It’s over 9000: Analyzing early QUIC Deployments with the Standardization on the Horizon

On this website we present additional information about our paper It’s over 9000: Analyzing early QUIC Deployments with the Standardization on the Horizon and provide access to extended analysis results.

Results and Data

We collect and update results on a regular basis and offer new data.
Further results can be found here
If you are interested in additional data, further insights or collaborations please contact us.

Transport Parameters

A list of transport parameter configuration found during stateful scans can be found here

ID	Max Idle Timeout	Max UDP Payload Size	Max Data	Max Stream Data Bidi Local	Max Stream Data Bidi Remote	Max Stream Data Uni	Max Streams Bidi	Max Stream Uni	ACK Delay Exponent	Max Ack Delay	Disable Active Migration	Active Conn ID Limit	Targets

Raw Data

We publish raw data to reproduce our analysis at the TUM university library to guaranteee long-term availability.
Dataset DOI: 10.14459/2021mp1624408

Referencing our Work

If you are using collected data or aggregated results from this work in your publication, please refer to it with the following reference [bib]:


        @inproceedings{zirngibl2021over9000,

              title = {It’s over 9000: Analyzing early QUIC Deployments with the Standardization on the Horizon},

              author = {Zirngibl, Johannes and Buschmann, Philippe and Sattler, Patrick and Jaeger, Benedikt and Aulbach, Juliane and Carle, Georg},

              booktitle = {Proceedings of the 2021 Internet Measurement Conference},

              year = {2021},

              location = {Virtual Event, USA},

              numpages = {15},

              doi = {10.1145/3487552.3487826},

              publisher = {ACM},

              address = {New York, NY, USA},

            }

Software and Tools

During our QUIC study, we developed tools to detect QUIC deployments using ZMap and conduct stateful scans with the QScanner. We publish the following software and tools for use by the scientific community:

QScanner
ZMap Modules
DNS Scans

QScanner

We developed and published the QScanner, a stateful scanner for QUIC. Source: https://github.com/tumi8/qscanner

The QScanner is a tool for large-scale QUIC scans. It establishes QUIC connections using a fork of quic-go. The fork is adatped to expose further information regarding the handshake.
The QScanner can scan IPv4 and IPv6 addresses. Additionally, domains can be provided as input to be used as SNI.

The scanner retrieves information regarding

the connection
the QUIC transport parameters
TLS handshake information
X.509 certificates

ZMap Modules

We extended the ZMapv6 fork with two modules, one for IPv4 and one for IPv6. The modules send QUIC Initial packets with a version 0x1a1a1a1a to force a Version Negotiation. Server responses are parsed to extract supported versions.
Note that both modules padd the initial packet to 1200B by default as specified by RFC9000. Therefore, the modules omit at least a magnitude more traffic as a simple TCP SYN scan with the same rate.

DNS SCAN

For our HTTPS resource record DNS scans, we contributed to MassDNS to be able to query HTTPS and SVCB records. Our setup uses MassDNS in combination with a local Unbound resolver. Received HTTPS and SVCB records are written as raw bytes.
To parse these records and extract QUIC deployments and their supported versions we use a skript (skrips/parse-svcb.py) based on dnspython.

Paper

Our paper has been accepted for IMC'21 and will be published soon.
A preprint of the paper can be found here.

Abstract. After nearly five years and 34 draft versions, standardization of the new connection oriented transport protocol QUIC was finalized in May 2021. Designed as a fundamental network protocol with increased complexity due to the combination of functionality from multiple network stack layers, it has the potential to drastically influence the Internet ecosystem. Nevertheless, even in its early stages, the protocol attracted a variety of parties including large providers. Our study shows, that more than 2.3 M IPv4 and 300 k IPv6 addresses support QUIC hosting more than 30 M domains.
Using our newly implemented stateful QUIC scanner (QScanner) we are able to successfully scan 26 M targets. We show that TLS as an integral part is similarly configured between QUIC and TLS over TCP stacks for the same target. In comparison, we identify 45 widely varying transport parameter configurations, e.g., with differences in the order of magnitudes for performance relevant parameters. Combining these configurations with HTTP Server header values and associated domains reveals two large edge deployments from Facebook and Google. Thus, while found QUIC deployments are located in 4667 autonomous systems, numerous of these are again operated by large providers.
In our experience, IETF QUIC already sees an advanced deployment status mainly driven by large providers. We argue that the current deployment state and diversity of existing implementations and seen configurations solidifies the importance of QUIC as a future research topic. In this work, we provide and evaluate a versatile tool set, to identify QUIC capable hosts and their properties.
Besides the stateful QScanner we present and analyze a newly implemented IPv4 and IPv6 ZMap module. We compare it to additional detection methods based on HTTP Alternative Service Header values from HTTP handshakes and DNS scans of the newly drafted HTTPS DNS resource record. While each method reveals unique deployments the latter would allow lightweight scans to detect QUIC capable targets but is drastically biased towards Cloudflare.

Authors. Johannes Zirngibl, Philippe Buschmann, Patrick Sattler, Benedikt Jaeger, Juliane Aulbach, Georg Carle.

Contact

Johannes Zirngibl: zirngibl [AT] net.in.tum.de