We shipped HTTP/3 at the edge in late 2025. Most of it was uneventful. The parts that weren't are the parts you can't get from the RFCs alone.

The gnarly bits

  • MTU discovery. PMTUD works until it doesn't. The "doesn't" cases are carrier networks dropping ICMP, captive portals on hotel Wi-Fi, and a surprising number of corporate firewalls that silently truncate UDP.
  • Congestion control. BBR is the right default for our traffic shape; CUBIC is what you fall back to when the kernel argues.
  • Middlebox lies. Some middleboxes claim to forward UDP but enforce a 60-second idle timeout. You will not learn this from a packet capture taken from the wrong side.
← Back to all posts