QDSR: A High‑Performance QUIC Traffic Forwarding Framework for Cloud Services

At the end of April 2024, the USENIX Annual Technical Conference (ATC) announced its accepted papers. USENIX ATC 2024, a CCF‑A top systems conference, received 488 submissions and selected 77 papers covering virtualization, fault management, cloud and edge computing, mobile and wireless technologies.

The Tencent Cloud Architecture Platform’s Application Framework Group (TQUIC) collaborated with Prof. Li Qing of Southern University of Science and Technology to propose a more efficient QUIC traffic forwarding framework called QDSR . The framework addresses the overload of layer‑7 (L7) load balancers caused by high‑dynamic content requests and growing downstream relay services, which increase operational costs and degrade end‑to‑end QoS.

QDSR combines QUIC with Direct Server Return (DSR) so that the real server can send data directly to the client, eliminating the redundant downstream relay of traditional L7 proxies. This design yields high performance, low latency, and almost no extra downstream link overhead, offering cloud service providers an innovative and efficient solution.

The paper identifies several challenges: (1) redundant downstream forwarding in L7 load balancers, (2) the serial‑request dilemma of DSR‑TCP, (3) security exposure of real servers, (4) maintaining connection consistency, and (5) packet‑number space conflicts among multiple real servers.

To solve these, QDSR adopts the following design principles:

Establish a one‑way data tunnel from each real server (RS) to the client, removing the need for second‑stage forwarding.

Allow multiple RSs to serve concurrent client requests while keeping the client unaware of any change in the server side.

Enable flexible exchange of connection and stream state between the load balancer (LB) and RSs to preserve connection consistency.

Ensure all upstream traffic passes through the LB for processing, protecting RSs from direct exposure to the wide‑area network.

Key technical mechanisms include:

Parallel transmission and security: QDSR replaces connection switching with stream switching, allowing multiple request streams over a single QUIC connection. An asymmetric uplink/downlink link structure shields RSs from direct attacks.

Connection consistency: An auxiliary long‑lived control channel between LB and each RS exchanges control information without breaking client transparency.

Packet‑number space isolation: Inspired by multipath QUIC, each RS independently allocates packet numbers, avoiding sequence conflicts and unnecessary retransmissions.

The architecture consists of a redirection phase and a transmission phase, illustrated in the paper’s diagrams. After a client establishes a QUIC connection, QDSR maps stream IDs to HTTP requests, selects an RS based on load‑balancing policy, and forwards the request via a long‑lived redirect channel. The RS decodes the request, reconstructs QUIC state, and creates a one‑way data tunnel back to the client. Multiple RSs can share the same QUIC connection, enabling many‑to‑one service.

Experimental evaluation in real‑world and Mahimahi simulation environments shows that QDSR can handle 4.8%–18.5% more client requests than traditional proxy‑based solutions. When the LB becomes the bottleneck, QDSR achieves more than 12.2× higher throughput while significantly reducing end‑to‑end and first‑packet latency.

The authors note that large‑scale deployment of QDSR requires client support for multipath QUIC or packet‑number space isolation. The open‑source TQUIC project (https://github.com/Tencent/tquic) already provides multiple multipath scheduling algorithms and integrates with EdgeOne’s dynamic acceleration network. Future work will focus on broader industry adoption.

This work was supported by the 2022‑2023 Rhino Bird Basic Platform Technology Special Research Program.