Can someone explain the internet to me? I drew my basic un

>>58049416

Let me ask this, are "providers" or "server owners" of the main routing servers that Comcast/Roadrunner/whatever send your shit to - who are they owned by? How do they make money?

The implementation of the internet is actually very complicated.
It's far too detailed for a 4chan post.

Just notice the name "internet". "inter-network". As in, you're passing things between networks.
Your ISP is a network, which you are connected to. The website or whatever your visiting is on a network.
Your packet will travel through your ISP's network (and possibly through several others) and then make it into the destination network.

>Who maintains these servers?
They're not servers. They're routers.
>Why isn't the internet peer-to-peer?
The internet actually IS peer-to-peer in a sense.
The networks themselves are peers to each other (sometimes).
>Is there role essentially to pull a wire between your house and them
Basically.
>Where does DNS come into play? Is DNS just a thing so you could type in a pretty name?
DNS just takes a human readable hostname, and translates it into an IP address, and possibly vice-versa.
>Do the internet companies do DNS or something else?
Yes, usually.
>How does shttp protect you?
https*. Yes, shit is encrypted.
>how does the server know what the fuck your encrypted message mean?
It's too complicated to describe in a mere 4chan post.

File: R8PpQKP.jpg (104KB, 432x736px) Image search: [Google]

104KB, 432x736px

>>58049416
The internet is made up of the networks of the service providers, which provide access to private and business customers.
These service providers exchange the routes to their customers with each other via a protocol called BGP. Other networks than the service provider's then know that to reach your network, they need to send it to your service providers.
This exchange typically happens at Internet Exchange like DECIX in Frankfurt. The ISP rents a place in a rack there, puts a router in it and then makes contracts with other ISPs for BGP peering and connecting them with cables..

First of all, thanks for the replies.

>>58049549

>Your packet will travel through your ISP's network (and possibly through several others) and then make it into the destination network.
>The networks themselves are peers to each other (sometimes).

Are you basically saying there is no middle step that I labelled "The Internet" - shit just jumps between (let's say) Roadrunner's routers to Comcast's routers to Japanese internet provider's routers to 4chin? And Roadrunner translates 4chins to [104.16.64.205]?

How did my computer know
>Pinging 4chan.org [104.16.64.203] with 32 bytes of data:

Did my browser ask my internet provider for 4chinz IP before sending the test data?

>https*. Yes, shit is encrypted.

Is it basically public key cryptography?

>These service providers exchange the routes to their customers with each other via a protocol called BGP.

So basically every ISP knows where to send the request next if they get asked to go to 4chinz?

>>58050021
>Are you basically saying there is no middle step that I labelled "The Internet" - shit just jumps between (let's say) Roadrunner's routers to Comcast's routers to Japanese internet provider's routers to 4chin?
Yes. The networks themselves are 'the internet'.
>And Roadrunner translates 4chins to [104.16.64.205]
This is just a thing that Residential ISPs do. They run their own DNS severs.
DNS is not fundamental in the operation of the internet at all, and is really only used to make it convenient for humans.
>Did my browser ask my internet provider for 4chinz IP before sending the test data?
Technically, your operating system did it, but yes.
>Is it basically public key cryptography?
Basically.
>So basically every ISP knows where to send the request next if they get asked to go to 4chinz?
Yes. The other anon mentioned BGP. That is the protocol used between ISPs and other large networks to find out where to send shit next.

File: tumblr_og8bdqOFfl1thaej7o1_1280.jpg (148KB, 600x800px) Image search: [Google]

148KB, 600x800px

>>58050021
>Did my browser ask my internet provider for 4chinz IP before sending the test data?

It resolved the IP via DNS. You can check it yourself:

nslookup 4chan.org

the first two lines are about the DNS server your computer uses.

Once the ping command has the IP, it sends a message called "ICMP echo request" to the IP. The computer looks up the IP in its routing table (view it with

netstat -r

, the most precise match (=> longest subnet address match) tells the computer via which network interface to send the message out.
This is usually your gateway - your router.
The router that your ISP gave you communicates with the ISP to get its IP address and next-hop address assigned. Therefore your router box will forward the ICMP echo request to the next-hop-address provided by your ISP.
Your ISP's routers will look up the address in their routing table, again the longest match wins (that was learned by the most trustworthy protocol and has the lowest metric, but that's an advanced topic). Then it will use the next-hop it found in its routing table to forward the message to.
This process repeats until the ICMP echo request reaches 4chan, and 4chan replies with an ICMP echo reply addressed to you.

By the way, you might be interested in the traceroute command - it shows you the hops between your PC and the destination. It's not entirely accurate because of how the technology inbetween behaves, but quite interesting. Try it!
[spoiler]tracert 4chan.org[/spoiler] for windows
[spoiler]traceroute 4chan.org[/spoiler] for everything else

>>58050307
Those should have been code tags instead of spoiler tags. Man, I'm tired

>>58050127
>>58050307

I never understood what a "subnet" really is.

