> From: <l.wood@xxxxxxxxxxxx> > from http://tools.ietf.org/html/draft-ietf-lisp-introduction-03 > > The UDP checksum is zero because the inner packet usually already has > a end-end checksum, and the outer checksum adds no value. [Saltzer] > (That's a misreading of Saltzer - the UDP checksum is also protecting > against misdelivery and pseudoheader corruption If the content above the UDP header in this case were that of some sort of application, you'd be right. But it's not. The UDP, outer and inner IP headers of LISP _together_ are effectively a layer three header ('get the packet from the source host to the destination host - and that's all, ffffolks - no reliability of any kind'). So the fact that it's not providing protection against misdelivery is... _exactly_ like the service that bare IPvN provides. In fact, since IPv6 doesn't even _have_ a header checksum, UDP in LISP is doing exactly what IPv6 does. Are you now claiming that IPv6 is fundamentally defective because it doesn't have a header checksum to guard against packet mis-delivery? > and 'usually' is not a good defence To say it at slightly greater length, 'the inner packet _either_ already has an end-end checksum (the usual case), in which case adding another one is of little or no value, _or_ the sender deliverately sent their packet _without_ an end-end checksum, in which case they are _no worse off_ than they were before the packet was encapsulated'. It's not the internetwork layer's job to second-guess the users; we can assume that if someone sent a packet without an end-end checksum, they must have worked out that for whatever they are doing, it's OK to leave it out. Note that I am solely answering regarding the omission of UDP checksums when UDP is used as part of the internetworking layer, for encapsulating traffic. I have not considered, and make no statement about, use of zero checksums in other ways/places. Noel