Cloudflare has open-sourced tokio-quiche, an asynchronous QUIC and HTTP/3 Rust library that wraps its battle-tested quiche implementation with the Tokio runtime to simplify the development of high-performance QUIC applications. The library was used internally to back the edge services, the Oxy HTTP proxies, or MASQUE-based tunnels, replacing Wireguard-based tunnels in the WARP client.
Tokio-quiche is now available as an open-source crate on crates.io, with its source hosted in the quiche repository. The library combines the sans-io QUIC/HTTP/3 implementation in quiche with Tokio’s async runtime, providing an integration layer that has been refined and used to handle millions of HTTP/3 requests per second in systems such as Apple iCloud Private Relay, next-generation Oxy-based proxies, and WARP’s MASQUE client.
Library Architecture Diagram. Source: cloudflare blog
The original quiche library was designed as a low-level, sans-io QUIC and HTTP/3 implementation that could be embedded in diverse environments, but wiring it into real applications required implementing UDP I/O, connection management, and the event loop by hand. tokio-quiche addresses this by providing an async integration with Tokio: it manages UDP sockets, routes datagrams to connections, and drives quiche’s state machine so developers can focus on application logic rather than transport plumbing.
Tokio-quiche Internal Data Flow. Source: cloudflare blog
Internally, tokio-quiche uses an actor model: an inbound packet router and per-connection IO worker actors move packets between the socket and quiche, while encapsulating state and communication via channels. On top of this, the library exposes an ApplicationOverQuic trait that abstracts the execution of application protocols over QUIC. It ships an H3Driver implementation (with server and client variants) that turns quiche’s raw HTTP/3 events into higher-level async streams suitable for building HTTP/3 servers and clients.
Cloudflare notes that tokio-quiche powers internal workloads, including HTTP/3 proxies and MASQUE-based tunnels, effectively replacing WireGuard tunnels with QUIC-based ones for WARP. By releasing tokio-quiche, Cloudflare aims to make it easier for the Rust ecosystem to adopt HTTP/3 and QUIC—supporting use cases such as DNS-over-QUIC, custom VPNs, and HTTP servers—and to align external integrations with the same stack used in its own edge services.
The maintainers emphasise that tokio-quiche is a foundational building block rather than a complete HTTP/3 framework: it exposes low-level protocol capabilities and example client/server event loops, with plans to open-source higher-level HTTP client and server abstractions that currently power Oxy and WARP. Cloudflare also hints at upcoming posts covering topics like actor patterns with Tokio, UDP GRO/GSO, and a new QUIC-based service handling millions of requests per second on top of tokio-quiche.