>The router that your ISP gave you communicates with the ISP to get its IP address and next-hop address assigned. Therefore your router box will forward the ICMP echo request to the next-hop-address provided by your ISP.

Not following this, but I am sure due to my own lack of knowledge, not your explanation, which is good.

In simpler terms, I don't understand if I basically send:

{body: myMsg, address: xxx.xxx.xxx.xxx}

and then it goes to my ISP, then the ISP figures out where to send it next "on the way" to the final address, and so on, or if it's more complicated than that.

>[spoiler]tracert 4chan.org[/spoiler] for windows

Thanks, I remember playing with that years ago, and couldn't remember it. Was wondering why ping doesn't give me "nodes" or whatever the proper term is.

I also don't understand why I can see these nodes, since it doesn't seem to serve any purpose in getting my message through. (I actually think you explained this, so re-reading)

>>58050404

Who cares, I appreciate the answer!

I wonder if getting a security specialization degree pays, or if it's one of those fields where you only get a job if you are top .01%. Not that I am asking these questions for money, but might as well since it's interesting.

>>58050485
A subnet in this context is basically a set of coherent IP addresses. ISPs don't advertise each single address they give out to users, they advertise whole blocks - subnets. Else the routing tables would explode.
AFAIK there are about 600 thousand entries in ISP routing tables right now. Keep in mind that to find the best match, a router must look at EVERY route in its routing table - this is why router prices can become astronomical.


>I also don't understand why I can see these nodes, since it doesn't seem to serve any purpose in getting my message through. (I actually think you explained this, so re-reading)

Tracert works with ICMP echo requests too. The header of the IP protocol includes a Time-To-Live field that gets decreased by one every time it passes a router.

To see the hops, Tracert first sends out an ICMP packet with a TTL of 1. The next router receives it, decreases the TTL, notices it reached zero and sends a notice back to the sender that the TTL expired. Now Tracert got the first address.
Then Tracert repeats the process, first with a TTL of two, then three, and so on to get the IP addresses of the second, third, etc. hops. Then Tracert usually does a Reverse DNS Lookup to get the name of the address.
The process ends when Tracert receives an ICMP echo reply and therefore knows that it reached its goal.

>>58050485
>I never understood what a "subnet" really is.
As you might know already, an IP(v4) address is a 32-bit number. We write them in dotted quad form, so that it's easier for humans to remember/read, but they're really just a single number.
They are not arbitrary though. The address is split into two parts, the network number, and the host number.
The subnet number just describes how many bits of the 32-bit IP address is the network number, and the rest is the host number.

So say I have the IP address 192.168.100.1/24.
Written in binary, that is:
11000000 10101000 01100100 00000001
So since the subnet is 24, the network address is
11000000 10101000 01100100, or 192.168.100.0/24.
The host number is
00000001

So now that we know this, why is this useful?

When a router wants to send a packet somewhere, it needs to store a table of all of the addresses it knows of, so that it can forward it in the right direction.
Think of how many end-hosts are connected to a network. It can be hundreds of thousands, and at the scale of the internet, literally billions.
It would be VERY wasteful on storage space, it would be very slow to search for an address, and would make the internet slow and not really viable.

So instead of remembering where to find a host, we remember where to find the network the host is on.
So when a router wants to know to send a packet destined to my computer at 192.168.100.1, it will instead look at the network number, and send it there.
It only needs a single entry for 192.168.100.0/24, instead of the potential 254 entries that may possibly exist on that network.

This makes networking a lot more scalable, and massively reduces the number of addresses a router needs to memorise.

>>58050504
Security is a growing field, but don't mistake it for whitehat hacking - those are few jobs for the top .01%.
But there is a LOT of demand for people who can configure firewalls and do basic IT security. The headhunter my company uses says that the market is grazed.

But even that is not an entry level job. Most people start in hel(l)p desk or NOC.

File: 1426874833907.gif (3MB, 350x349px) Image search: [Google]

3MB, 350x349px

this thread just restored my faith in /g/entlemen, thanks

>>58050724
>>58050783
>>58050802

Thank you very much, that was a great explanation. You not only answered my questions, but also gave me a ton to think about.

>>58050860

This taiwanese matreshka forum is a funny thing - sometimes you can't get an answer to a basic question and sometimes someone who really knows their shit post what you would get from an average professional comes by and enlightens you.

>>58050951
>an average professional
I learnt all the shit I know about networking in university.
This stuff is barely scratching the surface. It goes a lot further than this.

>>58050975

So does everything really, doesn't diminish the quality of the explanations.

>>58050951
>>58050975
Similiar with me. I am a network engineering apprentice for a business ISP and data carrier.

