Use QUIC to accelerate the delivery of video and audio content - Server Load Balancer

Quick UDP Internet Connection (QUIC) is a network protocol that can accelerate access from clients, especially in scenarios where network connections are weak, or connections are frequently switched between Wi-Fi and cellular networks. QUIC can achieve connection multiplexing without reconnections, accelerate access, and secure data transfer.

Introduction to QUIC

QUIC provides the same level of security as SSL, and supports connection multiplexing. In scenarios of weak connections, high network latency, and high packet loss rate, QUIC ensures service availability. QUIC can implement different congestion control algorithms at the application layer regardless of the operating system or kernel. Compared with TCP, QUIC supports flexible adjustments based on service requirements. QUIC is a suitable alternative when TCP optimization encounters bottlenecks.

As short videos and live streaming services become more popular, streaming platforms require high bandwidth and low network latency to meet business requirements. QUIC can minimize network latency, reduce video buffering, accelerate the delivery of audio and video content, and secure data transfer.

Supported QUIC protocol types

Application Load Balancer (ALB) supports gQUIC and iQUIC. HTTP/3 is an application-layer protocol based on iQUIC. HTTP/3 uses iQUIC to implement multiplexing, congestion control, loss detection, and retransmission. HTTP/3 supports faster connection establishment and eliminates head-of-line blocking issues.

ALB supports gQUIC versions Q46, Q43, and Q39 and HTTP/3 (h3).

How HTTP version negotiation works

If an HTTPS listener has QUIC upgrade enabled, ALB advertises HTTP/3 and gQUIC to clients. HTTP/3 has a higher priority than gQUIC. Therefore, clients that use HTTP/3 have a higher priority when establishing connections with ALB.

If a client fails to establish a connection with ALB over HTTP/3, HTTPS or HTTP/2 is used to establish a connection.
If a client establishes a connection with ALB over HTTP/3, the client uses cookies related to HTTP/3.
ALB can initiate connections to clients regardless of whether QUIC upgrade is enabled.

ALB uses the Alt-Svc HTTP response header to advertise supported protocols to clients. The following sample code provides an example:

Alt-Svc : h3=":$quic_port"; ma=3600,quic=":$quic_port"; v="46,43,39"; ma=3600

After you enable QUIC upgrade for a listener, a client may use HTTPS or HTTP/2 instead of HTTP/3 in the following scenarios:

The HTTP/3 version supported by the client is not compatible with the HTTP/3 version supported by ALB.
ALB detects UDP traffic congestion or rate limiting that prevents HTTP/3 from taking effect.
The client does not support HTTP/3. Therefore, it does not initiate HTTP/3 negotiations.

Client requirements

If you use Google Chrome, you can directly initiate a QUIC request to ALB.
Before you use Google Chrome to access a QUIC listener, make sure that your browser supports the QUIC version used by ALB.
- The latest gQUIC version supported by ALB is Q46, which is compatible with Google Chrome 74 to 81.
- The latest HTTP/3 version supported by ALB is h3, which is compatible with Google Chrome 87 and later.
If you use other clients, such as a self-developed application, the client must be integrated with a network library that supports QUIC, such as the LSQUIC Client, Cronet, ngtcp2, and quiche libraries.

Sample scenario

When you use Google Chrome to access ALB, ALB forwards the requests to a backend server based on the domain name example.com that is associated with the listener. The listener that is used to distribute requests varies in the following scenarios:

If an HTTPS listener and a QUIC listener are configured, the QUIC listener is used. If you access example.com from the browser, the QUIC listener of ALB distributes the request to the default backend server group RS1.
If the QUIC listener is unavailable, the HTTPS listener automatically takes over. If you access example.com from the browser, the HTTPS listener of ALB distributes the request to the default backend server group RS1.

Prerequisites

An ALB instance is created. For more information, see Create an ALB instance.
A server group named RS1 is created. For more information, see Create and manage a server group.
An Elastic Compute Service (ECS) instance named ECS01 is added to the server group RS1. An NGINX video service is hosted on ECS01.
An SSL certificate is deployed on the ALB instance. The certificate is associated with the domain name example.com.

