diff --git a/test/integration/alpn_integration_test.cc b/test/integration/alpn_integration_test.cc
index 5097515bd60a9..264036a4bc2a8 100644
--- a/test/integration/alpn_integration_test.cc
+++ b/test/integration/alpn_integration_test.cc
@@ -32,11 +32,10 @@ class AlpnIntegrationTest : public testing::TestWithParam<Network::Address::IpVe
   }
   void createUpstreams() override {
     for (uint32_t i = 0; i < fake_upstreams_count_; ++i) {
-      setUpstreamProtocol(protocols_[i]);
-      Network::TransportSocketFactoryPtr factory = createUpstreamTlsContext();
-      auto endpoint = upstream_address_fn_(i);
       auto config = upstreamConfig();
       config.upstream_protocol_ = protocols_[i];
+      Network::TransportSocketFactoryPtr factory = createUpstreamTlsContext(config);
+      auto endpoint = upstream_address_fn_(i);
       fake_upstreams_.emplace_back(new AutonomousUpstream(std::move(factory), endpoint, config,
                                                           autonomous_allow_incomplete_streams_));
     }
diff --git a/test/integration/base_integration_test.cc b/test/integration/base_integration_test.cc
index cf0b1d193aaf6..ac4cf88eb7030 100644
--- a/test/integration/base_integration_test.cc
+++ b/test/integration/base_integration_test.cc
@@ -105,7 +105,8 @@ void BaseIntegrationTest::initialize() {
   createEnvoy();
 }
 
-Network::TransportSocketFactoryPtr BaseIntegrationTest::createUpstreamTlsContext() {
+Network::TransportSocketFactoryPtr
+BaseIntegrationTest::createUpstreamTlsContext(const FakeUpstreamConfig& upstream_config) {
   envoy::extensions::transport_sockets::tls::v3::DownstreamTlsContext tls_context;
   const std::string yaml = absl::StrFormat(
       R"EOF(
@@ -120,12 +121,12 @@ Network::TransportSocketFactoryPtr BaseIntegrationTest::createUpstreamTlsContext
       TestEnvironment::runfilesPath("test/config/integration/certs/upstreamkey.pem"),
       TestEnvironment::runfilesPath("test/config/integration/certs/cacert.pem"));
   TestUtility::loadFromYaml(yaml, tls_context);
-  if (upstream_config_.upstream_protocol_ == FakeHttpConnection::Type::HTTP2) {
+  if (upstream_config.upstream_protocol_ == FakeHttpConnection::Type::HTTP2) {
     tls_context.mutable_common_tls_context()->add_alpn_protocols("h2");
-  } else if (upstream_config_.upstream_protocol_ == FakeHttpConnection::Type::HTTP1) {
+  } else if (upstream_config.upstream_protocol_ == FakeHttpConnection::Type::HTTP1) {
     tls_context.mutable_common_tls_context()->add_alpn_protocols("http/1.1");
   }
-  if (upstream_config_.upstream_protocol_ != FakeHttpConnection::Type::HTTP3) {
+  if (upstream_config.upstream_protocol_ != FakeHttpConnection::Type::HTTP3) {
     auto cfg = std::make_unique<Extensions::TransportSockets::Tls::ServerContextConfigImpl>(
         tls_context, factory_context_);
     static Stats::Scope* upstream_stats_store = new Stats::IsolatedStoreImpl();
@@ -146,7 +147,8 @@ Network::TransportSocketFactoryPtr BaseIntegrationTest::createUpstreamTlsContext
 void BaseIntegrationTest::createUpstreams() {
   for (uint32_t i = 0; i < fake_upstreams_count_; ++i) {
     Network::TransportSocketFactoryPtr factory =
-        upstream_tls_ ? createUpstreamTlsContext() : Network::Test::createRawBufferSocketFactory();
+        upstream_tls_ ? createUpstreamTlsContext(upstreamConfig())
+                      : Network::Test::createRawBufferSocketFactory();
     auto endpoint = upstream_address_fn_(i);
     if (autonomous_upstream_) {
       fake_upstreams_.emplace_back(new AutonomousUpstream(
diff --git a/test/integration/base_integration_test.h b/test/integration/base_integration_test.h
index 94a3a7243e8aa..9f902f958d2dc 100644
--- a/test/integration/base_integration_test.h
+++ b/test/integration/base_integration_test.h
@@ -307,17 +307,24 @@ class BaseIntegrationTest : protected Logger::Loggable<Logger::Id::testing> {
                                                  *dispatcher_, std::move(transport_socket));
   }
 
