How to Approach System Design

1. What are we rate limiting? API calls? Login attempts? Payment transactions? Each has completely different requirements. Login rate limiting needs strict accuracy (to prevent brute force attacks). API rate limiting can tolerate some fuzziness.
2. Per user? Per IP? Per API key? This changes the storage strategy entirely. Rate limiting 1,000 merchants? Everything fits in memory on one machine. Rate limiting 100 million IPs? You need distributed storage.
3. What happens when the limit is hit? Return a 429 status code? Queue the request for later? Silently drop it? Show a CAPTCHA? Each response strategy has different complexity.
4. Does the limit need to be exact or approximate? Exact counting across distributed servers is hard — you need some form of coordination (consensus, locks, or atomic operations). Approximate counting (allowing 5% overshoot) is 10x simpler to build and 100x easier to scale.
5. How many rate-limited entities? Rate limiting 1,000 entities is trivial (everything in memory). Rate limiting 100 million requires distributed counters, and the choice between algorithms like sliding window vs. token bucket suddenly matters.

Before drawing a single box, we ask questions. Here's what a great Step 1 looks like:

Now we have enough information to do back-of-envelope estimation:

A URL shortener has a beautifully simple component breakdown. Even at massive scale, there are really only three pieces:

1. URL Creation Service — Takes a long URL, generates a unique short key, stores the mapping. Handles the 1,160 writes/sec.
2. URL Redirect Service — Takes a short key, looks up the long URL, returns an HTTP 301/302 redirect. Handles the 116,000 reads/sec.
3. Analytics Service — Counts clicks per short URL. Read access patterns are different (batch queries, not real-time).

Notice how each component has a single job and a clear reason to exist. The creation service is write-heavy. The redirect service is read-heavy. They have completely different performance profiles, which is why they're separate — you might scale them independently.

Now we zoom into each component and define exactly what it does. Let's start with the two core APIs:

API Design

Data Model

Why CHAR(7) for the short key? Let's do the math. We use Base62 encoding (a-z, A-Z, 0-9 = 62 characters). A 7-character key gives us 62⁷ = 3.5 trillion possible combinations. We need 182 billion. So 7 characters gives us roughly a 19x safety margin — plenty of room.

Request Flow: Creating a Short URL

Request Flow: Redirecting

On a cache miss, the server reads from the database (~5ms) and populates the cache for next time. With a 100:1 read/write ratio, most popular URLs stay hot in the cache, giving us a cache hit rate above 90%.

Decision 1: Database — SQL vs NoSQL?

Verdict: Both work. A URL shortener is essentially a key-value store — simple enough that the database choice barely matters. If you're comfortable with PostgreSQL, use it with range-based sharding on the short key. If you want zero-ops horizontal scaling, DynamoDB is excellent for this use case. The important thing is the "because": "I chose DynamoDB because the data model is pure key-value, we need automatic horizontal scaling to 18 TB, and we don't need transactions or joins."

Decision 2: Key Generation — Base62 vs MD5 Hash?

Verdict: Use a distributed counter approach. Pre-generate ranges (Server 1 gets IDs 1-1M, Server 2 gets 1M-2M, etc.) to avoid the centralized bottleneck. Each server encodes its IDs as Base62 independently. No collisions, no coordination after initial range assignment. This is simpler and more reliable than hash-based approaches.

Decision 3: Caching Strategy

At 116K reads/sec, we absolutely need a cache. Redis is the right choice here because: (1) the data is key-value (short_key → long_url), which is Redis's sweet spot, (2) we need sub-2ms reads for the 50ms latency target, and (3) Redis's LRU eviction naturally keeps popular URLs hot. With a 20 GB Redis instance, we can cache the top ~200 million most popular URLs in memory.

Decision 4: Sync vs Async

URL creation and redirect are both synchronous — the user needs an immediate response. Analytics counting, however, can be asynchronous: on every redirect, we fire a message to a simple queue, and a background worker increments the click counter. This keeps the redirect path fast (no extra database write in the critical path).

For a URL shortener, most components are already simple enough. But there's one piece worth decomposing further: the ID Generation Service.

If we use a single auto-incrementing counter, it becomes a single point of failure. So let's apply the framework recursively:

• Step 1 (for ID Gen): We need 1,160 unique IDs per second, globally unique, no collisions.
• Step 2 (for ID Gen): Two approaches: (a) a Zookeeper-based range allocator, or (b) multiple independent counters with different offsets.
• Step 3 (for ID Gen): Range allocator: each server requests a block of 1 million IDs. It uses those locally until exhausted, then requests another block.
• Step 4 (for ID Gen): ZooKeeper for range allocation because we need strong consistency (two servers must never get the same range), and ZooKeeper is built for exactly this kind of coordination.

