Hour 200: Interview questions and how I evaluate someone’s knowledge

I recently got asked to do the first round of technical interviews for candidates applying for a core network engineer position in our firm. I would like to share some of the questions I ask the candidates and how I judge their level of knowledge by their response.

The candidate will first come in the interviewer room and get presented to me (the technical engineer), to the human resources recruiter and to the project architect. The candidate will be asked to briefly present his job history to the room and walk us step by step through his resume. Once this is completed, the project architect will present the job requirements and the tasks involved. It’s also very important for the project architect to sell the job in some way to keep the candidate motivated because after he is done answering his questions, the candidate will be going through a hard technical selection process. Let’s get to the technical interview part.

Once the project architect is finished talking, the candidate is left in the room with me and the HR personnel. The job of the HR personnel is to take notes on how the candidate reacts to the different questions I ask him; to see if he stutters, contradicts himself or gets confused in his own words. I start by asking the candidate a basic question on routing protocols: “What’s the difference between a link state routing protocol and a distance vector routing protocol?”. If you don’t know the answer to this, you can check my blog where I made an analogy for this question: https://routingnull0.com/2013/09/20/hour-15-distance-vector-vs-link-state-analogy/

After this question has been answered, I already have a good idea of what kind of candidate I am dealing with. For the next question, I stand up and draw a network topology on the board for him:


This is what I say once I’m done drawing: “We have OSPF running between R1, R2, R3 and R4. Between R1 and R2 we have OSPF area 0, between R2 and R3 we have OSPF area 1 and between R3 and R4 we have OSPF area 2. Will this topology work (Will R4 be able to ping And why or why not?” The candidates that have no idea how OSPF works will tell me that this topology has no issues and is normal OSPF behaviour. They will then struggle for the next 5 minutes to explain how this is possible. The more advanced candidates will answer either “No” or “it depends”. They will usually ask if there is a virtual-link connecting Area 2 to Area 0.

For this question, I want the candidate to tell me the reason why OSPF requires all traffic between non-backbone areas to pass through area 0. This is also known as the favorite interview question of Jeff Doyle (here’s a link to a detailed explanation: http://www.networkworld.com/community/node/19293 ). After they answered this, I take it one notch higher in difficulty. I ask them, “Would it be possible to make this topology work without a virtual-link?” This is where we differentiate the engineers and out of the box thinkers from the common network administrators. The quick answer to this question is; “yes and there are several ways to make this work”. My favorite way to do this without breaking the topology would be to do mutual redistribution between 2 OSPF processes ID’s at R3. When you do this, you are redistributing external OSPF routes into an OSPF network. Let’s look at this from the command line:


We are basically bypassing the OSPF area rule by making R3 an ASBR and injecting external routes (OSPF LSA type-5 AS External) that are from Area 2 but just in another process ID on R3.


I haven’t found an engineer that has given me this answer yet. I am thinking if we interview people at the CCIE level they would come up with an answer like this. For the moment, I am pretty happy if a candidate can explain to me properly why an OSPF non-backbone area has to be directly connected to the backbone area.

I hope this was informative and helps you prepare for your future technical job interviews.


  1. I feel your pain. I have been extremely disappointed by the general lack of technical or problem-solving skills in an interview. I’m not sure anymore if it’s because dumping has become so commonplace or the fact that people work their butts off on getting pieces of paper and then let their knowledge get stale. Either way, it doesn’t make me want to hire them

  2. We could also make this work by creating a tunnel between R2 – R3 and then advertising those tunnel interfaces into ospf area 0 🙂
    I like this question a lot! I will use it when I start interviewing engineers

    -FloOz (from techexams)

      1. Hello,

        I know it’s been so many years since this article, but I am unable to understand how will creating area0 loopback on R4 help
        Area 2 Subnet, will not be passed into Area 1, because R3 doesn’t have any interface in area 0.

        I think, you meant creating area0 loopback on R3 and not R4, but as per me still that will not work. Reason, type 3 LSA is not allowed from non-zero area to area 0. Hence, if area0 loopback created on R3, the subnet would be advertised into area 2 as type 3 LSA. This will prevent R2 from sending this LSA into area0. This is indirect implication of why all inter-area traffic should go via area0. If type-3 LSA from non-area0 is allowed into area0 that means area3 traffic can pass through area2, which is against the inter-area rule.

        I maybe wrong, but in that I would be happy to understand the explanation about the suggested option will work

  3. As per me the only solutions would be:

    1. The one mentioned in the article, running two different processes and redistributing them (unique solution)
    2. GRE tunnel
    3. Virtual link

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s