Devices.
1. Understanding The Devices Terms.
Internet (External Users)
In the 2nd figure, all users access the company applications from internet. Requests like website access or API calls start from here. Since this is outside the company, traffic from internet is considered unsafe by default.
Modem
Modem is the first hardware device inside the company boundary. It recieves the connection from ISP and converts signals into digital data. This makes the internet usable for internal networking devices.
Router
Router is placed after the modem in this setup. It connects the company network to internet and manages routing of packets. From backend view, router decides how user requests actually reaches company servers.
Firewall
Firewall comes next in the flow and acts as a security checkpoint. It filters all incoming and outgoing traffic based on rules. Many times backend issues happens here if ports or IPs are blocked by firewall.
Switch (Internal Office Network)
Switch connects employee systems, internal tools and server machines. It handles internal traffic using MAC addresses. This ensures fast communication between office devices and backend servers.
Load Balancer
Load balancer sits in front of application servers in the 2nd figure. All user requests first hit this device. It distributes traffic evenly so one server does not get overloaded.
Application Servers
These are physical machines where backend code is deployed. They process requests and send responses back through the same flow. Multiple servers are used for scalability and fault tolerance.
Data Storage Systems
Data is stored at backend storage level. Direct access from internet is not allowed. Application servers communicate with storage internally for security and performance reasons.
2. Hub vs Switch packet broadcast comparison
Explanation According to the Diagram (Hub vs Switch)
In the left side of the diagram, a hub is shown in the center with many devices connected to it. One device is marked as sender and all other devices are receivers. When the sender sends a packet, the hub does not know who the actual receiver is. So the hub sends the same packet to all connected devices (A, B, C, D, E, F, G, H). Even devices that are not supposed to get the data will recieve it. This is why many arrows are shown going out from the hub to every device.
In the right side of the diagram, a switch is shown in the center. Here also one device is sender, but when it sends a packet, the switch checks the destination address. The switch already knows which device should recieve the packet. So it sends the packet only to device C*, which is the intended receiver. Other devices like A, B, D, E, F, G, H do not get the packet at all. This is why only one arrow is highlighted in the switch diagram.*
In this diagram, both hub and switch are shown connecting multiple devices in a local network. One device acts as sender and others act as receivers. The main purpose of the diagram is to show how data packets are handled differently by hub and switch when a sender sends data. Even though both look similar in connection, the way data flows is completely different.
Difference Between Hub and Switch (Based on Diagram)
| Hub | Switch |
| Hub sends packet to all connected devices | Switch sends packet only to intended device |
| All receivers A, B, C, D, E, F, G, H get the data | Only receiver C gets the data |
| Hub does not know destination address | Switch checks destination using MAC address |
| Creates lot of unwanted traffic | Avoids unnecessary traffic |
| Chances of collision are high | Collisions are very less |
| Slower and inefficient | Faster and efficient |
3. Firewall placement in a network How It Works.
Internet (Untrusted Zone)
In the 2nd figure, internet is shown as the outer most part of the network. All user requests and traffic comes from here. Since this area is outside the company, it is always treated as untrusted and risky.
Modem and Router Layer
After internet, the connection reaches the modem and router. Modem converts ISP signals and router manages routing. At this stage, traffic is still not allowed to directly reach company systems, it only prepares the data to move forward.
Firewall Placement
Firewall is placed after the router and before the internal company network in the 2nd figure. This position allows firewall to inspect all incoming and outgoing traffic. Any unauthorised request is blocked here before it can reach office devices or servers.
Internal Network (Trusted Zone)
Behind the firewall lies the internal network which includes switches, employee systems and servers. Because firewall filters traffic, this zone is considered more trusted. Only allowed data is permitted to enter this part of the network.
Servers and Applications Protection
In the figure, servers are placed behind the firewall. This ensures backend systems are never directly exposed to internet. Even if someone targets the server, firewall rules stop access unless explicitly allowed.
