Deliver Fast, Reliable, and Secure Web Experiences with HTTP/3
Exciting news: HTTP/3 is now available to all Akamai content delivery customers. This is the largest deployment of HTTP/3 in the world.
HTTP/3 is the latest iteration of the HyperText Transfer Protocol (HTTP), which retains the HTTP/1.1 and HTTP/2 concepts but uses the QUIC protocol instead of the Transmission Control Protocol (TCP) at the transport layer.
After years of exploration, the Internet Engineering Task Force (IETF) officially published HTTP/3 in June 2022. As a market leader in content delivery, Akamai has been actively involved in the development and specification of HTTP/3 and has completed over 12 months of beta testing with more than 85 customers.
Akamai continues to lead support for open standards across the internet that make life better for billions of people, billions of times a day — and HTTP/3 represents a significant step forward in improving the speed, security, and reliability of content delivery.
Accelerated adaptation to change: a QUIC evolution
Change is natural and our ability to adapt has been continually tested, particularly over the past 30 years. Unlike in previous generations, when new technologies may have taken decades to emerge, the pace of innovation has accelerated exponentially since the introduction of the internet. Network protocols are not an exception — HTTP/2 was standardized in 2015 and the work on HTTP/3 started in 2018.
So, what changed in just three years?
The answer is QUIC
Designed in 2012 by Google, and standardized in 2021, QUIC is a transport protocol built upon the User Datagram Protocol (UDP) that deeply integrates with TLS 1.3. Akamai Principal Architect and HTTP/3 RFC editor Mike Bishop previously provided insights into the origins of QUIC and how it became an essential pillar for HTTP/3.
QUIC aims to address most of the efficiency problems associated with TCP, including compatibility issues on devices for upgraded TCP versions. UDP’s compatibility with most devices and smaller feature set make it more agile than TCP. As a result of integrating TLS 1.3, QUIC reduces the number of network round trips needed to establish a secure connection.
In addition, QUIC provides better data stream handling, stronger privacy capabilities, and improved packet loss detection and recovery. This contrasts with the traditional approach of having the HTTP layer deal with streams over TCP. By moving these functions to the transport layer, QUIC is able to improve efficiency and deliver a better user experience (Figure 1).
Fig. 1: High-level protocol stack comparison between HTTP/2 and HTTP/3
HTTP/3: faster, more secure, more reliable
HTTP/3 inherits QUIC’s capabilities when transporting data, and removes the limitations of TCP in terms of performance, privacy, reliability, and compatibility.
Improved performance
Modern online experiences such as API calls, streaming media, and web pages benefit from faster loading times and reduced latency. HTTP/3 supports faster connection setup times, which reduces the number of round trips needed between web servers and clients.
With TCP, it takes a separate three-way handshake to set up the connection, which adds latency. On the other hand, QUIC combines the transport and cryptographic handshakes into a single round trip via its deep integration with TLS 1.3. This significantly reduces the time required to set up a connection (Figure 2).
Fig. 2: HTTP/3 reduces the number of round trips
Example: Large media customer
Here's an example from one of our largest media customers that served HTTP/3 and HTTP/2 traffic during a European football (soccer) event live streaming in Latin American countries on April 19, 2023 (Figure 3). Traffic volume between these two versions of the protocol was approximately one-to-one, and the event had an important 4.16 Tb/s peak of traffic.
Fig. 3: 4.16 Tb/s peak of traffic during a live streaming event on April 19, 2023
Overall, HTTP/3 performed better than HTTP/2 and this customer benefited from faster turnaround time (TAT) and better throughput. The TAT metric is the time in milliseconds (ms) from when the Akamai edge server receives the first byte of the HTTP request to when it puts the first byte of the response on the socket.
It measures our server-side efficiency and is important for evaluating the performance of our HTTP implementations, while also contributing to end-to-end latency. Throughput refers to the amount of data that can be sent and received using the protocol in a certain amount of time.
