Networking & Protocols
The three-way handshake
You opened this page and a stranger on another continent agreed to talk to you. Before any HTTP request, before TLS, before DNS resolved — TCP did three things: said hello, agreed on starting sequence numbers, and confirmed the agreement. That is the handshake.
What TCP does in one sentence
TCP turns two strangers on the network into a reliable two-way conversation: every byte arrives in order, every byte is acknowledged, and missing bytes are resent. The handshake is how the conversation starts.
The IP layer moved packets across networks, but it did not care if they arrived, arrived in order, or arrived at all. TCP adds a contract: every byte is numbered, every byte is acknowledged, and if one is missing it is retransmitted. That contract is negotiated in the handshake. Before the handshake, both sides are strangers. After it, both sides carry state: buffers, windows, and the agreement to talk until one of them says goodbye.
Why care
Without TCP every web request would have to manage its own retries and ordering. TCP gives every higher protocol (HTTP, IMAP, SSH, anything that runs over it) a clean reliable pipe for free.
The phone-call metaphor
Imagine two people on a phone call. Before they say anything important they exchange “hello — can you hear me? — yes, I can hear you, can you hear me? — yes.” That short three-step ritual is the TCP handshake.
- SYN = “hello, here is my counter”
- SYN-ACK = “I hear you, here is my counter, and I confirm I heard your counter”
- ACK = “I confirm your counter, let’s begin”
Now both phones agree they are on the same line and can start the real conversation.
The handshake in plain dialogue
Bea dials Sven and says “Hello, my counter starts at 42,000,000.” Sven picks up: “Got it, your next byte should be 42,000,001; my counter starts at 99,000,000.” Bea: “Got it, your next byte should be 99,000,001, let’s go.” From this moment every word both of them say is numbered so neither can lose track.
- Step 1 (client→server)
- SYN seq=X
- Step 2 (server→client)
- SYN-ACK seq=Y ack=X+1
- Step 3 (client→server)
- ACK seq=X+1 ack=Y+1
- State after step 3
- ESTABLISHED on both sides
- Cost
- 1 full round-trip (RTT)
- LAN RTT
- 0.1–1 ms
Why three steps and not two
TCP is bidirectional and both sides must agree on each other’s starting sequence numbers. A two-step handshake (SYN then data) would leave the server’s sequence number unacknowledged. The third step (ACK) proves the client is alive and has read the server’s reply. It also bounds half-open connections: if a SYN arrives but no ACK follows, the server times out the half-open entry and frees memory.
One scenario end to end
You click a link in your browser. Underneath, the browser already finished IP routing (it knows the server’s address) and DNS (it resolved the name). Now it does the TCP handshake you just learned. Once finished, the browser layers TLS on top to seal the connection, and only then does the actual HTTP request travel.
Why does TCP need three messages and not two?
What guarantee does TCP give once the handshake completes?
Order the three steps of the TCP handshake:
- 1 Client sends SYN with its starting sequence number
- 2 Server replies with SYN-ACK: its sequence number plus an acknowledgement of the client's
- 3 Client sends ACK confirming the server's sequence number
- 4 Both sides move to ESTABLISHED and can exchange data
Fill in the blank: the TCP handshake is like a _______ where both sides confirm they can hear each other before saying anything important.
Why this works
Why TCP adds statefulness. IP is stateless: each packet is routed independently and the network keeps no memory of previous packets. TCP adds state at both endpoints — buffers, window sizes, sequence counters. This state is what enables reliability. The handshake is the moment that state is created and agreed upon. After it, both sides are no longer strangers.
- 01In one sentence: why does every new TCP connection take at least one round-trip before any data flows?
- 02What would go wrong if TCP used a two-step handshake (SYN then data) instead of three steps?
- 03What is the difference between TCP and IP in terms of delivery guarantees?
TCP builds a reliable ordered byte stream on top of IP’s best-effort packet delivery. The three-way handshake is how the connection starts: the client sends SYN with its initial sequence number, the server replies with SYN-ACK carrying its own sequence number and confirming the client’s, and the client sends ACK confirming the server’s. All three steps are necessary because TCP is bidirectional — both directions must independently acknowledge each other’s starting counter. The cost is one full round-trip, which is 80–300 ms on intercontinental links. Higher-layer protocols (TLS, HTTP) build on this foundation, which is why understanding the handshake is essential for diagnosing latency.
