The ethernet CRC is designed for packets on the wire. On the wire you have a bit error rate and sometimes burst errors. For bit errors, as long as no packet has 32 bit errors the CRC will always catch them. For burst errors, if the error sets all bits to zero (or to one) then the CRC will catch it.
This is different from random memory corruption.
Note that while a packet is the memory of a router you typically only have to TCP checksum to protect the packet, which is a rather weak 16-bit sum. So it is safe to assume that TCP will fail to detect many failures and if you care add a sha2 hash.
Why sha2, because while md5 is perfectly fine for random errors, we should should make sure to kill all use of insecure hash functions. Otherwise they keep popping up in contexts where errors are not random.
This is different from random memory corruption.
Note that while a packet is the memory of a router you typically only have to TCP checksum to protect the packet, which is a rather weak 16-bit sum. So it is safe to assume that TCP will fail to detect many failures and if you care add a sha2 hash.
Why sha2, because while md5 is perfectly fine for random errors, we should should make sure to kill all use of insecure hash functions. Otherwise they keep popping up in contexts where errors are not random.