Grading Rubric

Criterion	Strong (3)	Adequate (2)	Weak (1)
Identified misleading symptom	Recognized "hangs after auth on large payloads" as MTU/PMTUD issue within 5 min	Noticed the small-vs-large payload difference but took time to connect it to MTU	Spent extended time on SSH config, PAM, or user-data debugging
Found root cause in networking domain	Identified ICMP type 3 blocked by NACL, breaking PMTUD	Found the MTU mismatch but not the specific NACL rule causing it	Assumed it was a VPN configuration or security group issue
Remediated in cloud domain	Updated both NACL immediately and Terraform module for permanence	Fixed the NACL manually but did not update Terraform	Set the instance MTU to 1400 (workaround, not fix)
Cross-domain thinking	Explained the full chain: VPN encapsulation -> MTU reduction -> NACL blocks ICMP type 3 -> PMTUD fails -> large packets black-holed	Acknowledged MTU and NACL interaction but missed the Terraform angle	Treated it as an SSH or Linux configuration problem

Prerequisite Topic Packs

• ssh-deep-dive — needed for Domain A investigation (SSH connection stages, verbose output)
• mtu — needed for Domain B root cause (MTU, PMTUD, fragmentation, ICMP type 3)
• networking-troubleshooting — needed for Domain B (ping with DF bit, packet size testing)
• terraform — needed for Domain C remediation (Terraform modules, NACL resources)
• aws-networking — needed for Domain C (VPC NACLs, subnet routing, VPN gateways)

Pages that link here

• Index
• Mtu
• Networking Troubleshooting
• Symptoms: SSH Timeout, MTU Mismatch, Fix Is Terraform Variable
• Terraform / IaC