appears again in152
- Why GraphQL gets N+1junior
- DataLoader mechanics: tick-boundary batchingmiddle
- Batch function contracts: ordering, shapes, errorsmiddle
- Federation and lookahead: batching beyond DataLoadermiddle
- Query complexity defences: depth, cost, persisted queriesmiddle
- Senior GraphQL API: scheduling contract, tenant isolation, observabilitysenior
- Why idempotency: making retries safejunior
- Server-side state machine: four states of an idempotency keymiddle
- Outbox and inbox: effectively-once across the dual-write boundarymiddle
- Concurrency and cache architecture for idempotency at scalesenior
- Observability, production failures, and global-scale designsenior
- The event loop: one thread, three queuesjunior
- Tasks, microtasks, and scheduler.yield()middle
- Microtask starvation, Long Tasks, and LoAFsenior
- Node.js event loop: phases, nextTick, and loop lagsenior
- React, Vue, and INP observability in productionsenior
- The render pipeline: six stages from bytes to pixelsjunior
- Stage costs and the renderer process modelmiddle
- Invalidation, dirty bits, and containmiddle
- Compositor layers: promotion, overlap, and GPU memorymiddle
- DevTools flame strip and the frame lifecyclemiddle
- Layout thrash: forced synchronous layoutsenior
- BeginMainFrame, compositor-driven animations, and GPU memorysenior
- Production observability: LoAF, INP, and the full attack surfacesenior
- What V8 is and why performance varies 100×junior
- V8''''s four-tier JIT pipeline and profile-guided tieringmiddle
- Hidden classes, transition trees, and memory layoutmiddle
- Inline caches, IC states, and deoptimizationmiddle
- Orinoco GC: parallel scavenger, concurrent marking, and write barriersmiddle
- TurboFan''''s speculative engine and the deopt-loop trapsenior
- V8 in production: isolates, pointer compression, and real failuressenior
- Service worker lifecycle and cache strategiesmiddle
- Service worker edge cases: version skew, durability, and navigation trapssenior
- What the reconciler does: render vs commitjunior
- The fiber object and the double-buffer treemiddle
- Render phase purity and commit phase sub-stepsmiddle
- Reconciliation: diffing heuristics and the key trapmiddle
- Priority lanes, time-slicing, and useTransitionmiddle
- Bailout, memoisation, and tearingsenior
- React Profiler, the Compiler, and production observabilitysenior
- Rendering strategies: SSG, SSR, ISR, streaming, and hydrationjunior
- SSG, SSR, ISR, streaming, and RSC — how each worksmiddle
- Hydration cost: selective, progressive, islands, resumabilitymiddle
- Hydration mismatch: causes, detection, and the determinism rulesenior
- RSC, per-route strategy, and production observabilitysenior
- Core Web Vitals: what LCP, INP, and CLS measurejunior
- CLS: why layout shifts happen and how to stop themmiddle
- Metric tradeoffs, RUM attribution, and the CI+field loopsenior
- The full picture: URL to LCP to INP as a relay racejunior
- Eight layers traced: from the service worker to the second navigationmiddle
- Five canonical breaks: where production reliably diessenior
- The three-track method: reading traces and building a monitored systemsenior
- What is a cache stampede and why it makes things worsejunior
- Lock and single-flight: bounding concurrent rebuildsmiddle
- XFetch: coordination-free probabilistic early expirationmiddle
- Stale-while-revalidate and CDN request coalescingmiddle
- Detecting stampedes and designing TTL for productionmiddle
- Metastable failure, fencing tokens, and production postmortemssenior
- What a relation is: tables, rows, keys, and constraintsjunior
- Constraints, keys, and Postgres data typesmiddle
- Normal forms, denormalization, and why schemas stickmiddle
- JSONB, arrays, and when a side table winsmiddle
- Heap storage, TOAST, and column alignmentsenior
- Schema integrity: deferral, versioning, and production failure modessenior
- Relational vs document, wide-column, graph, and key-valuesenior
- Index-only scans, the Visibility Map, and INCLUDEsenior
- Production failure modes and the index audit playbooksenior
- pg_statistic, ANALYZE, and production observabilitymiddle
- Production failure modes and plan stabilitysenior
- MVCC: why readers and writers never wait for each otherjunior
- Row versions and snapshots: the on-disk mechanicsmiddle
- HOT updates and isolation levels: what you gain and what you paymiddle
- Vacuum and bloat: keeping the storage tax boundedmiddle
- CLOG, XID wraparound, and MultiXact: deep visibility internalssenior
- SSI internals and production autovacuum tuningsenior
- Real-world MVCC failures, deployment patterns, and distributed snapshotssenior
- Connection pools: amortising the cost of a Postgres backendjunior
- PgBouncer session, transaction, and statement modesmiddle
- Pool sizing: the (cores × 2) + spindles formula and the two-layer stackmiddle
