Toolmingo
Guides25 min read

50 Networking Interview Questions (With Answers)

Top computer networking interview questions with clear answers — covering OSI model, TCP/IP, DNS, HTTP, subnetting, routing, switching, firewalls, and network troubleshooting.

Networking interviews test your understanding of how data moves across systems — from OSI layers and IP addressing to DNS resolution, TCP handshakes, and firewall rules. This guide covers the 50 most common questions with concise, accurate answers.

Quick reference

Topic Key concepts
OSI & TCP/IP 7 layers, 4 layers, encapsulation
IP Addressing IPv4/IPv6, CIDR, subnetting, NAT
Transport Layer TCP vs UDP, handshakes, ports
Application Layer HTTP/S, DNS, DHCP, FTP, SSH
Routing Static vs dynamic, BGP, OSPF, RIP
Switching VLANs, STP, MAC addresses, ARP
Security Firewalls, VPN, TLS, IDS/IPS
Troubleshooting ping, traceroute, netstat, Wireshark

OSI Model & TCP/IP

1. What are the 7 layers of the OSI model?

The OSI (Open Systems Interconnection) model is a conceptual framework that describes how data is transmitted over a network:

Layer Name Protocol examples Data unit
7 Application HTTP, DNS, FTP, SMTP Data
6 Presentation TLS/SSL, JPEG, ASCII Data
5 Session NetBIOS, RPC Data
4 Transport TCP, UDP Segment/Datagram
3 Network IP, ICMP, OSPF Packet
2 Data Link Ethernet, Wi-Fi, ARP Frame
1 Physical Ethernet cables, fibre, radio Bits

Mnemonic (top-down): "All People Seem To Need Data Processing"

2. How does TCP/IP differ from OSI?

TCP/IP (the internet protocol suite) has 4 layers that map to OSI's 7:

TCP/IP Layer Maps to OSI layers Examples
Application 5, 6, 7 HTTP, DNS, FTP, SMTP
Transport 4 TCP, UDP
Internet 3 IP, ICMP, ARP
Network Access 1, 2 Ethernet, Wi-Fi

OSI is a conceptual model; TCP/IP is the practical implementation used on the internet.

3. What happens when you type a URL into a browser?

High-level steps:

  1. DNS resolution — browser checks local cache → OS cache → recursive DNS resolver → authoritative name server → returns IP address
  2. TCP connection — 3-way handshake (SYN → SYN-ACK → ACK) with server on port 80 or 443
  3. TLS handshake (HTTPS) — negotiate cipher suite, exchange certificates, derive session keys
  4. HTTP request — GET / HTTP/1.1 (or HTTP/2 or HTTP/3)
  5. Server processes request — web server, application server, database query
  6. HTTP response — status code + headers + body (HTML)
  7. Browser renders — parses HTML, fetches CSS/JS/images (additional DNS + TCP connections)
  8. TCP teardown — FIN → FIN-ACK → ACK (or connection kept alive for reuse)

4. What is encapsulation in networking?

Each OSI layer wraps data from the layer above with its own header (and sometimes trailer):

Application data
  → [TCP header | Application data]          ← Transport segment
  → [IP header | TCP header | App data]      ← Network packet
  → [Eth header | IP | TCP | App | Eth FCS]  ← Data link frame
  → 10101010...                               ← Physical bits

At the receiving end, each layer decapsulates (strips its header) and passes data up.


IP Addressing & Subnetting

5. What is an IP address?

An IP address uniquely identifies a device on a network.

