General Network Engineer Interview Questions
General Knowledge Questions
~ Syed Jahanzaib ~
Describe the OSI model.
(pronounced as separate letters) Short for Open System Interconnection, an ISO standard for worldwide communications that defines a networking framework for implementing protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, proceeding to the bottom layer, over the channel to the next station and back up the hierarchy.
At one time, most vendors agreed to support OSI in one form or another, but OSI was too loosely defined and proprietary standards were too entrenched. Except for the OSI-compliant X.400 and X.500 e-mail and directory standards, which are widely used, what was once thought to become the universal communications standard now serves as the teaching model for all other protocols.
Most of the functionality in the OSI model exists in all communications systems, although two or three OSI layers may be incorporated into one.
OSI is also referred to as the OSI Reference Model or just the OSI Model.
Open System Interconnection an ISO standard for worldwide communications that defines a networking framework for implementing protocols in seven layers.The seven layers & Functions are:
(Layer 7) This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer.
(Layer 6) This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. The presentation layer works to transform data into the form that the application layer can accept. This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. It is sometimes called the syntax layer.
(Layer 5) This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination.
(Layer 4) This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer.
(Layer 3) This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing.
(Layer 2) At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking.
(Layer 1) This layer conveys the bit stream – electrical impulse, light or radio signal — through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet, RS232, and ATM are protocols with physical layer components.
Application Layers Usage Example :
What is the difference between a repeater, bridge, router? Relate this to the OSI model
(sometimes called “Transparent bridges” ) work at OSI model Layer 2. This means they don’t know anything about protocols, but just forward data depending on the destination address in the data packet. This address is not the IP address, but the MAC (Media Access Control) address that is unique to each network adapter card. Bridges are very useful for joining networks made of different media types together into larger networks, and keeping network segments free of data that doesn’t belong in a particular segment.
Switches are the same thing as Bridges, but usually have multiple ports with the same “flavor” connection (Example: 10/100/10000BaseT).
Switches can be used in heavily loaded networks to isolate data flow and improve performance. In a switch, data between two lightly used computers will be isolated from data intended for a heavily used server, for example. Or in the opposite case, in “auto sensing” switches that allow mixing of 10 and 100Mbps connections, the slower 10Mbps transfer won’t slow down the faster 100Mbps flow.
Forwards every frame it receives
it is a generator,not an amplifier(i.e it removes noise & regenerates signal )
Bi-directional in nature
Useful in increasing ethernet size/length
Maximum of 5 Repeaters in an Ethernet
Links dissimilar n/ws
not transparent to end stations
acts on a network layer frame
isolates LAN to subnets to manage & control traffic
v Describe an Ethernet switch and where it fits into the OSI model.
A switch is a hardware device that works at Layer 2 of the OSI model – data link. The data link layer is where the Ethernet protocol works.
A switch switches Ethernet frames by keeping a table of what MAC addresses have been seen on what switch port. The switch uses this table to determine where to send all future frames that it receives. In Cisco terminology, this table is called the CAM table (content addressable memory). In general, the proper term for this table is the bridge forwarding table. If a switch receives a frame with a destination MAC address that it does not have in its table, it floods that frame to all switch ports. When it receives a response, it puts that MAC address in the table so that it won’t have to flood next time.
A switch is a high-speed multiport bridge. This is why bridges are no longer needed or manufactured. Switches do what bridges did faster and cheaper. Most routers can also function as bridges.
You might be asking how a hub fits into this mix of devices. A hub is a multiport repeater. In other words, anything that comes in one port of a hub is duplicated and sent out all other ports of the hub that have devices attached. There is no intelligence to how a hub functions. A switch is a vast improvement over a hub in terms of intelligence, for many reasons. The most important of those reasons is how the bridge forwarding table works. Intelligent (smart) switches have made hubs obsolete because they can do more at the same cost of a dumb hub. For this reason, hubs are rarely used or sold any longer.
v What is a VLAN? What is an ELAN? What is the difference?
Short for virtual LAN, a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. VLANs are configured through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration.