4. Load balancer distributing traffic across multiple servers.
Real World Load Balancing Is Distributed In This Way.
| Layer / Side | What is Shown in Figure | Explanation |
| End Users | Users connecting to Load Balancer 1 | End users send requests like website access or API calls. These requests do not go directly to servers. They first reach Load Balancer 1, which handles large number of incoming connections. |
| Load Balancer 1 | First load balancer between users and backend | Load Balancer 1 distributes user traffic across multiple backend servers. It prevents one backend server from getting overloaded. This helps handle high user traffic smoothly. |
| Backend Servers | Group of application servers | Backend servers run the actual application logic. Each server processes requests independently. Requests are shared so backend stays fast and responsive even under load. |
| Load Balancer 2 | Second load balancer between backend and database | Load Balancer 2 manages traffic coming from backend servers. It decides which database server should handle the request. This avoids overloading a single database. |
| Database Servers | Multiple database machines | Database servers store application data. Load Balancer 2 distributes database queries across them. This improves performance and provides fault tolerance if one DB fails. |
5. End-to-end network architecture of a web application
This Diagram Explains How The Web App Works.
1. DNS (Domain Name System)
DNS is the very first step when a user opens a website. When user types a domain name in browser, DNS converts that name into an IP address. Without DNS, browser would not know where the web application is hosted. This step happens before any request reaches the server.
User’s Browser
The browser is where the request is created. User actions like clicking buttons or loading pages generate HTTP requests. Browser sends these requests to the server and also receives responses like HTML, CSS, JS and data.
2. Load Balancer
After DNS resolution, the request reaches the load balancer. Load balancer is the main entry point of the application. It distributes incoming traffic across multiple web app servers. This prevents one server from getting overloaded and helps scale the application.
Web App Servers
Web app servers contain the actual backend code. These servers handle authentication, business logic and API processing. Multiple servers are used so that application remains available even if one server fails.
4. Database
Database stores all important application data like user info, orders and records. Web app servers communicate with database to read and write data. Database is not directly exposed to users for security reasons.
5. Caching Service
Caching service is used to store frequently accessed data in memory. This reduces load on database and improves response time. Instead of hitting database every time, app server first checks cache.
6a. Job Queue
Job queue is used for background tasks. Tasks like sending emails or processing large data are added to queue. This helps keep main application fast and responsive.
6b. Job Servers
Job servers pick tasks from job queue and execute them. These tasks run asynchronously and do not block user requests. This is very important for scalable systems.
7. Full Text Search Service
This service is used for search functionality. It allows fast searching across large datasets. Instead of querying database directly, search queries are handled by this dedicated service.
8. Services (Microservices / External Services)
Services represent additional components or microservices. These can be payment services, notification systems or third-party APIs. Web app servers communicate with these services as needed.
9a. Data Firehose
Data firehose collects application events and logs. It streams data continuously for analytics or monitoring. This data is not used for user requests but for system insights.
9b. Copy Data
Data is copied from firehose to storage systems. This allows long-term analysis and reporting. Copying happens asynchronously.
9c. Data Warehouse
Data warehouse stores processed analytics data. It is used for reporting, dashboards and business intelligence. Normal application flow does not depend on this layer.
10. Cloud Storage
Cloud storage is used to store static files like images, videos and backups. Web app servers upload files here and users download them when needed. This reduces load on app servers.
11. CDN (Content Delivery Network)
CDN serves static content from locations closer to users. Instead of fetching files from main server every time, CDN delivers cached content. This improves speed and reduces latency.
Overall Flow Summary
User → DNS → Load Balancer → Web App Servers → Cache / Database / Services
Static content → Cloud Storage → CDN → User
Background work → Job Queue → Job Servers
Analytics → Firehose → Data Warehouse
Why This Architecture Is Used
This architecture supports scalability, security and performance. Each component has a single responsibility. Backend engineers must understand this flow because many production issues are caused by caching, load balancing or networking, not just code bugs.