Networking

Protocol fundamentals every backend engineer should be able to reason about. Anchored on invariants — no version pins.

OSI model (the mental map)

Real traffic skips the session layer and often fuses presentation into the application — but the 7-layer model is how engineers agree on "where the bug lives".

Layer Name Unit Examples
1 Physical Bits Cables, wireless radio, fiber
2 Data Link Frames Ethernet, MAC addresses, switches
3 Network Packets IP, routing, routers
4 Transport Segments TCP, UDP — ports live here
5 Session Data Session mgmt (often merged into app layer)
6 Presentation Data TLS, compression, encoding
7 Application Data HTTP, gRPC, SMTP, DNS

TCP vs UDP

TCP

Three-way handshake: SYN → SYN/ACK → ACK. Exchanges initial sequence numbers (used to detect lost/reordered packets) and negotiates options (MSS, window scale, SACK).

Four-way teardown: each side sends FIN + receives ACK independently (allows half-close). Shortcut with RST for abnormal termination.

  • Reliable, ordered, byte-stream — the OS re-assembles out-of-order packets for you
  • Congestion + flow control are built in — rate adapts to network conditions
  • Connection setup latency: 1 RTT (2 RTTs including TLS setup)
  • Head-of-line blocking at the transport layer: one lost packet stalls all data behind it

UDP

  • Connectionless — no handshake, no ordering, no retransmission
  • One datagram = one packet (no splitting across packets by the transport)
  • Good for: DNS queries, video/voice (packet loss < retransmission-delay), gaming, QUIC / HTTP-3 underpinning
  • If you need reliability, you either build it on top (QUIC does) or use TCP

When to reach for UDP

UDP is the right choice when a retransmitted packet would arrive too late to be useful (voice, video, real-time gaming) or when the protocol wants its own congestion control (QUIC). For almost everything else, use TCP or something built on top of it.

TLS handshake (the shape)

  1. Client says hello with supported ciphers + its ephemeral key share
  2. Server picks a cipher, sends its certificate + its key share
  3. Both sides derive the same symmetric session key (never transmitted — Diffie-Hellman style)
  4. All subsequent application data is encrypted with that symmetric key

DNS record types

Type Purpose Example
A IPv4 address for a name example.com → 93.184.216.34
AAAA IPv6 address for a name example.com → 2606:2800:220:1:…
CNAME Alias one name to another name www.example.com → example.com
MX Mail server for a domain example.com → 10 mail.example.com
TXT Arbitrary text (SPF, DKIM, verification) v=spf1 include:_spf.example.com ~all
SRV Service location — host + port _sip._tcp.example.com → 10 60 5060 sipserver.example.com
NS Which name servers are authoritative for a zone example.com → ns1.example.com
PTR Reverse lookup — IP to name 34.216.184.93.in-addr.arpa → example.com
CAA Which CAs may issue certs for this domain example.com CAA 0 issue "letsencrypt.org"

HTTP status codes

1xx Informational — rarely seen in practice
  • 101 Switching Protocols (WebSocket upgrade)
2xx Success
  • 200 OK
  • 201 Created
  • 202 Accepted
  • 204 No Content
3xx Redirection / cache
  • 301 Moved Permanently
  • 302 Found
  • 304 Not Modified (conditional GET)
  • 307 Temporary Redirect (preserve method)
4xx Client error — the request is wrong
  • 400 Bad Request
  • 401 Unauthorized (missing / bad auth)
  • 403 Forbidden (authed but not allowed)
  • 404 Not Found
  • 409 Conflict
  • 422 Unprocessable Entity
  • 429 Too Many Requests
5xx Server error — the server could not fulfill a valid request
  • 500 Internal Server Error
  • 502 Bad Gateway (upstream returned garbage)
  • 503 Service Unavailable (overloaded / maintenance)
  • 504 Gateway Timeout (upstream did not answer in time)

HTTP caching headers

Header Purpose
Cache-Control Master control. `max-age`, `s-maxage`, `no-store`, `private`, `public`, `must-revalidate`
ETag Opaque version identifier for a resource. Client sends back `If-None-Match`; server returns 304 if unchanged
Last-Modified Timestamp alternative to ETag. Client sends `If-Modified-Since`
Vary Tells caches which request headers make a response unique (e.g., `Vary: Accept-Encoding`)
Age How long (seconds) a cached response has been held

CIDR math

10.0.0.0/24 = "first 24 bits are the network, remaining 8 bits are hosts". Count backwards from 32 to get host bits, then 2host bits is the address count.

Mask Addresses Usable hosts Typical use
/32 1 1 Single host (`10.0.0.1/32`)
/30 4 2 Point-to-point link
/29 8 6 Tiny subnet
/24 256 254 Classic "LAN" size
/22 1,024 1,022 Small team / rack
/16 65,536 65,534 VPC or large private network
/8 16,777,216 16,777,214 10.0.0.0/8 (RFC1918 private space)

Rules of thumb

  • Each drop of 1 in the prefix doubles the address count.
  • /32 is one address; every decrement adds a bit to the host portion.
  • Usable hosts = 2^(32-prefix) − 2 (drop network and broadcast addresses).
  • Exceptions: /31 (2 addresses, 2 usable — RFC 3021) and /32 (1 address, 1 usable).
  • To split a /24 into four /26s: each /26 has 2^(32-26) = 64 addresses. The original 0–255 splits into 0–63, 64–127, 128–191, 192–255.