Network architecture, troubleshooting, and infrastructure patterns. Use when designing network topologies, debugging connectivity issues, configuring load balancers, DNS, or implementing network security.
Comprehensive network engineering skill covering network design, troubleshooting, load balancing, DNS, and network security.
| Layer | Name | Protocols | Troubleshooting |
|---|---|---|---|
| 7 | Application | HTTP, DNS, SMTP | curl, browser tools |
| 6 | Presentation | SSL/TLS | openssl |
| 5 | Session | NetBIOS | - |
| 4 | Transport | TCP, UDP | netstat, ss |
| 3 | Network | IP, ICMP | ping, traceroute |
| 2 | Data Link | Ethernet | arp |
| 1 | Physical | - | cable tester |
Subnet Strategy:
VPC CIDR: 10.0.0.0/16 (65,536 IPs)
Public Subnets (internet-facing):
- 10.0.1.0/24 (AZ-a) - Load balancers, bastion
- 10.0.2.0/24 (AZ-b)
- 10.0.3.0/24 (AZ-c)
Private Subnets (application tier):
- 10.0.11.0/24 (AZ-a) - App servers
- 10.0.12.0/24 (AZ-b)
- 10.0.13.0/24 (AZ-c)
Database Subnets (isolated):
- 10.0.21.0/24 (AZ-a) - Databases only
- 10.0.22.0/24 (AZ-b)
- 10.0.23.0/24 (AZ-c)
Traffic Flow:
| Type | Layer | Use Case |
|---|---|---|
| Application (ALB) | 7 | HTTP/HTTPS, path routing |
| Network (NLB) | 4 | TCP/UDP, static IP, high performance |
| Classic | 4/7 | Legacy |
| Gateway | 3 | Third-party appliances |
# ALB Health Check
health_check:
path: /health
protocol: HTTP
port: 8080
interval: 30
timeout: 5
healthy_threshold: 2
unhealthy_threshold: 3
matcher: "200-299"
| Type | Purpose | Example |
|---|---|---|
| A | IPv4 address | example.com → 192.0.2.1 |
| AAAA | IPv6 address | example.com → 2001:db8::1 |
| CNAME | Alias | www → example.com |
| MX | Mail server | example.com → mail.example.com |
| TXT | Arbitrary text | SPF, DKIM, verification |
| NS | Name server | DNS delegation |
| SRV | Service location | _sip._tcp.example.com |
| CAA | Certificate authority | Restrict CA issuance |
# Query specific record type
dig example.com A
dig example.com MX
dig example.com TXT
# Query specific DNS server
dig @8.8.8.8 example.com
# Trace DNS resolution
dig +trace example.com
# Check propagation
dig +short example.com @{dns-server}
| Record Type | Recommended TTL |
|---|---|
| Static content | 86400 (1 day) |
| Dynamic content | 300 (5 min) |
| Failover records | 60 (1 min) |
| Pre-migration | Lower to 60 |
| Type | Validation | Use Case |
|---|---|---|
| DV | Domain ownership | Basic sites |
| OV | Organization verified | Business sites |
| EV | Extended validation | High-trust sites |
| Wildcard | *.domain.com | Multiple subdomains |
| SAN | Multi-domain | Multiple specific domains |
Recommended Settings:
# Check certificate
openssl s_client -connect example.com:443 -servername example.com
# Check certificate chain
openssl s_client -connect example.com:443 -showcerts
# Check expiration
echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates
# Test TLS versions
openssl s_client -connect example.com:443 -tls1_2
openssl s_client -connect example.com:443 -tls1_3
# Check if port is listening
netstat -tlnp | grep :80
ss -tlnp | grep :80
# Test TCP connectivity
nc -zv hostname 443
telnet hostname 443
# Check routes
ip route
traceroute hostname
mtr hostname
# DNS resolution
nslookup hostname
dig hostname
host hostname
# Network interfaces
ip addr
ifconfig
# Active connections
netstat -an
ss -tuln
# Bandwidth test
iperf3 -c server-ip
# Latency analysis
ping -c 100 hostname | tail -1
# MTU issues
ping -M do -s 1472 hostname
# Packet capture
tcpdump -i eth0 port 443
references/troubleshooting.md - Detailed troubleshooting workflows