- Pool exhaustion and idle-in-transaction: the 3 AM failure modemiddle
- Migrating to transaction mode: rollout playbook and PgBouncer 1.21 prepared statementsmiddle
- The Postgres process model and why raising max_connections degrades throughputsenior
- Pooler landscape 2026, serverless connection storms, and the full failure-mode taxonomysenior
- What a schema migration is and why it replaces ad-hoc DDLjunior
- ADD COLUMN: instant in PG 11+ vs rewrite in older Postgresjunior
- The lock-queue failure mode: why instant DDL can freeze the databasemiddle
- Safe DDL patterns: NOT VALID, CONCURRENTLY, and unsafe-op fixesmiddle
- Expand-contract: zero-downtime for breaking schema changesmiddle
- Advisory locks, migration tools, and deploy coordinationsenior
- Migration failure taxonomy and production disciplinesenior
- Why sharding exists: the single-Postgres ceilingjunior
- Shard-key selection: hash, range, list, and directory strategiesmiddle
- Partitioning vs sharding: same word, two different thingsmiddle
- Co-location and Citus: the invariant that makes sharding usablemiddle
- The hot-shard failure mode: detection, isolation, and durable policymiddle
- Schema-based sharding and multi-tenancy alternativessenior
- Online resharding, 2PC, and the operational cost of shardingsenior
- The seven acts: from CREATE TABLE to Citusjunior
- Acts 1–3 in depth: schema, indexes, and planner statisticsmiddle
- Acts 4–6 in depth: MVCC bloat, connection pooling, and safe migrationsmiddle
- Act 7 in depth: sharding, co-location, and the seven-tier tradeoff cascademiddle
- Observability, anti-patterns, and production triagesenior
- Raft roles, terms, and why majority quorums prevent split brainjunior
- How Raft replicates a log entry and decides it is safe to commitmiddle
- Raft leader election: timeouts, voting rules, and the four safety propertiesmiddle
- Raft in the real world: partitions, slow disks, and client routingmiddle
- Raft extensions: pre-vote, learners, snapshots, and linearizable readssenior
- Raft in production: membership changes, Multi-Raft, and observabilitysenior
- Where data fetching happens — and why it decides LCPjunior
- Fetch waterfalls — diagnosis and the Promise.all curemiddle
- React Server Components and Suspense streamingmiddle
- Client-side cache: TanStack Query, SWR, and stale-while-revalidatemiddle
- LCP, prefetch, and race conditions in interactive fetchingmiddle
- Senior internals: RSC payload, caching layers, and production failure modessenior
- What the three signals are: logs, metrics, and tracesjunior
- Why structured logs exist: the diary vs the spreadsheetjunior
- The production log schema: fields every line must carrymiddle
- PII redaction and log injectionsenior
- OTel Logs Data Model and audit logs as a subsystemsenior
- SLI, SLO, and the error budget: reliability by the numbersjunior
- Error budget policy, latency SLOs, and composite journeysmiddle
- Production SLO failures, self-observability, security, and the big picturesenior
- The incident loop: from pager to postmortem to preventionmiddle
- Cache lines, struct layout, and false sharingmiddle
- SIMD, SoA vs AoS, and memory bandwidthmiddle
- Cache-oblivious algorithms, PGO, and production failuressenior
- GC in production: observability, security, edge cases, and fleet governancesenior
- Batching: amortize fixed cost per operationjunior
- The batching window: size and wait timemiddle
- Batching in Kafka and Postgresmiddle
- io_uring and observability of batchingmiddle
- From Nagle to io_uring: evolution of batchingmiddle
- Backpressure, failure isolation, and batch security in productionsenior
- CI enforcement and RUM: making budgets stickmiddle
- V8 JIT pipeline, HTTP priorities, and bundle securitysenior
- The performance loop: discipline, not a projectjunior
- Classify and fix: matching bottleneck families to remediesmiddle
- Observability stack and CI gates: catching regressions before they shipmiddle
- Incident to enforcement: SLO burn to verified fix in 35 minutesmiddle
- Culture, economics, and org-scale performancesenior
- At-most-once, at-least-once, exactly-once: the three delivery contractsjunior
- The three failure legs — where duplicates and losses actually happenmiddle
- Consumer-side dedup: the cheapest path to exactly-once processingmiddle
- Kafka exactly-once semantics: idempotent producer and transactionsmiddle
- SQS visibility timeout, DLQ, and the outbox patternmiddle
- Exactly-once in production: impossibility proof, hybrid patterns, and real incidentssenior
- What OAuth is and why passwords are not the answerjunior
- Authorization code flow with PKCEmiddle
- ID token validation and JWKS cache managementmiddle
- Refresh token rotation and scope-based least privilegemiddle
- Sender-constrained tokens: DPoP and mTLSsenior
- OAuth in production: audience attacks, observability, and real failuressenior