-  // Add a fake upstream bound to INADDR_ANY and there is no specified port.
-  FakeUpstream& addFakeUpstream(FakeHttpConnection::Type type) {
+  FakeUpstreamConfig configWithType(FakeHttpConnection::Type type) const {
     FakeUpstreamConfig config = upstream_config_;
     config.upstream_protocol_ = type;
+    if (type != FakeHttpConnection::Type::HTTP3) {
+      config.udp_fake_upstream_ = absl::nullopt;
+    }
+    return config;
+  }
+
+  FakeUpstream& addFakeUpstream(FakeHttpConnection::Type type) {
+    auto config = configWithType(type);
     fake_upstreams_.emplace_back(std::make_unique<FakeUpstream>(0, version_, config));
     return *fake_upstreams_.back();
   }
+
   FakeUpstream& addFakeUpstream(Network::TransportSocketFactoryPtr&& transport_socket_factory,
                                 FakeHttpConnection::Type type) {
-    FakeUpstreamConfig config = upstream_config_;
-    config.upstream_protocol_ = type;
+    auto config = configWithType(type);
     fake_upstreams_.emplace_back(
         std::make_unique<FakeUpstream>(std::move(transport_socket_factory), 0, version_, config));
     return *fake_upstreams_.back();
@@ -394,7 +401,8 @@ class BaseIntegrationTest : protected Logger::Loggable<Logger::Id::testing> {
   bool use_lds_{true}; // Use the integration framework's LDS set up.
   bool upstream_tls_{false};
 
-  Network::TransportSocketFactoryPtr createUpstreamTlsContext();
+  Network::TransportSocketFactoryPtr
+  createUpstreamTlsContext(const FakeUpstreamConfig& upstream_config);
   testing::NiceMock<Server::Configuration::MockTransportSocketFactoryContext> factory_context_;
   Extensions::TransportSockets::Tls::ContextManagerImpl context_manager_{timeSystem()};
 
@@ -437,8 +445,6 @@ class BaseIntegrationTest : protected Logger::Loggable<Logger::Id::testing> {
   bool v2_bootstrap_{false};
 
 private:
-  friend class MixedUpstreamIntegrationTest;
-
   // Configuration for the fake upstream.
   FakeUpstreamConfig upstream_config_{time_system_};
   // True if initialized() has been called.
diff --git a/test/integration/fake_upstream.cc b/test/integration/fake_upstream.cc
index a4248c52cea39..be91ed958e96e 100644
--- a/test/integration/fake_upstream.cc
+++ b/test/integration/fake_upstream.cc
@@ -448,18 +448,17 @@ FakeUpstream::FakeUpstream(const std::string& uds_path, const FakeUpstreamConfig
     : FakeUpstream(Network::Test::createRawBufferSocketFactory(),
                    Network::SocketPtr{new Network::UdsListenSocket(
                        std::make_shared<Network::Address::PipeInstance>(uds_path))},
-                   config) {
-  ENVOY_LOG(info, "starting fake server on unix domain socket {}", uds_path);
-}
+                   config) {}
 
 static Network::SocketPtr
 makeTcpListenSocket(const Network::Address::InstanceConstSharedPtr& address) {
   return std::make_unique<Network::TcpListenSocket>(address, nullptr, true);
 }
 
