Every time you load a webpage, send a message, or stream a video, data is flying across a global mesh of cables, routers, and protocols in fractions of a second. Computer networking is the infrastructure behind all of it. Understanding how it works is not just for network engineers -- it is foundational knowledge for anyone building software, managing infrastructure, or simply trying to understand how the modern internet functions.
This guide covers the full picture: from the physical cables in the ground to the HTTP requests your browser sends, with a focus on the concepts that matter most in practical engineering.
The OSI Model: A Framework for Understanding Networks
The OSI (Open Systems Interconnection) model is a conceptual framework that divides network communication into seven distinct layers. It was developed by the International Organization for Standardization (ISO) in 1984 and remains the standard mental model for reasoning about network protocols and troubleshooting.
| Layer | Name | Key Protocols/Concepts | Examples |
|---|---|---|---|
| 7 | Application | HTTP, DNS, FTP, SMTP | Web browsers, email clients |
| 6 | Presentation | TLS/SSL, JPEG, MP4 | Encryption, compression |
| 5 | Session | NetBIOS, RPC | Connection management |
| 4 | Transport | TCP, UDP | Port numbers, reliability |
| 3 | Network | IP, ICMP, BGP | Routing, IP addresses |
| 2 | Data Link | Ethernet, Wi-Fi (802.11) | MAC addresses, switches |
| 1 | Physical | Cat6, fiber optic, radio | Cables, signals, hardware |
In practice, most software engineers interact most frequently with Layers 3 through 7. Network and systems engineers also work deeply with Layers 1 and 2.
How Layers Work Together
When you send data, each layer encapsulates the data from the layer above, adding its own header information. By the time an HTTP request becomes a stream of electrical signals on a cable, it has been wrapped in headers from at least four different layers. On the receiving end, each layer strips its header and passes the payload upward.
This design principle -- that each layer only communicates with its immediate neighbors -- is what makes the internet modular. You can replace Ethernet with Wi-Fi at Layer 2 without changing how HTTP works at Layer 7.
IP Addressing: How Devices Are Located
Every device on a network has an IP address -- a numerical label that identifies its location. There are two generations of IP addressing in active use.
IPv4
IPv4 uses 32-bit addresses written in dotted decimal notation: 192.168.1.1. This gives about 4.3 billion possible addresses. Because the internet has far more than 4.3 billion connected devices, NAT (Network Address Translation) allows multiple devices on a private network to share a single public IP address.
Private address ranges (not routable on the public internet):
10.0.0.0/8-- used in large corporate networks172.16.0.0/12-- used in cloud infrastructure (AWS, GCP)192.168.0.0/16-- used in home networks
IPv6
IPv6 uses 128-bit addresses written in hexadecimal: 2001:0db8:85a3::8a2e:0370:7334. This provides approximately 3.4 x 10^38 possible addresses -- enough to assign trillions of addresses to every person on Earth. As of 2024, IPv6 adoption has reached roughly 45% of Google traffic globally, with continued growth expected.
Subnetting and CIDR
CIDR (Classless Inter-Domain Routing) notation like 192.168.1.0/24 describes a network block. The number after the slash indicates how many bits are the network portion. A /24 subnet contains 256 addresses (254 usable), a /16 contains 65,536 addresses. Cloud engineers encounter CIDR constantly when configuring VPCs and security groups.
TCP vs UDP: The Two Workhorses of the Transport Layer
The Transport Layer has two primary protocols, each optimized for different use cases.
TCP: Reliability First
TCP (Transmission Control Protocol) provides guaranteed, ordered delivery of data. Before sending application data, TCP performs a three-way handshake:
- Client sends SYN (synchronize)
- Server responds with SYN-ACK (synchronize-acknowledge)
- Client sends ACK (acknowledge)
After this handshake, data flows with acknowledgments. If a packet is lost, TCP detects the gap and retransmits. TCP also implements flow control (preventing the sender from overwhelming the receiver) and congestion control (slowing transmission when the network is congested).
