requests are distributed by the QUIC listener by default. Therefore, after you enter the domain name example.com in your Chrome browser, the QUIC listener distributes the request to the default server group RS1.
  • If the QUIC listener is unavailable, the associated HTTPS listener takes over to serve your workloads. In this case, after you enter the domain name example.com in your Chrome browser, the HTTPS listener of ALB distributes the request to the default server group RS1.

Client requirements

  • You can directly initiate QUIC requests from a Chrome browser to ALB.
  • If you use another client, make sure that the client is integrated with a network library such as lsquic-client or Cronet that supports QUIC.
  • Before you use Chrome to access a QUIC listener, make sure that your browser supports the QUIC version used by ALB.
    • ALB supports Q46 and previous versions of QUIC, which are used by Chrome 74-81.
    • Chrome browsers later than Chrome 74-81 use Q50 and later versions of QUIC. If you use these browsers, you must downgrade the Chrome browser to a previous version before you can access ALB.

Prerequisites

  • An ALB instance is created. For more information, see Create an ALB instance.
  • A server group named RS1 is created. For more information, see Manage server groups.
  • An Elastic Compute Service (ECS) instance named ECS01 is added to the server group RS1. A NGINX video service is hosted on ECS01.
  • An SSL certificate that is associated with the domain name example.com is configured on the ALB instance.

Step 1: Create a QUIC listener

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance is deployed.
  3. On the Instances page, find the ALB instance that you want to manage and click its ID. On the Listener tab, click Create Listener.
  4. On the Configure Listener wizard page, set the following parameters and click Next.
    Parameter Description
    Select Listener Protocol Select a protocol for the listener.

    In this example, QUIC is selected.

    Listening Port Enter the port on which the ALB instance listens. The ALB instance uses the port to receive requests and forward the requests to backend servers.

    Valid values: 1 to 65535.

    Note The ports on which an ALB instance listens must be unique.
    Listener Name Enter a name for the listener.
    Advanced Click Modify to configure advanced settings.
    Request Timeout Specify the request timeout period. Unit: seconds. Valid values: 1 to 180.

    If no response is received from the backend server within the request timeout period, ALB returns an HTTP 504 error to the client.

    Enable Gzip Compression Specify whether to enable Gzip compression for a specified file type.

    Gzip supports the following file types: text/xml, text/plain, text/css, application/javascript, application/x-javascript, application/rss+xml, application/atom+xml, and application/xml.

    Add HTTP Header Fields You can add the following HTTP header fields:
    • SLB-ID: Add the header field to retrieve the ID of the ALB instance.
    • X-Forwarded-Proto: Add the header field to retrieve the listener protocol used by the ALB instance.
    • X-Forwarded-Port: Add the header field to retrieve the ports on which the ALB instance listens.
  5. In the Configure SSL Certificate wizard, select the server certificate and click Next.
  6. In the Select Server Group wizard, specify Server Type, and then select a server group. Confirm the information about the backend servers and click Next.
  7. In the Configuration Review wizard, confirm the configuration and click Submit.

Step 2: Create an HTTPS listener

When you create an HTTPS listener, enable QUIC upgrade and associate the QUIC listener that you created with the HTTPS listener.

  1. On the Instances page, find the QUIC listener that you created in Step 1 and click its ID.
  2. On the Listener tab, click Create Listener.
  3. On the Configure Listener wizard page, set the following parameters and click Next.
    Parameter Description
    Listener Protocol Select the protocol of the listener.

    HTTPS is selected in this example.

    Listener Port Enter the port on which the ALB instance listens. The ALB instance listens on the port and forwards requests to backend servers. 443 is entered in this example. In most cases, port 80 is used for HTTP and port 443 is used for HTTPS.

    Valid values: 1 to 65535.

