UDP: What it is, what it's used for, how it works, and differences from TCP

UDP (User Datagram Protocol) is one of the fundamental pillars supporting the current Internet architecture. Although often overlooked compared to its more robust "sibling" TCP, its role is crucial in applications where speed matters more than reliability, enabling real-time experiences without the cumbersome continuous checking and retransmission machinery.

What is UDP?

UDP (User Datagram Protocol) is a minimal transport protocol, part of the TCP/IP stack, and plays a crucial role in connecting network and application layers. Documented in RFC 768, this protocol operates in a connectionless manner, meaning it does not require establishing or maintaining a formal relationship between sender and receiver before sending data.

This creates a significant difference from TCP, which establishes a connection beforehand and ensures everything arrives at the destination in order.

Essential features of UDP

1. Simplicity and lightness

UDP incorporates a fixed, short header of only 8 bytes, helping minimize network load and enabling faster data transmission. This makes UDP an ideal choice for applications requiring high speed.

2. No acknowledgment or retransmission

There is no internal system to check or retransmit lost or corrupted data. If a packet is lost en route, it is simply ignored without any automatic recovery mechanism.

3. Message-oriented

Data is sent as blocks or "datagrams", not necessarily arriving in the order sent, and there's no guarantee that all data will arrive.

4. Application multiplexing

Source and destination port numbers identify specific processes at both ends of communication, making it easier to manage multiple simultaneous connections.

5. Limited error checking

It has a basic checksum mechanism but cannot fix detected errors. This mechanism is mandatory in IPv6, optional in IPv4, but almost always used.

UDP operation and structure

When sending data via UDP, each datagram incorporates a header with four main fields:

UDP Header structure (8 bytes)

1. Source Port - 16 bits

   • Indicates the starting point of communication in the transmitting device
   • Can be 0 if no response is needed

2. Destination Port - 16 bits

   • Reflects the application or service the packet points to at the receiver

3. Length - 16 bits

   • Specifies the total size of the datagram, including both header and data

4. Checksum - 16 bits

   • A mechanism to detect potential transmission errors in the packet
   • Mandatory in IPv6, optional in IPv4

Operation process

Sending data:
Application → UDP → IP → Network → IP → UDP → Receiving application

Characteristics:
- No handshake required before sending
- Sends immediately, doesn't wait for acknowledgment
- Packets may arrive out of order or be lost

UDP vs TCP comparison

When to choose UDP?

• ✅ Speed matters more than reliability: Video streaming, online gaming
• ✅ Old data has no value: Real-time monitoring, sensor data
• ✅ Broadcast/multicast transmission: DNS queries, DHCP
• ✅ Has own reliability mechanism: Application handles retry/timeout itself

When to choose TCP?

• ✅ Reliability is important: File transfer, email, web pages
• ✅ Data ordering needed: Database transactions, API calls
• ✅ Cannot accept data loss: Financial transactions, critical operations

When to use UDP?

UDP is a good choice for the following scenarios:

1. Real-time applications

When latency is the most important factor:

• Online gaming: A lost packet is less important than having the latest data
• VoIP: Video/audio calls need the latest data, not old data
• Live streaming: Viewers need the current stream, not lost frames

2. DNS (Domain Name System)

DNS queries use UDP because:

• Simple query/response, no connection needed
• Speed is important for resolving domain names
• If timeout occurs, client can easily retry

3. DHCP (Dynamic Host Configuration Protocol)

DHCP uses UDP because the client doesn't have an IP address at startup, so it cannot establish a TCP connection.

4. SNMP (Simple Network Management Protocol)

Network monitoring and management, where speed matters more than absolute reliability.

5. Multicast/Broadcast

UDP supports multicast and broadcast, TCP does not. Useful for:

• Video streaming to multiple clients
• Service discovery protocols
• Network announcements

Applications using UDP

1. 🎮 Online Gaming

Games like Fortnite, Call of Duty use UDP because:

• Low latency: Important for smooth gameplay
• Real-time updates: Character positions, actions need to be updated immediately
• Acceptable packet loss: Losing a few packets doesn't seriously impact gameplay

Games often implement their own reliability for important packets (like player actions) while using UDP for position updates.

