network-engineering
Original:🇺🇸 English
Translated
Network architecture, troubleshooting, and infrastructure patterns. Use when designing network topologies, debugging connectivity issues, configuring load balancers, DNS, or implementing network security.
9installs
Source89jobrien/steve
Added on
NPX Install
npx skill4agent add 89jobrien/steve network-engineeringTags
Translated version includes tags in frontmatterSKILL.md Content
View Translation Comparison →Network Engineering
Comprehensive network engineering skill covering network design, troubleshooting, load balancing, DNS, and network security.
When to Use This Skill
- Designing network topologies
- Troubleshooting connectivity issues
- Configuring load balancers
- DNS configuration and troubleshooting
- SSL/TLS setup and debugging
- Network security implementation
- Performance optimization
- CDN configuration
Network Architecture
OSI Model Reference
| Layer | Name | Protocols | Troubleshooting |
|---|---|---|---|
| 7 | Application | HTTP, DNS, SMTP | curl, browser tools |
| 6 | Presentation | SSL/TLS | openssl |
| 5 | Session | NetBIOS | - |
| 4 | Transport | TCP, UDP | netstat, ss |
| 3 | Network | IP, ICMP | ping, traceroute |
| 2 | Data Link | Ethernet | arp |
| 1 | Physical | - | cable tester |
VPC/Network Design
Subnet Strategy:
VPC CIDR: 10.0.0.0/16 (65,536 IPs)
Public Subnets (internet-facing):
- 10.0.1.0/24 (AZ-a) - Load balancers, bastion
- 10.0.2.0/24 (AZ-b)
- 10.0.3.0/24 (AZ-c)
Private Subnets (application tier):
- 10.0.11.0/24 (AZ-a) - App servers
- 10.0.12.0/24 (AZ-b)
- 10.0.13.0/24 (AZ-c)
Database Subnets (isolated):
- 10.0.21.0/24 (AZ-a) - Databases only
- 10.0.22.0/24 (AZ-b)
- 10.0.23.0/24 (AZ-c)Traffic Flow:
- Internet → Load Balancer (public) → App (private) → DB (isolated)
- NAT Gateway for private subnet outbound
- VPC Endpoints for AWS services
Load Balancing
Load Balancer Types
| Type | Layer | Use Case |
|---|---|---|
| Application (ALB) | 7 | HTTP/HTTPS, path routing |
| Network (NLB) | 4 | TCP/UDP, static IP, high performance |
| Classic | 4/7 | Legacy |
| Gateway | 3 | Third-party appliances |
Health Checks
yaml
# ALB Health Check
health_check:
path: /health
protocol: HTTP
port: 8080
interval: 30
timeout: 5
healthy_threshold: 2
unhealthy_threshold: 3
matcher: "200-299"Routing Strategies
- Round Robin: Equal distribution
- Least Connections: Route to least busy
- IP Hash: Sticky sessions by client IP
- Weighted: Percentage-based distribution
- Path-based: Route by URL path
- Host-based: Route by hostname
DNS
Record Types
| Type | Purpose | Example |
|---|---|---|
| A | IPv4 address | |
| AAAA | IPv6 address | |
| CNAME | Alias | |
| MX | Mail server | |
| TXT | Arbitrary text | SPF, DKIM, verification |
| NS | Name server | DNS delegation |
| SRV | Service location | |
| CAA | Certificate authority | Restrict CA issuance |
DNS Debugging
bash
# Query specific record type
dig example.com A
dig example.com MX
dig example.com TXT
# Query specific DNS server
dig @8.8.8.8 example.com
# Trace DNS resolution
dig +trace example.com
# Check propagation
dig +short example.com @{dns-server}TTL Strategy
| Record Type | Recommended TTL |
|---|---|
| Static content | 86400 (1 day) |
| Dynamic content | 300 (5 min) |
| Failover records | 60 (1 min) |
| Pre-migration | Lower to 60 |
SSL/TLS
Certificate Types
| Type | Validation | Use Case |
|---|---|---|
| DV | Domain ownership | Basic sites |
| OV | Organization verified | Business sites |
| EV | Extended validation | High-trust sites |
| Wildcard | *.domain.com | Multiple subdomains |
| SAN | Multi-domain | Multiple specific domains |
TLS Configuration
Recommended Settings:
- TLS 1.2 and 1.3 only
- Strong cipher suites (AEAD)
- HSTS enabled
- OCSP stapling
- Certificate transparency
Debugging SSL
bash
# Check certificate
openssl s_client -connect example.com:443 -servername example.com
# Check certificate chain
openssl s_client -connect example.com:443 -showcerts
# Check expiration
echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates
# Test TLS versions
openssl s_client -connect example.com:443 -tls1_2
openssl s_client -connect example.com:443 -tls1_3Troubleshooting
Connectivity Checklist
- Physical/Cloud layer: Is the instance running?
- Security groups: Are ports open?
- NACLs: Are subnets allowing traffic?
- Route tables: Is routing correct?
- DNS: Does name resolve?
- Application: Is service listening?
Common Commands
bash
# Check if port is listening
netstat -tlnp | grep :80
ss -tlnp | grep :80
# Test TCP connectivity
nc -zv hostname 443
telnet hostname 443
# Check routes
ip route
traceroute hostname
mtr hostname
# DNS resolution
nslookup hostname
dig hostname
host hostname
# Network interfaces
ip addr
ifconfig
# Active connections
netstat -an
ss -tulnPerformance Debugging
bash
# Bandwidth test
iperf3 -c server-ip
# Latency analysis
ping -c 100 hostname | tail -1
# MTU issues
ping -M do -s 1472 hostname
# Packet capture
tcpdump -i eth0 port 443Reference Files
- - Detailed troubleshooting workflows
references/troubleshooting.md
Integration with Other Skills
- cloud-infrastructure - For cloud networking
- security-engineering - For network security
- performance - For network optimization