adminIntroduction: Bypassing the TCP Bottleneck
We have established that TCP (Transmission Control Protocol) suffers from Head-of-Line Blocking (HOLB), causing connections to stall completely when even a single packet is lost—a common frustration on mobile and high-latency international links. While mKCP (Article 15) offered a UDP-based alternative, it lacks the modern security and stealth required for modern proxy tunnels.
The Hysteria Protocol is a modern, high-performance solution built upon the foundation of QUIC (Quick UDP Internet Connections). Developed by Google, QUIC uses UDP to provide high speed while incorporating the necessary features of TCP: reliability, security (TLS 1.3), and congestion control. Hysteria leverages QUIC’s speed but adds a unique, highly aggressive congestion control algorithm designed for environments where bandwidth is abundant but connectivity is unreliable.
Section 1: The Core Mechanism: Aggressive Congestion Control
Hysteria’s key differentiator is its unique congestion control mechanism, which is designed to prioritize speed over fairness.
1. QUIC Foundation (No HOLB)
Hysteria, by using QUIC, inherently solves HOLB. Multiple data streams within a single connection are independent. If one stream loses a packet, the other streams continue processing without delay, dramatically improving performance for simultaneous activities like browsing and downloading.
2. Explicit Bandwidth Setting
Unlike standard TCP, which automatically attempts to measure and adapt to the network’s available bandwidth, Hysteria requires the user to explicitly define the maximum allowed speed (both uplink and downlink).
- The Advantage: This avoids the slow “ramp-up” phase where TCP conservatively tests the network speed. Hysteria immediately bursts data up to the set limit.
- The Intent: Hysteria assumes that any bandwidth measured above the user’s limit is unusable due to network congestion or artificial throttling. By aggressively using the maximum defined speed, it starves out other competing traffic (including that of the censor’s monitoring equipment) and maximizes the use of the available pipe.
3. UDP and Port 443 Stealth
Hysteria primarily operates over UDP. It mandates the use of TLS 1.3 encryption, which means it attempts to disguise its traffic as legitimate, secure UDP-based communication (like DNS over QUIC or secure video conferencing). Critically, Hysteria can be configured to run on Port 443/UDP, hiding its activity within the high-volume UDP traffic that many networks cannot afford to block.
Section 2: Configuration and Bandwidth Definition
Hysteria configuration is straightforward, but setting the correct bandwidth limits is vital for performance.
Key Configuration Parameters
| Setting | Type | Description | Optimization Goal |
|---|---|---|---|
up | string | The maximum upload speed allowed, e.g., "100 mbps". | Must be set to a value slightly above your server’s guaranteed uplink capacity. |
down | string | The maximum download speed allowed, e.g., "200 mbps". | Must be set to a value slightly above your client’s expected network capacity. |
auth | string | The shared password/authentication token. | Simple, shared security key. |
mask | string | Optional: Hostname to mimic during the TLS handshake. | Adds a layer of camouflage, mimicking a real domain name. |
Important: The up and down parameters use units (bps, kbps, mbps). Setting these values too conservatively (too low) limits your speed unnecessarily, while setting them too aggressively (too high) can cause packet loss and instability. Testing is essential.
V2Ray Hysteria Inbound Example
Hysteria typically uses its own dedicated client, but V2Ray supports it via a compatible Outbound/Inbound mechanism.
"inbounds": [
{
"port": 443,
"protocol": "hysteria",
"settings": {
"auth": "MyHysteriaToken2025",
"up": "50 mbps",
"down": "200 mbps"
},
"streamSettings": {
"network": "quic", // V2Ray's internal QUIC transport
"security": "tls",
"tlsSettings": {
// Must have a valid certificate for the handshake
"certificates": [
{ "certificateFile": "/path/to/fullchain.cer", "keyFile": "/path/to/private.key" }
]
}
}
}
]
Section 3: Hysteria’s Unique Advantages and Trade-offs
Hysteria fills a niche that neither VLESS/wSS nor Shadowsocks can effectively cover.
Advantages: When Hysteria is King
- High-Latency Links: On connections with very high latency (e.g., satellite internet, or international links over 300ms), TCP is unusable. Hysteria’s aggressive congestion control ensures data transmission even when acknowledgments are slow, providing a vastly superior experience.
- Lossy Mobile Networks: Similar to mKCP, Hysteria’s UDP foundation handles packet loss without stalling the entire connection, making it excellent for mobile devices constantly dropping packets.
- Low Latency (VoIP/Gaming): By prioritizing speed and minimizing waiting time, Hysteria offers exceptionally low latency compared to TCP, making it ideal for real-time applications.
The Trade-offs (When to Avoid Hysteria)
- CDN Incompatibility: Hysteria cannot be hidden behind standard CDNs like Cloudflare because they do not proxy QUIC (UDP) traffic. Your server IP is exposed, similar to the original Trojan design. This makes Hysteria a better choice for high-speed, direct links where the server IP’s exposure is acceptable.
- UDP Blocking: In extremely restricted environments, if all non-standard UDP traffic is blocked (a stricter firewall rule than TCP blocking), Hysteria will fail immediately.
- Authentication Complexity: While simpler than VMess, the shared token authentication is less flexible for multi-user management than VLESS UUIDs.
Section 4: Hysteria’s Role in the V2Ray Ecosystem
In a complete V2Ray infrastructure, Hysteria plays the role of the high-speed, loss-resilient backbone.
- Primary Protocol for Speed: Use Hysteria when your primary concern is maintaining maximum speed and stability on a distant or unreliable link (e.g., connecting a distant office branch to the main network).
- Secondary Protocol for Resilience: Deploy Hysteria as a backup to your primary VLESS/wSS/TLS tunnel. If the wSS/CDN tunnel fails (due to CDN maintenance or IP ban), Hysteria provides an immediate, fast UDP alternative.
- Routing Integration: Traffic that is known to be latency-sensitive (like VOIP or gaming traffic identified via Sniffing, Article 35) can be explicitly routed to the Hysteria Outbound, ensuring that even if the majority of traffic uses stealthy TCP, high-priority applications use the fastest available path.
Conclusion: Speed at All Costs
The Hysteria protocol is the choice for the V2Ray administrator who is willing to sacrifice IP obfuscation for absolute speed and resilience against network instability. By building on QUIC and employing an aggressive, bandwidth-aware congestion control mechanism, Hysteria provides a superior streaming and real-time experience over lossy networks, making it an indispensable tool in the anti-censorship toolkit where network quality is the primary limiting factor.
