Table of contents
Implement IETF QUIC into ATS Core.
The UDP core and QUIC (It explain how the UDP core works and how the UDPPacket enters the QUIC stack.)
Data Flow (draft-05 : Second Implementation)
QUIC Connection/Stream - ATS Client Session/Transaction mapping (Obsolete: Not too inaccurate, but not worth referencing)
I/O between HttpSM and QUICNetVC (Jan/24/2023: Updated, but QUICFrames are handled by Quiche now)
Packetization (Jan/24/2023: Updated, we just don't do QUIC packetization by ourselves)
Please label issues and pull-requests with "QUIC".
Please use 10-Dev or master. Feature branch was merged and removed.
quic-latest : latest branch master: draft-29 (currently)
Pull-Requests Please send Pull-Requests to "quic-latest" branch until it merged into master branch TDD Use Catch as Unit Test Framework. The header file is under tests/include.
How to build
(Last update: Jan/24/2023)
You have two ways to enable QUIC on ATS:
- Use Quiche library
- This uses Quiche's QUIC implementation
- Use an SSL library that supports QUIC (i.e. BoringSSL, or OpenSSL from quictls)
- This uses ATS's QUIC implementation
We keep ATS's native QUIC implementation for future improvement in case we need more flexibility, but our focus is currently on using Quiche.
Build Quiche (if you want to use Quiche's QUIC implementation)
Currently ATS is compatible with Quiche 0.16.0.
Please refer to the official documents for the build step. You need to enable ffi feature at minimum. qlog is also available.
Build an SSL library (if you want to use ATS's QUIC implementation)
ATS now supports 4 variation of SSL libraries. Pick one from below and build it.
Official BoringSSL works without patches.
These commits below work, and recent commits would probably work as well.
cbae965ca03825d517efe98cf7b8812584cab4a0 (BoringSSL API version 9)
88024df12147e56b6abd66b743ff441a0aaa09a8 (BoringSSL API version 10)
Please note that the support for BoringSSL API version 9 may be removed without notice in the future.
OpenSSL (quictls/openssl) [RECOMMENDED]
They also have branches based on OpenSSL 3.0 but we haven't fully supported it.
OpenSSL (tatsuhiro-t/OpenSSL_1_1_1g-quic-draft-32) [OBSOLETE]
This is ngtcp2 developer's customized version.
OpenSSL (akamai/master-quic-support) [INCOMPATIBLE]
This used to work, but it's incompatible now because it's based on OpenSSL master branch.
This is the branch used for https://github.com/openssl/openssl/pull/8797 .
Build ATS (10-Dev branch)
Quiche support is only available on quiche branch at the moment.
Build ATS (master branch)
The master branch only supports ATS's native implementation at the moment. There is no additional requirement except that you need the SSL library you just built : Installing From Source Code
Configuration files are located in the /PATH/TO/THE/ATS/etc/trafficserver/.
The detail is documented here, but below is the essential settings and only these 4 settings are available if you use Quiche.
- Please use absolute path to the cert and private key until Issue #2358 is fixed.
- Remap request to origin server.
quic.ogre.com has additional patch to make debug logs readable.
QUIC specific configurations
Following docs will be moved to docs.trafficserver.apache.org.
Please note that current name of configurations and default values might be changed before merged in to master branch.
How to test
There is a script that builds third-party tools in the repo. It builds h2load and curl with HTTP/3 support. An HTTP/3 client under ngtcp2/example is also useful when you want to check details.
We have client implementation called "traffic_quic" for test. Not actively maintained, and compatibility with Quiche implementation is not confirmed.
client specific configurations
traffic_quic loads records.config which is used by traffic_server.
These configurations can be overridden by a corresponding environment variable like other configurations in records.config.
e.g. Access quic.ogre.com with version negotiation exercise