2. 📺 Video/Audio Streaming

YouTube, Netflix, Twitch use UDP (via QUIC or RTP):

• High throughput: Need to transmit large amounts of data continuously
• Buffering: Player has buffer to handle packet loss
• Adaptive bitrate: Adjust quality based on network conditions

3. 📞 VoIP (Voice over IP)

Zoom, Skype, Discord voice calls:

• Low jitter: Need stable latency for audio quality
• Real-time: Cannot wait for TCP retransmission
• Loss-tolerant codec: Audio codec can tolerate small packet loss

4. 🌐 DNS

All DNS queries use UDP:

• Fast resolution: Need to resolve domains quickly
• Simple queries: Simple request/response
• Retry mechanism: Client can retry if no response received

5. 📊 Time Synchronization (NTP)

Network Time Protocol uses UDP for time synchronization:

• Low overhead: Need to send accurate timestamps
• Frequency: Send many queries, low overhead is important

6. 📡 IoT and Sensor Networks

IoT devices often use UDP:

• Low power: Save energy, no need to maintain connection
• Sensor data: Latest sensor data is more important than old data
• High frequency: Send many small packets

UDP advantages and disadvantages

✅ Advantages

1. High speed

   • Low overhead (8 bytes header vs 20+ bytes for TCP)
   • No handshake, sends immediately
   • Suitable for real-time applications

2. Network efficiency

   • Less bandwidth due to small header
   • No ACK packets increasing traffic
   • Good for high-frequency, small payload

3. Simplicity

   • Simpler implementation than TCP
   • Easier to debug and monitor
   • Less state to manage

4. Multicast/Broadcast

   • TCP only supports unicast (1-to-1)
   • UDP supports multicast (1-to-many) and broadcast
   • Important for streaming and service discovery

5. No head-of-line blocking

   • New packets aren't blocked by lost old packets
   • Good for applications needing the latest data

❌ Disadvantages

1. No delivery guarantee

   • Packets can be lost without notification
   • Application must handle reliability itself

2. No ordering guarantee

   • Packets may arrive out of order
   • Application must sort if needed

3. No flow control

   • Can send too fast, causing congestion
   • Application must implement rate limiting

4. No congestion control

   • Can overload the network
   • Must be careful in production

5. Vulnerable to attacks

   • DDoS attacks are easier (UDP amplification)
   • Source IP address spoofing is easier

6. No connection state

   • Firewalls have difficulty tracking and managing
   • Hard to troubleshoot connection issues

How applications manage reliability in UDP

Despite lacking internal verification mechanisms, many UDP applications still implement their own solutions to ensure minimum reliability:

1. Packet Sequencing

To detect and compensate for data loss or out-of-order delivery:

// Example: Game networking
const packet = {
	sequence: 12345,
	timestamp: Date.now(),
	data: playerPosition,
};

// Receiver side
if (packet.sequence > lastSequence) {
	// New packet, process
} else {
	// Old or duplicate packet, ignore
}

2. Selective Retransmission

Applications can request retransmission of important information if loss is detected:

// Example: Voice chat
if (criticalPacketMissing) {
	requestRetransmission(packetId);
} else {
	// Skip, use interpolation for audio
}

3. Redundancy & Buffering

Add adaptive buffering and correction techniques to maintain service quality:

• Audio/Video: Buffer ahead to handle jitter and packet loss
• Gaming: Client-side prediction and server reconciliation
• Streaming: Adaptive bitrate based on network conditions

4. RTP (Real-time Transport Protocol)

RTP is a protocol designed on top of UDP to provide:

• Sequence numbers for ordering
• Timestamps for synchronization
• Payload type identification
• Quality monitoring

Widely used in VoIP and video streaming.

