It’s over 9000: Analyzing early QUIC Deployments with the Standardization on the Horizon

On this website we present additional information about our paper It’s over 9000: Analyzing early QUIC Deployments with the Standardization on the Horizon and provide access to extended analysis results.

Results and Data

  • We provide a list of supported version sets from the latest ZMap scans with the number of respective addresses and ASes for:
  • A list of transport parameter configuration found during stateful scans can be found here
  • ID Max Idle Timeout Max UDP Payload Size Max Data Max Stream Data Bidi Local Max Stream Data Bidi Remote Max Stream Data Uni Max Streams Bidi Max Stream Uni ACK Delay Exponent Max Ack Delay Disable Active Migration Active Conn ID Limit Targets

    Raw Data

    We publish raw data to reproduce our analysis at the TUM university library to guaranteee long-term availability.
    Dataset DOI: 10.14459/2021mp1624408

    Referencing our Work

    If you are using collected data or aggregated results from this work in your publication, please refer to it with the following reference [bib]:
       title = {It’s over 9000: Analyzing early QUIC Deployments with the Standardization on the Horizon},
       author = {Zirngibl, Johannes and Buschmann, Philippe and Sattler, Patrick and Jaeger, Benedikt and Aulbach, Juliane and Carle, Georg},
       booktitle = {Proceedings of the 2021 Internet Measurement Conference},
       year = {2021},
       location = {Virtual Event, USA},
       numpages = {15},
       doi = {10.1145/3487552.3487826},
       publisher = {ACM},
       address = {New York, NY, USA},

    Software and Tools

    During our QUIC study, we developed tools to detect QUIC deployments using ZMap and conduct stateful scans with the QScanner. We publish the following software and tools for use by the scientific community:


    We developed and published the QScanner, a stateful scanner for QUIC. Source:

    The QScanner is a tool for large-scale QUIC scans. It establishes QUIC connections using a fork of quic-go. The fork is adatped to expose further information regarding the handshake.
    The QScanner can scan IPv4 and IPv6 addresses. Additionally, domains can be provided as input to be used as SNI.

    The scanner retrieves information regarding

    ZMap Modules

    We extended the ZMapv6 fork with two modules, one for IPv4 and one for IPv6. The modules send QUIC Initial packets with a version 0x1a1a1a1a to force a Version Negotiation. Server responses are parsed to extract supported versions.
    Note that both modules padd the initial packet to 1200B by default as specified by RFC9000. Therefore, the modules omit at least a magnitude more traffic as a simple TCP SYN scan with the same rate.


    For our HTTPS resource record DNS scans, we updated MassDNS to be able to query HTTPS and SVCB records. Our setup uses MassDNS in combination with a local Unbound resolver. Received HTTPS and SVCB records are written as raw bytes.
    To parse these records and extract QUIC deployments and their supported versions we use a skript (skrips/ based on dnspython.


    Our paper has been accepted for IMC'21 and will be published soon.
    A preprint of the paper can be found here.

    Abstract. After nearly five years and 34 draft versions, standardization of the new connection oriented transport protocol QUIC was finalized in May 2021. Designed as a fundamental network protocol with increased complexity due to the combination of functionality from multiple network stack layers, it has the potential to drastically influence the Internet ecosystem. Nevertheless, even in its early stages, the protocol attracted a variety of parties including large providers. Our study shows, that more than 2.3 M IPv4 and 300 k IPv6 addresses support QUIC hosting more than 30 M domains.
    Using our newly implemented stateful QUIC scanner (QScanner) we are able to successfully scan 26 M targets. We show that TLS as an integral part is similarly configured between QUIC and TLS over TCP stacks for the same target. In comparison, we identify 45 widely varying transport parameter configurations, e.g., with differences in the order of magnitudes for performance relevant parameters. Combining these configurations with HTTP Server header values and associated domains reveals two large edge deployments from Facebook and Google. Thus, while found QUIC deployments are located in 4667 autonomous systems, numerous of these are again operated by large providers.
    In our experience, IETF QUIC already sees an advanced deployment status mainly driven by large providers. We argue that the current deployment state and diversity of existing implementations and seen configurations solidifies the importance of QUIC as a future research topic. In this work, we provide and evaluate a versatile tool set, to identify QUIC capable hosts and their properties.
    Besides the stateful QScanner we present and analyze a newly implemented IPv4 and IPv6 ZMap module. We compare it to additional detection methods based on HTTP Alternative Service Header values from HTTP handshakes and DNS scans of the newly drafted HTTPS DNS resource record. While each method reveals unique deployments the latter would allow lightweight scans to detect QUIC capable targets but is drastically biased towards Cloudflare.

    Authors. Johannes Zirngibl, Philippe Buschmann, Patrick Sattler, Benedikt Jaeger, Juliane Aulbach, Georg Carle.
    TUM logo


    Johannes Zirngibl: zirngibl [AT]