  • IPv4: 32-bit, written as 4 octets (e.g., 192.168.1.1) — ~4.3 billion addresses
  • IPv6: 128-bit, written as 8 groups of hex (e.g., 2001:0db8:85a3::8a2e:0370:7334) — ~340 undecillion addresses

6. What is CIDR notation?

CIDR (Classless Inter-Domain Routing) expresses an IP address and its subnet mask together:

192.168.1.0/24
             ↑
             24 bits are the network portion → subnet mask 255.255.255.0
             8 bits left for hosts → 256 addresses, 254 usable
CIDR Subnet mask Hosts
/8 255.0.0.0 16,777,214
/16 255.255.0.0 65,534
/24 255.255.255.0 254
/25 255.255.255.128 126
/30 255.255.255.252 2 (point-to-point links)
/32 255.255.255.255 1 (single host route)

7. What are private IP address ranges?

Defined by RFC 1918, these ranges are not routable on the public internet:

Range CIDR Notes
10.0.0.0 – 10.255.255.255 10.0.0.0/8 Class A private
172.16.0.0 – 172.31.255.255 172.16.0.0/12 Class B private
192.168.0.0 – 192.168.255.255 192.168.0.0/16 Class C private
127.0.0.0 – 127.255.255.255 127.0.0.0/8 Loopback (localhost)
169.254.0.0 – 169.254.255.255 169.254.0.0/16 Link-local (APIPA)

8. What is NAT and why is it used?

Network Address Translation (NAT) allows multiple devices on a private network to share a single public IP address:

Private: 192.168.1.10:50000 → NAT → Public: 203.0.113.1:12345 → Internet
  • SNAT (Source NAT): modifies source IP — used for outbound traffic (most common)
  • DNAT (Destination NAT): modifies destination IP — used for inbound traffic / port forwarding
  • PAT (Port Address Translation): maps many private IPs to one public IP using different ports (also called NAPT or "NAT overload")

NAT conserves IPv4 addresses but breaks end-to-end connectivity — IPv6 was designed to eliminate the need for NAT.

9. What is the difference between IPv4 and IPv6?

Feature IPv4 IPv6
Address size 32-bit (4 bytes) 128-bit (16 bytes)
Address space ~4.3 billion ~3.4 × 10³⁸
Notation Decimal dotted (192.168.1.1) Hex colon (2001:db8::1)
Header size Variable (20–60 bytes) Fixed 40 bytes
Fragmentation Routers and hosts Hosts only
Broadcast Yes No (uses multicast)
IPSec Optional Mandatory (built-in)
DHCP DHCPv4 SLAAC or DHCPv6
NAT Widely used Not needed

10. How do you subnet 192.168.10.0/24 into 4 equal subnets?

You need 4 subnets → borrow 2 bits from the host portion → new prefix = /26

Subnet Network Usable range Broadcast
1 192.168.10.0/26 .1 – .62 .63
2 192.168.10.64/26 .65 – .126 .127
3 192.168.10.128/26 .129 – .190 .191
4 192.168.10.192/26 .193 – .254 .255

Each subnet has 64 addresses, 62 usable (first = network address, last = broadcast).


Transport Layer: TCP & UDP

11. What is the difference between TCP and UDP?

Feature TCP UDP
Connection Connection-oriented (handshake) Connectionless
Reliability Guaranteed delivery, ordering, retransmission Best-effort, no guarantee
Flow control Yes (sliding window) No
Congestion control Yes No
Header size 20–60 bytes 8 bytes
Speed Slower (overhead) Faster
Use cases HTTP, HTTPS, FTP, SMTP, SSH DNS, DHCP, VoIP, video streaming, gaming

12. Explain the TCP 3-way handshake.

Establishes a TCP connection before data transfer:

Client                    Server
  |                          |
  |──── SYN (seq=x) ────────>|   Client: "I want to connect, my seq starts at x"
  |                          |
  |<─── SYN-ACK (seq=y, ack=x+1) ─|  Server: "OK, my seq starts at y, expecting x+1"
  |                          |
  |──── ACK (ack=y+1) ──────>|   Client: "Got it, expecting y+1"
  |                          |
  |        DATA TRANSFER      |

13. What is the TCP 4-way teardown?

Closing a TCP connection requires 4 steps because each direction is closed independently:

Client              Server
  |── FIN ─────────>|    Client: "Done sending"
  |<─ ACK ──────────|    Server: "Got FIN"
  |<─ FIN ──────────|    Server: "Done sending too"
  |── ACK ─────────>|    Client: "Got FIN, closing"

After the last ACK, the client waits in TIME_WAIT (2×MSL ≈ 60–120 seconds) to ensure the server received the ACK.