See? Same 5 steps, applied to a sub-problem. The ID Generation Service went from a vague "generate unique IDs" to a concrete, justified design with specific technology choices.

Here are the questions that define this system:

This system has more natural boundaries than the URL shortener. Each component handles a distinct concern:

1. API Gateway — Receives notification requests from other services (e.g., "Send a password reset email to user 12345")
2. Notification Orchestrator — The brain. Receives requests, checks preferences, applies rate limits, renders templates, and routes to the right channel
3. Delivery Services — Three separate services: Push (talks to APNs/FCM), Email (talks to SMTP/SendGrid), SMS (talks to Twilio)
4. User Preferences Service — Stores and serves per-user, per-channel opt-in/opt-out settings
5. Rate Limiter — Enforces per-user, per-channel sending limits

Notice how the message queue (Kafka) separates the orchestrator from the delivery services. This is critical: if the SMS provider is slow, it doesn't slow down push notifications. Each channel consumes from its own queue independently.

API Design

Notice the response is 202 Accepted, not 200 OK. This tells the caller: "I've received your request and queued it for processing, but it hasn't been delivered yet." This is the asynchronous pattern in action — the API responds instantly, and the actual delivery happens in the background.

Core Notification Flow

The caller gets a response in 12ms. The actual push notification arrives at the user's phone ~250ms later. The caller doesn't wait for delivery — that's the beauty of async processing with a message queue.

Data Models

Decision 1: Why Kafka for the Message Queue?

We have three delivery channels with different speeds and different failure rates. Kafka gives us:

• Separate topics per channel — Push, email, and SMS each have their own topic. If the SMS provider goes down, push notifications keep flowing.
• Persistence — Messages are stored on disk. If a delivery service crashes, it picks up where it left off when it restarts. No messages lost.
• Replay capability — If we deploy a buggy push service that drops messages, we can replay the Kafka topic to re-send them.

Why not RabbitMQ? At 1,850 messages/sec, either would work. But Kafka's replay capability is valuable for a notification system — if a delivery fails, we can retry from the same message without re-generating it. RabbitMQ deletes messages after consumption, so you'd need a separate retry mechanism.

Decision 2: Why PostgreSQL for Preferences and Templates?

User preferences are relational: a user has preferences across multiple channels and notification types. Templates are structured documents with version history. Both benefit from:

• ACID transactions — When a user toggles "email OFF," that change must be immediately consistent. We can't risk sending an email 1 second after the user opted out.
• Rich queries — "Show me all users who opted out of marketing emails" is a single SQL query. Useful for compliance reporting.

The read volume is low (~185 preference lookups/sec at average load). A single PostgreSQL instance handles this trivially.

Decision 3: Why Redis for Rate Limiting?

Rate limiting needs two properties: it must be fast (in the critical path of every notification) and it must be atomic (two concurrent requests shouldn't both pass when only one should). Redis gives us:

• Sub-millisecond reads/writes — In the critical path, we can't afford 5ms database calls.
• Atomic INCR + EXPIRE — Redis's INCR command is atomic, so two concurrent notifications won't both read "4 out of 5" and both pass.
• Built-in TTL — Counters auto-reset when the window expires. No cleanup job needed.

Decision 4: Async Everywhere Except Preferences

The orchestrator checks preferences synchronously (we must respect opt-outs before queuing). Everything after that is asynchronous: the actual delivery happens via Kafka consumers. This keeps the API response fast (~12ms) while delivery happens in the background (100ms-30s depending on channel).

The Push Delivery Service still feels complex. It needs to: consume from Kafka, call APNs/FCM, handle failures, retry with backoff, and track delivery status. Let's apply the framework recursively:

Step 1 (for Push Service): Requirements

• Consume 10M messages/day from Kafka push topic (~116/sec average, ~1,160/sec peak)
• Call APNs for iOS and FCM for Android (two different external APIs)
• Retry up to 3 times with exponential backoff (1s, 4s, 16s)
• Track delivery status (queued, sent, delivered, failed)

Step 2 (for Push Service): Sub-components

1. Kafka Consumer — Reads messages from the push topic
2. Platform Router — Routes to APNs (iOS) or FCM (Android) based on device token
3. Retry Queue — Failed messages go here with a scheduled retry time
4. Status Tracker — Updates notification status in the database

Step 3 (for Push Service): Data Flow

On failure, the message goes to the retry queue instead:

This is the recursive power of baby steps. The "Push Service" went from a vague box on a whiteboard to a fully specified sub-system with its own consumer, router, retry logic, and status tracking. And we got there using the exact same 5 steps.

