On Mon, Dec 14, 2015 at 5:02 PM, Saku Ytti <saku@xxxxxxx> wrote: > On 14 December 2015 at 23:45, Christopher Morrow > <morrowc.lists@xxxxxxxxx> wrote: >> isn't the solution to all of this to just use TLS ? (or DTLS for udp) > > Sort of. Or proper L4 like QUIC, MinimaLT. You'll know packet got > mangled, but troubleshooting which device it was is going to be hell. So, one option is to go unscrew tcp/udp/IP and make checksums really work for highspeed usage.. then packets get (if tossed at the IP layer) at the hop which sees a failed packet checksum... however, where would the router/switch/etc send the 'yer packet is cruddy' to ? are you sure that the L3 data is correct at this point? why are you sure? if a solarflare poked a hole in your packet, how do you know it didn't poke 2 holes? I don't think you can reliably figure out which hop caused your problem :( so ... TLS (or equivalent in QUIC/MinimalT/etc) is your only real saving throw.