>>58050783
As an extension to this explanation...

Hosts also make use of the subnet mask to decide whether the destination host is on the same network or not.

For example:
My IP is 192.168.1.123/24
Dest IP is 192.168.1.142

Since the first 24 bits of the destination addr match the first 24 bits of my own, i know this host is on the same network as me, and I address this frame directly to it's MAC address (which I obtain using ARP protocol).

If it's determined that the destination is on another network, I need to address this frame directly to my gateway, at which point network-layer routing mechanisms would carry out the delivery.

>>58049416
>Who maintains these servers?
Your ISP, for example.

>>58050307
>>58050724
>>58050783
>tfw I went to school for 2 years to learn what was just explained in 3 4chan posts

i want to die

>>58049416
>What role do the internet provider companies play? Is there role essentially to pull a wire between your house and them, and give you access to the main internet servers?
There's no such thing as a “main internet server”. Your ISP directly connects with other ISPs.

Try doing a ‘traceroute’. For example, from my house to 4chan:

traceroute to 4chan.org (104.16.65.203), 30 hops max, 60 byte packets
 1  virgo (192.168.0.1)  0.330 ms  0.325 ms  0.304 ms
 2  fritz.box (192.168.3.1)  1.873 ms  2.583 ms  2.579 ms
 3  10.113.64.1 (10.113.64.1)  21.867 ms  22.101 ms  21.865 ms
 4  172.30.24.53 (172.30.24.53)  22.071 ms  22.068 ms  22.062 ms
 5  84.116.190.105 (84.116.190.105)  38.767 ms  38.774 ms  40.343 ms
 6  de-fra01b-ri2-ae30-0.aorta.net (84.116.134.166)  32.988 ms de-fra01b-ri2-ae29-0.aorta.net (84.116.134.162)  33.667 ms de-fra01b-ri2-ae30-0.aorta.net (84.116.134.166)  32.877 ms
 7  213.46.177.10 (213.46.177.10)  39.992 ms  36.264 ms  36.224 ms
 8  ffm-bb3-link.telia.net (62.115.120.3)  36.446 ms ffm-bb4-link.telia.net (62.115.118.201)  16.777 ms ffm-bb4-link.telia.net (62.115.120.7)  25.168 ms
 9  ffm-b1-link.telia.net (62.115.116.160)  23.113 ms ffm-b1-link.telia.net (62.115.141.239)  22.852 ms ffm-b1-link.telia.net (62.115.141.241)  18.907 ms
10  cloudflare-ic-311709-ffm-b1.c.telia.net (213.248.85.26)  24.435 ms  17.541 ms  26.244 ms
11  104.16.65.203 (104.16.65.203)  25.460 ms  22.509 ms  22.519 ms

The first few addresses are all private / internal addresses, which my ISP uses internally. After that it goes through Liberty Global Infrastructure, which is (presumably) one of my ISP's partners.

From there it hops to Telia in sweden, which is the ISP that cloudflare (operator of 4chan.org) uses, and finally to 104.16.65.203, which is one of cloudflare's servers (in sweden, apparently).

In this case it was basically LGI that acted as another ISP which peers with both my ISP and CloudFlare's ISP

>>58049416
>Why isn't the internet peer-to-peer?
Multiple reasons, most of them technological, many of them political. It's slower and much more difficult to make efficient. Having a few powerful and optimized backbones is much better at handling large amounts of traffic than having hundreds/thousands of low-quality peer to peer connections.

>What role do the internet provider companies play?
They provide the network. If you wanted to become your own ISP, you would have to:

1. have physical infrastructure in place in the geographical region, so you can actually connect your clients with your networks
2. have a few good routers located in or near an internet exchange
3. convince other ISPs to peer with you on this exchange

>Do the internet companies do DNS or something else?
No, DNS is an independent system that's handled by ICANN. ICANN runs the authoritative root DNS servers which provide the starting point for the whole DNS system. They also administrate the DNS top-level zones (e.g. .com, .de and so on)

>How does shttp protect you? As in, how does the server know what the fuck your encrypted message mean?
HTTPS only encrypts the content (HTTP request/response), *not* the connection headers (i.e. IP frame, TCP frame). The routers still need to know where to send your packets, after all.

>>58049549
>DNS just takes a human readable hostname, and translates it into an IP address
And arbitrary other metadata

>>58050860
Yeah it's been a long time since /g/ has had an informative thread.

>>58051297
School only exists to force-feed you information you *don't* want to learn. Nobody goes to school to learn things they're actually interested in, because as you saw, that can be done in minutes/hours by using the internet

>>58051571
I found that I learned a lot of useful and interesting shit at university. You can't really search up about something if you don't even know what you're searching for.
I did computer science, but my university has a good networking research group, so there are a lot of advanced networking papers.
I certainly wouldn't have learned about what MPLS, Q-in-Q VLANs, SDN and a bunch of other shit is, and why I should even care, if I didn't go to university.

