How the Internet Works: Packets, Protocols, and the Web's Infrastructure

The Internet Is Not the Cloud: Understanding the Physical Reality

For most people, the internet feels like an invisible, ephemeral thing — data that lives in "the cloud" and appears instantly on demand. The reality is far more physical and more interesting. The internet is a global network of computers, routers, switches, and cables — billions of physical devices connected by hundreds of thousands of kilometers of fiber optic cable, much of it lying on the floor of the world's oceans. Understanding how the internet works begins with appreciating that it is, at its core, a physical infrastructure problem solved through brilliant engineering.

The internet is not a single network but a network of networks — an interconnection of tens of thousands of independently operated networks called Autonomous Systems (AS). These range from individual internet service providers (ISPs) serving neighborhoods to massive backbone providers carrying traffic across continents to hyperscale cloud companies running their own global networks. What makes all of these networks interoperate seamlessly is a shared set of rules: the protocols that define how data is formatted, addressed, transmitted, and received across any hardware built by any manufacturer anywhere in the world.

The technical architecture of the internet was shaped by its origins in the U.S. Department of Defense's ARPANET project of the late 1960s, which was designed to create a communications network capable of surviving partial destruction by routing around failures. This requirement produced packet switching — the foundational technology that remains the basis of all internet communication today.

Packet Switching: Breaking Data into Pieces

Before packet switching, telecommunications networks were circuit-switched. A telephone call, for example, reserved a continuous, dedicated path between caller and receiver for the duration of the call — efficient for voice but wasteful for data, which tends to arrive in bursts rather than a continuous stream. Packet switching abandoned dedicated circuits in favor of a radically different approach: divide data into small, standardized chunks called packets, label each packet with source and destination addresses, and send them independently across the network, where they are reassembled at the destination.

A typical packet on the modern internet contains a header — control information including source IP address, destination IP address, packet sequence number, and checksum — and a payload of actual data, typically up to about 1,500 bytes for Ethernet networks. When you send an email, load a webpage, or stream video, your device's networking software divides the data into many packets, each of which travels independently through the network, potentially taking different routes, and is reassembled into the original data at the destination. If any packet is lost or corrupted, only that packet needs to be retransmitted, not the entire file.

Packet switching has several critical advantages. Multiple users can share the same network links simultaneously — packets from different conversations interleave on the wire, making far more efficient use of available bandwidth than dedicated circuits would. The network automatically routes around failures: if a router or link goes down, packets are redirected through alternate paths. The system scales naturally — adding more users or more capacity requires no central coordination, just more routers and links connecting to the existing mesh.

The TCP/IP Protocol Suite

The internet's universal language is the TCP/IP protocol suite — a family of protocols that defines how packets are addressed, routed, and delivered. IP (Internet Protocol) handles addressing and routing: every device on the internet has an IP address — a unique numerical identifier — and IP defines how packets are labeled with source and destination addresses and how routers forward them toward their destination. IPv4, the original version, uses 32-bit addresses (expressed as four numbers from 0 to 255 separated by dots, like 192.168.1.1), providing about 4.3 billion unique addresses. The explosion of internet-connected devices exhausted this supply, driving adoption of IPv6, which uses 128-bit addresses and provides an effectively inexhaustible address space of about 340 undecillion addresses.

TCP (Transmission Control Protocol) operates on top of IP and handles reliable, ordered delivery. TCP establishes a connection between sender and receiver through a three-step handshake — SYN, SYN-ACK, ACK — and then manages the flow of packets, tracking sequence numbers so the receiver can reassemble data in the correct order, detecting lost packets through acknowledgment timeouts, and retransmitting them as needed. TCP also implements congestion control: algorithms like CUBIC and BBR dynamically adjust transmission speed based on network conditions, backing off when congestion is detected to avoid overwhelming routers and causing cascading packet loss.

