Networking FAQ
Common questions about TCP, UDP, TLS, QUIC, eBPF, and how networks work. Each answer is short. Links go to the full explanation.
What is the difference between TCP and UDP?
TCP guarantees delivery by numbering every byte and requiring acknowledgment. UDP sends data without waiting for confirmation — send and forget.
TCP is used where reliability matters: web pages, database queries, file transfers. UDP is used where speed matters: DNS lookups, video streaming, gaming. QUIC builds TCP-like reliability on top of UDP, getting the best of both.
See How TCP Works for the full walkthrough of TCP's delivery guarantees.
What is the TCP 3-way handshake?
SYN, SYN-ACK, ACK. The client proposes a connection, the server accepts, and the client confirms. This exchange happens before any application data flows.
The handshake adds one round trip of latency. On a 50ms link, that is 50ms before data starts moving. QUIC eliminates this by merging the transport and encryption handshakes into one round trip.
See the handshake diagram in How TCP Works for a step-by-step breakdown.
What is the difference between TLS and SSL?
SSL is the old name. TLS replaced SSL in 1999 and the two are not the same protocol. TLS 1.3 (the current version) is fundamentally different from SSL — faster handshake, fewer cipher suites, mandatory forward secrecy.
When people say "SSL certificate" they mean a TLS certificate. The certificate format has not changed, but the protocol that uses it has.
See How TLS Works for the full explanation of the TLS 1.3 handshake.
Why does kubectl port-forward drop my Postgres connection?
TLS sends a close_notify after TCP starts closing. kubectl port-forward sees the unexpected data during shutdown and kills the entire tunnel. The connection drops with an "unexpected EOF" error.
This is not a Postgres limitation. It is how TLS and TCP interact when a proxy sits between them. Use sslmode=disable for local port-forwarding, or use a LoadBalancer service that terminates TLS properly.
See Why kubectl port-forward Drops Your Postgres Connection for the full investigation with packet captures.
Why does TLS send a TCP RST on close?
TLS and TCP have independent shutdown sequences. TLS sends close_notify while TCP is already sending FIN. The leftover TLS data arrives on a closing TCP connection, and the receiving side responds with a RST because the connection is no longer accepting data.
This is normal behavior, not an error. Every TLS connection that uses TCP's orderly shutdown will produce a RST in the packet capture.
See Why TLS Sends a TCP RST on Close for the full sequence diagram and packet analysis.
What is QUIC and why is it faster than TCP?
QUIC merges TCP and TLS into one protocol running on UDP. One handshake instead of two saves a full round trip of latency on every new connection.
QUIC uses independent streams, so a lost packet in one stream does not block data in other streams — eliminating head-of-line blocking. Connections also survive network changes (switching from WiFi to cellular) because QUIC identifies connections by ID, not by IP address and port.
See How QUIC Works for the full protocol breakdown.
What is eBPF?
eBPF lets you run programs inside the Linux kernel without modifying it. The kernel verifies every program for safety before running it — no crashes, no infinite loops, no unauthorized memory access.
eBPF is used for networking (Cilium replaces iptables), security (firewalls that inspect packets at the socket level), and observability (tracing syscalls without restarting processes).
See How eBPF Works for the full walkthrough of the verifier and program lifecycle.
What is a DPU?
A DPU (Data Processing Unit) is a programmable processor on a network card that handles networking, encryption, and security without using the host CPU. The host runs application workloads while the DPU handles infrastructure.
AWS Nitro and Azure MANA are DPU-based architectures. They offload packet processing, TLS termination, and firewall rules to dedicated hardware.
See The Future of Networking for how DPUs change network architecture.
What is head-of-line blocking?
Head-of-line blocking happens when one lost packet delays all other data behind it, even data meant for completely different requests. TCP has this problem because it guarantees order across the entire connection — if packet 5 is lost, packets 6 through 20 wait even though they arrived fine.
QUIC solves this with independent streams. A lost packet in stream A only blocks stream A. Streams B, C, and D continue unaffected.
See How QUIC Works for the full explanation of QUIC's stream multiplexing.
What is forward secrecy?
Forward secrecy means past conversations stay encrypted even if the server's private key is compromised later. Each connection generates a new key pair through a key exchange. The session key is never stored — it exists only in memory during the connection.
TLS 1.3 makes forward secrecy mandatory. Every connection uses an ephemeral key exchange. There is no option to disable it.
See How TLS Works for the full explanation of TLS 1.3's key exchange and why forward secrecy matters.