Computer Networks Interview Questions

The OSI model has seven layers (bottom to top): Physical (bits, cables, signals), Data Link (frames, MAC addresses, switches), Network (packets, IP addresses, routing), Transport (segments, TCP/UDP, ports), Session (connection management), Presentation (data format, encryption), Application (HTTP, FTP, user interface). Each layer provides services to the layer above and uses services from below. The TCP/IP model simplifies this to 4 layers.

TCP (Transmission Control Protocol) is connection-oriented, reliable (guarantees delivery and order), has flow/congestion control, but has higher overhead. UDP (User Datagram Protocol) is connectionless, unreliable (no guarantee), has lower latency and overhead. Use TCP for: web, email, file transfer where reliability matters. Use UDP for: video streaming, gaming, DNS, VoIP where speed matters and some loss is acceptable.

IPv4 uses 32-bit addresses (4.3 billion possible addresses), written as four decimal numbers (192.168.1.1). IPv6 uses 128-bit addresses (3.4 x 10^38 addresses), written as eight hexadecimal groups (2001:0db8:85a3::8a2e:0370:7334). IPv6 was created to address IPv4 exhaustion and includes features like simplified headers, built-in IPSec, and no need for NAT. Transition is ongoing with dual-stack and tunneling approaches.

GET retrieves data (should be idempotent, no side effects). POST submits data to create resources (not idempotent). PUT updates/replaces entire resource (idempotent). PATCH partially updates resource. DELETE removes resource (idempotent). HEAD retrieves headers only (like GET without body). OPTIONS describes communication options. Common status codes: 200 OK, 201 Created, 400 Bad Request, 401 Unauthorized, 404 Not Found, 500 Server Error.

DNS (Domain Name System) translates human-readable domain names to IP addresses. Process: browser checks cache, then OS cache, then queries recursive resolver (ISP). Resolver queries root servers, then TLD servers (.com), then authoritative nameservers for the domain. Results are cached with TTL. DNS uses UDP port 53 (TCP for large responses or zone transfers). Records include: A (IPv4), AAAA (IPv6), CNAME (alias), MX (mail), TXT (text).

HTTPS (HTTP Secure) is HTTP over TLS/SSL, encrypting data in transit. HTTP sends data in plaintext, vulnerable to eavesdropping and man-in-the-middle attacks. HTTPS uses port 443 (HTTP uses 80). HTTPS provides: encryption (confidentiality), integrity (data not modified), authentication (server identity via certificates). Modern browsers flag HTTP sites as insecure. HTTPS is essential for login pages, payments, and now recommended for all sites.

MAC (Media Access Control) address is a 48-bit hardware address burned into network interface cards, used at Data Link layer for local network communication, doesn't change. IP address is a logical address assigned by network, used at Network layer for routing across networks, can be changed. MAC addresses are used within a LAN (Ethernet), IP addresses for end-to-end communication. ARP maps IP to MAC addresses.

Port numbers identify specific processes/services on a host, enabling multiple services on one IP. 16-bit numbers (0-65535). Ranges: 0-1023 well-known (privileged), 1024-49151 registered, 49152-65535 dynamic/private. Common ports: HTTP (80), HTTPS (443), SSH (22), FTP (21), SMTP (25), DNS (53), MySQL (3306), PostgreSQL (5432), Redis (6379). Socket = IP + port combination for unique connection endpoint.

A firewall monitors and controls network traffic based on security rules. Types: Packet filtering (examines headers, source/destination IP and port), Stateful inspection (tracks connection state), Application layer (inspects content, deep packet inspection), Next-gen (adds intrusion prevention, malware detection). Can be hardware or software, network or host-based. Rules typically specify allow/deny based on IP, port, protocol. Defense-in-depth uses multiple firewall layers.

Hub broadcasts data to all ports (Layer 1) - all devices receive all traffic, collisions occur, inefficient. Switch forwards data only to the destination port using MAC address table (Layer 2) - reduces collisions, more efficient. Router forwards data between different networks using IP addresses (Layer 3) - makes routing decisions, connects LANs, provides NAT, firewalling. Hubs are obsolete; switches for LAN, routers for WAN/Internet.

TCP connection establishment uses three-way handshake: 1) Client sends SYN (synchronize) with initial sequence number. 2) Server responds with SYN-ACK (synchronize-acknowledge) with its sequence number and acknowledgment of client's. 3) Client sends ACK acknowledging server's sequence. Connection is now established for bidirectional communication. Termination uses four-way handshake (FIN, ACK, FIN, ACK). SYN flood attacks exploit this by never completing handshake.

