>>>>> "cd" == Casper Dik <[EMAIL PROTECTED]> writes:
cd> The whole packet lives in the memory of the switch/router and
cd> if that memory is broken the packet will be send damaged.
that's true, but by algorithmically modifying the checksum to match
your ttl decrementing and MAC address label-swapping rather than
recomputing it from scratch, it's possible for an L2 or even L3 switch
to avoid ``splitting the protection domain''. It'll still send the
damaged packet, but with a wrong FCS, so it'll just get dropped by the
next input port and eventually retransmitted. This is what 802.1d
suggests.
I suspect one reason the IP/UDP/TCP checksums were specified as simple
checksums rather than CRC's like the Ethernet L2 FCS, is that it's
really easy and obvious how to algorithmically modify them. sounds
like they are not good enough though, because unless this broken
router that Robert and Darren saw was doing NAT, yeah, it should not
have touch the TCP/UDP checksum. BTW which router was it, or you
can't say because you're in the US? :)
I would expect any cost-conscious router or switch manufacturer to use
the same Ethernet MAC ASIC's as desktops, so the checksums would
likely be computed right before transmission using the ``offload''
feature of the Ethernet chip, but of course we can't tell because
they're all proprietary. Eventually I bet it will become commonplace
for Ethernet MAC's to do IPsec offload, so we'll have to remember the
``avoid splitting the protection domain'' idea when that starts
happening.
pgpIRJL9G6bGy.pgp
Description: PGP signature
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