For instance, in the first threshold, 96.2% of HTTP/3 requests have a TAT of less than 25 ms, while only 89.7% of requests meet this criterion with HTTP/2. This represents a 6.5% improvement. It is also important to note that 100% of HTTP/3 requests had a TAT of less than half a second (Table 1).
Table 1. TAT comparison between HTTP/3 and HTTP/2 during live stream on April 19, 2023
Regarding throughput, HTTP/3 outperformed HTTP/2 at all levels, specifically for lower rates. In the first threshold, HTTP/3 is significantly better than HTTP/2, with 86.2% vs. 73.5% of connections experiencing more than 1 Mbps, respectively, representing a 12.7% improvement. As we move up in throughput levels, the gap between HTTP/3 and HTTP/2 narrows, but HTTP/3 still consistently outperformed HTTP/2 at every threshold level (Table 2).
Table 2. Throughput comparison between HTTP/3 and HTTP/2 during live stream on April 19, 2023
Note that performance is always influenced by various factors such as end users' location, bandwidth, content type served, and so forth. HTTP/2 still represents a significant performance improvement over HTTP/1.x, but the benefits of HTTP/3 cannot be understated.
Reduced head-of-line blocking
Another way in which HTTP/3 improves performance is by reducing head-of-line blocking. In HTTP/2, because it relies on TCP, even a single delayed or lost TCP packet can cause all other packets behind it to be stuck until it is recovered. This can be a problem for web pages, as a single lost packet carrying, for instance, CSS data shouldn’t affect subsequent packets containing JavaScript (JS) code; this is fixed through QUIC, as it tracks packet loss on a per-stream basis (separately for the CSS and JS resources) and will only delay streams that actually suffered loss or interruption.
More details about head-of-line blocking can be found in this deep-dive article by Akamai Senior Technical Solutions Architect and IETF contributor, Robin Marx. You can also check out Robin’s excellent article about other HTTP/3 performance improvements.
Designed for better reliability
One of the main advantages of using HTTP/3 is that QUIC was designed to be more robust to network congestion and packet loss than TCP. This is because QUIC includes updated loss recovery and congestion control mechanisms that help packets be delivered efficiently and reliably.
HTTP/3 also improves reliability through the use of a better prioritization scheme. This system is needed so that important data can be transmitted with higher priority than less important data. HTTP/2’s complex Prioritization Tree was replaced with a simpler setup using straightforward priority levels that are easier to understand and implement. This helps to ensure that critical data is delivered first, even in congested network conditions.
Enhanced privacy and security
HTTP/3 includes several security enhancements, such as TLS 1.3 and transport-level packet encryption, that better protect customer data and sensitive information from potential security threats. QUIC also incorporates many lessons learned from TCP and UDP, providing built-in protections and mitigations against many known denial-of-service attacks. Encrypting most transport-level metadata (such as packet numbers) makes it more difficult for attackers to deduce or manipulate connection properties.
The future of HTTP/3
We believe that HTTP/3 will continue to evolve and shape the future of the web, and we are excited to see how it will transform our interactions with digital content. As always, Akamai remains dedicated to providing our customers with the best possible performance, and we look forward to continuing to expand our HTTP/3 offering.
Additionally, Akamai remains involved with other HTTP/3-related work with standards organizations like the IETF and the World Wide Web Consortium. Akamai experts contribute to new standards like WebTransport, Alt-SvcB, HTTPS DNS records, and Media Over QUIC. There are more exciting times ahead.
Enable HTTP/3 at no extra cost
HTTP/3 is a game changer for web performance and security, and we are thrilled to offer it to our content delivery customers at no extra cost. By using QUIC, HTTP/3 delivers faster, more reliable, and more secure web experiences for users.
You can get started now. Enable HTTP/3 on your delivery property by following the guidance in this documentation or contact our support team for further assistance.
Special thanks to Robin Marx and Rafal Myszka for their contributions to this post.