A CDN (Content Delivery Network) is a distributed network of servers that delivers content from servers geographically close to users. Benefits: reduced latency (shorter distance), decreased origin server load, improved availability (distributed, redundant), DDoS protection, handling traffic spikes. CDNs cache static content (images, CSS, JS) at edge locations. Examples: Cloudflare, Akamai, CloudFront. Use for: static assets, video streaming, API acceleration.

NAT (Network Address Translation) maps private IP addresses to public IP addresses, allowing multiple devices to share one public IP. Types: Static NAT (1:1 mapping), Dynamic NAT (pool of public IPs), PAT/NAPT (one public IP, different ports - most common). Benefits: conserves IPv4 addresses, provides some security (hides internal network), enables private addressing. Challenges: breaks end-to-end connectivity, complicates peer-to-peer, requires special handling for some protocols.

Cookies are small data stored by browser, sent with every request to that domain. Used for: session management, personalization, tracking. Attributes: Expires (lifetime), Secure (HTTPS only), HttpOnly (no JavaScript access), SameSite (CSRF protection). Sessions store user state on server, identified by session ID in cookie. Cookies are limited (~4KB), visible to client; sessions can store more, server-side. JWT tokens are alternative for stateless authentication.

A socket is an endpoint for communication between two machines, identified by IP address and port number. Socket API enables applications to send/receive data over the network. Types: Stream sockets (TCP, connection-oriented), Datagram sockets (UDP, connectionless). Operations: create socket, bind to port, listen/connect, accept connections, send/receive data, close. Server creates listening socket, accepts client connections, creating new socket per connection.

TLS 1.2 handshake: 1) ClientHello (supported cipher suites, random). 2) ServerHello (chosen cipher, random), Certificate, ServerKeyExchange. 3) Client verifies certificate, sends ClientKeyExchange (encrypted pre-master secret or DH parameter). 4) Both derive session keys from pre-master secret. 5) ChangeCipherSpec, Finished messages verify handshake. TLS 1.3 reduces to 1-RTT by sending key share in ClientHello. Results in symmetric encryption for data transfer.

TCP congestion control prevents network overload. Algorithms: Slow Start (exponential growth until threshold), Congestion Avoidance (linear growth), Fast Retransmit (retransmit on 3 duplicate ACKs), Fast Recovery (don't reset to slow start). Congestion window (cwnd) limits data in flight. On timeout: cwnd = 1, slow start. On 3 dup-ACKs: cwnd halved, fast recovery. Modern variants: CUBIC (default in Linux), BBR (Google, models bandwidth and RTT).

HTTP/2 improvements: Multiplexing (multiple streams over single connection - no head-of-line blocking), Binary framing (efficient parsing), Header compression (HPACK - reduces redundancy), Server push (proactively send resources), Stream prioritization. Single connection per origin reduces TCP overhead. Requires HTTPS in practice. HTTP/3 further improves with QUIC (UDP-based, no TCP head-of-line blocking, faster handshake, connection migration).

Load balancing algorithms: Round Robin (equal rotation), Weighted Round Robin (proportional to capacity), Least Connections (to server with fewest active connections), Weighted Least Connections (considers weights), IP Hash (consistent server per client IP - session persistence), Least Response Time (to fastest server), Random. Layer 4 (TCP) load balancers route by IP/port; Layer 7 (HTTP) can route by URL, headers, cookies. Consider health checks, session persistence, geographic routing.

WebSockets provide full-duplex, persistent communication over single TCP connection. Starts as HTTP upgrade request, then switches protocol. Unlike HTTP request-response, both sides can send data anytime. Low overhead (no HTTP headers per message). Use for: real-time apps (chat, gaming, live updates), streaming data, collaborative editing. Alternatives: Server-Sent Events (one-way), long polling (compatibility). Consider: connection management, scaling with sticky sessions or pub/sub.

A: maps domain to IPv4 address. AAAA: maps to IPv6. CNAME: alias pointing to another domain (cannot be at zone apex). MX: mail server with priority. TXT: arbitrary text (SPF, DKIM verification). NS: authoritative nameserver for domain. SOA: Start of Authority with zone info. SRV: service location with port. PTR: reverse lookup (IP to domain). CAA: Certificate Authority authorization. Use TTL wisely: lower for changes, higher for stability.

REST: resource-based URLs, HTTP methods for operations, multiple endpoints, fixed data shapes, potentially over/under-fetching. GraphQL: single endpoint, client specifies exact data needed, reduces round trips, typed schema, introspection. REST: simpler, cacheable with HTTP, mature tooling. GraphQL: flexible queries, better for complex UIs, requires query complexity limits, caching more complex. REST suits simple CRUD; GraphQL suits complex, client-driven data needs.

