Re: job screening question

[Owen DeLong <owen () delong com>]

I would use questions such as the following:

1.      How many end-sites can be numbered from a single /32.
                (Correct answers: IPv4 - 1, IPv6 - 65,536)
2.      In what circumstance might you need to use IPSEC to secure OSPF
                instead of MD5 authentication?
3.      How many /32s can be created from a single /24?
                (Hint, this answer is the same for IPv4 and IPv6)
4.      What is the purpose of an IP address such as ::ffff:192.0.2.123?
5.      What is the reason for the 100m distance limit within an ethernet collision domain?

The essay questions can wait for the interview if they get past these basics.

Owen

On Jul 5, 2012, at 5:14 PM, Jon Lewis wrote:

> He'll have to come up with another weedout question, like "what's a /27?" I'm constantly amazed/disappointed when we 
> interview candidates for a senior Linux admin job and they just don't know modern networking at all.
>
> Even better question, with multiple right answers, "how many IPs are in a /32?"  You could probably have some fun 
> with most applicants[1] when they answer 1, and then you ask "would you like to expand on that answer?"
>
> The small (sub /24) subnets are dealt with so frequently in an ISP/hosting provider environment, that IMO, anyone 
> claiming to have experience in such an environment should just flat out know how many IPs and the subnet masks for 
> /32 - /24 in IPv4, or be sufficiently comfortable with subnetting that they can figure these things out quickly 
> enough to avoid awkward pauses during the interview if asked about them.
>
> 1) At least the few who get it right.
>
> On Thu, 5 Jul 2012, Mike Hale wrote:
>
> > Something tells me you're suddenly going to find yourself with an
> > influx of correct answers...
> >
> > On Thu, Jul 5, 2012 at 3:18 PM, William Herrin <bill () herrin us> wrote:
> > > On Thu, Jul 5, 2012 at 5:05 PM, Derek Andrew <Derek.Andrew () usask ca> wrote:
> > > > > > You implement a firewall on which you block all ICMP packets. What
> > > > > > part of the TCP protocol (not IP in general, TCP specifically)
> > > > > > malfunctions as a result?
> > > >
> > > > Isn't MTU discovery on IP and not TCP?
> > >
> > > If you want to overthink the question, the failure in the TCP protocol
> > > is that it doesn't adjust the MSS to match the path MTU. It continues
> > > to rely on the incorrect path MTU estimate, sending too-large packets
> > > which will never arrive. This happens because TCP doesn't receive a
> > > notification that the path MTU estimate has changed from the default
> > > because the lower layer PMTUD algorithm never receives the expected
> > > ICMP packet.
> > >
> > > This is, incidentally, is a detail I'd love for one of the candidates
> > > to offer in response to that question. Bonus points if you discuss MSS
> > > clamping and RFC 4821.
> > >
> > > The less precise answer, path MTU discovery breaks, is just fine.
> > >
> > > Regards,
> > > Bill Herrin
> > >
> > >
> > >
> > >
> > > --
> > > William D. Herrin ................ herrin () dirtside com  bill () herrin us
> > > 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> > > Falls Church, VA 22042-3004
> >
> >
> >
> > -- 
> > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>
> ----------------------------------------------------------------------
> Jon Lewis, MCP :)           |  I route
> Senior Network Engineer     |  therefore you are
> Atlantic Net                |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________