Code Room
System designHard
Question
Design a managed VPN / secure-tunnel service (a mesh overlay like a WireGuard-based zero-trust network) connecting 500k client devices and 50k servers across many private networks. You need encrypted point-to-point tunnels, sub-100 ms added latency, key rotation, and a control plane that programs who-can-reach-whom. How do you separate control and data planes, route packets, and handle key distribution?
What a strong answer looks like
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.
Learn the concepts
Loading whiteboard…
Run or narrate your approach, then ask the coach.