Step 1: Create a QUIC listener

Log on to the ALB console.
In the top navigation bar, select the region where the ALB instance is deployed.
On the Instances page, click the ID of the ALB instance that you want to manage. On the Listener tab, click Create Listener.

On the Configure Listener wizard page, set the following parameters and click Next.

Parameter	Description
Listener Protocol	Select a listener protocol. In this example, QUIC is selected.
Listener Port	Select the port on which the ALB instance listens. The ALB instance listens on the port and forwards requests to backend servers. Valid values: 1 to 65535. Note On the same ALB instance, the ports of listeners that use the same protocol must be unique. HTTP listeners and HTTPS listeners must use different ports.
Listener Name	Enter a name for the listener.
Tag	Configure the Tag Key and Tag Value parameters to add a tag. You can add one or more tags. After you specify tags, you can filter listeners by tag on the Listener tab.
Advanced Settings	You can click Modify to configure the advanced settings.
Idle Connection Timeout Period	Specify a timeout period for idle connections. Unit: seconds. Valid values: 1 to 60. To specify a longer timeout period, go to the Quota Center console. If no request is received within the specified timeout period, ALB closes the connection. When another request is received, ALB establishes a new connection.
Connection Request Timeout	Specify a request timeout period. Unit: seconds. Valid values: 1 to 180. To specify a longer timeout period, go to the Quota Center console. If no response is received from the backend server within the request timeout period, ALB returns the HTTP 504 error code to the client.
Compression	If you enable compression, specific types of files are compressed. If you disable compression, no file is compressed. Brotli supports all file types. GZIP supports the following file types: `text/xml`, `text/plain`, `text/css`, `application/javascript`, `application/x-javascript`, `application/rss+xml`, `application/atom+xml`, `application/xml`, and `application/json`.
Add HTTP Header	You can select the following options: `Add SLB-ID to Retrieve ALB ID`: Add the SLB-ID header to preserve the ID of the ALB instance. `Add X-Forwarded-Proto to Retrieve Listening Protocol`: Add the X-Forwarded-Proto header to preserve the listener protocol. `Add X-Forwarded-Port to Retrieve Listening Port`: Add the X-Forwarded-Port header to preserve the listener port.

In the Configure SSL Certificate step, select a server certificate and click Next.
In the Select Server Group step, select Server Type, select a server group, view the backend servers, and then click Next.
In the Configuration Review step, confirm the configurations and click Submit.

Step 2: Create an HTTPS listener

When you create an HTTPS listener, enable QUIC upgrade and associate the QUIC listener that you created with the HTTPS listener.

On the Instances page, find the ALB instance for which you created a QUIC listener in Step 1 and click its ID.
On the Instance Details tab, click the Listener tab and click Create Listener.

In the Configure Listener step, set the following parameters and click Next.

