QUIC IETF Implementation

Feature Summary and Revision History

Summary Data

Applicable Product(s) or Functional Area

ADC

Applicable Platform(s)

  • ASR 5500

  • VPC-DI

  • VPC-SI

Feature Default

Disabled - Configuration Required

Related Changes in This Release

Not applicable

Related Documentation

  • ADC Administration Guide

Revision History

Revision Details

Release

First Introduced.

21.21

QUIC IETF Implementation

In the current framework, Deep Packet Inspection (DPI) is done for every packet in a flow when it reaches the plugin. The DPI is done by analyzing the packets and extracting deterministic patterns. The DPI is done in-order to detect the application and to classify its subtype. Plugin excludes the flow after the DPI. The flow is offloaded after the detection. As part of QUIC IETF, the initial QUIC handshake packets (Client/Server Hello) are encrypted over the network. Hence, there are no deterministic patterns available for detection of the application. Support is added in P2P plugin to decrypt and obtain the SNI (Server Name Indication) for detection.

Configuring QUIC IETF

Use the following configuration to enable or disable the QUIC IETF decryption.

configure 
   active-charging service service_name 
      p2p-detection debug-param protocol-param p2p_quic_ietf_decrypt x 
      end

Note

By default, the CLI is disabled and there’s minimal impact on the performance due to TLS decryption. The CLI needs to be entered manually to boot configuration as plugin CLI is not part of show/save configuration.