Cloudflare has the open source tokio-quiche, an asynchronous QUIC and HTTP/3 Rust library that wraps its battle tested Quiche implementation with the Tokio runtime. The library has been refined inside production systems such as Apple iCloud Private Relay, next-generation Oxy based proxies, and WARP’s MASQUE client, where it handles millions of HTTP/3 requests per second with low latency and high throughput. tokio-quich targets Rust teams who want QUIC and HTTP/3 without writing their own UDP and event loop integration code.
From Quiche to Tokyo-Quiche
which is Cloudflare’s open source QUIC and HTTP/3 implementation written in Rust and designed as a low-level, no-IO library. It implements the QUIC transport state machine, including connection establishment, flow control, and stream multiplexing, while making no assumptions about how applications perform IO. To use quiche directly, integrators must open a UDP socket, send and receive datagrams, manage timers, and feed all packet data into quiche in the correct order. This gives design flexibility, but it makes integration error prone and time consuming.
Tokio-Quiche packages this integration function in a reusable crate. It combines Quicken to Sans-IO Quicken or HTTP/3 implementations with the Tokio async runtime, and exposes an API that already manages UDP sockets, packet routing, and calls to the Quicken state machine.
Actor based architecture on Tokyo
Internally, Tokyo-Quiche uses an actor model on top of Tokyo. Actors are small functions with local state that communicate via message passing through channels, which aligns well with Sans-IO protocol implementations that own internal state and act on messages like buffers.
The primary actor is the IO loop actor, which moves packets between the quiche and the UDP socket. One of the major message types is a Incoming Structure that describes received UDP packets. Async integration follows a fixed pattern, the IO loop waits for new messages, translates them into inputs for QUIC, advances the QUIC state machine, then translates the output into outbound packets that are written back to the socket.
For each UDP socket, Tokio-Quiche gives rise to two important functions. InboundPacketRouter Owns the receive half of the socket and routes inbound datagrams per connection channel by destination connection ID. IoWorker Has IO loop per connection and runs single quiche ConnectionInterleaving calls with calls implemented through application specific logic ApplicationOverQuicThis design encapsulates connection state inside each actor and keeps QUIC processing separate from higher level protocol code,
ApplicationsOverquick and H3Driver
QUIC is a transport protocol and can carry many application protocols. HTTP/3, DNS over QUIC, and Media over QUIC are examples covered by IETF specifications. To avoid tying Tokyo-Quiche to a single protocol, the Cloudflare team exposes a ApplicationOverQuic Trend. The feature abstracts over quick methods and implicit IO, and presents high-level events and hooks to applications that implement the protocol. For example, the HTTP/3 debug and test client h3i uses a non-HTTP/3 implementation. ApplicationOverQuic,
On top of this feature, Tokyo ships a dedicated HTTP/3 focused implementation called quiche H3Driver, H3Driver Connects Quiche’s HTTP/3 module to the IO Loop Actor and converts raw HTTP/3 events with an asynchronous body stream into high-level events that are convenient for application code. H3Driver is normal and highlights ServerH3Driver And ClientH3Driver Variants that add server side and client side behavior on top of the core driver. These components provide building blocks for HTTP/3 servers and clients that share implementation patterns with Cloudflare’s internal infrastructure.
Production Usage and Roadmap
Tokyo-Quiche has been in use inside Cloudflare for several years before its public release. It powers Proxy B in the Apple iCloud Private Relay, Oxy based HTTP/3 servers and WARP MASQUE clients as well as the async version of h3i. In the WARP client, MASQUE based tunnels built on TOKYO-QUICHE replace the earlier WireGuard based tunnels with QUIC based tunnels. These systems run at Cloudflare Edge scale and demonstrate that the integration can sustain millions of HTTP/3 requests per second in production.
Cloudflare maintains Tokyo-Quiche as a foundation rather than a complete HTTP/3 framework. The library exposes low level protocol capabilities and example client and server event loops, and leaves room for higher level projects to implement HTTP servers, DNS on QUIC clients, MASQUE based VPNs, and other QUIC applications on top. By releasing Crates, Cloudflare aims to lower the barrier to adoption of QUIC, HTTP/3, and MASQUE for Rust teams and align external integrations with the same transport stack used in its edge services.
key takeaways
- tokio-quiche = quiche + tokio:tokio-quich is an async Rust library that integrates Cloudflare’s Sans-IO Quick and HTTP/3 implementations with the Tokio runtime, so developers don’t need to write UDP and event loop plumbing by hand.
- Actor based architecture for QUIC connections:The library uses an actor model on Tokyo
InboundPacketRouterwhich routes UDP datagrams by connection ID and aIoWorkerwho runs a single quicheConnectionKeeping separate and combined transport status per task. - ApplicationOverquick Abstraction:Protocol logic is separated through
ApplicationOverQuicThe feature is based on QUIC and IO descriptors, so different QUIC based protocols such as HTTP/3, DNS over QUIC or custom protocols can be implemented on top of the same transport core. - HTTP/3 via H3Driver, ServerH3Driver and clientH3Driver:tokio-quiche ship
H3DriverplusServerH3DriverAndClientH3DriverVariants that combine Quiche’s HTTP/3 modules with async Rust code expose HTTP/3 streams and bodies in a way that fits specific Tokyo-based services.
check it out technical detailsAlso, feel free to follow us Twitter And don’t forget to join us 100k+ ml subreddit and subscribe our newsletterwait! Are you on Telegram? Now you can also connect with us on Telegram.
Michael Sutter is a data science professional and holds a Master of Science in Data Science from the University of Padova. With a solid foundation in statistical analysis, machine learning, and data engineering, Michael excels in transforming complex datasets into actionable insights.
