Networking — Basics
Networking — Basics
Section titled “Networking — Basics”OSI / TCP-IP layers (interview shorthand)
Section titled “OSI / TCP-IP layers (interview shorthand)”| Layer | Examples |
|---|---|
| Application | HTTP, gRPC, DNS, SMTP, SSH, FTP |
| Transport | TCP, UDP, QUIC |
| Network | IP, ICMP, IPSec |
| Link | Ethernet, Wi-Fi, ARP |
| Physical | cables, radio |
OSI 7-layer is academic; in practice use TCP/IP (4-layer) model.
- Reliable, ordered, byte-stream over IP. Connection-oriented.
- 3-way handshake: SYN → SYN-ACK → ACK. Costs 1 RTT before data.
- 4-way close: FIN → ACK → FIN → ACK. (Or RST for abrupt close.)
- Sequence numbers — track byte position. Acks are cumulative.
- Sliding window flow control.
- Congestion control: slow start, congestion avoidance, fast retransmit, fast recovery (Reno, Cubic, BBR).
- Nagle’s algorithm batches small packets — disable with
TCP_NODELAYfor latency-sensitive interactive workloads.
- Connectionless. No guarantees. Smaller header.
- Use cases: DNS, NTP, video/voice, gaming, QUIC.
- App must handle ordering / loss if needed.
HTTP/1.1
Section titled “HTTP/1.1”- Text-based. Request line + headers + optional body.
- Persistent connections (
Connection: keep-alive). Pipelining theoretically allowed but rarely works. - Head-of-line blocking — one slow response blocks subsequent on same connection. Workaround: 6-8 connections per origin.
- Chunked transfer encoding for streaming.
HTTP/2
Section titled “HTTP/2”- Binary framing layer over TCP+TLS.
- Multiplexing: many streams on one connection.
- HPACK header compression.
- Server push (deprecated by browsers).
- Flow control per stream + connection.
- Single TCP connection means TCP-level head-of-line still affects all streams.
HTTP/3 / QUIC
Section titled “HTTP/3 / QUIC”- Built on UDP, not TCP.
- TLS 1.3 baked in.
- 0-RTT handshake possible.
- Per-stream loss isolation — no head-of-line at transport.
- Connection migration (IP change doesn’t break it).
- ALPN negotiation;
h3ALPN ID.
TLS / mTLS
Section titled “TLS / mTLS”- TLS provides: encryption, integrity, authentication.
- Handshake (TLS 1.3): 1-RTT for new sessions; 0-RTT possible for resumed.
- Steps simplified:
- ClientHello (supported versions, ciphers, extensions).
- ServerHello (chosen) + Certificate + key share.
- Client verifies cert chain, derives keys, sends Finished.
- Certificate trust: signed by CA in trust store.
- mTLS: server also requires client cert. Used in service-mesh for zero-trust between services.
- SNI (Server Name Indication) lets one IP host many TLS sites.
- Hierarchical: root → TLD (.com) → authoritative.
- Record types: A (IPv4), AAAA (IPv6), CNAME (alias), MX (mail), TXT, SRV, NS, SOA.
- TTL — caching duration.
- Resolver caches. Stub resolver in OS, recursive at ISP/cloud.
- DNSSEC for integrity.
- Latency budget: 30-100ms for cold lookup; ~0 for cached.
- IPv4 (32-bit, ~4B addresses) vs IPv6 (128-bit).
- CIDR —
10.0.0.0/16. Subnet mask determines network/host portion. - Public vs private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
- NAT — translates private to public address.
- MTU — max packet size, typical 1500. Larger packets fragment.
Load balancers
Section titled “Load balancers”| Layer | Examples | Trade |
|---|---|---|
| L4 (TCP/UDP) | AWS NLB, HAProxy in TCP mode | Fast, blind to HTTP, cheap |
| L7 (HTTP/gRPC) | AWS ALB, Nginx, Envoy, HAProxy | Path/header routing, slower, smarter |
Algorithms: round robin, least-connections, IP hash, weighted, sticky sessions.
Common features: health checks, SSL termination, connection draining, retries, weighted traffic shifting (canary), WAF.
Sockets
Section titled “Sockets”- TCP:
socket(); bind(); listen(); accept();(server).socket(); connect();(client). - File descriptors — limit
ulimit -n. Raise for high-conn servers. - TIME_WAIT state holds 4-tuple ~60s after close. Affects clients making many short-lived connections.
- SO_REUSEPORT to balance accept across processes (modern Linux).
CORS (browser security model)
Section titled “CORS (browser security model)”- Browser blocks cross-origin requests except for a permitted set unless server opts in.
- Preflight OPTIONS request for non-simple requests.
- Server sends
Access-Control-Allow-Origin,Allow-Methods,Allow-Headers,Allow-Credentials. - Wildcards
*not allowed when credentials sent.
WebSockets
Section titled “WebSockets”- Upgrade from HTTP/1.1 (or HTTP/2 with extension).
- Full-duplex; both peers send anytime.
- Long-lived; mind sticky load balancing, idle timeouts, scaling.
- Frame-oriented (text or binary).
Server-Sent Events (SSE)
Section titled “Server-Sent Events (SSE)”- Server → client one-way stream over HTTP.
- Simpler than WebSocket, works through standard HTTP infra, auto-reconnect built in.
- Use for live updates that don’t need client→server stream.