The Question

"Design a URL shortener like bit.ly."

What the Candidate Did

Instead of jumping to the architecture, she spent the first 7 minutes asking clarifying questions: "How many URLs per day? Do short links expire? Do we need analytics (click counts)? Is this public-facing or internal? What's the expected read-to-write ratio?" The interviewer answered each one, and by the end, she had a crisp scope: 100M new URLs/day, links never expire, basic analytics (click count only), 100:1 read-to-write ratio.

Then she did the math on the whiteboard: 100M writes/day = ~1,150 writes/sec. At a 100:1 ratio, that means ~115,000 reads/sec. Each record is ~500 bytes, so 100M/day × 500B × 365 days = ~18 TB/year. She mapped every number to a technology choice: "115K reads/sec needs a cache — Redis can handle 500K+ reads/sec from memory, so one Redis instance is enough. 18 TB/year means we need to partition the database, but the lookups are simple key-value, so DynamoDB handles this natively."

When the interviewer pushed back — "What if the ID generation becomes a bottleneck?" — she had an answer ready because she'd thought about it during scoping: "We can use a distributed ID approach with range-based allocation — each server pre-fetches a block of 10,000 IDs, so there's no central bottleneck."

Interviewer Feedback

"She drove the entire conversation. I barely had to prompt her. Every technology choice had a number behind it, and when I pushed back, she had already considered the alternative. This is what L5 looks like."

The Lesson

The Question

"Design a ride-sharing system like Uber."

What the Candidate Did

He had clearly studied this problem before. His architecture was solid: a matching service that pairs riders with nearby drivers, a location service that tracks driver positions in real-time using geospatial indexes, a pricing service that calculates surge pricing, and a notification service for ride updates.

The design was technically strong. But at Amazon, technical competence is the floor, not the ceiling. The interviewer kept steering toward leadership principles — "How would you decide between building the matching algorithm in-house versus buying a third-party solution?" "How would you handle a situation where the pricing team wants to change the surge algorithm but the matching team says it'll break their system?" "What trade-offs would you make if you had to ship the MVP in 3 months?"

Each time, the candidate gave a purely technical answer. "I'd benchmark both solutions and pick the faster one." "I'd add a versioned API between the services." "I'd cut the analytics dashboard." He never talked about customer impact, team dynamics, or business trade-offs.

Interviewer Feedback

"Strong technical design, genuinely. But at the SDE3 level, we need someone who thinks beyond the code. When I asked about build vs. buy, I wanted to hear about customer obsession — which option gets value to riders faster? When I asked about the team conflict, I wanted to hear about earning trust and disagree-and-commit. He answered like an engineer. We needed an engineering leader."

The Lesson

The Question

"Design the Facebook News Feed."

What the Candidate Did

This is one of the most intimidating questions because the real News Feed is incredibly complex — ML ranking models, social graph traversal, real-time updates, and thousands of engineers working on it. The candidate's genius move was starting simple and evolving.

He began with the simplest possible feed: "Let's start with a chronological feed — when you open the app, you see the 50 most recent posts from your friends, newest first." He drew three components: a Post Storage service, a Friend Graph service, and a Feed Builder that queries both. He estimated: "If a user has 500 friends and each friend posts once per day, that's 500 posts to sort — trivial for a single query."

Then the interviewer said: "OK, now you have 2 billion users." The candidate didn't panic. He calmly said: "That changes the math significantly. Let me re-estimate." He calculated: 2B users, maybe 500M daily active, each loading the feed ~10 times/day = 5B feed loads/day = ~58K feeds/second. "We can't compute each feed in real-time at this scale. We need to pre-compute." He introduced a fan-out-on-write approach for regular users and a fan-out-on-read hybrid for celebrities.

Interviewer Feedback

"What impressed me was the evolution. He didn't try to design for 2B users from the start. He built something simple, proved it worked at small scale, then scaled it up with specific reasoning. That's how we actually build things here — start simple, measure, then optimize."

