--- On Thu, 7/5/12, William Herrin <b...@herrin.us> wrote: > From: William Herrin <b...@herrin.us> > Subject: Re: job screening question > To: "Derek Andrew" <derek.and...@usask.ca> > Cc: "nanog@nanog.org" <nanog@nanog.org> > Date: Thursday, July 5, 2012, 3:18 PM > On Thu, Jul 5, 2012 at 5:05 PM, Derek > Andrew <derek.and...@usask.ca> > wrote: > >> > You implement a firewall on which you block > all ICMP packets. What > >> > part of the TCP protocol (not IP in general, > TCP specifically) > >> > malfunctions as a result? > > > > Isn't MTU discovery on IP and not TCP? > > If you want to overthink the question, the failure in the > TCP protocol > is that it doesn't adjust the MSS to match the path MTU. It > continues > to rely on the incorrect path MTU estimate, sending > too-large packets > which will never arrive. This happens because TCP doesn't > receive a > notification that the path MTU estimate has changed from the > default > because the lower layer PMTUD algorithm never receives the > expected > ICMP packet. > > This is, incidentally, is a detail I'd love for one of the > candidates > to offer in response to that question. Bonus points if you > discuss MSS > clamping and RFC 4821. > > The less precise answer, path MTU discovery breaks, is just > fine. > > Regards, > Bill Herrin
Precisely! and if I understand correctly, a non-techinical person within HR is expected to hear this answer and relay it to you? That is more than a long shot. Unless of course they have photographic memories, are great typists or perhaps do "short hand". ./Randy