14. What are common TCP port numbers?

Port Protocol Description
20, 21 FTP File Transfer (data/control)
22 SSH Secure Shell
23 Telnet Unencrypted remote access
25 SMTP Email sending
53 DNS Domain Name System (TCP+UDP)
67, 68 DHCP IP lease (UDP)
80 HTTP Web (unencrypted)
110 POP3 Email retrieval
143 IMAP Email retrieval
443 HTTPS Web (TLS encrypted)
3306 MySQL Database
5432 PostgreSQL Database
6379 Redis Cache/message broker
8080 HTTP alt Dev servers, proxies

15. What is a socket?

A socket is an endpoint for network communication, uniquely identified by:

(IP address, Port number, Transport protocol)
e.g., (192.168.1.10, 443, TCP)

A socket pair identifies a connection:

(client_IP:client_port, server_IP:server_port)
(10.0.0.5:54321, 93.184.216.34:443)

A server in LISTEN state accepts connections; each accepted connection gets its own socket.

16. What is TCP flow control vs congestion control?

  • Flow control — prevents sender from overwhelming the receiver. Receiver advertises a receive window (rwnd); sender limits unacknowledged data to that window size.
  • Congestion control — prevents sender from overwhelming the network. TCP maintains a congestion window (cwnd) and uses algorithms:
    • Slow start: cwnd doubles each RTT
    • Congestion avoidance: cwnd grows linearly (additive increase)
    • Fast retransmit/recovery: on 3 duplicate ACKs, retransmit without waiting for timeout

Effective send rate = min(rwnd, cwnd).


Application Layer Protocols

17. How does DNS work?

DNS translates domain names to IP addresses:

Browser → Recursive Resolver → Root NS (.com? → a.gtld-servers.net)
                             → TLD NS (example.com? → ns1.example.com)
                             → Authoritative NS → returns 93.184.216.34

DNS record types:

Record Purpose Example
A IPv4 address example.com → 93.184.216.34
AAAA IPv6 address example.com → 2606:2800::1
CNAME Alias to another name www → example.com
MX Mail server example.com → mail.example.com (priority 10)
TXT Arbitrary text (SPF, DKIM) v=spf1 include:...
NS Authoritative name servers example.com → ns1.example.com
PTR Reverse DNS (IP → name) 34.216.184.93.in-addr.arpa → example.com
SOA Zone authority info Serial, refresh, retry, expire

18. What is the difference between DNS A and CNAME records?

  • A record: maps a domain name directly to an IPv4 address. Can only point to an IP.
  • CNAME record: maps a domain name to another domain name (canonical name). The second lookup returns the IP.
www.example.com  CNAME  example.com
example.com      A      93.184.216.34

CNAME cannot coexist with other records (e.g., MX) at the same name — use A/AAAA at the zone apex instead. Some DNS providers offer "CNAME flattening" (ALIAS/ANAME records) to work around this.

19. What is DHCP and how does it work?

DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses to network devices:

Client                      DHCP Server
  |── DISCOVER (broadcast) ──────>|   "Anyone have an IP for me?"
  |<─ OFFER (unicast/broadcast) ──|   "Here's 192.168.1.100, lease 24h"
  |── REQUEST (broadcast) ────────>|  "I'll take 192.168.1.100"
  |<─ ACK ────────────────────────|  "Confirmed, it's yours"

DHCP provides: IP address, subnet mask, default gateway, DNS servers, lease time.

DORA: Discover → Offer → Request → Acknowledge.

