config load-balance http3-profile
HTTP/3 is the latest version of the HTTP protocol and unlike previous versions which relied on TCP to handle streams in the HTTP layer, HTTP/3 uses QUIC (Quick UDP Internet Connections), a multiplexed transport protocol built on UDP. The HTTP/3 protocol has a lower latency as a result of using QUIC, allowing it to have a quicker handshake for establishing a secure session compared to HTTP/2 which achieves this using TCP and TLS.
Use the config load-balance http3-profile
command to configure an HTTP3 Profile configuration that can then be referenced by HTTPS application profiles. Once referenced, the HTTPS profile becomes a HTTP/3 load balance profile and the virtual server that references the profile becomes a HTTP/3 VS. This HTTP/3 VS can only operate under L7-HTTPS VS.
HTTP/3 VS listens to the TCP port and the corresponding UDP port at the same time.
FortiADC does not support server side HTTP/3, instead support is provided for client HTTP/3 to the ADC and then converted to HTTP/1 (conversion to HTTP/2 is not supported).
In version 7.4.0, FortiADC is introducing HTTP/3 support as an experimental feature with limited HTTP/3 functionality, so it is not recommended to be used in production environments. For details, see HTTP/3 supported functionality and limitations. |
A predefined profile is available to be referenced in HTTPS application profiles. All values in the predefined profile is view-only and cannot be modified.
Profile | Description |
---|---|
LB_HTTP3_PROFILE_DEFAULT |
max-streams — 5 max-idle-timeout — 50 connection-tx-buffers — 30 quic-cc-algo — cubic |
Syntax
config load-balance http3-profile
edit <name>
set max-streams <integer>
set max-idle-timeout <integer>
set connection-tx-buffers <integer>
set quic-cc-algo {cubic|newreno}
next
end
max-streams |
Specify the maximum allowable number of HTTP/3 QUIC streams. The default value is 5, and the range is 1-200. |
max-idle-timeout |
Specify the HTTP/3 QUIC connection idle timeout in seconds. When no data is transmitted over the HTTP/3 connection after the specified time has elapsed, the HTTP/3 connection will timeout. The HTTP/3 connection is tracked using a unique connection-ID instead of a UDP session. The default value is 50 seconds, and the range is 1-86400 seconds. |
connection-tx-buffers |
Specify the number of buffers to send on the HTTP/3 QUIC connection. This parameter significantly affects the performance of the HTTP/3 response direction. The higher the number of buffers are sent, the higher the performance will be. However, the memory usage increases. The default value is 30, and the range is 5-100. |
quic-cc-algo |
FortiADC supports Cubic and New Reno loss-based congestion control for QUIC, where the congestion control responds to packet loss events. Select the QUIC congestion algorithm to use:
Cubic is the default congestion control algorithm. |
Example
config load-balance http3-profile
edit 1
set max-streams 5
set max-idle-timeout 50
set connection-tx-buffers 30
set quic-cc-algo cubic
next
end
HTTP/3 supported functionality and limitations
HTTP/3 support is currently an experimental feature with limited HTTP/3 functionality, so it is not recommended to be used in production environments.
Key limitations:
-
HTTP/3 only operates under L7-HTTPS VS.
-
HTTP/3 VS does not support dynamic configuration.
-
HTTP/3 VS does not support session and persistence table display.
-
HTTP/3 VS does not support HTTP detailed information statistics.
-
HTTP/3 is only supported on VS, and the backend (RS) only supports HTTP/1.1.
The current iteration of the HTTP/3 feature is supported in limited or conditional capacity. The following lists the configurations that currently support HTTP/3 functionality and in what capacity.
Configuration |
Supported HTTP/3 functionality |
---|---|
load-balance profile |
Profile type must be https to reference HTTP3 profiles. |
load-balance virtual-server |
|
load-balance method |
Supported load balancing methods:
|
load-balance persistence |
Supported persistence types:
|
Client SSL Profile |
Allowed SSL Versions — SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3 |
Real Server SSL Profile | Allowed SSL Versions — SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3 |