pingora icon indicating copy to clipboard operation
pingora copied to clipboard
verified publisher icon cloudflare

UDP/QUIC/Http3 quiche::h3 Server/Listener integration

Open hargut opened this issue 11 months ago • 3 comments

Overview

The PR integrates Quiche/Http3 with pingora-core for the server side.

The viable options for the QUIC integration (#95) looked to be:

  • a hyper-h3 based approach with quiche as Quic layer
  • natively integrating quiche incl. the Http3 layer

Comparing the two prototypes it seems that the second approach is favourable from some performance aspects.

This PR provides a partial solution to what is required for QUIC support in pingora.

Any feedback on the solution and technical details is highly appreciated. In case desirable please feel free to get in touch via mail.

Status

The Listener side is implemented in pingora-core and requests are successfully handled using h3i, curl and nighthawk. The Connector is currently not implemented, integrations and tests within pingora-proxy are not covered.

The documented MSRV of 1.72 is not compiling successful, the minimum working version is 1.74.

TLS

The PR only builds successfully using the feature boringssl or the features rustls,quic-boringssl. Explicit activation of quic-boringssl is required when using rustls to build successfully.

Rustls is not supported directly by quiche, but can be used in combination with quiche and BoringSSL. The pingora-core then contains both TLS libraries and uses Rustls for Http1/Http2 and BoringSSL for Http3.

OpenSSL is only supported through QuicTLS in quiche, but QuicTLS is not integrated with the openssl crates which are being used in pingora-core. Further it looks like the whole concept of implementing Quic within OpenSSL is different from the approach within BoringSSL.

Building with OpenSSL for Http1/Http2 and BoringSSL for Http3 does not work as it leads to duplicated symbols during linking.

Open Points

  • further integration in pingora, especially a Connector & pingora-proxy integration
  • additional tests including H1/H2/H3 proxy tests
  • multiple TODOs need to be resolved to support non-implemented protocol features (e.g. path probes, priority updates)
  • mTLS integration, in case supported
  • Rustls integration in quiche to fully support the currently available TLS features of pingora
  • OpenSSL support as Quiche only supports QuicTLS (OpenSSL fork) which is not supported in the openssl crates
  • possibly integration / testing with the Quic Interop Runner

I wish you all a happy new year and plenty of the best for 2025. :grinning:

Kind regards, Harald

hargut avatar Jan 16 '25 15:01 hargut

Thank you so much for this contribution. This work is on our road map but it will take some time to fully incorporate it with our other work-in-progress H3 related work. Stay tuned!

eaufavor avatar Feb 01 '25 00:02 eaufavor

Thank you so much for this contribution. This work is on our road map but it will take some time to fully incorporate it with our other work-in-progress H3 related work. Stay tuned!

No offense, but is there an approximate time frame for this?

AprilNEA avatar Aug 27 '25 00:08 AprilNEA

Given the developments within quiche (tokio-quiche) I'm not sure if it this will at all be considered for merging.

hargut avatar Aug 27 '25 06:08 hargut