nanog mailing list archives
Re: job screening question
From: Leo Bicknell <bicknell () ufp org>
Date: Thu, 5 Jul 2012 10:16:56 -0700
In a message written on Thu, Jul 05, 2012 at 01:02:08PM -0400, William Herrin wrote:
You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard?
I suspect you're looking for Path MTU Discovery as an answer.
2. Is the question too vague? Is there a clearer way to word it?
I believe if you understand ICMP, it could be considered to be vague. For instance, blocking all ICMP means that if the network breaks during communication and a Host/Net unreachable is generated the connection will have to go through a timeout rather than an immeidate tear down. Similarly, blocking ICMP source quench might break throttling in the 3 TCP implementations in the world that do that. :)
3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer?
"A firewall is configured to block all ICMP packets and a system administrator reports problems with TCP connections not transferring data. What is the most likely cause?" ICMP Packet-Too-Big being dropped and breaking PMTU discovery is the correct answer. When I study for my CCIE Recert every 2 years I find myself relearning "The Cisco Answer", rather than the right answer. It's not that the Cisco answers are often wrong per-se, but they teach the most likely causes of things and want them back as the right answer. Cribbing from their test materials and study guides puts the questions in familar terms that your candidates are likely to have seen, making them less likely to be thrown off by the question. Unless you want to throw them off. Depends on the level of folks you want to hire. I would answer your question with "I would never implement a firewall that breaks all TCP." :) -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
_bin
Description:
Current thread:
- RE: job screening question, (continued)
- RE: job screening question Thomas York (Jul 05)
- Re: job screening question Oliver Garraux (Jul 05)
- Re: job screening question James M Keller (Jul 05)
- Re: job screening question Darius Jahandarie (Jul 05)
- Re: job screening question George Herbert (Jul 05)
- Re: job screening question William Herrin (Jul 05)
- Re: job screening question Derek Ivey (Jul 05)
- Re: job screening question Daniel Roesen (Jul 05)
- RE: job screening question Terry Baranski (Jul 05)
- Re: job screening question Ray Soucy (Jul 05)
- Re: job screening question William Herrin (Jul 05)
- Re: job screening question David Coulson (Jul 05)
- Re: job screening question Scott Howard (Jul 05)
- Re: job screening question Derek Andrew (Jul 05)
- Re: job screening question William Herrin (Jul 05)
- Re: job screening question Randy (Jul 05)
- Re: job screening question William Herrin (Jul 05)
- Re: job screening question Owen DeLong (Jul 05)