Parameter	Description
Listener Protocol	Select a listener protocol. In this example, HTTPS is selected.
Listener Port	Enter the port on which the ALB instance listens. The ALB instance listens on the port and forwards requests to backend servers. In this example, port 443 is used. In most cases, port 80 is used for HTTP and port 443 is used for HTTPS. Valid values: 1 to 65535. Note The ports on which an ALB instance listens must be unique.
Listener Name	Enter a name for the listener. The name must be 2 to 256 characters in length and can contain letters, digits, periods (.), underscores (_), hyphens (-), commas (,), semicolons (;), forward slashes (/), and at signs (@).
Advanced Settings	You can click Modify next to Advanced Settings to configure the advanced settings.
Enable HTTP/2	Specify whether to enable HTTP/2.
Idle Connection Timeout Period	Specify a timeout period for idle connections. Unit: seconds. Valid values: 1 to 60. If no request is received within the specified timeout period, SLB closes the connection. When a request is received, SLB establishes a new connection. Note This feature is unavailable for HTTP/2 requests.
Connection Request Timeout	Specify a request timeout period. Unit: seconds. Valid values: 1 to 180. If no response is received from the backend server within the request timeout period, ALB returns the HTTP 504 error code to the client.
Compression	If you enable compression, files of specific types are compressed. If you disable compression, no file is compressed. Brotli supports all file types. Gzip supports the following file types: `text/xml`, `text/plain`, `text/css`, `application/javascript`, `application/x-javascript`, `application/rss+xml`, `application/atom+xml`, `application/xml`, and `application/json`.
Add HTTP Header	Select the HTTP headers that you want to add. Valid values: `Allow ALB to Filter Client IP in X-Forwarded-For Header`: obtains client IP addresses. `Add SLB-ID to Retrieve ALB ID`: obtains the ID of the ALB instance. `Add X-Forwarded-Proto to Retrieve Listening Protocol`: obtains the listener protocol. `Add X-Forwarded-Clientcert-subjectdn to Retrieve Client Server Certificate Owner Info`: obtains the owner information about the client certificate. `Add X-Forwarded-Clientcert-issuerdn to Retrieve Client Certificate Issuer Info`: obtains information about the authority that issues the client certificate. `Add X-Forwarded-Clientcert-fingerprint to Retrieve Fingerprint of Client Certificate`: obtains the fingerprint of the client certificate. `Add X-Forwarded-Clientcert-clientverify to Retrieve Verification Result of Client Certificate`: obtains the verification result of the client certificate. `Add X-Forwarded-Port to Retrieve Listening Port`: obtains the listener port. `Add X-Forwarded-Client-srcport to Retrieve Client Port`: obtains the client port.
QUIC Update	Specify whether to enable QUIC upgrade. To use this feature, you must select a QUIC listener from the Associated QUIC Listeners drop-down list. If no QUIC listener is created, click Create Listener to create one. For more information, see Add a QUIC listener. ALB supports iQUIC and gQUIC. For more information, see How HTTP version negotiation works.

In the Configure SSL Certificate step, select a server certificate and click Next.
Note
To configure TLS security policies, click Modify next to Advanced Settings.
In the Select Server Group step, select Server Type, select a server group, view the backend servers, and then click Next.
In the Configuration Review step, confirm the configurations and click Submit.

Step 3: Create a CNAME record

Use a CNAME record to map the domain name example.com to the publicdomain name of ALB.

Log on to the ALB console.
In the top navigation bar, select a region.
Find the ALB instance that you want to manage and copy its domain name.

To create a CNAME record, perform the following operations:

Log on to the Alibaba Cloud DNS console.
On the Manage DNS page, click Add Domain Name.
In the Add Domain Name dialog box, enter the domain name of your host and click OK.
Important
Before you create the CNAME record, you must use a TXT record to verify the ownership of the domain name.
Find the domain name that you want to manage and click DNS Settings in the Actions column.
On the DNS Settings page, click Add Record.

In the Add DNS Record panel, configure the following parameters and click OK.

Parameter	Description
Record Type	Select CNAME from the drop-down list.
Hostname	Enter the prefix of your domain name.
DNS Request Source	Select Default.
Record Value	Enter the CNAME, which is the domain name of the ALB instance.
TTL	Select a time-to-live (TTL) value for the CNAME record to be cached on the DNS server. The default value is used in this example.

Note

After you create a CNAME record, it immediately takes effect. After you modify a record, the record takes effect based on the TTL of the record. By default, the TTL is 10 minutes.
If the CNAME record that you want to create conflicts with an existing record, we recommend that you specify another domain name. For more information, see Rules for conflicting DNS records.

Step 4: Verify the result

In this example, a Windows client is used. Enter example.com in the browser to access the ALB instance. In this example, an NGINX video service is deployed on ECS01 in the server group RS1.

If an HTTPS listener and a QUIC listener are configured, and you enter example.com in the browser and press F12, the protocol of the current web page is displayed as HTTP/3. The response time is 93 milliseconds.
If the QUIC listener is unavailable, and you enter example.com in the browser and press F12, the protocol of the current web page is displayed as HTTP/2. The response time is 148 milliseconds.

The results show that HTTP/3 accelerates client access to the video service.