20. What is the difference between HTTP/1.1, HTTP/2, and HTTP/3?

Feature HTTP/1.1 HTTP/2 HTTP/3
Year 1997 2015 2022
Transport TCP TCP QUIC (UDP)
Multiplexing No (1 req/connection unless pipelining) Yes (multiple streams over 1 TCP connection) Yes (QUIC streams)
Head-of-line blocking Connection-level Stream-level (TCP HOL remains) Eliminated (QUIC)
Header compression None HPACK QPACK
Server push No Yes Yes
TLS Optional Effectively required Required
Connection setup TCP + TLS TCP + TLS 0-RTT or 1-RTT (QUIC)

21. What is the difference between HTTP GET and POST?

Aspect GET POST
Purpose Retrieve data Submit data
Body No body Has request body
URL params Parameters in URL Parameters in body
Idempotent Yes No
Safe (no side effects) Yes No
Cacheable Yes (by default) No (by default)
Bookmarkable Yes No
Max size URL length limit (~2KB–8KB) No practical limit

22. What are common HTTP status codes?

Code Meaning Notes
200 OK Request succeeded
201 Created Resource created (after POST/PUT)
204 No Content Success, no body (DELETE)
301 Moved Permanently Use new URL, update links
302 Found Temporary redirect
304 Not Modified Use cache (ETag/Last-Modified matched)
400 Bad Request Client sent invalid data
401 Unauthorized Authentication required
403 Forbidden Authenticated but not authorised
404 Not Found Resource doesn't exist
405 Method Not Allowed Wrong HTTP method
409 Conflict Conflict with current state
422 Unprocessable Entity Validation error
429 Too Many Requests Rate limit exceeded
500 Internal Server Error Server-side bug
502 Bad Gateway Upstream server error
503 Service Unavailable Server overloaded / down
504 Gateway Timeout Upstream server timeout

Routing & Switching

23. What is the difference between a hub, switch, and router?

Device OSI Layer Forwarding Intelligence
Hub Layer 1 (Physical) Broadcasts to all ports None
Switch Layer 2 (Data Link) Forwards by MAC address (unicast) MAC address table
Router Layer 3 (Network) Routes by IP address Routing table
  • Hub: all traffic to all ports — creates collision domain; deprecated
  • Switch: learns MAC addresses, forwards frames to correct port; each port is its own collision domain
  • Router: connects different networks, determines best path using IP routing table

24. What is ARP?

ARP (Address Resolution Protocol) maps an IP address to a MAC address on a local network:

Host A (IP: 192.168.1.10, MAC: aa:bb:cc:dd:ee:01)
Host B (IP: 192.168.1.20, MAC: aa:bb:cc:dd:ee:02)

A → (ARP broadcast): "Who has 192.168.1.20?"
B → (ARP reply, unicast to A): "I do. My MAC is aa:bb:cc:dd:ee:02"
A stores this in its ARP cache.

ARP only works within a subnet (same broadcast domain). To reach another subnet, traffic goes to the default gateway instead.

ARP poisoning/spoofing is a MITM attack where an attacker sends fake ARP replies to associate their MAC with a legitimate IP.

25. What is a VLAN?

A VLAN (Virtual LAN) segments a physical network into logical isolated networks:

  • Devices in different VLANs cannot communicate directly (they're in separate broadcast domains)
  • Communication between VLANs requires a Layer 3 device (router or Layer 3 switch)
  • VLANs are configured on switches using IEEE 802.1Q tagging — a 4-byte tag added to frames

Uses: separate guest/corporate traffic, isolate IoT devices, reduce broadcast domains, enforce security policies.

26. What is Spanning Tree Protocol (STP)?

STP (IEEE 802.1D) prevents Layer 2 loops in networks with redundant switch paths:

  1. Elect root bridge — switch with lowest Bridge ID (priority + MAC)
  2. Find root ports — each non-root switch selects the port with lowest path cost to root
  3. Find designated ports — one designated port per segment (lowest cost path to root)
  4. Block remaining ports — puts redundant ports in blocking state

Port states: Blocking → Listening → Learning → Forwarding

RSTP (802.1w) — faster convergence (seconds vs 30–50s for STP). MSTP (802.1s) — multiple spanning trees per VLAN group.