A VLAN is a logical local area network (or LAN) that extends beyond a single traditional LAN to a group of LAN segments, given specific configurations. Because a VLAN is a logical entity, its creation and configuration is done completely in software.
VLAN — Virtual Local Area Network
ELAN — Emulated Local Area Network
Difference between these two are as follows:-
Without going into the mechanics of ELANs and how they are configured, an ELAN (Emulated LAN) connects VLANs over a WAN.
A VLAN (Virtual LAN) is a grouping of ports on switches which is considered as one broadcast domain. All the ports on a VLAN act as if they were all on the same wire. Therefore, broadcasts are propagated across a VLAN ,and anything communication outside that VLAN must be routed or bridged.
The ELAN is a mechanism used to link VLANs across a wide area network. ATM is a good candidate for ELANs. With ELANs, you could have 2 VLANs at different sites which are linked together via an ELAN. The ELAN links the two VLANs
Together, forming one big broadcast domain. The advantage of ELANs over straight bridging is that membership into ELANs is dynamic, and that multiple ELANs can be handled by one single WAN link.
v Describe Ethernet packet contents: min./max. size, header.
Ethernet frame consists of:
7 bytes – Preamble
1 byte – SOF Delimiter
6 bytes – DA
6 bytes – SA
2 bytes – Type\Length
46-1500 bytes – Data \ 802.2 Header + Data
4 bytes – FCS
Min amount of bytes is 72. Ethernet frame minimal size is 64 = 72 bytes of frame – 7 bytes of preamble – 1 byte of SOF.
The ethernet frame size upper limit of 1500 bytes goes up to the history of DIX Ethernet – physical limit of memory size used in NICs because of it’s cost. Actually there is no strict requirements by used algorythms or standarts.
Lower limit of frame size has the following reasons:
1. To make transmission error detection more easy – smaller size of binary sequence leads to lower reliability of error detection.
2. The most important reason: If frame size is less than 64 bytes (512 bits), host may finish transmission before receiving noise signal and can think that frame transmitted successfully, while another host sent collision notification.
For 10 Mbps rate min frame size should be at least 500 bits – that’s the only guarantee that collision can be detected anywhere in the cable. For reliability min size was increased up to 512 (power of 2) and became 512 bits = 64 bytes.
the min size was to make sure that it contains enough ethernet headers.
the max size also has something to do with the data written in the headers.
v Describe TCP/IP and its protocols.
The TCP/IP suite of protocols is the set of protocols used to communicate across the internet. It is also widely used on many organizational networks due to its flexibility and wide array of functionality provided. Microsoft who had originally developed their own set of protocols now is more widely using TCP/IP, at first for transport and now to support other services.
IP – Internet Protocol. Except for ARP and RARP all protocols’ data packets will be packaged into an IP data packet. IP provides the mechanism to use software to address and manage data packets being sent to computers.
TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination. Each gateway computer on the network checks this address to see where to forward the message. Even though some packets from the same message are routed differently than others, they’ll be reassembled at the destination.
- TCP – A reliable connection oriented protocol used to control the management of application level services between computers. It is used for transport by some applications.
- UDP – An unreliable connection less protocol used to control the management of application level services between computers. It is used for transport by some applications which must provide their own reliability.
Many Internet users are familiar with the even higher layer application protocols that use TCP/IP to get to the Internet. These include the World Wide Web’s Hypertext Transfer Protocol (HTTP), the File Transfer Protocol (FTP), Telnet (Telnet) which lets you logon to remote computers, and the Simple Mail Transfer Protocol (SMTP). These and other protocols are often packaged together with TCP/IP as a “suite.”
v Describe ATM and what are its current advantages and disadvantages.
ATM (asynchronous transfer mode) is a dedicated-connection switching technology that organizes digital data into 53-byte cell units and transmits them over a physical medium using digital signal technology. Individually, a cell is processed asynchronously relative to other related cells and is queued before being multiplexed over the transmission path.
Because ATM is designed to be easily implemented by hardware (rather than software), faster processing and switch speeds are possible. The prespecified bit rates are either 155.520 Mbps or 622.080 Mbps. Speeds on ATM networks can reach 10 Gbps. Along with Synchronous Optical Network (SONET) and several other technologies, ATM is a key component of broadband ISDN (BISDN).