Reverse proxy sits in front of servers, forwarding client requests. Benefits: Load balancing (distribute traffic), SSL termination (offload encryption), Caching (reduce backend load), Security (hide server details, DDoS protection, WAF), Compression (reduce bandwidth), Request routing (path-based to different services), Rate limiting. Examples: Nginx, HAProxy, Traefik. Different from forward proxy which acts on behalf of clients. Essential for microservices architectures.

CORS (Cross-Origin Resource Sharing) allows servers to specify which origins can access their resources, relaxing same-origin policy. Browser sends Origin header; server responds with Access-Control-Allow-Origin. Simple requests (GET, POST with basic content-types) go directly. Preflighted requests (PUT, DELETE, custom headers) send OPTIONS first. Headers: Allow-Credentials (cookies), Allow-Methods, Allow-Headers, Max-Age (cache preflight). Server must explicitly allow cross-origin access.

OSPF (Open Shortest Path First): Interior Gateway Protocol for routing within an autonomous system (AS). Uses link-state algorithm, Dijkstra's shortest path. Converges quickly, hierarchical with areas, metric based on bandwidth. BGP (Border Gateway Protocol): Exterior Gateway Protocol for routing between ASs (internet backbone). Uses path-vector algorithm, policy-based routing. Slow convergence, focuses on reachability and policy. OSPF for internal networks, BGP for internet routing.

Cache-Control: max-age (seconds fresh), no-cache (revalidate), no-store (don't cache), private/public, immutable. Expires: legacy, absolute date. ETag: resource version hash for conditional requests (If-None-Match). Last-Modified: timestamp for conditional (If-Modified-Since). Conditional requests return 304 Not Modified if unchanged. Vary header specifies which request headers affect caching. CDNs/browsers use these for cache decisions. Stale-while-revalidate serves stale while refreshing.

OAuth 2.0 delegates authorization without sharing credentials. Authorization Code flow (most secure): 1) App redirects user to auth server. 2) User authenticates, grants permissions. 3) Auth server redirects back with authorization code. 4) App exchanges code for access token (server-side). 5) App uses token to access API. Other flows: Implicit (deprecated, token in URL), Client Credentials (service-to-service), PKCE (mobile/SPA security). Access tokens have scopes and expiration; refresh tokens for renewal.

gRPC is a high-performance RPC framework using Protocol Buffers (binary serialization) over HTTP/2. Features: strongly typed contracts (.proto files), code generation, bidirectional streaming, built-in deadline/cancellation. Advantages over REST: faster (binary, multiplexing), smaller payload, streaming support, better tooling for types. Disadvantages: harder to debug (binary), less browser support (requires grpc-web), steeper learning curve. Ideal for microservices, mobile backends, low-latency requirements.

DDoS (Distributed Denial of Service) overwhelms target with traffic from many sources. Types: Volumetric (flood bandwidth - UDP flood, amplification), Protocol (exploit protocol weaknesses - SYN flood), Application layer (target services - HTTP flood). Mitigation: CDN/edge filtering (absorb traffic), rate limiting, IP reputation/blacklisting, CAPTCHA for bots, anycast distribution, specialized DDoS protection (Cloudflare, AWS Shield), overprovision capacity. Defense requires multiple layers.

VPN (Virtual Private Network) creates encrypted tunnel over public network. Types: Site-to-Site (connects networks, gateway-to-gateway), Remote Access (individual users to network), SSL/TLS VPN (browser-based, application access), IPSec VPN (network layer, comprehensive). Protocols: OpenVPN (SSL, flexible), WireGuard (modern, fast), IPSec/IKEv2 (stable, native support), L2TP (with IPSec). Uses: secure remote work, bypass geo-restrictions, privacy. Consider: latency, device support, split tunneling.

TCP keep-alive sends probe packets to verify connection is still active when idle. Default is typically 2 hours before probing. Purpose: detect dead connections, prevent NAT/firewall timeout. Parameters: keep-alive time (idle before probing), interval (between probes), count (probes before closing). Application-level heartbeats are often preferred for more control. In HTTP, Connection: keep-alive reuses TCP connection for multiple requests (different concept). Balance between detecting failures and overhead.

