Matt Dunwoodie <> wrote:

> Depends on your definition of significant, I've seen 1-3% throughput
> improvement without the patch.

> Real networks require statistics, which you want to throw away.

> Overall, it is still debatable whether to skip the IPv4 checksum as
> modern crypto certainly offers better integrity checks. However, the
> primary motivator for skipping the integrity checks is performance, and
> the performance isn't severely impacted. Additionally, I can sympathise
> with avoiding layer violations and bringing it inline with other
> tunnels in this case.

If it is debatable, why don't you debate it?  I don't see a debate.

Let me debate it.

The issue is not about integrity checks being needed, but about
integrity check counters -- such counters are used to short-cut
procedures during network diagostic failures in multi-configuration

If a higher-level network overlay skips that counter updates for
lower-levels, the counters are incorrect, now how do you diagnose
quickly?  Well, you don't.

It sounds like the overlay is being chosen and relevant as more
important than the underlay.  Sorry to burst your bubble, but the
overlay will never be the whole internet.  The underlay will persist for
a long time, and the underlay will see errors.  But the counters
indicating those erors will be *incoherent*.

To me, it seems your path leads to the inablity to diagnose underlying
issues correctly and quickly

Are underlying issues suddenly absent, or rare enough, they don't need
quick diagnosis?

Or do (all) overlay technologies now provide enough information access to
make evaluation of underlying failures easy?

For those questions, in my experience, I don't think reality provides
easy paths yet.

As I said, argue it from a non-wg diagnosis model.  If the argument is
not convincing, we have to do the obvious right thing, even if it costs
a small amount.

Honestly, i don't understand how you ended in the position you are.

Reply via email to