In a message written on Thu, Jul 05, 2012 at 01:02:08PM -0400, William Herrin wrote:
You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result?
My questions for you are:
1. As an expert who follows NANOG, do you know the answer? Or is this question too hard?
I suspect you're looking for Path MTU Discovery as an answer.
2. Is the question too vague? Is there a clearer way to word it?
I believe if you understand ICMP, it could be considered to be vague. For instance, blocking all ICMP means that if the network breaks during communication and a Host/Net unreachable is generated the connection will have to go through a timeout rather than an immeidate tear down. Similarly, blocking ICMP source quench might break throttling in the 3 TCP implementations in the world that do that. :)
3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer?
"A firewall is configured to block all ICMP packets and a system administrator reports problems with TCP connections not transferring data. What is the most likely cause?" ICMP Packet-Too-Big being dropped and breaking PMTU discovery is the correct answer. When I study for my CCIE Recert every 2 years I find myself relearning "The Cisco Answer", rather than the right answer. It's not that the Cisco answers are often wrong per-se, but they teach the most likely causes of things and want them back as the right answer. Cribbing from their test materials and study guides puts the questions in familar terms that your candidates are likely to have seen, making them less likely to be thrown off by the question. Unless you want to throw them off. Depends on the level of folks you want to hire. I would answer your question with "I would never implement a firewall that breaks all TCP." :) -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/