Service mesh is infrastructure layer handling service-to-service communication in microservices. Components: data plane (sidecar proxies like Envoy) and control plane (configuration management). Features: traffic management (routing, load balancing), security (mTLS, authentication), observability (tracing, metrics). Examples: Istio, Linkerd, Consul Connect. Solves: consistent networking policies, removing network code from apps, visibility into communication. Trade-offs: added complexity, latency, resource overhead.

Subnet mask defines network vs host portions of IP address. Binary: 1s for network, 0s for host. Example: 255.255.255.0 means first 24 bits are network. CIDR notation: IP/prefix-length (192.168.1.0/24). Subnetting divides networks into smaller segments. /24 = 256 addresses (254 usable), /16 = 65,536 addresses. Calculate: usable hosts = 2^(32-prefix) - 2 (network and broadcast addresses). VLSM (Variable Length Subnet Masking) allows different-sized subnets.

Cache invalidation removes/updates cached content. Methods: TTL-based (automatic expiration), Purge/Invalidation API (immediate removal), Cache tags (group invalidation), Versioned URLs (new URL = new content - most reliable). Challenges: propagation delay across edge nodes, cost per invalidation, eventual consistency. Best practices: use versioned/hashed filenames for static assets, longer TTL + invalidation on publish, cache headers for dynamic content. Balance freshness vs hit rate.

Rate limiting controls request frequency to protect resources. Algorithms: Token Bucket (tokens replenish at rate, spent per request - allows bursts), Leaky Bucket (constant rate outflow), Fixed Window (count per time window - boundary issues), Sliding Window (rolling count - smoother). Store counters in Redis/memory. Identify by API key, IP, user ID. Return 429 Too Many Requests with Retry-After header. Consider: different limits per endpoint/tier, distributed systems synchronization, graceful degradation.

TCP Fast Open allows data transmission during the handshake, reducing round trips. On first connection, server provides TFO cookie. On subsequent connections, client sends SYN + cookie + data; server can process data immediately while completing handshake, saving 1 RTT. Security: cookie prevents amplification attacks. Limitations: requires client/server support, not all middleboxes compatible, cookies can be invalidated. TLS 1.3 0-RTT is similar concept for encryption. Benefits for short-lived connections.

QUIC (HTTP/3 transport) runs over UDP, providing: 1) No head-of-line blocking (independent streams), 2) 0-RTT connection resumption (faster reconnects), 3) Connection migration (survives IP changes - mobile), 4) Built-in encryption (TLS 1.3 integrated), 5) Improved congestion control (in userspace, updatable). Eliminates TCP issues: handshake overhead, HoL blocking, OS-level rigidity. Deployed by Google, Cloudflare. Trade-offs: UDP blocking by some networks, higher CPU usage, middlebox interference.

Anycast assigns same IP address to multiple servers globally; BGP routes traffic to nearest (topologically) server. Benefits: automatic geographic load balancing, DDoS resilience (distributed), reduced latency, failover without DNS propagation. Use cases: CDNs, DNS (root servers), anycast TCP (with careful session management). Challenges: TCP requires same server for connection lifetime (use connection ID or hash routing), less control than DNS-based balancing. Monitor: BGP path changes affect routing.

Zero Trust eliminates implicit trust based on network location. Principles: verify explicitly (always authenticate/authorize), least privilege access, assume breach. Implementation: strong identity (MFA), device health verification, microsegmentation (granular access controls), encrypted communications (mTLS everywhere), continuous monitoring. Technologies: BeyondCorp, ZTNA products, identity-aware proxy. Replaces perimeter-based security (VPN/firewall). Challenge: retrofitting legacy applications, identity management complexity. Essential for cloud-native, remote work.

BBR (Bottleneck Bandwidth and RTT) models the network path instead of reacting to packet loss. Estimates bottleneck bandwidth (BtlBw) and minimum RTT, targeting sending at BtlBw with inflight data of BtlBw*RTT. Doesn't interpret loss as congestion (critical for wireless, shallow buffers). Four phases: Startup (exponential search), Drain (reduce inflight), ProbeBW (steady with bandwidth probing), ProbeRTT (periodic RTT measurement). Benefits: higher throughput on lossy links, lower latency. BBRv2 improves fairness.

mTLS requires both client and server to present certificates. Implementation: Certificate Authority (internal CA or Vault), automatic certificate rotation (short-lived certs), service mesh handling (Istio, Linkerd automate mTLS), trust chain management. Challenges: certificate provisioning at scale, rotation without downtime, debugging encrypted traffic. Benefits: strong service identity, encrypted communication, no shared secrets. Combine with SPIFFE/SPIRE for workload identity. Monitor certificate expiry and revocation (CRL/OCSP).

