Code Room
System designHard
Question
Design a network-telemetry / flow-record collector that ingests NetFlow/IPFIX/sFlow from 50,000 routers and switches, peaking at 5M flow records/sec over UDP. It must handle lossy UDP ingest, template-based decoding, high-cardinality aggregation (top talkers, per-prefix bytes), and serve both real-time anomaly detection and historical queries. How do you ingest, decode, aggregate, and store at this rate?
What a strong answer looks like
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.
Learn the concepts
Loading whiteboard…
Run or narrate your approach, then ask the coach.