The Lesson

The Question

"Design a real-time chat system for our B2B product. We have about 10,000 companies using us, with maybe 50 people per company."

What the Candidate Did

Here's what made this interview special: the candidate matched the complexity of the design to the complexity of the company. She didn't design for WhatsApp scale. She designed for this startup's scale.

She did quick math: 10,000 companies × 50 users = 500,000 total users. Even if all are online at once (they won't be), that's 500K WebSocket connections. A single server can handle ~65K connections, so she'd need about 8 servers. But realistically, maybe 10% are online at peak — so 50K connections, which is one well-configured server.

"For a startup at this scale, I'd keep it simple: one WebSocket server behind a load balancer, PostgreSQL for message storage, Redis for presence tracking (who's online). No Kafka, no sharding, no microservices. When you hit 100K concurrent users, we revisit."

The CTO pushed: "What about when we grow 10x?" She responded: "At 5 million users, I'd introduce message queues for async delivery, shard the database by company_id (natural partition), and add a second WebSocket server pool. But I wouldn't build that today because YAGNI — the engineering cost of building it now is real, and the scale that justifies it is hypothetical."

Interviewer Feedback

"She understood our stage. At a startup, the right architecture is the simplest one that works today and can evolve tomorrow. She didn't try to impress me with Kafka and Kubernetes — she impressed me by knowing when NOT to use them. That's maturity."

The Lesson

What You Do

Ask clarifying questions. Define what's in scope and what's out. Establish the scale. This is not a formality — it's the foundation everything else rests on. A shaky foundation means a shaky design.

Example Phrases to Use

• "Before I start designing, let me make sure I understand the problem. What are the core use cases we need to support?"
• "What's the expected scale? Are we talking thousands of users or hundreds of millions?"
• "Is this read-heavy or write-heavy? That'll drive the database and caching decisions."
• "Should I focus on the feed generation, the upload pipeline, or both?"
• "What are the latency requirements? Sub-100ms for reads?"

What the Interviewer Is Evaluating

Communication and ambiguity management. Can you take a vague problem and turn it into something concrete? Senior engineers don't build what they think is needed — they confirm what's actually needed. Every question you ask signals maturity.

Common Mistakes in This Block

• Spending zero time here — jumping straight to drawing boxes. This is Mistake #1 from Section 11.
• Asking too many questions — spending 10+ minutes on requirements. Keep it to 5-7 questions max. You need enough to estimate, not a full product spec.
• Not writing anything down — always jot the key numbers (users, QPS, storage) where the interviewer can see them. You'll reference these numbers throughout.

What You Do

Take the numbers from Step 1 and do quick math. How many requests per second? How much storage over 5 years? How much bandwidth? The point isn't precision — it's order-of-magnitude thinking.

Example Phrases to Use

• "Let me do some quick math on the scale. 100M daily users, each making about 20 requests — that's roughly 2 billion requests a day, or about 23K QPS."
• "For storage: if each record is about 1KB and we're adding 10M records per day, that's 10GB/day, or about 3.6TB per year."
• "At 23K QPS, a single server handling 1K QPS means we need about 25 application servers behind a load balancer."

What the Interviewer Is Evaluating

Quantitative reasoning. Can you translate requirements into numbers that drive architecture decisions? The math doesn't need to be exact. It needs to be in the right ballpark and it needs to inform your choices. If your math says 500 QPS but you design for 5 million QPS, the interviewer notices.

Common Mistakes in This Block

• Skipping estimation entirely — "I'll just use a scalable architecture." Without numbers, you can't justify any design choice.
• Getting lost in precision — spending 8 minutes calculating exact bytes. Round aggressively: 86,400 seconds/day ≈ 100K. Close enough.
• Not connecting math to decisions — calculating 2K QPS but never saying "...which means a single PostgreSQL instance can handle this without sharding."

What You Do

Draw the big picture. 4-6 boxes, arrows between them, clear labels. This is your high-level architecture. The interviewer should be able to look at your diagram and understand the entire data flow in 10 seconds.

Example Phrases to Use

• "Here's my high-level design. Users hit a load balancer, which routes to the API layer. The API layer talks to our main database for writes and a cache layer for reads."
• "I'm separating the write path from the read path because our estimation showed a 100:1 read-to-write ratio. This lets us scale reads independently."
• "I'll use an async message queue between the upload service and the processing service because transcoding is CPU-heavy and we don't want it blocking the upload response."

