[154553] in North American Network Operators' Group
Re: job screening question
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Jul 5 20:26:50 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <Pine.LNX.4.61.1207052003030.4715@soloth.lewis.org>
Date: Thu, 5 Jul 2012 17:22:49 -0700
To: Jon Lewis <jlewis@lewis.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I would use questions such as the following:
1. How many end-sites can be numbered from a single /32.
(Correct answers: IPv4 - 1, IPv6 - 65,536)
2. In what circumstance might you need to use IPSEC to secure OSPF
instead of MD5 authentication?
3. How many /32s can be created from a single /24?
(Hint, this answer is the same for IPv4 and IPv6)
4. What is the purpose of an IP address such as ::ffff:192.0.2.123?
5. What is the reason for the 100m distance limit within an =
ethernet collision domain?
The essay questions can wait for the interview if they get past these =
basics.
Owen
On Jul 5, 2012, at 5:14 PM, Jon Lewis wrote:
> He'll have to come up with another weedout question, like "what's a =
/27?" I'm constantly amazed/disappointed when we interview candidates =
for a senior Linux admin job and they just don't know modern networking =
at all.
>=20
> Even better question, with multiple right answers, "how many IPs are =
in a /32?" You could probably have some fun with most applicants[1] =
when they answer 1, and then you ask "would you like to expand on that =
answer?"
>=20
> The small (sub /24) subnets are dealt with so frequently in an =
ISP/hosting provider environment, that IMO, anyone claiming to have =
experience in such an environment should just flat out know how many IPs =
and the subnet masks for /32 - /24 in IPv4, or be sufficiently =
comfortable with subnetting that they can figure these things out =
quickly enough to avoid awkward pauses during the interview if asked =
about them.
>=20
> 1) At least the few who get it right.
>=20
> On Thu, 5 Jul 2012, Mike Hale wrote:
>=20
>> Something tells me you're suddenly going to find yourself with an
>> influx of correct answers...
>>=20
>> On Thu, Jul 5, 2012 at 3:18 PM, William Herrin <bill@herrin.us> =
wrote:
>>> On Thu, Jul 5, 2012 at 5:05 PM, Derek Andrew <Derek.Andrew@usask.ca> =
wrote:
>>>>>> You implement a firewall on which you block all ICMP packets. =
What
>>>>>> part of the TCP protocol (not IP in general, TCP specifically)
>>>>>> malfunctions as a result?
>>>>=20
>>>> Isn't MTU discovery on IP and not TCP?
>>>=20
>>> If you want to overthink the question, the failure in the TCP =
protocol
>>> is that it doesn't adjust the MSS to match the path MTU. It =
continues
>>> to rely on the incorrect path MTU estimate, sending too-large =
packets
>>> which will never arrive. This happens because TCP doesn't receive a
>>> notification that the path MTU estimate has changed from the default
>>> because the lower layer PMTUD algorithm never receives the expected
>>> ICMP packet.
>>>=20
>>> This is, incidentally, is a detail I'd love for one of the =
candidates
>>> to offer in response to that question. Bonus points if you discuss =
MSS
>>> clamping and RFC 4821.
>>>=20
>>> The less precise answer, path MTU discovery breaks, is just fine.
>>>=20
>>> Regards,
>>> Bill Herrin
>>>=20
>>>=20
>>>=20
>>>=20
>>> --
>>> William D. Herrin ................ herrin@dirtside.com =
bill@herrin.us
>>> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
>>> Falls Church, VA 22042-3004
>>>=20
>>=20
>>=20
>>=20
>> --=20
>> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>>=20
>=20
> ----------------------------------------------------------------------
> Jon Lewis, MCP :) | I route
> Senior Network Engineer | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
