network-engineering
Network architecture, troubleshooting, and infrastructure patterns. Use when designing network topologies, debugging connectivity issues, configuring load balancers, DNS, or implementing network security.
Best use case
network-engineering is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. Network architecture, troubleshooting, and infrastructure patterns. Use when designing network topologies, debugging connectivity issues, configuring load balancers, DNS, or implementing network security.
Network architecture, troubleshooting, and infrastructure patterns. Use when designing network topologies, debugging connectivity issues, configuring load balancers, DNS, or implementing network security.
Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.
Practical example
Example input
Use the "network-engineering" skill to help with this workflow task. Context: Network architecture, troubleshooting, and infrastructure patterns. Use when designing network topologies, debugging connectivity issues, configuring load balancers, DNS, or implementing network security.
Example output
A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.
When to use this skill
- Use this skill when you want a reusable workflow rather than writing the same prompt again and again.
When not to use this skill
- Do not use this when you only need a one-off answer and do not need a reusable workflow.
- Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/network-engineering/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How network-engineering Compares
| Feature / Agent | network-engineering | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Network architecture, troubleshooting, and infrastructure patterns. Use when designing network topologies, debugging connectivity issues, configuring load balancers, DNS, or implementing network security.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Network Engineering
Comprehensive network engineering skill covering network design, troubleshooting, load balancing, DNS, and network security.
## When to Use This Skill
- Designing network topologies
- Troubleshooting connectivity issues
- Configuring load balancers
- DNS configuration and troubleshooting
- SSL/TLS setup and debugging
- Network security implementation
- Performance optimization
- CDN configuration
## Network Architecture
### OSI Model Reference
| Layer | Name | Protocols | Troubleshooting |
|-------|------|-----------|-----------------|
| 7 | Application | HTTP, DNS, SMTP | curl, browser tools |
| 6 | Presentation | SSL/TLS | openssl |
| 5 | Session | NetBIOS | - |
| 4 | Transport | TCP, UDP | netstat, ss |
| 3 | Network | IP, ICMP | ping, traceroute |
| 2 | Data Link | Ethernet | arp |
| 1 | Physical | - | cable tester |
### VPC/Network Design
**Subnet Strategy:**
```
VPC CIDR: 10.0.0.0/16 (65,536 IPs)
Public Subnets (internet-facing):
- 10.0.1.0/24 (AZ-a) - Load balancers, bastion
- 10.0.2.0/24 (AZ-b)
- 10.0.3.0/24 (AZ-c)
Private Subnets (application tier):
- 10.0.11.0/24 (AZ-a) - App servers
- 10.0.12.0/24 (AZ-b)
- 10.0.13.0/24 (AZ-c)
Database Subnets (isolated):
- 10.0.21.0/24 (AZ-a) - Databases only
- 10.0.22.0/24 (AZ-b)
- 10.0.23.0/24 (AZ-c)
```
**Traffic Flow:**
- Internet → Load Balancer (public) → App (private) → DB (isolated)
- NAT Gateway for private subnet outbound
- VPC Endpoints for AWS services
## Load Balancing
### Load Balancer Types
| Type | Layer | Use Case |
|------|-------|----------|
| Application (ALB) | 7 | HTTP/HTTPS, path routing |
| Network (NLB) | 4 | TCP/UDP, static IP, high performance |
| Classic | 4/7 | Legacy |
| Gateway | 3 | Third-party appliances |
### Health Checks
```yaml
# ALB Health Check
health_check:
path: /health
protocol: HTTP
port: 8080
interval: 30
timeout: 5
healthy_threshold: 2
unhealthy_threshold: 3
matcher: "200-299"
```
### Routing Strategies
- **Round Robin**: Equal distribution
- **Least Connections**: Route to least busy
- **IP Hash**: Sticky sessions by client IP
- **Weighted**: Percentage-based distribution
- **Path-based**: Route by URL path
- **Host-based**: Route by hostname
## DNS
### Record Types
| Type | Purpose | Example |
|------|---------|---------|
| A | IPv4 address | `example.com → 192.0.2.1` |
| AAAA | IPv6 address | `example.com → 2001:db8::1` |
| CNAME | Alias | `www → example.com` |
| MX | Mail server | `example.com → mail.example.com` |
| TXT | Arbitrary text | SPF, DKIM, verification |
| NS | Name server | DNS delegation |
| SRV | Service location | `_sip._tcp.example.com` |
| CAA | Certificate authority | Restrict CA issuance |
### DNS Debugging
```bash
# Query specific record type
dig example.com A
dig example.com MX
dig example.com TXT
# Query specific DNS server
dig @8.8.8.8 example.com
# Trace DNS resolution
dig +trace example.com
# Check propagation
dig +short example.com @{dns-server}
```
### TTL Strategy
| Record Type | Recommended TTL |
|-------------|-----------------|
| Static content | 86400 (1 day) |
| Dynamic content | 300 (5 min) |
| Failover records | 60 (1 min) |
| Pre-migration | Lower to 60 |
## SSL/TLS
### Certificate Types
| Type | Validation | Use Case |
|------|------------|----------|
| DV | Domain ownership | Basic sites |
| OV | Organization verified | Business sites |
| EV | Extended validation | High-trust sites |
| Wildcard | *.domain.com | Multiple subdomains |
| SAN | Multi-domain | Multiple specific domains |
### TLS Configuration
**Recommended Settings:**
- TLS 1.2 and 1.3 only
- Strong cipher suites (AEAD)
- HSTS enabled
- OCSP stapling
- Certificate transparency
### Debugging SSL
```bash
# Check certificate
openssl s_client -connect example.com:443 -servername example.com
# Check certificate chain
openssl s_client -connect example.com:443 -showcerts
# Check expiration
echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates
# Test TLS versions
openssl s_client -connect example.com:443 -tls1_2
openssl s_client -connect example.com:443 -tls1_3
```
## Troubleshooting
### Connectivity Checklist
1. **Physical/Cloud layer**: Is the instance running?
