TCP/IP internals, DNS infrastructure, HTTP protocols, network security, and traffic engineering at interview depth.
4 problems
Design a modern reliable transport protocol that addresses TCP's limitations: head-of-line blocking, connection migration, handshake latency, and multiplexed streams. Evaluate the trade-offs between TCP, QUIC, and custom UDP-based protocols.
Systematically diagnose TCP performance problems including window scaling issues, Nagle/delayed ACK interactions, buffer bloat, and RTT measurement errors using ss, tcpdump, and kernel tuning parameters.
Explain TCP congestion control from slow start through congestion avoidance, covering cwnd/ssthresh dynamics, fast retransmit and recovery, and the differences between loss-based (CUBIC) and model-based (BBR) algorithms.
Explain the full TCP connection lifecycle from three-way handshake through graceful shutdown, covering socket states, TIME_WAIT behavior, half-open connections, and how connection tracking works at the kernel level.
4 problems
Design an authoritative DNS infrastructure supporting zone transfers, DNSSEC signing, anycast deployment across 50+ PoPs, automated failover, dynamic DNS updates, and split-horizon resolution for internal vs external clients.
Design a service discovery system supporting DNS-based and registry-based approaches, health checking with configurable staleness, client-side vs server-side discovery patterns, and service mesh integration for a microservices platform handling 500K service instances.
Build a systematic methodology for diagnosing DNS issues in production: mastering dig/nslookup/drill, understanding DNS caching layers, negative caching, TTL tuning strategies, NXDOMAIN hijacking, and DNS over TLS/HTTPS deployment.
Walk through the full DNS resolution path from stub resolver to authoritative server, covering recursive resolution, caching layers, TTL behavior, /etc/resolv.conf configuration, and all common record types.
3 problems
Design a gRPC service architecture for a platform with 200+ microservices handling 100K RPCs/second, covering Protobuf schema design, streaming patterns, deadline propagation, load balancing, and backward compatibility.
Design a real-time communication system supporting 5M concurrent connections with sub-200ms message delivery, covering WebSocket vs SSE vs long-polling, connection management, heartbeats, reconnection, message ordering, and fan-out at scale.
Explain the key improvements in HTTP/2 and HTTP/3 over HTTP/1.1, covering multiplexing, header compression, server push, stream prioritization, and the move to QUIC, for a platform serving 500K pages/day.
3 problems
Design a VPN and network segmentation system for a multi-cloud organization, covering protocol selection, split tunneling, VPC peering, transit gateways, and east-west traffic control.
Design a zero trust network architecture for a large organization, replacing perimeter-based security with identity-based access, micro-segmentation, mTLS, and a centralized policy engine.
Explain the TLS 1.3 handshake process end-to-end, including certificate chain validation, cipher suite negotiation, OCSP stapling, and certificate management with Let's Encrypt.
3 problems
Design a traffic shaping and QoS system for a large network, covering token bucket and leaky bucket algorithms, tc/netem, DiffServ, bandwidth allocation, fair queuing, and congestion management at the network edge.
Design a BGP anycast network for a global DNS and CDN service, covering health-based route withdrawal, ECMP load balancing, failover mechanics, and traffic engineering with BGP communities.
Explain how BGP operates as the routing protocol of the internet, covering AS numbers, eBGP vs iBGP, the route selection algorithm, prefix announcements, route leaks, BGP communities, and peering vs transit relationships.