Table of contents
Goal
Implement IETF QUIC into ATS Core.
Design Doc
The UDP core and QUIC (It explain how the UDP core works and how the UDPPacket enters the QUIC stack.)
Data Flow (draft-05 : Second Implementation)
QUIC Connection/Stream - ATS Client Session/Transaction mapping
I/O between HttpSM and QUICNetVC
Packetization
ToDo
https://github.com/apache/trafficserver/projects/8
Please label issues and pull-requests with "QUIC".
Branching Rules
Branches
- quic-latest : latest branch
- master: draft-23 (currently)
Development Rules
Pull-Requests
Please send Pull-Requests to "quic-latest" branch until it merged into master branch
TDD
Use Catch as Unit Test Framework. The header file is under tests/include.
How to build
Build an SSL library
ATS now supports 4 variation of SSL libraries. Pick one from below and build it.
BoringSSL
BoringSSL works without patches.
https://boringssl.googlesource.com/boringssl
These commits below work, and recent commits would probably work as well.
cbae965ca03825d517efe98cf7b8812584cab4a0 (BoringSSL API version 9)
88024df12147e56b6abd66b743ff441a0aaa09a8 (BoringSSL API version 10)
Please note that the support for BoringSSL API version 9 may be removed without notice in the future.
OpenSSL (akamai/master-quic-support)
This is the branch used for https://github.com/openssl/openssl/pull/8797 .
https://github.com/akamai/openssl/tree/master-quic-support
$ git clone --depth 1 --branch master-quic-support https://github.com/akamai/openssl $ cd openssl $ ./config --prefix=/PATH/TO/THE/OPENSSL $ make $ make install
OpenSSL (tatsuhiro-t/OpenSSL_1_1_1g-quic-draft-28) [RECOMMENDED]
This is ngtcp2 developer's customized version.
https://github.com/tatsuhiro-t/openssl/tree/OpenSSL_1_1_1g-quic-draft-28
You can use branches for draft 25-27 as well since there's no API change, however the latest one has a bug fix.
https://github.com/tatsuhiro-t/openssl/tree/OpenSSL_1_1_1d-quic-draft-25
OpenSSL (tatsuhiro-t/quic-draft-22) [OBSOLETE]
This is ngtcp2 developer's customized version too but with different APIs.
https://github.com/tatsuhiro-t/openssl/tree/openssl-quic-draft-22
Build ATS (quic-latest branch)
The requirements are the same as master branch : Installing From Source Code
$ git clone --depth 1 --branch quic-latest https://github.com/apache/trafficserver $ cd trafficserver $ ./configure --prefix=/PATH/TO/ATS --with-openssl=/PATH/TO/SSL_LIBRARY --enable-debug $ make $ make install
Configuration
Configuration files are located in the /PATH/TO/THE/ATS/etc/trafficserver/.
The detail is documented here, but below is the essential settings.
- records.config
# run 1 UDP thread at least CONFIG proxy.config.udp.threads INT 1 # open server port for quic CONFIG proxy.config.http.server_ports STRING 4433:quic # enable debug log if you want CONFIG proxy.config.diags.debug.enabled INT 1 CONFIG proxy.config.diags.debug.tags STRING quic
- ssl_multicert.config
- Please use absolute path to the cert and private key until Issue #2358 is fixed.
dest_ip=* ssl_cert_name=/PATH/TO/THE/CERT ssl_key_name=/PATH/TO/THE/PRIVATE/KEY/OF/CERT
- remap.config
- Remap request to origin server.
map / http://127.0.0.1:8000/
Run ATS
/PATH/TO/THE/ATS/bin/traffic_server
Patches
quic.ogre.com has additional patch to make debug logs readable.
QUIC specific configurations
Following docs will be moved to docs.trafficserver.apache.org.
Please note that current name of configurations and default values might be changed before merged in to master branch.
records.config
CONFIG proxy.config.quic.no_activity_timeout_in INT 30 Specifies how long Traffic Server keeps QUIC connections to clients open if a transaction stalls.
How to test
Third-party tools
There is a script that builds third-party tools in the repo. It builds h2load and curl with HTTP/3 support. An HTTP/3 client under ngtcp2/example is also useful when you want to check details.
https://github.com/apache/trafficserver/blob/quic-latest/tools/build_h3_tools.sh
traffic_quic
The quic-latest branch has client implementation called "traffic_quic" for test.
// draft-17 $ traffic_quic -h Usage: traffic_quic [--SWITCH [ARG]] switch__________________type__default___description -a, --addr str 127.0.0.1 Address -o, --output str Write to FILE instead of stdout -p, --port str 4433 Port -P, --path str / Path -T, --debug str quic|vv.. Vertical-bar-separated Debug Tags -c, --close on false Enable connection close excercise -h, --help Print usage information -V, --version Print version string --run-root using TS_RUNROOT as sandbox
client specific configurations
traffic_quic loads records.config which is used by traffic_server.
records.config
# Enable Version Negotiation Exercise CONFIG proxy.config.quic.client.vn_exercise_enabled INT 1 # Enable Connection Migration Exercise CONFIG proxy.config.quic.client.cm_exercise_enabled INT 1 # Enable TLS session resumption CONFIG proxy.config.quic.client.session_file STRING session.bin
These configurations can be overridden by a corresponding environment variable like other configurations in records.config.
e.g. Access quic.ogre.com with version negotiation exercise
$ PROXY_CONFIG_QUIC_CLIENT_VN_EXERCISE_ENABLED=1 traffic_quic -a quic.ogre.com -p 4433 -P /en/latest/