Security and UDP attacks

1. UDP Amplification Attacks

UDP is a common attack vector in distributed denial of service (DDoS) threats:

Mechanism:

• Attacker sends UDP request with spoofed source IP (victim's IP)
• Server responds with much larger response
• Victim receives unwanted traffic

Example:

Attacker → DNS Server (spoofed as victim IP)
Query size: 64 bytes
Response size: 4,096 bytes
Amplification factor: 64x

Vulnerable services:

• DNS (Domain Name System)
• NTP (Network Time Protocol)
• SNMP (Simple Network Management Protocol)
• Memcached

2. Mitigation measures

• Rate limiting: Limit number of requests from one IP
• Response size limits: Limit response size
• Source IP validation: Validate source IP
• Firewall rules: Stateful firewall to track UDP connections
• Zero-trust policies: Don't trust any traffic
• AI-based detection: Use AI to detect abnormal patterns

3. Best Practices

• Implement proper authentication
• Validate all incoming packets
• Monitor network traffic for anomalies
• Use encryption (DTLS for UDP)
• Implement proper firewall rules

QUIC: The future of UDP

One of the major innovations in UDP's evolution is the QUIC (Quick UDP Internet Connections) protocol, developed by Google and standardized by IETF.

What is QUIC?

QUIC implements integrated encryption, flow control, and connection multiplexing over UDP, combining UDP's speed with improved security and reliability.

QUIC advantages

1. Faster connections

   • 0-RTT connection resumption (faster than TCP)
   • Multiplexing without head-of-line blocking

2. Built-in security

   • TLS 1.3 integrated by default
   • Encryption by default

3. Reliability

   • Has its own retransmission mechanism
   • Connection migration (switch networks without losing connection)

4. Modern congestion control

   • Improved over TCP in many scenarios

QUIC applications

• HTTP/3: Latest web protocol, runs on QUIC
• YouTube: Improved streaming quality
• Gmail: Faster email loading
• Google Chrome: Uses QUIC for many services

QUIC vs TCP

Best practices for implementing UDP

1. Traffic Prioritization

Use QoS (Quality of Service) policies to prioritize important real-time traffic:

- Video conferencing: High priority
- Gaming: High priority
- Streaming: Medium priority
- Background sync: Low priority

2. Traffic Segmentation

Create specific VLANs to isolate UDP traffic and avoid interfering with other applications:

• Separate real-time traffic from bulk data transfer
• Reduce interference between different traffic types

3. Buffer Configuration

Adjust buffers on routers and switches:

• Increase buffer size to avoid packet loss during traffic spikes
• Balance between latency and throughput

4. Continuous monitoring and validation

• Monitoring: Track transmission status, detect losses
• Tools: Wireshark, tcpdump, iPerf to analyze UDP traffic
• Metrics: Packet loss rate, latency, jitter
• Alerts: Set up alerts for anomalies

5. Implement Application-level Reliability

When reliability is needed for UDP:

// Example: Reliable UDP implementation
class ReliableUDP {
	send(data) {
		const packet = {
			id: this.nextPacketId++,
			sequence: this.sequence++,
			data: data,
			timestamp: Date.now(),
		};

		// Store for potential retransmission
		this.pendingPackets.set(packet.id, packet);

		// Send with timeout
		this.sendPacket(packet);
		this.setTimeout(packet.id);
	}

	handleAck(packetId) {
		this.pendingPackets.delete(packetId);
	}

	handleTimeout(packetId) {
		const packet = this.pendingPackets.get(packetId);
		if (packet && packet.retries < MAX_RETRIES) {
			packet.retries++;
			this.sendPacket(packet);
			this.setTimeout(packetId);
		}
	}
}

6. Security Best Practices

• Encryption: Use DTLS (Datagram Transport Layer Security)
• Authentication: Authenticate all packets
• Rate limiting: Limit number of packets from one source
• Firewall rules: Stateful firewall to track UDP connections
• DDoS protection: Implement protection against amplification attacks

7. Testing and Validation

• Load testing: Test with high packet rates
• Packet loss simulation: Test behavior when packet loss occurs
• Network condition simulation: Test with different latencies and jitter
• Monitoring: Continuous monitoring in production

Conclusion

UDP is an important transport protocol in modern Internet architecture. Although it doesn't guarantee reliability like TCP, its simplicity and speed make it an ideal choice for many applications:

Key points

• ✅ UDP is connectionless and fast - Suitable for real-time applications
• ✅ No built-in reliability - Application must implement it if needed
• ✅ Good for streaming, gaming, VoIP - Where speed matters more than reliability
• ✅ QUIC is revolutionizing UDP - Combining speed with security and reliability

The future

With the development of QUIC and HTTP/3, UDP is becoming more important than ever. Modern applications are leveraging UDP's speed while still ensuring reliability and security through higher-layer protocols.