ATM also stands for automated teller machine, a machine that bank customers use to make transactions without a human teller.
Advantages and Disadvantages of ATM
- ATM Advantages
- ATM supports voice, video and data allowing multimedia and mixed services over a
- single network.
- High evolution potential, works with existing, legacy technologies
- Provides the best multiple service support
- Supports delay close to that of dedicated services
- Supports the broadest range of burstiness, delay tolerance and loss performance through the implementation of multiple QoS classes
- Provides the capability to support both connection-oriented and connectionless traffic using AALs
- Able to use all common physical transmission paths like SONET.
- Cable can be twisted-pair, coaxial or fiber-optic
- Ability to connect LAN to WAN
- Legacy LAN emulation
- Efficient bandwidth use by statistical multiplexing
- Higher aggregate bandwidth
- High speed Mbps and possibly Gbps
- Flexible to efficiency’s expense, at present, for any one application it is usually possible to find a more optimized technology
- Cost, although it will decrease with time
- New customer premises hardware and software are requiredCompetition from other technologies -100 Mbps FDDI, 100 Mbps Ethernet and fast Ethernet
- Presently the applications that can benefit from ATM such as multimedia are rareThe wait, with all the promise of ATM’s capabilities many details are still in the standards process
v What are the maximum distances for CAT5 cabling?
|A good standard answer is 100 meters (300 feet) with patch cords,90 meters (270 feet) without patch cords. That goes pretty much for everything up to and including CAT 7/Class Fa UTP.|
|Maximum cable lengh for ethernet depends on what kind of ethernet you are talking about! Here are some details on the most popular kinds of ethernet. (UTP = unshielded twisted pair)Gigabit Ethernet (over copper), 1000baseT
Fast Ethernet, 100baseT
Twisted Pair Ethernet, 10baseT
Thin Ethernet , 10 base 2
Thick Ethernet, 10 base 5
v Describe UDP and TCP and the differences between the two.
TCP – A reliable connection oriented protocol used to control the management of application level services between computers. It is used for transport by some applications.
UDP – An unreliable connection less protocol used to control the management of application level services between computers. It is used for transport by some applications which must provide their own reliability.
v Describe what a broadcast storm is.
A state in which a message that has been broadcast across a network results in even more responses, and each response results in still more responses in a snowball effect. A severe broadcast storm can block all other network traffic, resulting in a network meltdown. Broadcast storms can usually be prevented by carefully configuring a network to block illegal broadcast messages.
v Describe what a runt, a giant, and a late collision are and what causes each of them.
A runt is a packet that fails to meet the minimum size standard. Ussually below 64 bytes. Occurs as a result of a collision.
A giant is a packet that exceeds the size standard for the medium ussually grater then 1518 bytes . Caused by malfunctioning equipment on your network.
Late collisions are packet collisions that occur after the window
for a network collision closes.
v How do you distinguish a DNS problem from a network problem?
If you’re able to ping 188.8.131.52 but you are NOT able to ping cnn.com , Then you’re having a DNS problem.
[If you are NOT able to ping EITHER, then there are network problems and you have NO problems if you CAN ping BOTH]
You can then use nslookup to locate an alternate internal or external dns server that correctly resolves ‘cnn.com’ to it’s ip address and configure your workstation’s NIC for this static dns server until the problems with the DHCP assigned DNS server are fixed.
When u are able to ping the default gateway and the website address there is no problem in the network and DNS
When u are able to ping the the gateway and the WEBsite IP, but not the WEBsite address then it is a problem with the DNS
When u are not able to ping anything its network problem
v Describe the principle of multi-layer switching.
Multilayer switching is simply the combination of traditional Layer 2 switching with Layer 3 routing in a single product. Multilayer switching is new, and there is no industry standard yet on nomenclature. Vendors, analysts, and editors don’t agree about the specific meaning of terms such as multilayer switch, Layer 2 router, Layer 3 switch, IP switch, routing switch, switching router, and wirespeed router. The term multilayer switch seems to be the best and most widely used description of this class of product that performs both Layer 3 routing and Layer 2 switching functions.