2. **Security groups**: Are ports open?
3. **NACLs**: Are subnets allowing traffic?
4. **Route tables**: Is routing correct?
5. **DNS**: Does name resolve?
6. **Application**: Is service listening?
### Common Commands
```bash
# Check if port is listening
netstat -tlnp | grep :80
ss -tlnp | grep :80
# Test TCP connectivity
nc -zv hostname 443
telnet hostname 443
# Check routes
ip route
traceroute hostname
mtr hostname
# DNS resolution
nslookup hostname
dig hostname
host hostname
# Network interfaces
ip addr
ifconfig
# Active connections
netstat -an
ss -tuln
```
### Performance Debugging
```bash
# Bandwidth test
iperf3 -c server-ip
# Latency analysis
ping -c 100 hostname | tail -1
# MTU issues
ping -M do -s 1472 hostname
# Packet capture
tcpdump -i eth0 port 443
```
## Reference Files
- **`references/troubleshooting.md`** - Detailed troubleshooting workflows
## Integration with Other Skills
- **cloud-infrastructure** - For cloud networking
- **security-engineering** - For network security
- **performance** - For network optimizationRelated Skills
wireshark-network-traffic-analysis
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". It provides comprehensive techniques for network packet capture, filtering, and analysis using Wireshark.
protocol-reverse-engineering
Master network protocol reverse engineering including packet analysis, protocol dissection, and custom protocol documentation. Use when analyzing network traffic, understanding proprietary protocols, or debugging network communication.
prompt-engineering-patterns
Master advanced prompt engineering techniques to maximize LLM performance, reliability, and controllability in production. Use when optimizing prompts, improving LLM outputs, or designing production prompt templates.
network-engineer
Expert network engineer specializing in modern cloud networking, security architectures, and performance optimization. Masters multi-cloud connectivity, service mesh, zero-trust networking, SSL/TLS, global load balancing, and advanced troubleshooting. Handles CDN optimization, network automation, and compliance. Use PROACTIVELY for network design, connectivity issues, or performance optimization.
network-101
This skill should be used when the user asks to "set up a web server", "configure HTTP or HTTPS", "perform SNMP enumeration", "configure SMB shares", "test network services", or needs guidance on configuring and testing network services for penetration testing labs.
hybrid-cloud-networking
Configure secure, high-performance connectivity between on-premises infrastructure and cloud platforms using VPN and dedicated connections. Use when building hybrid cloud architectures, connecting data centers to cloud, or implementing secure cross-premises networking.
data-engineering-data-pipeline
You are a data pipeline architecture expert specializing in scalable, reliable, and cost-effective data pipelines for batch and streaming data processing.
data-engineering-data-driven-feature
Build features guided by data insights, A/B testing, and continuous measurement using specialized agents for analysis, implementation, and experimentation.
engineering-nba-data
Extracts, transforms, and analyzes NBA statistics using the nba_api Python library. Use when working with NBA player stats, team data, game logs, shot charts, league statistics, or any NBA-related data engineering tasks. Supports both stats.nba.com endpoints and static player/team lookups.
prompt-engineering
Advanced prompt engineering techniques for optimal AI responses. Use this when crafting prompts, optimizing AI interactions, or designing system prompts for applications.
when-training-neural-networks-use-flow-nexus-neural
This SOP provides a systematic workflow for training and deploying neural networks using Flow Nexus platform with distributed E2B sandboxes. It covers architecture selection, distributed training, ...
when-setting-network-security-use-network-security-setup
Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.