For applications where speed matters more than guaranteed delivery — video streaming, online gaming, DNS lookups, VoIP — UDP (User Datagram Protocol) offers a simpler, connectionless alternative. UDP sends packets with no handshake, no retransmission, and no ordering guarantee. A dropped video frame is usually better handled by simply rendering the next frame than by pausing playback to wait for a retransmission. The application layer can implement its own reliability mechanisms (as QUIC does) or accept some data loss as an acceptable tradeoff for lower latency.

Routers: The Traffic Directors of the Internet

Routers are the devices that make packet switching work at scale. Each router maintains a routing table — a database of known network addresses and the best path to reach each one — and uses this table to forward each incoming packet toward its destination. When a packet arrives, the router reads the destination IP address in the header, looks it up in the routing table, and sends the packet out through the appropriate interface toward the next router in the path. This process — called store-and-forward switching — repeats at every router along the path until the packet reaches its destination network.

Routing tables are built and maintained by routing protocols — algorithms that routers use to exchange information about network topology and calculate optimal paths. Within a single Autonomous System (an ISP's network, for example), Interior Gateway Protocols (IGPs) like OSPF and IS-IS calculate shortest paths based on link costs. Between Autonomous Systems, the Border Gateway Protocol (BGP) is the global internet's routing protocol — the system by which every ISP on earth advertises which IP address ranges it can deliver packets to, enabling routers worldwide to calculate end-to-end paths across the entire internet. BGP is sometimes called the protocol that holds the internet together, and misconfigured BGP announcements — called route leaks or BGP hijacks — can accidentally redirect large portions of global internet traffic, an ongoing security concern.

DNS: The Internet's Phone Book

IP addresses are efficient for computers but useless for humans — nobody memorizes 142.250.80.46 to reach Google. The Domain Name System (DNS) translates human-readable domain names like www.google.com into the IP addresses that routers actually use. DNS is a hierarchical, distributed database maintained by thousands of servers around the world. At the top are 13 sets of root name servers (operated by a consortium of organizations) that know which DNS servers are authoritative for each top-level domain (.com, .org, .uk, and so on). Authoritative name servers for each domain hold the actual DNS records mapping names to IP addresses.

When your browser loads a webpage, your device first checks its local DNS cache. If the name is not cached, it sends a query to a recursive resolver — typically operated by your ISP or a public service like Google's 8.8.8.8 or Cloudflare's 1.1.1.1. The recursive resolver queries the root servers, follows referrals down the hierarchy to the authoritative server, retrieves the IP address, and returns it to your device — all typically completing in 10 to 100 milliseconds. DNS results are cached at multiple levels to reduce this lookup overhead for popular domains. The security extension DNSSEC adds cryptographic signatures to DNS records, allowing resolvers to verify that responses have not been tampered with by an attacker intercepting the query.

Physical Infrastructure: Fiber, Data Centers, and IXPs

All the packets and protocols ultimately travel through physical media. The backbone of the modern internet is fiber optic cable, which transmits data as pulses of light through thin glass fibers at speeds approaching two-thirds the speed of light in a vacuum. A single fiber strand can carry terabits of data per second using Dense Wavelength Division Multiplexing (DWDM), which transmits dozens of separate light wavelengths simultaneously through the same fiber, each carrying an independent data stream. Terrestrial fiber follows road and rail corridors; subsea cables cross every ocean, with over 400 active submarine cable systems carrying approximately 95 percent of international internet traffic.

Data centers — large buildings filled with servers, networking equipment, and cooling infrastructure — are the anchor points of internet geography. Major cloud providers (Amazon, Google, Microsoft, Meta) operate hundreds of data centers worldwide, positioning their infrastructure close to users to minimize latency. Internet Exchange Points (IXPs) are physical facilities where multiple networks interconnect directly, exchanging traffic without routing it through upstream transit providers — dramatically reducing cost and latency for local traffic. Cities with major IXPs, such as Frankfurt (DE-CIX), Amsterdam (AMS-IX), and London (LINX), serve as critical hubs of global internet traffic, and the physical security and power resilience of these facilities is a matter of national infrastructure concern.