Vote to ensure UDP/QUIC uptime traffic remains Optional

In my opinion, UDP/QUIC traffic is not ideal for consumer level LANs and ISPs. This opinion is based on my personal experience attempting to run other applications with UDP/QUIC enabled, including IPFS nodes, on my LAN. I have experienced several problems with my LAN traffic slowing down dramatically as well as my ISP rate limiting my connection after enabling UDP/QUIC protocols.

This opinion is also based on Cloudflare, and other experts in running portions of the Internet.

Cloudflare’s summary of a UDP Flood Attack:

A UDP flood can be thought of in the context of a hotel receptionist routing calls. First, the receptionist receives a phone call where the caller asks to be connected to a specific room. The receptionist then needs to look through the list of all rooms to make sure that the guest is available in the room and willing to take the call. Once the receptionist realizes that the guest is not taking any calls, they have to pick the phone back up and tell the caller that the guest will not be taking the call. If suddenly all the phone lines light up simultaneously with similar requests then they will quickly become overwhelmed.

As each new UDP packet is received by the server, it goes through steps in order to process the request, utilizing server resources in the process. When UDP packets are transmitted, each packet will include the IP address of the source device. During this type of DDoS attack, an attacker will generally not use their own real IP address, but will instead spoof the source IP address of the UDP packets, impeding the attacker’s true location from being exposed and potentially saturated with the response packets from the targeted server.

As a result of the targeted server utilizing resources to check and then respond to each received UDP packet, the target’s resources can become quickly exhausted when a large flood of UDP packets are received, resulting in denial-of-service to normal traffic.

In order to mitigate UDP attack traffic before it reaches its target, Cloudflare drops all UDP traffic not related to DNS at the network edge. Because Cloudflare’s Anycast network scatters web traffic across many Data Centers, we have sufficient capacity to handle UDP flood attacks of any size.