Chapter 14

Best Practices and Anti-Patterns

The closing chapter distills the whole course into a handful of design principles and a catalog of the mistakes that cause most real outages.

4 topics

Every earlier chapter taught one mechanism in isolation — how a packet is forwarded, how a CIDR is sized, how a firewall decides, how PMTUD discovers an MTU. This chapter is where they collide. Real systems fail not because any single mechanism is misunderstood but because the interactions between them were never designed for: the redundant link that shared a conduit with its primary, the subnet that had no room to grow, the default-allow rule nobody audited, the blocked ICMP that turned a working path into a black hole.

The four topics here are deliberately synthetic. Designing for failure pulls together anycast, multi-region, and health-checking into a single discipline of eliminating shared fate. The anti-patterns capstone is a cross-referenced field guide to the recurring mistakes, each pointing back at the chapter that explains it. The hardening checklist turns default-deny, encryption, and segmentation into a pre-production review you can run down. Capacity planning sizes the address space, the state tables, and the bandwidth before they run out — because the failure modes here are slow, silent, and expensive to reverse.

Three failure questions, three design principles

When this one component dies, does the whole path die?→Redundancy

When one host is breached, can it reach everything else?→Segmentation

When growth arrives, does a finite resource run out?→Capacity headroom