System Design & Architecture
17 posts
-
AWS VPC Edge Routing Guide Part 5: Four Standard Patterns — From Decision Tree to First Sketch
After Parts 0–4 unpack the decision trees, the blank canvas still feels paralyzing because trees give you candidates and forks but never the starting point, ordering, or interdependencies. This closing post pins down the four standard patterns that 90% of real workloads converge on (Serverless API / Container Web / Global Latency-sensitive / Hybrid Enterprise), maps each pattern's defaults onto Parts 0–4's decision trees, and recasts the trees as the tool you reach for when you need to deviate from the pattern — not as the starting point itself.
-
AWS VPC Edge Routing Guide Part 4: DNS Decisions and Route 53 — Hosted Zones, the Six Routing Policies, Alias vs CNAME, and Health Checks
The decision that always comes before the entry points in Parts 1, 2, and 3 — DNS. Route 53's Public vs Private Hosted Zones, the decisive difference between A / CNAME / Alias records, the six Routing Policies (Simple / Weighted / Latency / Geolocation / Geoproximity / Multi-value / Failover), the three kinds of Health Check, and the decision boundary among Route 53, Global Accelerator, and CloudFront. The DNS layer in the series; the synthesis closes in Part 5.
-
AWS VPC Edge Routing Guide Part 3: How Packets Actually Flow Inside a VPC — IGW, NAT Gateway, Route Tables, Security Group vs NACL
The four components (IGW, NAT GW, Route Table, SG vs NACL) that decide where packets go inside a VPC and where they get blocked. The real difference between Public and Private subnets, NAT Gateway mechanics, Route Table evaluation order, the decisive split between stateful and stateless firewalls, and the common anti-patterns. The final post in the AWS VPC Edge Routing Guide series.
-
AWS VPC Edge Routing Guide Part 2: Connecting a VPC to Other VPCs, AWS Services, and On-Prem — A Decision Tree for VPC Endpoint, PrivateLink, Peering, Transit Gateway, and Direct Connect
There are six ways to connect a VPC to another VPC, an AWS-managed service, or on-premises. Which decision problem each one solves, where they split on cost, scalability, and transitivity, and the common anti-patterns. A practical guide that ends in a single decision tree. Part 2 of the AWS VPC Edge Routing Guide series.
-
AWS VPC Edge Routing Guide Part 1: Picking the Right Entry Point — A Decision Tree for ALB, NLB, API Gateway, CloudFront, and Global Accelerator
There are five candidates for fronting a VPC on AWS. Which OSI layer each one operates at, the decision variables that separate them, and the common anti-patterns. A practical guide that ends in a single decision tree. Part 1 of the AWS network service blocks series.
-
AWS VPC Edge Routing Guide Part 0: Network and AWS Fundamentals — OSI, VPC, CIDR, ENI, Reverse Proxies, and the Core AWS Services You Need Before the Series
A primer that lands before the decision-tree posts. OSI 7-layer and L4/L7, VPC / Subnet / CIDR / AZ, ENI / EIP / Source NAT, HTTPS / TLS / mTLS / auth jargon, reverse proxies, and a one-page taxonomy of core AWS services — every concept the rest of the series leans on, gathered into one post.
-
AWS Private EC2 Operations Guide Part 1: Why Private Subnet? — The ALB + NAT Gateway Standard Architecture and Sizing-Based Decision Criteria
We unpack the 'why' behind the standard pattern of placing EC2 in a Private Subnet wrapped by ALB and NAT Gateway. Public IPv4 vs Elastic IP, sizing recommendations, HA basics, and the concrete risks of putting PII-handling servers in a Public Subnet. Part 1 of a Bastion-less AWS EC2 operations series.
-
FCFS Load Test Retrospective: Things Easy to Miss in Practice
Problems we hit while k6-testing 4 FCFS strategies — Rate Limiter conflicts, queue over-counting bugs. Plus 4 ways to isolate FCFS APIs from regular APIs in production: separate DataSource, Redis offloading, service separation, and Bulkhead pattern.
-
FCFS System Showdown: Load Testing All Approaches with k6
DB Lock, Redis, Queue, Token — we load-tested all 4 FCFS strategies under identical conditions (100 stock, 100/500/1,000/2,000 concurrent users) with k6. Each scenario ran 10 times to get stable averages for TPS, P95/P99 response times, and we identify the optimal strategy for each situation.
-
Implementing FCFS with Tokens: From Entry Tickets to Bot Prevention
Implements a first-come-first-served system that issues entry tokens upfront — only token holders can purchase. Covers JWT-based token design, TTL expiration strategy, and multi-layered bot prevention with Rate Limiting + CAPTCHA.
-
Implementing FCFS with Queues: From Redis Sorted Set to Kafka
Implements a first-come-first-served system using Redis Sorted Set waiting queues and Kafka message queues. Covers queue UX (polling vs WebSocket), slot reallocation on timeout/abandonment, and traffic spike absorption strategies.
-
Implementing FCFS with Redis: From DECR to Lua Scripts
Implements a first-come-first-served stock deduction system using Redis DECR atomic operations and Lua scripts. Builds it with Spring Boot + Redisson, directly compares TPS against DB locks under identical conditions (100 stock, 100 concurrent users), and covers Redis-DB consistency and failure recovery strategies.
-
Implementing FCFS with DB Locks: From FOR UPDATE to Concurrency Testing
Implements a first-come-first-served stock deduction system using SELECT FOR UPDATE. Builds it with Spring Boot + JPA, validates data consistency with 100 concurrent requests, and identifies where DB locks hit their limits.
-
First-Come-First-Served Systems Explained: 6 Implementation Strategies and How to Choose
Breaks down the core challenges of FCFS systems — concurrency, stock deduction, duplicate prevention — and compares 6 implementation strategies from DB locks to Redis, message queues, waiting queues, and token issuance.
-
Spring Boot Practical Guide Part 2: Caching Strategy and Redis
A complete caching guide from Cache-Aside pattern to cache problem resolution, ready to apply in production
-
Spring Boot Pre-Interview Guide Part 7: Advanced Patterns — Spring Boot 4 · Kotlin 2.3 · Events · Async · Multi-module
On Spring Boot 4 with Kotlin 2.3, the patterns that make your assignment stand out. Domain-and-side-effect separation via @TransactionalEventListener, async fan-out with @Async + CompletableFuture, file upload validation, URI versioning, layered vs Hexagonal vs CQRS, and multi-module Option A (DIP) vs Option B (pragmatic) — written without Lombok, using Kotlin primary constructors and val/var.
-
Spring Boot Pre-Interview Guide Part 4: Performance & Optimization — Spring Boot 4 · Kotlin 2.3 N+1, Pagination, Caching, QueryDSL
On Spring Boot 4 with Kotlin 2.3, learn the trade-offs between the three N+1 solutions (Fetch Join, @EntityGraph, @BatchSize), when to choose Page vs Slice vs Cursor, how to decide between Caffeine and Redis, and when QueryDSL and Projection actually earn their keep — the performance optimization checkpoints that separate passing assignments from standout ones, from an evaluator's perspective.