Citrix ADC now supports QUIC bridge (proxy) deployment mode for HTTP/3 traffic, enabling load balancing, enhanced security, and faster performance for QUIC traffic. Proxy deployment is where the Citrix ADC terminates traffic from the client to the server locally and re-establishes a new connection acting as the client to the server to get the requested information.
Citrix ADC enables persistent QUIC connection between the client and server, which is helpful in case of a connection migration or a NAT rebinding. A new, encrypted internet transport protocol, QUIC accelerates hypertext transfer protocol (HTTP) traffic, comes with built-in security, and is expected to eventually replace TCP and TLS on the web. HTTP/3 is the latest HTTP version and defines how data flows between browsers and websites. Check out this Citrix blog post to learn how QUIC over HTTP/3 will modernize and rejuvenate the internet.
The HTTP/3 Difference
HTTP has evolved over the years and is similar in many ways to TCP+TLS+HTTP/2 implemented on UDP. However, it’s more efficient in terms of the establishment of connections and transfer of data. The diagram below shows the protocol stacks for HTTP/2 versus HTTP/3. The typical QUIC handshake takes one round trip between server and client, as compared to two round trips required for TCP and TLS handshake combined. In other words, QUIC handles authentication and encryption in one step.
Here’s what makes HTTP/3 stand out:
- Faster handshake: HTTP/3 uses QUIC coupled with TLS 1.3, which speeds up handshakes.
- Improved performance: HTTP/3 overcomes the TCP head-of-line blocking issue (a line of packets is held up by the first packet), which is one of the biggest problems with HTTP/2.
- Built-in security: TLS 1.3 is newer and more secure than TLS 1.2 in HTTP/2.
- Reliable network migration: HTTP/2 requires renegotiation of sessions for browsers. With QUIC, the handover is easier.
QUIC Bridge and Citrix ADC
QUIC bridge is one of the possible use cases with Citrix ADC and HTTP/3. With this functionality, the Citrix ADC acts as a proxy and routes and load balances QUIC data packets from the client to the back-end servers.
Let’s say a customer with HTTP/3 enabled on the browser wants to visit a website using her laptop. The customer enters the URL, and the hostname gets translated to an IP address. In the proxy deployment, there is handshake between the client and the Citrix ADC and another connection between the Citrix ADC and the server. Citrix ADC sits in between and manages the traffic. The image below shows Citrix ADC in a proxy mode:
QUIC makes it easier to “hand over” when a customer goes from one network to another, because QUIC packets contain a server connection ID, which enables endpoints to associate the packets no matter the address. If the customer moves to a different device or network, QUIC enables connection migration.
Start Your HTTP/3 Journey
Citrix ADC QUIC proxy can shield your apps from vulnerabilities. Most major browsers today support HTTP/3, and Citrix ADC can help load balance your QUIC traffic, whether for browsers or apps.
Support for QUIC bridge is available with Citrix ADC 13.0.76.x and on. Learn more about QUIC, Citrix ADC, and Citrix Application Deliver Management (ADM).