-static Network::SocketPtr makeTcpListenSocket(uint32_t port, Network::Address::IpVersion version) {
-  return makeTcpListenSocket(Network::Utility::parseInternetAddress(
-      Network::Test::getLoopbackAddressString(version), port));
+static Network::Address::InstanceConstSharedPtr makeAddress(uint32_t port,
+                                                            Network::Address::IpVersion version) {
+  return Network::Utility::parseInternetAddress(Network::Test::getLoopbackAddressString(version),
+                                                port);
 }
 
 static Network::SocketPtr
@@ -482,31 +481,19 @@ makeListenSocket(const FakeUpstreamConfig& config,
 FakeUpstream::FakeUpstream(uint32_t port, Network::Address::IpVersion version,
                            const FakeUpstreamConfig& config)
     : FakeUpstream(Network::Test::createRawBufferSocketFactory(),
-                   makeTcpListenSocket(port, version), config) {
-  ASSERT(!config.udp_fake_upstream_.has_value());
-  ENVOY_LOG(info, "starting fake server on port {}. Address version is {}",
-            localAddress()->ip()->port(), Network::Test::addressVersionAsString(version));
-}
+                   makeListenSocket(config, makeAddress(port, version)), config) {}
 
 FakeUpstream::FakeUpstream(Network::TransportSocketFactoryPtr&& transport_socket_factory,
                            const Network::Address::InstanceConstSharedPtr& address,
                            const FakeUpstreamConfig& config)
     : FakeUpstream(std::move(transport_socket_factory), makeListenSocket(config, address), config) {
-  ENVOY_LOG(info, "starting fake server on socket {}:{}. Address version is {}. UDP={}",
-            address->ip()->addressAsString(), address->ip()->port(),
-            Network::Test::addressVersionAsString(address->ip()->version()),
-            config.udp_fake_upstream_.has_value());
 }
 
 FakeUpstream::FakeUpstream(Network::TransportSocketFactoryPtr&& transport_socket_factory,
                            uint32_t port, Network::Address::IpVersion version,
                            const FakeUpstreamConfig& config)
-    : FakeUpstream(std::move(transport_socket_factory), makeTcpListenSocket(port, version),
-                   config) {
-  ASSERT(!config.udp_fake_upstream_.has_value());
-  ENVOY_LOG(info, "starting fake server on port {}. Address version is {}",
-            localAddress()->ip()->port(), Network::Test::addressVersionAsString(version));
-}
+    : FakeUpstream(std::move(transport_socket_factory),
+                   makeListenSocket(config, makeAddress(port, version)), config) {}
 
 FakeUpstream::FakeUpstream(Network::TransportSocketFactoryPtr&& transport_socket_factory,
                            Network::SocketPtr&& listen_socket, const FakeUpstreamConfig& config)
@@ -520,6 +507,8 @@ FakeUpstream::FakeUpstream(Network::TransportSocketFactoryPtr&& transport_socket
       read_disable_on_new_connection_(true), enable_half_close_(config.enable_half_close_),
       listener_(*this, http_type_ == FakeHttpConnection::Type::HTTP3),
       filter_chain_(Network::Test::createEmptyFilterChain(std::move(transport_socket_factory))) {
+  ENVOY_LOG(info, "starting fake server at {}. UDP={} codec={}", localAddress()->asString(),
+            config.udp_fake_upstream_.has_value(), FakeHttpConnection::typeToString(http_type_));
   if (config.udp_fake_upstream_.has_value() &&
       config.udp_fake_upstream_->max_rx_datagram_size_.has_value()) {
     listener_.udp_listener_config_.config_.mutable_downstream_socket_config()
diff --git a/test/integration/fake_upstream.h b/test/integration/fake_upstream.h
index a2d170eb110e2..5cd6471832a9c 100644
--- a/test/integration/fake_upstream.h
+++ b/test/integration/fake_upstream.h
@@ -414,6 +414,17 @@ class FakeConnectionBase : public Logger::Loggable<Logger::Id::testing> {
 class FakeHttpConnection : public Http::ServerConnectionCallbacks, public FakeConnectionBase {
 public:
   enum class Type { HTTP1, HTTP2, HTTP3 };
+  static absl::string_view typeToString(Type type) {
+    switch (type) {
+    case Type::HTTP1:
+      return "http1";
+    case Type::HTTP2:
+      return "http2";
+    case Type::HTTP3:
+      return "http3";
+    }
+    return "invalid";
+  }
 