    Note The ports on which an ALB instance listens must be unique.
    Listener Name Enter a name for the listener. The name must be 2 to 256 characters in length. The name can contain only Chinese characters and the characters in the following string: /^([^\x00-\xff]|[\w.,;/@-]){2,256}$/.
    Advanced Settings Click Modify to configure advanced settings.
    Enable HTTP/2 Specify whether to enable HTTP/2.
    Idle Connection Timeout Period Specify the timeout period of idle connections. Unit: seconds. Valid values: 1 to 60.
    If no request is received within the specified timeout period, ALB closes the current connection. ALB creates a new connection when a new connection request is received.
    Note This feature is unavailable for HTTP/2 requests.
    Connection Request Timeout Period Specify the request timeout period. Unit: seconds. Valid values: 1 to 180.

    If no response is received from the backend server within the request timeout period, ALB returns an HTTP 504 error to the client.

    Enable Gzip Compression Specify whether to enable Gzip compression for specific file types.

    Gzip supports the following file types: text/xml, text/plain, text/css, application/javascript, application/x-javascript, application/rss+xml, application/atom+xml, application/xml, and application/json.

    Add HTTP Header Fields You can add the following HTTP header fields:
    • X-Forwarded-For: obtains the real IP address of the client.
    • SLB-ID: obtains the ID of the ALB instance.
    • X-Forwarded-Proto: obtains the listener protocol of the ALB instance.
    • X-Forwarded-Clientcert-subjectdn: obtains information about the owner of the client certificate.
    • X-Forwarded-Clientcert-issuerdn: obtains information about the authority that issues the client certificate.
    • X-Forwarded-Clientcert-fingerprint: obtains the fingerprint of the client certificate.
    • X-Forwarded-Clientcert-clientverify: obtains the verification result of the client certificate.
    • X-Forwarded-Port: obtains the port on which the ALB instance listens.
    • X-Forwarded-Client-Port: obtains the port over which a client communicates with the ALB instance.
    QUIC Update Select whether to enable the QUIC update feature. If you enable QUIC update, select a QUIC listener and associate the listener with the ALB instance.
  4. In the Configure SSL Certificate wizard, select the server certificate and click Next.
    Note To configure TLS security policies, click Modify next to Advanced Settings.
  5. In the Select Server Group wizard, specify Server Type and select a server group from the drop-down list, confirm the backend servers, and then click Next.
  6. In the Configuration Review wizard, confirm the configuration and click Submit.

Step 3: Create a CNAME record

Create a CNAME record to map example.com to the publicly accessible domain name of the ALB instance.

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance is deployed.
  3. Find the ALB instance that you want to manage and copy the domain name.
  4. To create a CNAME record, perform the following operations:
    1. Log on to the Alibaba Cloud DNS console.
    2. On the Manage DNS page, click Add Domain Name.
    3. In the Add Domain Name dialog box, enter the domain name of your host and click OK.
      Notice Before you create the CNAME record, you must use a TXT record to verify the ownership of the domain name.
    4. In the Actions column of the domain name that you want to manage, click Configure.
    5. On the DNS Settings page, click Add Record.
    6. In the Add Record panel, set the following parameters and click Confirm.
      Parameter Description
      Type Select CNAME from the drop-down list.
      Host Enter the prefix of your domain name.
      ISP Line Select Default.
      Value Enter the CNAME. The CNAME is the domain name of the ALB instance that you copied in Step 3.
      TTL TTL: Time-to-live (TTL) limits the lifetime of the record on a server. In this example, the default value is used.
      Note
      • Newly created CNAME records immediately take effect. The time that is required for a modified CNAME record to take effect is limited by the TTL. The default value of TTL is 10 minutes.
      • If the CNAME record that you want to create conflicts with an existing record, we recommend that you specify another domain name.

Step 4: Verify the result

Enter example.com in the Chrome browser to access the ALB instance. In this example, NGINX is used to deploy a video service on ECS01 in RS1.
  • If both an HTTPS listener and a QUIC listener are added, after you enter example.com in the Chrome browser and press F12, you can view that Protocol displays http/2+quic/46 and Time displays 52ms.
    Note http/2+quic/46 indicates that the Q46 protocol is used.
    The following figure shows the result.Quic1
  • If the QUIC listener is unavailable, after you enter example.com in the Chrome browser and press F12, you can view that Protocol displays h2 and Time displays 65ms.
    Note h2 indicates that the HTTPS protocol is used.
    The following figure shows the result.Quic2
The test result shows that QUIC accelerates the delivery of video content.