diff --git a/codec-classes-quic/src/main/java/io/netty/incubator/codec/quic/HmacSignQuicConnectionIdGenerator.java b/codec-classes-quic/src/main/java/io/netty/incubator/codec/quic/HmacSignQuicConnectionIdGenerator.java
index 2c8d0848..3c0da94b 100644
--- a/codec-classes-quic/src/main/java/io/netty/incubator/codec/quic/HmacSignQuicConnectionIdGenerator.java
+++ b/codec-classes-quic/src/main/java/io/netty/incubator/codec/quic/HmacSignQuicConnectionIdGenerator.java
@@ -21,6 +21,7 @@
 import java.security.SecureRandom;
 import java.util.Arrays;
 
+import io.netty.util.concurrent.FastThreadLocal;
 import io.netty.util.internal.ObjectUtil;
 
 import javax.crypto.Mac;
@@ -33,6 +34,13 @@
 final class HmacSignQuicConnectionIdGenerator implements QuicConnectionIdGenerator {
     static final QuicConnectionIdGenerator INSTANCE = new HmacSignQuicConnectionIdGenerator();
 
+    private static final FastThreadLocal<Mac> MACS = new FastThreadLocal<Mac>() {
+        @Override
+        protected Mac initialValue() {
+            return newMac();
+        }
+    };
+
     private static final String ALGORITM = "HmacSHA256";
     private static final byte[] randomKey = new byte[16];
 
@@ -66,11 +74,9 @@ public ByteBuffer newId(ByteBuffer buffer, int length) {
         ObjectUtil.checkPositive(buffer.remaining(), "buffer");
         ObjectUtil.checkInRange(length, 0, maxConnectionIdLength(), "length");
 
-
-        // TODO: Consider using a ThreadLocal.
-        Mac mac = newMac();
+        Mac mac = MACS.get();
+        mac.reset();
         mac.update(buffer);
-
         byte[] signBytes = mac.doFinal();
         if (signBytes.length != length) {
             signBytes = Arrays.copyOf(signBytes, length);