   FakeHttpConnection(FakeUpstream& fake_upstream, SharedConnectionWrapper& shared_connection,
                      Type type, Event::TestTimeSystem& time_system, uint32_t max_request_headers_kb,
diff --git a/test/integration/hds_integration_test.cc b/test/integration/hds_integration_test.cc
index 3ade7ed52e87b..63ae64a0b500c 100644
--- a/test/integration/hds_integration_test.cc
+++ b/test/integration/hds_integration_test.cc
@@ -62,10 +62,10 @@ class HdsIntegrationTest : public Grpc::VersionedGrpcClientIntegrationParamTest,
 
     // Endpoint connections
     if (tls_hosts_) {
-      host_upstream_ =
-          &addFakeUpstream(HttpIntegrationTest::createUpstreamTlsContext(), http_conn_type_);
-      host2_upstream_ =
-          &addFakeUpstream(HttpIntegrationTest::createUpstreamTlsContext(), http_conn_type_);
+      host_upstream_ = &addFakeUpstream(
+          HttpIntegrationTest::createUpstreamTlsContext(upstreamConfig()), http_conn_type_);
+      host2_upstream_ = &addFakeUpstream(
+          HttpIntegrationTest::createUpstreamTlsContext(upstreamConfig()), http_conn_type_);
     } else {
       host_upstream_ = &addFakeUpstream(http_conn_type_);
       host2_upstream_ = &addFakeUpstream(http_conn_type_);
diff --git a/test/integration/multiplexed_upstream_integration_test.cc b/test/integration/multiplexed_upstream_integration_test.cc
index 24690e011e6ca..2c86cba32fb0a 100644
--- a/test/integration/multiplexed_upstream_integration_test.cc
+++ b/test/integration/multiplexed_upstream_integration_test.cc
@@ -610,16 +610,18 @@ class MixedUpstreamIntegrationTest : public Http2UpstreamIntegrationTest {
   }
   void createUpstreams() override {
     ASSERT_EQ(upstreamProtocol(), FakeHttpConnection::Type::HTTP3);
+    ASSERT_EQ(fake_upstreams_count_, 1);
+    ASSERT_FALSE(autonomous_upstream_);
+
     if (use_http2_) {
-      // Generally we always want to set these fields via accessors, which
-      // changes both the upstreams and Envoy's configuration at the same time.
-      // In this particular case, we want to change the upstreams without
-      // touching config, so edit the raw members directly.
-      upstream_config_.udp_fake_upstream_ = absl::nullopt;
-      upstream_config_.upstream_protocol_ = FakeHttpConnection::Type::HTTP2;
+      auto config = configWithType(FakeHttpConnection::Type::HTTP2);
+      Network::TransportSocketFactoryPtr factory = createUpstreamTlsContext(config);
+      addFakeUpstream(std::move(factory), FakeHttpConnection::Type::HTTP2);
+    } else {
+      auto config = configWithType(FakeHttpConnection::Type::HTTP3);
+      Network::TransportSocketFactoryPtr factory = createUpstreamTlsContext(config);
+      addFakeUpstream(std::move(factory), FakeHttpConnection::Type::HTTP3);
     }
-    Http2UpstreamIntegrationTest::createUpstreams();
-    upstream_config_.upstream_protocol_ = FakeHttpConnection::Type::HTTP3;
   }
 
   bool use_http2_{false};
diff --git a/test/integration/ssl_utility.cc b/test/integration/ssl_utility.cc
index 0afb4b6d80fb0..0cc1f7de4cfbc 100644
--- a/test/integration/ssl_utility.cc
+++ b/test/integration/ssl_utility.cc
@@ -1,5 +1,7 @@
 #include "test/integration/ssl_utility.h"
 
+#include "envoy/extensions/transport_sockets/quic/v3/quic_transport.pb.h"
+
 #include "common/http/utility.h"
 #include "common/json/json_loader.h"
 #include "common/network/utility.h"
@@ -96,7 +98,7 @@ createClientSslTransportSocketFactory(const ClientSslTransportOptions& options,
 }
 