27. What is the difference between static and dynamic routing?

Feature Static Routing Dynamic Routing
Configuration Manual by admin Automatic via protocol
Scalability Poor (large networks) Good
Overhead None Protocol traffic (small)
Convergence Immediate (no re-routing on failure) Auto-adjusts to failures
Use case Small networks, specific routes Medium to large networks
Examples ip route 10.0.2.0 255.255.255.0 10.0.1.1 OSPF, EIGRP, BGP

28. What is BGP?

BGP (Border Gateway Protocol) is the routing protocol of the internet — used between autonomous systems (AS):

  • eBGP: between different ASes (internet service providers, organisations)
  • iBGP: within the same AS

BGP selects routes based on path attributes (not just distance): AS-path, local preference, MED, next-hop, etc. It's a path-vector protocol — very policy-driven.

BGP is at the core of internet routing: when you see "BGP hijack" news, an AS is incorrectly advertising routes it doesn't own.

29. What is OSPF?

OSPF (Open Shortest Path First) is a link-state routing protocol used within an AS (interior gateway protocol):

  • Each router maintains a Link State Database (LSDB) — a complete map of the network topology
  • Uses Dijkstra's algorithm to compute shortest paths
  • Areas (area 0 = backbone) reduce LSDB size and LSA flooding
  • Supports VLSM/CIDR, authentication, fast convergence

Metrics: cost = reference bandwidth / interface bandwidth (default reference: 100 Mbps)


Network Security

30. What is a firewall and what types exist?

A firewall controls incoming and outgoing network traffic based on rules:

Type How it works Strengths
Packet filter Inspects IP/TCP headers (source/dest IP, port) Fast, simple
Stateful inspection Tracks connection state; only allows established/related traffic Better security, blocks invalid packets
Application-layer (proxy) Understands application protocols (HTTP, DNS) Deep inspection, stops app-layer attacks
Next-generation (NGFW) Combines stateful + DPI + IPS + user identity Most comprehensive
WAF HTTP-specific; blocks SQL injection, XSS, CSRF Protects web apps

31. What is the difference between IDS and IPS?

IDS (Intrusion Detection System) IPS (Intrusion Prevention System)
Position Passive (out-of-band, mirror port) Inline (in traffic path)
Action Alerts only Alerts + blocks traffic
Impact on latency None Slight (inspects live traffic)
False positive risk Annoying alerts Can block legitimate traffic

Detection methods: signature-based (known patterns), anomaly-based (baseline deviation), heuristic (behavioural analysis).

32. What is a VPN?

A VPN (Virtual Private Network) creates an encrypted tunnel over a public network:

Types:

  • Site-to-site VPN: connects two office networks (IPsec tunnels between gateways)
  • Remote access VPN: individual users connect to a corporate network (OpenVPN, WireGuard, Cisco AnyConnect)

Protocols:

Protocol Notes
IPsec Standard, two modes (transport/tunnel); ESP + AH
OpenVPN SSL/TLS-based, highly configurable
WireGuard Modern, fast, minimal codebase
L2TP/IPsec L2TP for tunnelling + IPsec for encryption
PPTP Deprecated (broken security)

33. Explain TLS and how it secures HTTPS.

TLS (Transport Layer Security) provides confidentiality, integrity, and authentication:

TLS 1.3 Handshake (simplified):

Client → Server: ClientHello (TLS version, cipher suites, key share)
Server → Client: ServerHello (chosen cipher, key share, certificate)
         Both:  Derive session keys from ECDHE shared secret
Client → Server: Finished (encrypted with session key)
Server → Client: Finished
         Application data flows encrypted

Key concepts:

  • Certificate: proves server identity (signed by trusted CA)
  • ECDHE: Ephemeral Diffie-Hellman for forward secrecy
  • AEAD: authenticated encryption (AES-GCM, ChaCha20-Poly1305) — provides both confidentiality and integrity

34. What is a DDoS attack and how is it mitigated?

DDoS (Distributed Denial of Service) floods a target with traffic from many sources to exhaust resources:

Types:

