Search tools and guides ⌘K
8 scenarios
Flow · request walkthrough

What happens when you press Enter.

Eight requests. Click each hop to reveal what it does. When you can walk a trace top-to-bottom from memory, you're ready for the question senior infra interviews open with.

curl https://api.example.com → EC2

A plain HTTPS GET hitting an EC2 instance behind an ALB. From pressing Enter to the bytes coming back.

~20 min · 7 layers in the canonical answer
0 / 7 revealed
  1. 01
    DNS
  2. 02
    TCP
  3. 03
    TLS
  4. 04
    HTTP request
  5. 05
    ALB / target group
  6. 06
    EC2 instance
  7. 07
    Reverse path

How to use this drill

Pick a scenario the night before, or on your commute. Try the walkthrough mode first; reveal each step only after you've named it out loud. The steps you couldn't name are the gaps in your prep.

When a scenario starts to feel easy, switch to reorder mode. Putting layers back in the right order is a different muscle; candidates routinely know what each layer does in isolation but can't sequence them under pressure.

The layers every trace touches

Across the eight scenarios, the same handful of layers reappear.

  • Name resolution. DNS, sometimes service discovery (Consul, K8s DNS, EDS). Common follow-up: how is the answer cached, where, and for how long? DNS deep dive
  • Transport. TCP three-way, or QUIC fused. Interesting follow-up is congestion control: slow start, BBR vs CUBIC, how many RTTs to fill the pipe.
  • TLS. Handshake, certificate validation, key exchange. TLS 1.3 fuses to 1 RTT (0 RTT for resumption); TLS 1.2 is 2 RTT. TLS deep dive
  • Application protocol. HTTP/1.1, HTTP/2, HTTP/3, gRPC, Postgres wire, WebSocket frames. Each is a framing layer on top of the bytes; each has its own quirks (head-of-line blocking, multiplexing, request coalescing).
  • Proxy / load balancer / sidecar. ALB, nginx, Envoy. Follow-up is health checking, sticky routing, and connection pooling.
  • Application code. The part the candidate usually mentions first and dwells on the longest. The interviewer is usually probing the *other* layers; spend proportional time on those.
  • Storage. When the scenario involves a database, this is where MVCC, WAL, the page cache, and the index come in. Database internals

What candidates skip

After dozens of these traces, these are the layers most often missed.

  • The kernel. Sockets, TCP send/recv buffer, congestion-control state, the page cache reading TLS handshake bytes off the NIC. Saying "the kernel" once per trace earns credibility.
  • Connection reuse. "It opens a new TCP connection" is wrong half the time. Modern stacks reuse aggressively: HTTP/2 multiplexes; gRPC pins a long-lived HTTP/2 connection; DB pools reuse.
  • BGP / anycast for CDNs. The reason your CDN feels fast is BGP anycast. Most candidates name "geo-DNS" instead, which is a related but distinct mechanism.
  • iptables / nftables in service meshes. Istio's sidecar trick is iptables redirect. If you say "the request goes through Envoy" without explaining the redirect, you've skipped the magic.
  • The reverse path. Don't stop at "the response is sent". Trace it. Most of the latency in a small response is the forward setup; for larger responses, the reverse path involves congestion control, retransmissions, and reverse-proxy buffering.

Frequently asked questions

How many layers should I name?

For a 20-minute discussion, seven to ten layers is the sweet spot. Fewer means you're skipping; more usually means you're nesting sub-details (which are good follow-up material, but the main trace should be terse).

Is it okay to draw the trace as a diagram?

Yes. Most senior infrastructure rounds reward a quick layered diagram. Boxes for each component, arrows annotated with the protocol, brief notes on what each box does. Diagram plus spoken trace beats either alone.

Why does this come up so often in senior interviews?

It's a ten-minute test for ten years of experience. An L4 trace ends at "the request hits the server". A senior trace names BGP anycast, TLS resumption, HTTP/2 multiplexing, the kernel page cache, the proxy's connection pool — the kinds of details that only emerge from running production systems.

Should I memorise specific RFC numbers?

No. Knowing "TCP is RFC 793" doesn't help; knowing "TCP's three-way handshake exists to synchronise initial sequence numbers and to confirm both directions of the connection" does. Memorise behaviours, not citations.

Related on Semicolony

Related Concepts Related Concepts
Interview Concepts Interview Levels Interview Loops Interview Patterns Interview Rubric Interview System Design Interview Warmup Study Path Interview — overview
Found this useful?