IRGFW QUIC Protocol Update
Since last night (UTC+3:30), according to CloudFlare Radar, QUIC protocol traffic to this datacenter has dropped by approximately half.
In general, the status of the QUIC protocol in Iran is highly fragmented and unstable. In some datacenters and even certain IP ranges, the protocol is either completely blocked, entirely accessible, or disrupted (e.g., low upload speeds or high jitter). Although the protocol was re-enabled in Iran about two years ago following significant efforts by organizations and advocates in this field (prior to which it was entirely blocked), it can now be described as “nominally” open. However, in most datacenters, it remains either disrupted or completely inaccessible. This instability degrades network service quality and leads to an inconsistent user experience for end-users.
Approximately ten days ago, China imposed severe restrictions on the UDP protocol. Chinese users attribute these restrictions to the widespread use of tools like Hysteria2 and the QUIC protocol to bypass the Great Firewall. The Chinese government’s measures aim to exert greater control over network traffic and prevent hidden or unauthorized traffic from passing through these protocols. These developments indicate an increasing trend toward employing more sophisticated filtering and deep packet inspection (DPI) techniques in network management.
On the other hand, this also suggests that the authorities have not yet fully mastered identifying QUIC-based bypass methods. Instead of targeting a single protocol for blocking or disruption, they resort to broadly blocking or disrupting QUIC or even UDP entirely.
While QUIC and UDP can provide better performance and speed than TCP-based proxies or VPNs when accessible, it is not advisable to rely solely on UDP for bypassing firewalls. These protocols can be used effectively as long as they remain unblocked, but it is essential to maintain TCP-based methods as a fallback.
During critical or high-security periods, UDP and all protocols based on it are typically the first to be completely blocked.
Cloudflare Radar: