job screening question

Jason Baugher jason at
Thu Jul 5 23:51:34 UTC 2012

Geez, I'd be happy to find someone with a good attitude, a solid work 
ethic, and the desire and aptitude to learn. :)


On 7/5/2012 5:18 PM, William Herrin wrote:
> On Thu, Jul 5, 2012 at 5:05 PM, Derek Andrew <Derek.Andrew at> wrote:
>>>> You implement a firewall on which you block all ICMP packets. What
>>>> part of the TCP protocol (not IP in general, TCP specifically)
>>>> malfunctions as a result?
>> Isn't MTU discovery on IP and not TCP?
> If you want to overthink the question, the failure in the TCP protocol
> is that it doesn't adjust the MSS to match the path MTU. It continues
> to rely on the incorrect path MTU estimate, sending too-large packets
> which will never arrive. This happens because TCP doesn't receive a
> notification that the path MTU estimate has changed from the default
> because the lower layer PMTUD algorithm never receives the expected
> ICMP packet.
> This is, incidentally, is a detail I'd love for one of the candidates
> to offer in response to that question. Bonus points if you discuss MSS
> clamping and RFC 4821.
> The less precise answer, path MTU discovery breaks, is just fine.
> Regards,
> Bill Herrin
> --
> William D. Herrin ................ herrin at  bill at
> 3005 Crane Dr. ...................... Web: <>
> Falls Church, VA 22042-3004

More information about the NANOG mailing list