"TCP's reliability mechanisms are remarkably sophisticated. The modern CUBIC and BBR congestion control algorithms, developed at Google, can achieve near-optimal throughput even on high-latency satellite links." -- RFC 8312 / Google BBR research
TCP is used for: HTTP/HTTPS, email (SMTP), file transfers (FTP/SFTP), SSH, and any application where data integrity is critical.
UDP: Speed First
UDP (User Datagram Protocol) sends packets with no connection setup, no acknowledgment, and no retransmission. It is essentially "fire and forget." Lost packets stay lost.
This sounds like a flaw, but for many applications it is a feature. A video call that retransmits a dropped frame is more disruptive than one that skips a frame. A DNS lookup that waits for TCP handshakes would be noticeably slower.
UDP is used for: video streaming, online gaming, VoIP (voice calls), DNS queries, and modern protocols like QUIC (which underpins HTTP/3).
QUIC and HTTP/3
Worth noting: HTTP/3 (now used by over 30% of websites according to W3Techs) uses QUIC, a protocol built on UDP rather than TCP. QUIC implements its own reliability and multiplexing at the application layer, eliminating TCP's head-of-line blocking problem and reducing connection setup time. This is an example of how the networking stack continues to evolve.
DNS: The Internet's Phone Book
The Domain Name System (DNS) is the distributed database that maps human-readable names to IP addresses. Without DNS, you would need to memorize IP addresses to visit any website.
How a DNS Lookup Works
- You type
www.example.comin your browser - Your browser checks its local cache -- if it has a recent answer, it uses it
- If not, it queries your OS resolver, which checks
/etc/hosts(or equivalent) - If still not found, it queries your configured recursive resolver (often your ISP's or a public resolver like
8.8.8.8) - The recursive resolver queries a root name server (there are 13 root server clusters globally)
- The root server directs the resolver to the TLD name server (e.g.,
.com) - The TLD server directs the resolver to the authoritative name server for
example.com - The authoritative server returns the IP address
- The resolver caches the result per the TTL (Time to Live) value and returns it to your browser
The entire process typically takes 20-120 milliseconds for an uncached lookup. Most lookups are cached and resolve in under 5 milliseconds.
Key DNS Record Types
| Record Type | Purpose | Example |
|---|---|---|
| A | Maps domain to IPv4 address | example.com -> 93.184.216.34 |
| AAAA | Maps domain to IPv6 address | example.com -> 2606:2800:21f:... |
| CNAME | Alias to another domain | www -> example.com |
| MX | Mail server for domain | @ -> mail.example.com |
| TXT | Arbitrary text (SPF, DKIM, verification) | SPF records for email authentication |
| NS | Authoritative name servers | Lists which servers hold DNS records |
DNS Security
Plain DNS sends queries in cleartext, allowing ISPs and network operators to see every domain you visit. DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt DNS queries to prevent surveillance. Firefox and Chrome now support DoH, and it is increasingly enabled by default in consumer operating systems.
HTTP and HTTPS: How Web Communication Works
HTTP (Hypertext Transfer Protocol) is the application-layer protocol that powers the web. An HTTP transaction consists of a request from client to server and a response from server to client.
HTTP Request Structure
GET /articles/networking HTTP/2
Host: whennotesfly.com
Accept: text/html
Accept-Encoding: gzip, br
User-Agent: Mozilla/5.0 ...
The key components are:
- Method: GET (retrieve), POST (submit), PUT (replace), PATCH (update), DELETE (remove)
- Path: the resource being requested
- Headers: metadata about the request
- Body: data sent with POST/PUT requests
HTTP Response Structure
HTTP/2 200 OK
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Cache-Control: max-age=3600
HTTP status codes communicate the result:
2xx-- Success (200 OK, 201 Created, 204 No Content)3xx-- Redirect (301 Permanent, 302 Temporary, 304 Not Modified)4xx-- Client error (400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found)5xx-- Server error (500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable)
HTTPS: HTTP with TLS
HTTPS encrypts HTTP traffic using TLS (Transport Layer Security). The TLS handshake:
- Client sends supported cipher suites and a random value
- Server responds with its chosen cipher, its SSL certificate (containing its public key), and a random value
- Client verifies the certificate against trusted Certificate Authorities (CAs)
- Both sides derive the same symmetric encryption key using the exchanged values
- All subsequent communication is encrypted
Modern TLS 1.3 (released 2018) reduced the handshake from 2 round trips to 1, significantly reducing connection setup time. As of 2024, browsers display a warning for any HTTP site and may refuse to load mixed content (HTTPS page loading HTTP resources).