Multilayer switching is usually implemented through a fast hardware such as a higher-density ASICs (Application-Specific Integrated Circuits), which allow real-time switching and forwarding with wirespeed performance, and at lower cost than traditional software-based routers built around general-purpose CPUs.
The following are some basic architecture approaches for the multiplayer switches:
Generic Cut-Through Routing:
In the multi-layer switching architecture Layer 3 routing calculations are done on the first packet in a data flow. Following packets belonging to the same flow are switched at Layer 2 along the same route. In other words, route calculation and frame forwarding are handled very differently here.
ATM-Based Cut-Through Routing:
This is a variation of generic cut-through routing which is based on ATM cells rather than frames. ATM-based cut-through routing offers several advantages such as improved support of LAN emulation and multi-vendor support in the form of the Multiprotocol Over ATM (MPOA) standard. Products referred to as IP switches and tag switches generally fall into this category.
Layer 3 Learning Bridging CIn this architecture, routing is not provided. Instead, it uses IP “snooping” techniques to learn the MAC/IP address relationships of endstations from true routers that must exist elsewhere in the network. Then it redirects traffic away from the routers and switches it based on its Layer 2 addresses.
Wirespeed architecture routes every packet individually. It is often referred to as packet-by-packet Layer 3 switching. Using advanced ASICs to perform Layer 3 routing in hardware, it implements dynamic routing protocols such as OSPF and RIP. In addition to basic IP routing, it supports IP multicast routing, VLAN segregation, and multiple priority levels to assist in quality of service.
v Explain how traceroute, ping, and tcpdump work and what they are used for?
Traceroute works by increasing the “time-to-live” value of each successive batch of packets sent. The first three packets sent have a time-to-live (TTL) value of one (implying that they are not forwarded by the next router and make only a single hop). The next three packets have a TTL value of 2, and so on. When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination. The three timestamp values returned for each host along the path are the delay (aka latency) values typically in milliseconds (ms) for each packet in the batch. If a packet does not return within the expected timeout window, a star (asterisk) is traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is at one hop, the second host at two hops, etc. IP does not guarantee that all the packets take the same route. Also note that if the host at hop number N does not reply, the hop will be skipped in the output.
It works by sending ICMP “echo request” packets to the target host and listening for ICMP “echo response” replies. Ping estimates the round-trip time, generally in milliseconds, and records any packet loss, and prints a statistical summary when finished.
traceroute and ping work on the ICMP protocol and are used for network connectivity testing. but TCPDUMP is different its a NETWORK PACKET ANALYZER. tcpdump uses libpacp / winpcap to capture data and uses it extensive protocol definitions build inside to analyze the captured packets. Its mainly used to debug the protocol of the captured packet which in turn reveals the network traffic charachterstics.
v What is a metric?
Metrics is a property of a route in computer networking, consisting of any value used by routing algorithms to determine whether one route should perform better than another (the route with the lowest metric is the preferred route). The routing table stores only the best possible routes, while link-state or topological databases may store all other information as well. For example, Routing Information Protocol uses hopcount (number of hops) to determine the best possible route.
A Metric can include:
- measuring link utilisation (using SNMP)
- number of hops (hop count)
- speed of the path
- packet loss (router congestion/conditions)
- latency (delay)
- path reliability
- path bandwidth
- throughput [SNMP – query routers]
v What is a network management system?
Effective planning for a network management system requires that a number of network management tasks be folded in a single software solution. The network management system should automate the processes of expense management auditing, asset lifecycle management, inventory deployment tracking, cost allocation and invoice processing.
v Describe how SNMP works.
The simple network management protocol (SNMP) use for monitoring of network-attached devices for any conditions that warrant administrative attention. It is use to manage IP network devices such as servers, routers, switches etc. Administrator can find or manage network performance, solve problem or even optimize it further. It works at TCP/IP Application layer 5 (L5).
v Describe how WEP works and its strengths and weaknesses
As you probably already know Wired Equivalent Privacy (WEP) is used by companies to secure their wireless connections from sniffing attacks. You’ve probably also heard that it’s not very secure. In the first part of this 2 part series I’ll explain the inner workings of WEP and follow it up next month with why it’s insecure.
