Most organizations are terribly bad at interviewing people. They overcomplicate things by holding too many interviews (more than 2-3) and often focus their interview on trivia and memorization rather than walking through a scenario. Every interview should have some form of a scenario and a whiteboard if you are hiring a Network Engineer. Rather than overcomplicating things, here’s how you can interview someone using a single scenario that you can expand on and go to different depths at different stages depending on the focus of the role.
Scenario:
You are an employee working in a large campus network. Your computer has just started up and has not previously communicated with anything before you open your browser and type in microsoft.com.
Before any communication can take place, you need an IP address. What IP protocols are there? What are the main differences between the two?
Things to look for: IPv4 vs IPv6. ARP vs ND. DHCP vs RA. Broadcast vs multicast.
What methods are there of configuring an IP address?
Things to look for: Static IP vs DHCP vs RA.
When I need to communicate to something external, traffic goes through a gateway. What type of device would that be?
Things to look for: Switch vs router vs firewall.
How do I get the MAC address of my gateway?
Things to look for: ARP and ND.
Does ARP/ND for the gateway MAC go only towards the gateway or also somewhere else?
Things to look for: Understanding of flooding in a switched environment.
Frames from your computer are switched in a switched network. What protocols would you typically see configured on a switch?
Things to look for: STP, LACP, SSH, routing protocols, possibly VXLAN.
If a switch has not seen your MAC previously, how would it learn of it?
Things to look for: Understanding flood and learn behavior where MAC learning is based on seeing SRC MAC on a port.
Apparently your port had been configured with the wrong VLAN. How would a network admin update the configuration?
Things to look for: Logging in to device, modifying configuration of the port.
If not updating the configuration manually, what other options are there?
Things to look for: APIs, Python, automation frameworks, NETCONF, RESTCONF, etc.
Currently, there is only a single gateway in the network. Is this a potential issue?
Things to look for: Understanding of that without the gateway the clients would be isolated from anything beyond the local subnet.
Are there methods of providing a redundant gateway?
Things to look for: HSRP, VRRP, firewalls in failover pair, anycast gateway.
The switches are currently setup with static routing. What are the pros and cons compared to dynamic routing?
Things to look for: Understanding of manual configuration for static routes but that they are stable. That dynamic routing requires less/no update of configuration.
What are the major routing protocols and can you describe them briefly?
Things to look for: OSPF, ISIS, and BGP and that the first two are link state and that BGP is path vector.
The Internet Edge routers are setup with BGP towards two different providers. Is there any way to influence what ISP gets used?
Things to look for: Local preference, MED, AS path prepending, BGP communities, advertising longer prefixes on one of the routers, etc.
When you entered microsoft.com in your browser, a DNS query was triggered. What type of query would that be?
Things to look for: A vs AAAA.
When resolving something via DNS, can you describe the process briefly:
Things to look for: Resolver vs authoritative DNS, root servers, describing process from resolver to authoriative DNS server.
If web traffic needs to be inspected, what options are there?
Things to look for: Firewall, IDS/IPS, cloud security/SASE, understanding of TLS.
If inspecting TLS, would you say there are any drawbacks to that?
Things to look for: Understanding of privacy concerns, technical challenges such as root certificates, certificate pinning, etc.
You are performing a traceroute. Can you describe briefly how traceroute works?
Things to look for: UDP vs ICMP vs TCP, TTL, ICMP messages such as Port Unreachable.
The traceroute seems to indicate there is some asymmetric routing. Is this normal? Are there any potential issues?
Things to look for: Understanding that asymmetric routing is normal and to be expected. Especially on the internet. Understanding that it can cause issues if there are stateful devices in the path.
Already here you have at least an hours worth of interview material and it’s much easier to work through a scenario than to have people asking you trivia type questions on LSA types. In this form of interview you can easily get the skill level of the person you are interviewing without asking for binary right/wrong type of questions. They may even add details that you hadn’t thought about.
You could easily change the scenario and dive deeper into various areas. For example, change from a wired connection to wireless. How does the wireless client authenticate? What type of medium is wireless communication?
An expert can probably give you 100+ steps that explain what happens when you type microsoft.com in your browser.
I hope you get some inspiration from this post to create better interviews where you focus on scenarios and whiteboarding rather than trivia type questions. Thanks for reading!
I believe this is the right approach to interviewing someone. It applies to other roles as well, not only to networking. Unfortunately, there are still many companies which are looking for candidates to know different things by heart.
Yes, definitely applicable to other roles as well. Thanks for reading!
I’m using a similar method for years, with great success.
Drawing a simple SOHO network to check on the basics (ARP/DHCP/DNS/NAT/Routing/Switch behavior)
Next expanding the network and add STP, HSRP, stacking and Dynamic routing in the mix
Then ask for security improvements (switch security best practices, NAC, Firewalls) and possible some WiFi
Closing off with manageability challenges and automation.
Candidates who perform good on the interview also perform well in the field as they tend to know how things actually work. While average (unfortunately there is not always a choice) performing candidates require way more guidance.
That’s great! It’s easy to just keep adding things and running through scenarios like these show if you have experience vs just memorizing stuff. Sure, you still need to know how to implement stuff but you can always look things up vs someone that knows a lot of commands but not really what to do or when to use them.
That’s a great way of interviewing! I also believe in this type of interview as opposed to being asked some fun HR questions that do not apply to technical people
I have this idea of asking one question: “You enter something in web browser and hit Enter – what happens next?” And asking why/how then on every step.
Unfortunately, I tested this approach for fun with collegues (net/sys admins) and I’ve been sad since then 😉
this is definitely the best approach i’ve ever seen for an interview , it’s clear that the purpose is to briefly understand if the candidate has a solid understanding of Network fundamentals topics .
Although not really diving into really advanced concepts , It’s verry complete ( routing , switching , services , network automation etc .. ) and allow the interwiewer to estimate at which level the candidate is .
This is really great . Thanks for this Daniel !
Thank you!