Skip to main content
    LastRound AI Logo

    LastRound AI

    January 23, 202640 min readNetwork Engineering

    The Network Questions That Exposed My Knowledge Gaps at Cisco and AWS

    Network engineering interviews go deeper than memorizing port numbers. After 250+ networking interviews and managing enterprise infrastructure, here are the questions that separate network engineers from network administrators.

    Network engineer configuring enterprise infrastructure with routers, switches, and network monitoring systems

    I thought I knew networking until my interview at a major cloud provider. The interviewer asked: "Design a network for a multi-tenant data center with 10,000 VMs. How do you ensure isolation, performance, and east-west traffic optimization?" I started explaining VLANs. They stopped me: "VLANs won't scale. What about overlay networks, BGP route reflectors, and spine-leaf architecture?"

    That moment taught me network interviews aren't about configuring switches in a lab. They're about understanding how packets flow through complex environments, how protocols behave under load, and how to design networks that scale from hundreds to hundreds of thousands of endpoints.

    This guide covers 35 questions that reveal whether you understand networking at the protocol level or just know how to follow configuration guides. Each answer reflects real-world experience managing enterprise networks and includes the depth that senior roles demand.

    What Network Interviewers Evaluate

    • Protocol Understanding: OSI layers, TCP/IP stack, routing protocols, switching concepts
    • Network Design: Scalability, redundancy, performance optimization, security integration
    • Troubleshooting Skills: Systematic approach, tool proficiency, root cause analysis
    • Modern Networking: SDN, cloud networking, automation, network virtualization
    • Security Integration: Network segmentation, access control, threat mitigation

    OSI Model & Fundamentals (Questions 1-8)

    1. Explain the OSI model and how data flows through it.

    7 Layers (Application → Physical): Application, Presentation, Session, Transport, Network, Data Link, Physical.

    Encapsulation: Data gets headers added at each layer going down, headers removed going up.

    Real example: HTTP request → TCP segment → IP packet → Ethernet frame → electrical signals on wire.

    2. What happens when you type google.com in a browser?

    1. DNS lookup (cache → local DNS → root → TLD → authoritative)

    2. TCP 3-way handshake to IP address (port 443)

    3. TLS handshake for HTTPS

    4. HTTP request sent, response received, connection closed/kept alive

    3. Difference between TCP and UDP? When to use each?

    TCP: Connection-oriented, reliable, ordered delivery, flow control. Use for web, email, file transfer.

    UDP: Connectionless, fast, no guarantees. Use for DNS, DHCP, streaming, gaming where speed > reliability.

    4. Explain ARP and how it resolves addresses.

    Address Resolution Protocol maps IP addresses to MAC addresses. Host broadcasts "Who has IP X?" on local network. Owner responds with MAC address.

    Security note: ARP has no authentication—basis for ARP poisoning attacks.

    5. How does DHCP work? Walk through the DORA process.

    DORA: Discover (client broadcasts) → Offer (server responds) → Request (client chooses) → Acknowledge (server confirms)

    Client gets IP, subnet mask, gateway, DNS servers, lease time. Uses UDP ports 67 (server) and 68 (client).

    6. What is NAT and why is it necessary?

    Network Address Translation maps private IPs to public IPs. Necessary due to IPv4 address exhaustion.

    Types: Static NAT (1:1), Dynamic NAT (pool), PAT/NAPT (port translation)

    Limitation: Breaks end-to-end connectivity, complicates server hosting, peer-to-peer applications.

    7. Difference between collision domain and broadcast domain?

    Collision domain: Network segment where data collisions can occur. Separated by switches.

    Broadcast domain: Network segment where broadcast frames reach all devices. Separated by routers/Layer 3 devices.

    8. How does DNS resolution work? Include caching.

    Hierarchical: Root servers → TLD servers (.com) → Authoritative servers (google.com)

    Caching: Browser → OS → Local DNS → ISP DNS reduces queries. TTL controls cache duration.

    Routing Protocols (Questions 9-16)

    9. Compare OSPF vs BGP. When do you use each?

    OSPF: Interior Gateway Protocol (IGP). Link-state, fast convergence, hierarchical areas. Use within organizations.

