On Mon, Dec 14, 2015 at 5:02 PM, Saku Ytti <saku(_at_)ytti(_dot_)fi> wrote:
On 14 December 2015 at 23:45, Christopher Morrow
<morrowc(_dot_)lists(_at_)gmail(_dot_)com> wrote:
isn't the solution to all of this to just use TLS ? (or DTLS for udp)
Sort of. Or proper L4 like QUIC, MinimaLT. You'll know packet got
mangled, but troubleshooting which device it was is going to be hell.
So, one option is to go unscrew tcp/udp/IP and make checksums really
work for highspeed usage.. then packets get (if tossed at the IP
layer) at the hop which sees a failed packet checksum... however,
where would the router/switch/etc send the 'yer packet is cruddy' to ?
are you sure that the L3 data is correct at this point? why are you
sure? if a solarflare poked a hole in your packet, how do you know it
didn't poke 2 holes?
I don't think you can reliably figure out which hop caused your
problem :( so ... TLS (or equivalent in QUIC/MinimalT/etc) is your
only real saving throw.