--- On Thu, 7/5/12, William Herrin <bill@herrin.us> wrote:
From: William Herrin <bill@herrin.us> Subject: Re: job screening question To: "Derek Andrew" <Derek.Andrew@usask.ca> Cc: "nanog@nanog.org" <nanog@nanog.org> Date: Thursday, July 5, 2012, 3:18 PM On Thu, Jul 5, 2012 at 5:05 PM, Derek Andrew <Derek.Andrew@usask.ca> wrote:
You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result?
Isn't MTU discovery on IP and not TCP?
If you want to overthink the question, the failure in the TCP protocol is that it doesn't adjust the MSS to match the path MTU. It continues to rely on the incorrect path MTU estimate, sending too-large packets which will never arrive. This happens because TCP doesn't receive a notification that the path MTU estimate has changed from the default because the lower layer PMTUD algorithm never receives the expected ICMP packet.
This is, incidentally, is a detail I'd love for one of the candidates to offer in response to that question. Bonus points if you discuss MSS clamping and RFC 4821.
The less precise answer, path MTU discovery breaks, is just fine.
Regards, Bill Herrin
Precisely! and if I understand correctly, a non-techinical person within HR is expected to hear this answer and relay it to you? That is more than a long shot. Unless of course they have photographic memories, are great typists or perhaps do "short hand". ./Randy