    BGP: Exterior Gateway Protocol (EGP). Path-vector, policy-based, slow convergence. Use between ISPs/organizations.

    10. How does OSPF LSA flooding work?

    Link State Advertisements flood network topology changes. Each router forwards LSAs to all neighbors except originator.

    Process: Detect change → Generate LSA → Flood to neighbors → Update topology database → Recalculate SPF tree → Update routing table.

    11. Explain BGP route selection process.

    Order: Highest local preference → Shortest AS path → Lowest origin code → Lowest MED → eBGP over iBGP → Lowest IGP metric → Oldest route → Lowest router ID

    Remember: Policy (local pref) trumps path length in BGP.

    12. What is EIGRP and how does it differ from OSPF?

    Enhanced Interior Gateway Routing Protocol. Cisco proprietary (was), distance-vector with link-state features.

    vs OSPF: Faster convergence, less CPU intensive, automatic summarization, unequal cost load balancing, but topology table instead of full link-state database.

    13. How do you prevent routing loops?

    • Split horizon (don't advertise route back to source)
    • Route poisoning (advertise failed route as unreachable)
    • Poison reverse (advertise unreachable route back to source)
    • Hold-down timers (ignore updates for period after failure)
    • TTL/hop count limits

    14. What is route redistribution? Why is it dangerous?

    Sharing routes between different routing protocols (OSPF ↔ BGP ↔ static).

    Dangers: Routing loops, suboptimal paths, metric incompatibility, administrative distance issues. Always use route filtering and set proper metrics.

    15. Explain MPLS and Label Distribution Protocol (LDP).

    Multiprotocol Label Switching uses labels for fast forwarding instead of IP lookup. LDP distributes labels between routers.

    Enables VPNs, traffic engineering, QoS. Labels are local significance, swapped at each hop.

    16. What is administrative distance? Common values?

    Router's trust level in route source. Lower = more trusted.

    Values: Directly connected (0), Static (1), EIGRP (90), OSPF (110), RIP (120), External EIGRP (170), iBGP (200), Unknown (255).

    VLANs & Switching (Questions 17-24)

    17. How do VLANs work? Explain trunking and tagging.

    VLANs separate broadcast domains logically on same physical switch. 802.1Q tags frames with VLAN ID.

    Trunking: Carries multiple VLANs between switches. Native VLAN untagged, others tagged. Inter-VLAN routing requires Layer 3 device.

    18. What is VLAN hopping? How do you prevent it?

    Switch spoofing: Attacker mimics switch to receive trunk traffic. Double tagging: Exploits native VLAN to reach other VLANs.

    Prevention: Disable DTP, use dedicated native VLAN, explicit trunk configuration, no access ports on native VLAN.

    19. Explain Spanning Tree Protocol (STP). Why is it needed?

    Prevents loops in redundant switched networks. Blocks redundant paths, activates on failure.

    Process: Elect root bridge → Calculate path costs → Choose root ports → Choose designated ports → Block non-designated ports

    Modern variants: RSTP (fast convergence), MST (per-VLAN instances).

    20. What is EtherChannel/Link Aggregation?

    Bundles multiple physical links into logical link for bandwidth and redundancy. Load balances based on src/dst MAC/IP.

    Protocols: LACP (IEEE 802.3ad), PAgP (Cisco). LACP is preferred for vendor interoperability.

    21. How does MAC address learning work on switches?

    Switch learns source MAC addresses from incoming frames, stores in CAM table with port mapping.

    Process: Unknown unicast flooded → Response contains source MAC → Table updated → Future frames to that MAC sent to specific port. Aging timer removes stale entries.

    22. What is VXLAN? Why is it used in data centers?

    Virtual Extensible LAN encapsulates Layer 2 frames in UDP packets. Enables Layer 2 extension over Layer 3 networks.

    Benefits: 16M VNIs vs 4K VLANs, multi-tenancy, overlay networks, VM mobility across data centers.

    23. Explain HSRP, VRRP, and GLBP.

    First-hop redundancy protocols for gateway high availability.