Multi-layer approach: DNS-based (Route 53, Cloudflare - latency/geo routing, health checks), anycast (edge distribution), regional load balancers (AWS ALB/NLB per region). Considerations: latency measurement (latency-based routing), health checking (global monitoring), failover (automatic region failover), data locality (keep requests near data), session affinity (if needed). Active-active vs active-passive by region. Combine DNS (seconds) with anycast (instant) for optimal failover speed. Monitor: synthetic probes from multiple locations.

SDN separates control plane (decision making) from data plane (forwarding). Components: SDN controller (centralized brain, network-wide view), northbound APIs (applications interact with controller), southbound APIs (controller to switches - OpenFlow), data plane (programmable switches). Benefits: centralized management, programmable network, dynamic configuration, vendor-agnostic. Use cases: data center networking, network virtualization, traffic engineering. Compare with traditional networking where control and data planes are integrated in each device.

Certificate chain: end-entity cert -> intermediate CA(s) -> root CA. Validation: verify each signature up the chain, check expiration, revocation status (CRL/OCSP), hostname match, key usage extensions. Common issues: missing intermediate (server must send), expired cert, wrong chain order, hostname mismatch, revoked cert, untrusted root. Certificate Transparency (CT) logs provide public audit. HSTS preloading prevents downgrade. OCSP stapling reduces revocation check latency. Let's Encrypt automated issuance.

Toolset: tcpdump/Wireshark (packet capture and analysis), netstat/ss (connection state), traceroute/mtr (path analysis), dig/nslookup (DNS debugging), curl -v (HTTP debugging), openssl s_client (TLS debugging), iptables/nftables -L (firewall rules), strace (syscalls including network), eBPF tools (bcc/bpftrace for kernel-level). Methodology: isolate the layer (DNS, TCP, TLS, application), reproduce issue, capture traffic, analyze headers/timing. Compare working vs non-working cases. Distributed tracing for microservices.

Key headers: Content-Security-Policy (prevent XSS, control resource loading), Strict-Transport-Security (force HTTPS), X-Content-Type-Options (prevent MIME sniffing), X-Frame-Options (prevent clickjacking), Referrer-Policy (control referrer info), Permissions-Policy (control browser features), Cross-Origin-Opener-Policy/Embedder-Policy (enable cross-origin isolation). Implementation: set at reverse proxy/CDN level. Test with: securityheaders.com. Balance security vs functionality. CSP requires careful rollout (report-only mode first).

Three pillars: Metrics (request rate, latency percentiles, error rate - Prometheus + Grafana), Logs (structured, correlation IDs, centralized - ELK/Loki), Traces (distributed tracing - Jaeger/Zipkin). Network-specific: RED method (Rate, Errors, Duration), TCP metrics (retransmits, RTT), DNS resolution time. Implementation: OpenTelemetry for instrumentation, sidecar proxies for service mesh metrics, eBPF for kernel-level visibility. Alerting on SLOs, runbooks for common issues. Golden signals per Google SRE.

DNSSEC adds cryptographic signatures to DNS records. Each zone has ZSK (Zone Signing Key) signing records and KSK (Key Signing Key) signing ZSK. DS records in parent zone create chain of trust to root. Resolvers verify signatures up the chain. Prevents: cache poisoning, spoofed responses. New record types: RRSIG (signature), DNSKEY (public keys), DS (delegation signer), NSEC/NSEC3 (authenticated denial of existence). Challenges: key rotation, zone walking (NSEC), increased response size, deployment complexity.

Edge computing places computation closer to users. Architecture layers: device edge (IoT/client processing), network edge (CDN/MEC), regional edge (cloud regions), core cloud. Considerations: workload placement (latency vs resources), state management (distributed cache, eventual consistency), deployment (GitOps across locations), failure handling (graceful degradation). Technologies: Cloudflare Workers, AWS Lambda@Edge, Fastly Compute. Use cases: real-time personalization, IoT processing, gaming, video transcoding. Trade-offs: operational complexity, limited compute, debugging challenges.

Multi-level optimization: Transport: enable TCP BBR, tune kernel parameters (buffer sizes, backlog), enable TFO. Protocol: HTTP/2 or HTTP/3, connection pooling, gzip/brotli compression. Application: efficient serialization (protobuf), request batching, pagination. Caching: CDN for static, edge caching, browser caching headers. Infrastructure: keep-alive connections, connection reuse, geo-distributed deployment. Monitoring: measure P99 latency, identify bottlenecks (network vs compute). Load testing under realistic conditions. Consider: tradeoffs between latency, throughput, and cost.