How Data Actually Travels: From Browser to Server and Back
When you click a link, the following chain of events occurs:
Step 1: DNS Resolution
Your browser resolves the domain name to an IP address using the process described above.
Step 2: TCP Connection (or QUIC)
Your browser establishes a TCP connection to the server's IP address on port 443 (HTTPS). This involves the three-way handshake, taking one round trip. For HTTP/3, a QUIC connection is established instead.
Step 3: TLS Handshake
If using HTTPS (which is almost always the case), TLS negotiation occurs over the established TCP connection. With TLS 1.3 and modern session resumption, this adds approximately one round trip.
Step 4: HTTP Request and Response
The browser sends the HTTP request; the server processes it and returns a response. The response body (HTML, JSON, etc.) is sent in segments.
Step 5: Rendering and Additional Requests
The browser parses the HTML and discovers additional resources: CSS stylesheets, JavaScript files, images, fonts. Each triggers additional DNS lookups, TCP connections, and HTTP requests -- though modern browsers reuse connections (HTTP keep-alive and HTTP/2 multiplexing) and parallelize requests aggressively.
The Role of Routing
Between your browser and the server, data travels through many routers. Each router examines the destination IP address and forwards the packet toward the destination using routing tables maintained by protocols like BGP (Border Gateway Protocol) -- the protocol that lets different networks (autonomous systems) exchange routing information. BGP is effectively what holds the internet together.
You can observe this path with the traceroute command (tracert on Windows), which shows each hop and its latency.
CDNs: Bringing Content Closer to Users
A CDN (Content Delivery Network) is a geographically distributed network of servers designed to serve content from locations close to end users.
How CDNs Work
When you request https://example.com/logo.png:
- DNS returns the IP of the nearest CDN edge node rather than the origin server
- If the edge node has the file cached (a cache hit), it serves it immediately
- If not (a cache miss), the edge node fetches from the origin server, caches it, and serves it
The result: a user in Tokyo requesting content from a server in Virginia might experience 180ms of latency without a CDN. With a CDN edge node in Tokyo, the same request takes 5ms. This difference is perceptible to users and measurable in conversion rates.
What CDNs Provide Beyond Caching
- DDoS protection: absorb and filter attack traffic across a distributed network
- TLS termination: handle SSL certificates at the edge
- Image optimization: serve WebP to browsers that support it, compress on-the-fly
- Edge computing: run code at CDN nodes with products like Cloudflare Workers
- HTTP/2 and HTTP/3: edge nodes speak modern protocols even if the origin server does not
Major CDN providers include Cloudflare, Akamai, Fastly, AWS CloudFront, and Google Cloud CDN. As of 2024, Cloudflare alone serves traffic to over 20% of all websites.
Ports and Sockets: The Addressing Within a Host
An IP address identifies a host; a port number identifies a specific process on that host. Together, an IP and a port form a socket (e.g., 93.184.216.34:443).
Well-known port assignments (standardized by IANA):
| Port | Protocol | Service |
|---|---|---|
| 22 | TCP | SSH |
| 25 | TCP | SMTP (email) |
| 53 | TCP/UDP | DNS |
| 80 | TCP | HTTP |
| 443 | TCP | HTTPS |
| 3306 | TCP | MySQL |
| 5432 | TCP | PostgreSQL |
| 6379 | TCP | Redis |
| 27017 | TCP | MongoDB |
When a server listens on port 443, the OS routes incoming TCP connections on that port to the web server process. Firewalls and cloud security groups control which ports are accessible from which sources.