What the Interviewer Is Evaluating

Architecture thinking. Can you decompose a system into logical, independent components? Do the arrows make sense? Does the data flow have a clear path from input to output? Most importantly: does your design match the numbers from your estimation?

Common Mistakes in This Block

• Too many boxes — drawing 15 components before explaining any of them. Start with 4-6 and add more during the deep dive.
• No data flow direction — boxes connected by lines but no arrows. The interviewer can't tell which direction data moves.
• Premature technology choices — labeling boxes "Kafka," "Redis," "DynamoDB" before explaining why each component exists.

What You Do

This is where the interview is won or lost. Pick the 2-3 most interesting or challenging components from your high-level design and go deep. Define the API contracts. Choose the database schema. Explain the data flow step by step. Discuss trade-offs.

You have 20 minutes for this — the biggest single block. Use it wisely. Don't spread thin across every component. Go deep on a few rather than shallow on all.

Example Phrases to Use

• "Let me dive deeper into the feed generation service, since that's the most complex part. There are two approaches: fan-out-on-write and fan-out-on-read..."
• "For the database, I'm choosing PostgreSQL over DynamoDB here because we need JOIN queries for the friend-of-friend feature, and the data model is relational."
• "The trade-off with this caching approach is cache invalidation complexity. When a user updates their profile, we need to invalidate every cached feed that includes their posts."
• "I realize this creates a single point of failure. Let me add a replica with automatic failover..."

What the Interviewer Is Evaluating

Technical depth and trade-off analysis. Can you go from "a box labeled Database" to "PostgreSQL with a composite index on (user_id, created_at DESC), read replicas for the feed queries, and a connection pool sized for our 5K concurrent connections"? Can you explain why each choice is better than the alternatives for this specific problem?

How to Choose What to Deep-Dive

Pick the components that are most unique to this problem. A load balancer works the same way in every system — don't deep-dive on that. But the feed ranking algorithm for a social network? The real-time matching algorithm for a ride-sharing app? The consistency model for a collaborative editor? Those are gold. The interviewer is trying to see how you handle the hard parts, not the generic infrastructure.

What You Do

Walk through what happens when things break. This is where you show you've built (or at least thought about) real systems. Production systems crash, networks partition, disks fill up, third-party APIs go down. A design that only works when everything is perfect isn't a design — it's a wish.

Example Phrases to Use

• "What happens if the primary database goes down? I've set up a read replica with automatic failover. There's a brief period of read-only mode, maybe 10-30 seconds, while the replica is promoted."
• "If the cache goes down, all traffic hits the database directly. At 23K QPS, the database can handle about 5K QPS, so we'd need a circuit breaker to shed load gracefully while the cache recovers."
• "For the payment service, I'd add idempotency keys so that if a request is retried due to a timeout, we don't charge the user twice."

What the Interviewer Is Evaluating

Production readiness and operational maturity. Anyone can design a system that works when everything goes right. Senior engineers design systems that degrade gracefully when things go wrong. This is the section that separates "I studied system design" from "I've actually operated systems."

Key Failure Modes to Consider

• Server crashes — Do you have replicas? How long does failover take?
• Network partitions — Can your system keep working if one data center can't talk to another?
• Hot spots — What if one user (a celebrity, a viral post) gets 10,000x the normal traffic?
• Data corruption — What if bad data makes it into the database? Can you detect and recover?
• Thundering herd — What happens when the cache expires and 10,000 requests simultaneously hit the database?

What You Do

Summarize your design in 60 seconds. Restate the key decisions and trade-offs. Mention what you'd do differently with more time. Then ask the interviewer questions — this is your time to show curiosity.

Example Phrases to Use

• "Let me summarize: we have a write path through the API to PostgreSQL, a read path through Redis cache with a 100:1 read-write ratio, and async processing via a message queue for heavy operations like transcoding."
• "The main trade-off I made was choosing eventual consistency for the feed to optimize read latency. If consistency was more critical, I'd use a different approach."
• "Given more time, I'd want to explore the monitoring and alerting strategy, and think more carefully about the data migration plan for when we need to shard."

What the Interviewer Is Evaluating

Self-awareness and growth mindset. Can you identify the weaknesses in your own design? Do you know what you don't know? Saying "I chose X but I recognize that Y is a trade-off I'd want to revisit" is much stronger than pretending your design is perfect.

Closing Questions to Ask

• "What challenges does your team currently face with this kind of system?"
• "Is there a part of the design you'd like me to go deeper on?"
• "How does your team handle [specific technical challenge] in production?"