Type Method Example
Volumetric Saturate bandwidth UDP flood, DNS amplification
Protocol Exhaust state tables SYN flood, ICMP flood
Application layer Exhaust server resources HTTP flood, slow HTTP

Mitigations:

  • Rate limiting at edge routers/firewalls
  • IP reputation / blacklisting (known botnet IPs)
  • Anycast diffusion (spread traffic across many PoPs)
  • Scrubbing centres (route traffic through filtering infrastructure)
  • CDN / cloud DDoS protection (Cloudflare, AWS Shield, Akamai)
  • SYN cookies (for SYN flood — no state until handshake complete)

35. What is the difference between symmetric and asymmetric encryption?

Feature Symmetric Asymmetric
Keys Same key for encrypt/decrypt Public key encrypts, private key decrypts
Speed Fast Slow (10–1000×)
Key exchange Problem: how to share securely? Key exchange is the purpose
Algorithms AES, ChaCha20, 3DES RSA, ECC, Diffie-Hellman
Use in TLS Session data encryption Key exchange + certificate verification

In practice, TLS uses hybrid encryption: asymmetric to establish session key, symmetric for bulk data.


Network Troubleshooting

36. What does the ping command do?

ping sends ICMP Echo Request packets and waits for ICMP Echo Reply:

ping google.com
# PING google.com (142.250.74.46): 56 data bytes
# 64 bytes from 142.250.74.46: icmp_seq=0 ttl=117 time=12.3 ms
  • RTT (Round Trip Time): latency to destination
  • Packet loss: % of packets with no reply → congestion or host unreachable
  • TTL: decremented at each hop; if TTL reaches 0, router sends "Time Exceeded" ICMP

Note: some hosts/firewalls block ICMP — no ping response doesn't necessarily mean unreachable.

37. What does traceroute (or tracert on Windows) show?

traceroute reveals each hop between source and destination by sending packets with incrementing TTL (1, 2, 3…). Each router that discards a TTL-expired packet sends back an ICMP "Time Exceeded" message revealing its IP:

traceroute google.com
# 1  192.168.1.1  (your router)          1.2 ms
# 2  10.10.0.1    (ISP hop)              5.4 ms
# 3  72.14.198.66 (Google border)       10.1 ms
# 4  142.250.74.46 (google.com)         12.3 ms

Useful for diagnosing where packets are being dropped or experiencing high latency.

38. What does netstat / ss show?

Both display socket and connection information:

ss -tuln          # listening TCP/UDP ports (no DNS lookup)
ss -tunap         # all connections with process name
netstat -an       # all connections (older, slower)

Columns: Local address:port, Foreign address:port, State (LISTEN/ESTABLISHED/TIME_WAIT/CLOSE_WAIT)

39. How do you check which process is using a port?

# Linux
ss -tulnp | grep :8080
lsof -i :8080

# macOS
lsof -i :8080

# Windows
netstat -ano | findstr :8080
# then: tasklist | findstr <PID>

40. What is Wireshark used for?

Wireshark is a packet analyser (network sniffer) that captures and inspects network traffic in real time:

  • Capture on any network interface
  • Filter traffic: http, tcp.port == 443, ip.addr == 192.168.1.1, http.request.method == "POST"
  • Decode protocol layers (reassemble TCP streams, decrypt TLS with session keys)
  • Identify packet loss, retransmissions, latency

Common uses: debugging protocol issues, analysing security incidents, understanding application behaviour.


Advanced Networking Concepts

41. What is a load balancer and what algorithms does it use?

A load balancer distributes incoming traffic across multiple servers:

Algorithm How it works Best for
Round Robin Rotate through servers sequentially Servers with similar capacity
Weighted Round Robin Rotate but proportional to weight Different server capacities
Least Connections Send to server with fewest active connections Long-lived connections
Least Response Time Send to server with lowest latency + fewest connections Latency-sensitive apps
IP Hash Hash client IP → consistent server Session stickiness (no shared session store)
Random Pick randomly Simple, low overhead

Layer 4 LB: works at TCP level (fast, no content inspection) Layer 7 LB: understands HTTP — can route by URL, headers, cookies (Nginx, HAProxy, AWS ALB)

42. What is a CDN?

A CDN (Content Delivery Network) distributes content across globally distributed servers (Points of Presence / PoPs):

  • Users are served from the nearest PoP → reduced latency
  • Static assets (JS, CSS, images) cached at edge
  • Some CDNs handle dynamic content acceleration too
  • Benefits: lower origin load, DDoS protection, higher availability

How caching works: CDN respects Cache-Control and Expires headers. Origin can set max-age, s-maxage, stale-while-revalidate.

