Advertisement
Interview Question
Outbound calls from your private subnets start failing intermittently. Investigation suggests SNAT port exhaustion. How do you confirm and fix?
Key Points to Cover
- Confirm via NAT gateway metrics (connections/ports in use)
- Correlate to bursty egress patterns and connection reuse
- Increase NAT gateways or scale subnets; tune timeouts
- Enable connection pooling/keep-alive and reduce parallel outbound
- Implement egress proxy or VPC endpoints for popular services
Evaluation Rubric
Confirms SNAT exhaustion with metrics35% weight
Optimizes client connection behavior25% weight
Scales NAT/egress capacity safely20% weight
Reduces reliance via endpoints/proxies20% weight
Hints
- 💡Ephemeral port reuse and TIME_WAIT tuning matter.
Common Pitfalls to Avoid
- ⚠️Focusing solely on the NAT gateway metrics without investigating the underlying application behavior.
- ⚠️Assuming the problem is always the NAT gateway itself and not considering application-level inefficiencies.
- ⚠️Overlooking the possibility of incorrect subnet routing leading to traffic hitting the wrong NAT gateway.
- ⚠️Implementing a quick fix like increasing timeouts without understanding the root cause of high connection volume.
- ⚠️Failing to consider the impact of stateful firewalls or network ACLs potentially interfering with connection states.
Potential Follow-up Questions
- ❓How to size NAT capacity?
- ❓What’s the impact of HTTP/2 multiplexing?
Advertisement
Related Questions
Questions that share similar topics with this one
NAT vs PAT
Beginner📞 Phone Screen•2 min•Phone
Designing a Multi-Cluster Kubernetes Strategy
Advanced🔬 Technical Deep Dive•5 min•Technical
Handling Distributed Cache Invalidation
Advanced🔬 Technical Deep Dive•5 min•Technical
Zero-Downtime Database Migration Strategy
Advanced🔬 Technical Deep Dive•5 min•Technical
Designing a Database Sharding Strategy
Advanced🔬 Technical Deep Dive•5 min•Technical