HTTP/3 overview

Warning

While HTTP/3 downstream support is deemed ready for production use, improvements are ongoing, tracked in the area-quic tag.

HTTP/3 upstream support is fine for locally controlled networks, but is alpha for general internet use - key features are implemented but have not been tested at scale.

HTTP/3 downstream

Downstream Envoy HTTP/3 support can be turned up via adding quic_options, ensuring the downstream transport socket is a QuicDownstreamTransport, and setting the codec to HTTP/3.

Note

Hot restart is not gracefully handled for HTTP/3 yet.

Tip

See downstream HTTP/3 configuration for example configuration.

This example configuration includes both a TCP and a UDP listener, and the TCP listener is advertising HTTP/3 support via an alt-svc header.

By default the example configuration uses kernel UDP support, but for production performance use of BPF is strongly advised if Envoy is running with multiple worker threads.

HTTP/3 advertisement

Advertising HTTP/3 is not necessary for in-house deployments where HTTP/3 is explicitly configured, but is needed for internet facing deployments where TCP is the default, and clients such as Chrome will only attempt HTTP/3 if it is explicitly advertised.

BPF usage

Envoy will attempt to use BPF on Linux by default if multiple worker threads are configured, but may require root, or at least sudo-with-permissions (e.g. sudo setcap cap_bpf+ep).

If multiple worker threads are configured and BPF is unsupported on the platform, or is attempted and fails, Envoy will log a warning on start-up.

Downstream stats

It is recommanded to monitor some UDP listener and QUIC connection stats:

UDP listener downstream_rx_datagram_dropped

Non-zero means kernel’s UDP listen socket’s receive buffer isn’t large enough. In Linux, it can be configured via listener socket_options by setting prebinding socket option SO_RCVBUF at SOL_SOCKET level.

QUIC connection error codes and stream reset error codes

Refer to quic_error_codes.h for the meaning of each error code.

HTTP/3 upstream

HTTP/3 upstream support is implemented, with support both for explicit HTTP/3 (for data center use) and automatic HTTP/3 (for internet use).

If you are in a controlled environment where UDP is unlikely to be blocked, you can configure it as the explicit protocol in http_protocol_options.

For internet use, configuring auto_config with http3_protocol_options will result in Envoy attempting to use HTTP/3 for endpoints which have explicitly advertised HTTP/3 support via an alt-svc header.

When using auto_config with http3_protocol_options, Envoy will attempt to create a QUIC connection, then if the QUIC handshake is not complete after a short delay, will kick off a TCP connection, and will use whichever is established first.

Tip

See here for more information about HTTP/3 connection pooling, including detailed information of where QUIC will be used, and how it fails over to TCP when QUIC use is configured to be optional.

An example upstream HTTP/3 configuration file can be found here.