43. What is the difference between unicast, multicast, and broadcast?

Type Destination Example
Unicast Single specific host HTTP request (one client → one server)
Broadcast All hosts on subnet ARP requests (255.255.255.255 or subnet broadcast)
Multicast Group of interested hosts Video streaming (239.x.x.x range), OSPF (224.0.0.5)
Anycast Nearest member of a group DNS root servers, CDN PoP selection

IPv6 eliminates broadcast entirely — uses multicast instead.

44. What is QoS (Quality of Service)?

QoS mechanisms prioritise certain traffic types to ensure acceptable performance:

  • DSCP (Differentiated Services Code Point): marks packets with a 6-bit priority value in IP header
  • Traffic shaping: smooth out bursts by buffering traffic
  • Policing: drop or re-mark packets exceeding rate limit
  • Queuing: prioritise queues (LLQ puts voice/video first)

Example: VoIP packets marked with DSCP EF (Expedited Forwarding) are queued before bulk data.

45. What is network latency and what causes it?

Latency = time for a packet to travel from source to destination:

Component Cause
Propagation delay Physical distance (speed of light in fibre ~200,000 km/s)
Transmission delay Packet size / link bandwidth
Processing delay Router/switch forwarding decisions
Queuing delay Waiting in router buffers (congestion)

Rule of thumb: ~1ms per 100km in fibre. NYC↔London ≈ 70ms RTT minimum.

How to reduce latency: CDN/edge servers, use closer cloud regions, HTTP/2 or HTTP/3, reduce round trips (connection pooling, pipelining, caching).

46. What is SDN (Software-Defined Networking)?

SDN separates the control plane (routing decisions) from the data plane (packet forwarding):

Traditional: Control + Data plane on each router (distributed)

SDN:
  ┌──────────────────────────┐
  │   SDN Controller         │  ← Control plane (centralised)
  │   (OpenFlow, ONOS, etc.) │
  └──────────┬───────────────┘
             │ OpenFlow API
  ┌──────────┴───────────────────┐
  │  Forwarding devices (dumb)   │  ← Data plane
  └──────────────────────────────┘

Benefits: centralised management, programmable, rapid policy changes, better visibility.

47. What is network address space exhaustion and how is it addressed?

IPv4 exhaustion: IANA assigned the last /8 blocks in 2011. Solutions:

  1. NAT — many private addresses behind one public IP (short-term fix)
  2. IPv6 — 128-bit addresses, virtually unlimited
  3. IPv4 market — organisations sell/transfer unused blocks
  4. CGNAT (Carrier-Grade NAT) — ISPs put customers behind shared NAT

Long-term solution is IPv6 adoption, which is ongoing but incomplete.

48. What is a proxy server vs a reverse proxy?

Forward Proxy Reverse Proxy
Sits in front of Clients Servers
Hides Client identity from internet Server identity from clients
Used for Outbound filtering, caching, anonymity Load balancing, TLS termination, caching
Examples Squid, corporate web filter Nginx, HAProxy, Cloudflare
[Clients] → [Forward Proxy] → [Internet]
[Internet] → [Reverse Proxy] → [Backend servers]

49. What is network segmentation and why is it important?

Network segmentation divides a network into smaller isolated zones:

  • Security: limits blast radius of breaches — attacker in DMZ can't reach database network
  • Compliance: PCI-DSS requires cardholder data environment isolation
  • Performance: reduces broadcast traffic

Common zones:

Internet → [Firewall] → DMZ (web/email servers)
                     → [Inner Firewall] → Corporate LAN
                                       → [DB Firewall] → Database zone

Micro-segmentation: fine-grained policies at workload level (east-west traffic); used in zero-trust architectures.

