Code Room
System designHardsd-g626
Subject Ddos mitigation securityLevel Senior–Staff~50 minCommon in Security · Reliability & on-call interviewsIndustries Technology

Question

Design a DDoS-mitigation layer protecting a global platform from volumetric (L3/L4 floods), protocol, and application-layer (L7) attacks, capable of absorbing multi-terabit attacks while keeping p99 latency for legitimate users under 50ms. It must distinguish attack traffic from flash-crowd legitimate spikes, automatically engage scrubbing, and not blackhole real users. Cover the network architecture, detection, the mitigation pipeline, and the legitimate-vs-attack discrimination trade-off.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.