Code Room
System designHardsd-g699
Subject Vpn tunnel service protocolLevel Senior–Staff~45 minCommon in Security · Networking & APIs interviewsIndustries Technology, Telecom

Question

Design a managed VPN / secure-tunnel service (a mesh overlay like a WireGuard-based zero-trust network) connecting 500k client devices and 50k servers across many private networks. You need encrypted point-to-point tunnels, sub-100 ms added latency, key rotation, and a control plane that programs who-can-reach-whom. How do you separate control and data planes, route packets, and handle key distribution?

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.