    HSRP: Cisco proprietary, active/standby

    VRRP: Standards-based, master/backup

    GLBP: Cisco, load balances across multiple gateways

    24. What is a broadcast storm? How do you mitigate it?

    Excessive broadcast traffic consuming network bandwidth. Caused by loops, faulty NICs, or misconfigured applications.

    Mitigation: Broadcast storm control on switches, STP for loop prevention, network segmentation, monitor broadcast rates.

    Network Security & Troubleshooting (Questions 25-35)

    25. How do firewalls work? Stateful vs stateless?

    Stateless: Examines individual packets against rules (ACLs). Fast but limited.

    Stateful: Tracks connection state, allows return traffic automatically. More secure, understands sessions.

    26. Explain network segmentation strategies.

    • VLANs for logical separation
    • Subnetting for IP address management
    • DMZ for public-facing services
    • Zero-trust micro-segmentation
    • Air gaps for critical systems

    27. What is a load balancer? L4 vs L7 load balancing?

    L4 (Transport): Routes based on IP and port. Fast, protocol-agnostic, less resource intensive.

    L7 (Application): Routes based on content (HTTP headers, URLs). More intelligent but higher overhead. Enables SSL termination, compression.

    28. How would you troubleshoot intermittent network connectivity?

    Systematic approach: Physical → Data Link → Network → Transport → Application

    • Check cable integrity, port status, interface errors
    • Verify VLAN configuration, STP topology
    • Test IP connectivity with extended ping
    • Capture packets during failure windows
    • Monitor for patterns (time-based, load-based)

    29. What tools do you use for network troubleshooting?

    Command line: ping, traceroute, netstat, ss, tcpdump, nslookup/dig

    Network tools: Wireshark, SNMP monitoring, NetFlow analyzers, RMON probes, network discovery tools

    30. How does Quality of Service (QoS) work?

    Prioritizes traffic to ensure performance for critical applications. Uses classification, marking, queuing, and shaping.

    Methods: DSCP marking, traffic classes, weighted fair queuing, policing, shaping. Voice typically gets highest priority.

    31. What is network convergence time? Why does it matter?

    Time for network to adapt to topology changes. Critical for maintaining connectivity during failures.

    Factors: Routing protocol timers, detection mechanisms, propagation delay. OSPF: ~5 seconds, BGP: minutes. Fast convergence reduces downtime.

    32. Explain IP multicast. When is it useful?

    One-to-many communication using multicast addresses (224.0.0.0/4). Receivers join groups using IGMP.

    Uses: Video streaming, software distribution, financial data feeds. More efficient than multiple unicast streams.

    33. What is SDN (Software-Defined Networking)?

    Separates control plane from data plane. Centralized controller programs forwarding behavior via protocols like OpenFlow.

    Benefits: Programmability, centralized policy, easier automation. Used in data centers and cloud networks.

    34. How do you optimize network performance?

    • Bandwidth monitoring and capacity planning
    • Traffic engineering and load balancing
    • QoS implementation for critical applications
    • Network segmentation to reduce broadcast domains
    • Caching and content delivery networks
    • Protocol optimization (TCP window scaling)

    35. Design a network for a company with 500 employees across 3 locations.

    Requirements gathering: Bandwidth needs, applications, security requirements, growth plans

    Design elements: Hierarchical topology (core/distribution/access), WAN connectivity (MPLS/VPN), redundancy (dual ISPs, redundant paths), security (firewalls, VLANs), wireless infrastructure

    Considerations: Scalability, standardization, monitoring, disaster recovery

    Master Network Interviews

    Network interviews often include hands-on troubleshooting scenarios and network design challenges. LastRound AI helps you practice network troubleshooting scenarios and protocol deep-dives with real-time feedback.

    Common Network Engineering Interview Mistakes

    ❌ What Gets You Rejected

    • • Confusing Layer 2 and Layer 3 concepts
    • • Not understanding the difference between routing and switching
    • • Memorizing commands without understanding protocols
    • • Overlooking security implications in network design
    • • Not considering scalability and performance

    ✓ What Gets You Offers

    • • Understanding protocol behavior under various conditions
    • • Systematic troubleshooting methodology
    • • Balancing performance, security, and cost
    • • Knowledge of modern networking trends (SDN, cloud)
    • • Clear communication of complex technical concepts

    Related Network Resources