 Network::TransportSocketFactoryPtr createUpstreamSslContext(ContextManager& context_manager,
-                                                            Api::Api& api) {
+                                                            Api::Api& api, bool use_http3) {
   envoy::extensions::transport_sockets::tls::v3::DownstreamTlsContext tls_context;
   ConfigHelper::initializeTls({}, *tls_context.mutable_common_tls_context());
 
@@ -106,8 +108,18 @@ Network::TransportSocketFactoryPtr createUpstreamSslContext(ContextManager& cont
       tls_context, mock_factory_ctx);
 
   static Stats::Scope* upstream_stats_store = new Stats::TestIsolatedStoreImpl();
-  return std::make_unique<Extensions::TransportSockets::Tls::ServerSslSocketFactory>(
-      std::move(cfg), context_manager, *upstream_stats_store, std::vector<std::string>{});
+  if (!use_http3) {
+    return std::make_unique<Extensions::TransportSockets::Tls::ServerSslSocketFactory>(
+        std::move(cfg), context_manager, *upstream_stats_store, std::vector<std::string>{});
+  }
+  envoy::extensions::transport_sockets::quic::v3::QuicDownstreamTransport quic_config;
+  quic_config.mutable_downstream_tls_context()->MergeFrom(tls_context);
+
+  std::vector<std::string> server_names;
+  auto& config_factory = Config::Utility::getAndCheckFactoryByName<
+      Server::Configuration::DownstreamTransportSocketConfigFactory>(
+      "envoy.transport_sockets.quic");
+  return config_factory.createTransportSocketFactory(quic_config, mock_factory_ctx, server_names);
 }
 
 Network::TransportSocketFactoryPtr createFakeUpstreamSslContext(
diff --git a/test/integration/ssl_utility.h b/test/integration/ssl_utility.h
index f7a202016aee4..f5a75d35e4028 100644
--- a/test/integration/ssl_utility.h
+++ b/test/integration/ssl_utility.h
@@ -72,7 +72,7 @@ createClientSslTransportSocketFactory(const ClientSslTransportOptions& options,
                                       ContextManager& context_manager, Api::Api& api);
 
 Network::TransportSocketFactoryPtr createUpstreamSslContext(ContextManager& context_manager,
-                                                            Api::Api& api);
+                                                            Api::Api& api, bool use_http3 = false);
 
 Network::TransportSocketFactoryPtr
 createFakeUpstreamSslContext(const std::string& upstream_cert_name, ContextManager& context_manager,
diff --git a/test/integration/tcp_proxy_integration_test.cc b/test/integration/tcp_proxy_integration_test.cc
index 438eb3a6ef928..8cb605c65ba3a 100644
--- a/test/integration/tcp_proxy_integration_test.cc
+++ b/test/integration/tcp_proxy_integration_test.cc
@@ -1320,7 +1320,7 @@ class MysqlIntegrationTest : public TcpProxyIntegrationTest {
   void createUpstreams() override {
     for (uint32_t i = 0; i < fake_upstreams_count_; ++i) {
       Network::TransportSocketFactoryPtr factory =
-          upstream_tls_ ? createUpstreamTlsContext()
+          upstream_tls_ ? createUpstreamTlsContext(upstreamConfig())
                         : Network::Test::createRawBufferSocketFactory();
       auto endpoint = upstream_address_fn_(i);
       fake_upstreams_.emplace_back(
diff --git a/test/integration/transport_socket_match_integration_test.cc b/test/integration/transport_socket_match_integration_test.cc
index ddef54c3a1704..1bc92bae21f8d 100644
--- a/test/integration/transport_socket_match_integration_test.cc
+++ b/test/integration/transport_socket_match_integration_test.cc
@@ -119,7 +119,7 @@ name: "tls_socket"
       auto endpoint = upstream_address_fn_(i);
       if (isTLSUpstream(i)) {
         fake_upstreams_.emplace_back(new AutonomousUpstream(
-            HttpIntegrationTest::createUpstreamTlsContext(), endpoint->ip()->port(),
+            HttpIntegrationTest::createUpstreamTlsContext(upstreamConfig()), endpoint->ip()->port(),
             endpoint->ip()->version(), upstreamConfig(), false));
       } else {
         fake_upstreams_.emplace_back(new AutonomousUpstream(