Do i need WEP at all?
An authentic user, Bob uses his laptop to check his Gmail account everyday. He has a wireless card in his laptop which automatically detects his ISP’s wireless access point (WAP) just across the street. Once he’s connected to the WAP he can go ahead and check his Email. Alice is a sneaky user who doesn’t want to pay the ISP for access to the Internet. She however knows that the ISP across the street has an access point which anyone can connect to and access the Internet. She plugs in her laptop and is soon downloading music from the Internet. WEP was designed to ensure that users authenticate themselves before using resources, to block out Alice, and allow Bob. Let’s see how it does this.
How WEP works
WEP uses the RC4 algorithm to encrypt the packets of information as they are sent out from the access point or wireless network card. As soon as the access point receives the packets sent by the user’s network card it decrypts them.
Each byte of data will be encrypted using a different packet key. This ensures that if a hacker does manage to crack this packet key the only information that is leaked is that which is contained in that packet.
The actual encryption logic in RC4 is very simple. The plain text is XOR-ed with an infinitely long keystream. The security of RC4 comes from the secrecy of the packet key that’s derived from the keystream.
v Describe what a VPN is and how it works.
A VPN connection is the extension of a private network that includes links across shared or public networks, such as the Internet. VPN connections (VPNs) enable organizations to send data between two computers across the Internet in a manner that emulates the properties of a point-to-point private link.
Basically, a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses “virtual” connections routed through the Internet from the company’s private network to the remote site or employee.
Describe how VoIP works.
Voice over Internet Protocol (VoIP), is a technology that allows you to make voice calls using a broadband Internet connection instead of a regular (or analog) phone line. Some VoIP services may only allow you to call other people using the same service, but others may allow you to call anyone who has a telephone number – including local, long distance, mobile, and international numbers. Also, while some VoIP services only work over your computer or a special VoIP phone, other services allow you to use a traditional phone connected to a VoIP adapter.
Describe methods of QoS.
Quality of service is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow.
QOS is Quality of Service: A set of metrics used to measure the quality of transmission and service available of any given transmission system
Are you familiar with IPv6? If so, what are the major differences between IPv4 and IPv6?
IPv6 is based on IPv4, it is an evolution of IPv4. So many things that we find with IPv6 are familiar to us. The main differences are:
1.Simplified header format. IPv6 has a fixed length header, which does not include most of the options an IPv4 header can include. Even though the IPv6 header contains two 128 bit addresses (source and destination IP address) the whole header has a fixed length of 40 bytes only. This allows for faster processing.
Options are dealt with in extension headers, which are only inserted after the IPv6 header if needed. So for instance if a packet needs to be fragmented, the fragmentation header is inserted after the IPv6 header. The basic set of extension headers is defined in RFC 2460.
2.Address extended to 128 bits. This allows for hierarchical structure of the address space and provides enough addresses for almost every ‘grain of sand’ on the earth. Important for security and new services/devices that will need multiple IP addresses and/or permanent connectivity.
3.A lot of the new IPv6 functionality is built into ICMPv6 such as Neighbor Discovery, Autoconfiguration, Multicast Listener Discovery, Path MTU Discovery.
4.Enhanced Security and QoS Features.
IPv4 means Internet Protocol version 4, whereas IPv6 means Internet Protocol version 6.
IPv4 is 32 bits IP address that we use commonly, it can be 192.168.8.1, 10.3.4.5 or other 32 bits IP addresses. IPv4 can support up to 232 addresses, however the 32 bits IPv4 addresses are finishing to be used in near future, so IPv6 is developed as a replacement.
IPv6 is 128 bits, can support up to 2128 addresses to fulfill future needs with better security and network related features. Here are some examples of IPv6 address:
What authentication, authorization ad accounting (AAA) mechanisms are you familiar with? Which ones have you implemented??
RADIUS Server (Remote Access Dialin User Service)
MS IAS (Internet Authenticaion Service)