Network Security Fundamentals
Understanding networking requires understanding its attack surface.
Firewalls filter traffic by IP address, port, and protocol. Stateful firewalls track connection state and can distinguish legitimate responses from unsolicited inbound connections.
TLS/HTTPS prevents eavesdropping and man-in-the-middle attacks on data in transit, but only if certificates are properly validated.
DDoS (Distributed Denial of Service) attacks overwhelm a target with traffic from many sources. Mitigation requires filtering at network scale, which is why CDNs and cloud providers are increasingly the first line of defense.
DNS hijacking redirects legitimate domain lookups to malicious IPs. DNSSEC adds cryptographic signatures to DNS records to prevent this, though adoption remains incomplete.
Why Networking Knowledge Matters for Software Engineers
A developer who understands networking writes better code:
- They know why a 500ms database query can cascade into a 2-second page load due to TCP connection setup, TLS handshakes, and serialization overhead
- They configure connection pools appropriately rather than opening a new connection per request
- They understand why API calls in a tight loop are slow and how to use batch endpoints or HTTP/2 to parallelize them
- They interpret
curl -vandtracerouteoutput when debugging production issues - They design microservices with network latency and failure modes in mind
"Networking is the physics of software. You can ignore it until you can't -- and then understanding it is the difference between guessing and knowing."
Key Concepts Summary
Protocol layering allows independent evolution of different network components. IP routing delivers packets across the global internet through autonomous systems connected via BGP. TCP provides reliable, ordered delivery at the cost of latency; UDP provides low-latency unreliable delivery. DNS is a distributed, hierarchical, cached database of name-to-address mappings. TLS provides encryption and authentication for application protocols. CDNs reduce latency and increase reliability by serving content from nodes close to users.
These concepts have been stable for decades and will remain foundational for the foreseeable future, even as specific implementations evolve. HTTP/3 and QUIC represent the most significant architectural change in recent years, but they operate within the same conceptual framework.
For anyone working in technology -- whether as a developer, a product manager who communicates with engineers, or a technical writer -- this foundation makes the rest of the stack comprehensible.
Frequently Asked Questions
What are the 7 layers of the OSI model?
The OSI model layers are: Physical (cables, signals), Data Link (MAC addresses, switches), Network (IP addresses, routers), Transport (TCP/UDP, end-to-end delivery), Session (connection management), Presentation (encryption, compression), and Application (HTTP, DNS, FTP). In practice, most engineers work primarily with Layers 3-7.
What is the difference between TCP and UDP?
TCP (Transmission Control Protocol) guarantees delivery by establishing a connection, acknowledging packets, and retransmitting lost data. UDP (User Datagram Protocol) sends packets without confirmation, making it faster but unreliable. TCP is used for web browsing and email; UDP is preferred for video streaming, gaming, and DNS lookups where speed matters more than perfection.
How does DNS work?
DNS (Domain Name System) translates human-readable domain names like example.com into IP addresses like 93.184.216.34. When you type a URL, your device first checks its local cache, then queries a recursive resolver (usually your ISP's), which contacts root name servers, then TLD servers (.com, .org), and finally the authoritative name server for that domain. The full process typically completes in under 100 milliseconds.
What is HTTPS and why does it matter?
HTTPS (Hypertext Transfer Protocol Secure) is HTTP with TLS encryption layered on top. It protects data in transit from eavesdropping and tampering, verifies the server's identity via digital certificates, and is required by browsers to avoid 'Not Secure' warnings. Google also uses HTTPS as a ranking signal. Since 2018, over 90% of pages loaded in Chrome use HTTPS.
What is a CDN and how does it speed up websites?
A CDN (Content Delivery Network) is a globally distributed network of servers that caches static content -- images, CSS, JavaScript -- close to end users. Instead of every request traveling to a single origin server, requests are served from the nearest CDN edge node. This reduces latency from hundreds of milliseconds to single-digit milliseconds for cached assets and dramatically improves load times for international audiences.