50. What is the zero-trust network model?

Zero trust assumes no implicit trust — every access request is verified regardless of network location:

Principles:

  • "Never trust, always verify" — authenticated even inside the network
  • Least-privilege access — only grant what's needed
  • Assume breach — design for lateral movement prevention
  • Micro-segmentation — limit blast radius

Implementation: identity verification (MFA), device health checks, policy-based access (ZTNA replaces VPN), network microsegmentation, continuous monitoring.

Contrasts with perimeter-based security ("castle and moat") where inside the network = trusted.


Common mistakes

Mistake Correct approach
Confusing collision domain with broadcast domain Switches separate collision domains; routers separate broadcast domains
Thinking NAT provides security NAT is not a firewall; stateful firewall rules provide security
Using 0.0.0.0/0 in firewall rules everywhere Apply least-privilege; restrict by IP, port, and protocol
Forgetting that DNS uses both UDP and TCP UDP for queries <512B; TCP for large responses, zone transfers
Treating bandwidth as latency High bandwidth doesn't mean low latency
Confusing authentication and encryption Authentication = who you are; encryption = data is unreadable
Not considering IPv6 IPv6 is widely deployed; test firewall rules and routing for both
Assuming ping failure = host down ICMP may be blocked; try TCP connection instead

Networking vs. related fields

Field Focus Networking overlap
Cloud computing Virtualised infra (AWS, Azure) VPCs, security groups, load balancers
Security Protecting systems Firewalls, IDS, VPN, encryption
DevOps Deploy pipelines, infra DNS, load balancers, service mesh
SRE/Ops Reliability, SLOs Network monitoring, latency debugging
Systems programming OS internals Sockets, TCP stack, kernel networking

FAQ

Q: What is the difference between a subnet mask and a wildcard mask? Subnet mask and wildcard mask are bitwise opposites. Subnet mask uses 1s for the network bits (255.255.255.0); wildcard mask uses 0s for exact match and 1s for "don't care" (0.0.0.255). Wildcard masks are used in ACLs (Cisco) and OSPF configurations.

Q: How does a switch know where to send a frame? A switch maintains a MAC address table (CAM table). When a frame arrives on a port, the switch records {source MAC → port}. When forwarding, it looks up the destination MAC. If not found, it floods the frame to all ports except the source. Over time, the table fills and flooding decreases.

Q: What is the difference between routing and forwarding? Routing is the control-plane process of building routing tables (running OSPF, BGP, calculating best paths). Forwarding is the data-plane action of looking up a destination IP in the table and sending the packet to the correct interface — happens at line rate in hardware.

Q: Why does UDP have no handshake? UDP is designed for low-latency applications where some packet loss is acceptable (VoIP, video streaming, online gaming, DNS). The overhead of establishing a connection, retransmitting, and maintaining state is unwanted. Applications that need reliability over UDP implement it themselves (e.g., QUIC, SCTP).

Q: What is the difference between a public and private IP address? Public IPs are globally unique and routable on the internet; assigned by ISPs and IANA. Private IPs (RFC 1918: 10.x.x.x, 172.16-31.x.x, 192.168.x.x) are only valid within a local network and must go through NAT to reach the internet.

Q: How does HTTPS prevent man-in-the-middle attacks? TLS uses certificates signed by trusted CAs. The browser validates the certificate chain against its built-in CA store and verifies the server's hostname matches the certificate. An attacker can intercept traffic but cannot present a valid certificate for the target domain without the private key (or compromising a CA). Corporate HTTPS inspection (SSL bump) is a controlled exception using a trusted internal CA.

Related tools

Keep reading

All Toolmingotools are free & run in your browser

No sign-up, no upload, no watermark. Your files never leave your device.

Browse all tools