Re: job screening question

[Randy <randy_94108 () yahoo com>]

--- On Thu, 7/5/12, William Herrin <bill () herrin us> wrote:

> From: William Herrin <bill () herrin us>
> Subject: Re: job screening question
> To: "Derek Andrew" <Derek.Andrew () usask ca>
> Cc: "nanog () nanog org" <nanog () nanog org>
> Date: Thursday, July 5, 2012, 3:18 PM
> On Thu, Jul 5, 2012 at 5:05 PM, Derek
> Andrew <Derek.Andrew () usask ca>
> wrote:
> > > > You implement a firewall on which you block
> all ICMP packets. What
> > > > part of the TCP protocol (not IP in general,
> TCP specifically)
> > > > malfunctions as a result?
> >
> > Isn't MTU discovery on IP and not TCP?
>
> If you want to overthink the question, the failure in the
> TCP protocol
> is that it doesn't adjust the MSS to match the path MTU. It
> continues
> to rely on the incorrect path MTU estimate, sending
> too-large packets
> which will never arrive. This happens because TCP doesn't
> receive a
> notification that the path MTU estimate has changed from the
> default
> because the lower layer PMTUD algorithm never receives the
> expected
> ICMP packet.
>
> This is, incidentally, is a detail I'd love for one of the
> candidates
> to offer in response to that question. Bonus points if you
> discuss MSS
> clamping and RFC 4821.
>
> The less precise answer, path MTU discovery breaks, is just
> fine.
>
> Regards,
> Bill Herrin


Precisely! and if I understand correctly, a non-techinical person within HR is expected to hear this answer and relay 
it to you? That is more than a long shot. Unless of course they have photographic memories, are great typists or 
perhaps do "short hand".

./Randy