Grading Rubric

Criterion	Strong (3)	Adequate (2)	Weak (1)
Identified misleading symptom	Quickly isolated the latency to the network path (not the app) using curl timing and traceroute	Checked the app first, then pivoted to network after seeing curl latency	Spent extended time profiling the application or contacting the partner
Found root cause in networking domain	Identified the BGP prefix-list filter forcing traffic through a congested transit path	Found the bad route but not the specific prefix-list causing it	Assumed it was an ISP outage or general network congestion
Remediated in security domain	Replaced the prefix-list with a proper inbound ACL that achieves the security intent	Removed the prefix-list but did not implement the security control	Only removed the prefix-list without considering the security requirement
Cross-domain thinking	Explained the full chain: security ticket -> misimplemented as BGP filter -> bad route -> latency visible in observability	Acknowledged the security/networking interaction but missed the observability misdirection	Treated it as a single-domain networking or application problem

Prerequisite Topic Packs

• observability-deep-dive — needed for Domain A investigation (latency metrics, SLO burn rates)
• bgp-evpn-vxlan — needed for Domain B root cause (BGP route selection, prefix-lists, AS paths)
• routing — needed for Domain B (traceroute analysis, route tables)
• firewalls — needed for Domain C remediation (ACL design, inbound vs outbound filtering)
• networking-troubleshooting — needed for cross-domain understanding (curl timing, traceroute)

Pages that link here

• BGP EVPN / VXLAN
• Firewalls
• Networking Troubleshooting
• Observability Deep Dive
• Routing
• Symptoms: API Latency Spike, BGP Route Leak, Fix Is Network ACL