Matt Dunwoodie <n...@noconroy.net> wrote: > Depends on your definition of significant, I've seen 1-3% throughput > improvement without the patch.
> Real networks require statistics, which you want to throw away. > Overall, it is still debatable whether to skip the IPv4 checksum as > modern crypto certainly offers better integrity checks. However, the > primary motivator for skipping the integrity checks is performance, and > the performance isn't severely impacted. Additionally, I can sympathise > with avoiding layer violations and bringing it inline with other > tunnels in this case. If it is debatable, why don't you debate it? I don't see a debate. Let me debate it. The issue is not about integrity checks being needed, but about integrity check counters -- such counters are used to short-cut procedures during network diagostic failures in multi-configuration systems. If a higher-level network overlay skips that counter updates for lower-levels, the counters are incorrect, now how do you diagnose quickly? Well, you don't. It sounds like the overlay is being chosen and relevant as more important than the underlay. Sorry to burst your bubble, but the overlay will never be the whole internet. The underlay will persist for a long time, and the underlay will see errors. But the counters indicating those erors will be *incoherent*. To me, it seems your path leads to the inablity to diagnose underlying issues correctly and quickly Are underlying issues suddenly absent, or rare enough, they don't need quick diagnosis? Or do (all) overlay technologies now provide enough information access to make evaluation of underlying failures easy? For those questions, in my experience, I don't think reality provides easy paths yet. As I said, argue it from a non-wg diagnosis model. If the argument is not convincing, we have to do the obvious right thing, even if it costs a small amount. Honestly, i don't understand how you ended in the position you are.