Well, this is kinda unexpected. I expected link failures (electromagnetic interference on copper links), but we got device (middlebox) failures ! Now, if we want to protect vs. data mangling by middleboxes, we need to look not only at switches, but also at NAT Routers (including cheap home routers, and load-balancers) -- those *can* mangle any TCP data, and compute the wrong checksum there ! Typical Internet data goes through NAT not once, but twice (!); a source NAT (a corporate firewall, or a home router), and then again through a destination NAT (load-balancer). Anyone of them can mangle data, if poorly implemented (cheap embedded CPU without ECC cache, etc...) One possible defense, is to modify TCPv5 and UDPv5 slightly, to include CRC32 checksum, but only on the *data portion*, not on ports. (instead of old 16-bit checksums) Just moving to TCP/IP to CRC32 will *not* solve the issue of middleboxes mangling our data. But then port numbers are unprotected by checksum. So data destined to port 20, can suddenly arrive to port 80. Is this any better ? A more radical idea, is to move "port numbers" to IP layer, and cover them by IP-layer checksum, as nowadays "ports" are really "Routing" data. NOTE: I will be moving to "5gangip@xxxxxxxx", so please subscribe there. https://www.ietf.org/mailman/listinfo/5gangip -Alexey "Technologov"