I probably won't even go into networking, but I found it interesting.

The secret to understanding how the internet *really* works is to understand what an exchange is.

An exchange is basically a fixed spot where a bunch of ISPs have agreed to meet up and connect all of their routers with each other. It's like a big orgy of ISPs making each other reachable from each other's networks.

They are literally doing nothing other than running a shitton of inter-connections from every ISP to every other ISP at a certain site/rack/whatever. (And then those edge routers are connected via fiber to the ISP's own network, which branches out geographically until you eventually reach the actual houses)

These ISPs have basically just all mutually agreed (either via payment, or sometimes just in terms of mutual economic incentive) to connect with each other, so that ISP A's customers can communicate with ISP B's customers and vice versa. (They both benefit from this, for obvious reasons)

File: theInternet2.0.png (74KB, 939x524px) Image search: [Google]

74KB, 939x524px

Alright guys, help me zoom in on this (and draw a diagram we can all understand for step 1).

Nothing "in your house" knows that IP of 4chinz, right?

So does your request automatically go some ISP hub you (and your neighborhood) is connected to? Then the ISP "router" there determines the IP from the address?

OR VERSION 2:

>The Domain Name Service is structured as a hierarchy similar to the IP routing hierarchy. The computer requesting a name resolution will be re-directed 'up' the hierarchy until a DNS server is found that can resolve the domain name in the request. Figure 6 illustrates a portion of the hierarchy. At the top of the tree are the domain roots. Some of the older, more common domains are seen near the top. What is not shown are the multitude of DNS servers around the world which form the rest of the hierarchy.
When an Internet connection is setup (e.g. for a LAN or Dial-Up Networking in Windows), one primary and one or more secondary DNS servers are usually specified as part of the installation. This way, any Internet applications that need domain name resolution will be able to function correctly. For example, when you enter a web address into your web browser, the browser first connects to your primary DNS server. After obtaining the IP address for the domain name you entered, the browser then connects to the target computer and requests the web page you wanted.

1. Your modem sends a request to a DNS that it "just knows about" (How?)
2. The DNS replies to your modem.
3. Your modem sends IP/request to ISP.
4. Your modem gets a callback from every node hit? What's in that callback?

>>58051707
Think of it like an old-school telephone switchboard. Your home line physically connected to your telephone network provider's switching central. When you wanted to make a call, you would ring up the operator and tell him you wanted to be connected to number XYZ.

The operator would have a connection from the switch board to you, and a connection from the switch board to XYZ, and he would physically place a cable joining your two connections. This works fine for intra-network calls.

When you wanted to make a long-distance call to another network, the operator would instead connect your phone line to a phone line between his switching central and some other switching central X km down the line, where you would be greeted by a second operator.

For a very long distance call it wouldn't be uncommon to have to talk to multiple operators in a row until you finally ended up at the right network that was capable of directly connecting you to the target telephone.

This, in a very simplified nutshell, is how the internet still works. Except instead of telephone numbers we have IP addresses, instead of human operators we have routers, instead of physical analog connections we have quantized IP packets and instead of switch boards we have routing tables (which are kept in sync automatically using BGP).

>>58051713
>1. Your modem sends a request to a DNS that it "just knows about" (How?)
When your modem is first plugged in, it receives these settings from the ISP. Similar to how your computer gets these settings from your modem when you plug it in to your home network.

>Then the ISP "router" there determines the IP from the address?
My (limited) understanding is that at the ISP level, the routers share information to each other about how to reach certain resources.

>>58051713
The modem is just a physical component in charge of translating your packets to the physical format expected on the ISP's wire. It has no relevance here, except by coincidence, because usually consumer ISP boxes have a modem, router, DNS cache, DHCP server etc. all in one.

>>58051713
DNS is a hierarchy. Basically, each dot in a domain represents a level in the hierarchy.
What I'm about to explain might not be exactly what happens in practice, due to caching and all sorts of other shit, but this is how it works conceptually.
Also note, YOU might not be making these requests, the DNS server you're connecting to might be doing these behind the scenes.

So lets say you're visiting "www.4chan.org." (Note the trailing dot, it means the root).
First, you ask the root name server "Where can I find www.4chan.org". "I don't know, but [the .org DNS sever IP address] knows".
(Note: the root DNS sever is run by ICANN, and the IP addresses of them are hard-coded into your operating system.)
You then ask the .org DNS server "Where can I find www.4chan.org". "I don't know but [the .4chan DNS server IP address] knows".
(Assuming 4chan runs its own DNS server, which it probably doesn't. This is just for the example's sake)
You then ask the .4chan DNS server "Where can I find www.4chan.org". "I know, it's [4chan's IP address]".

>one primary and one or more secondary DNS servers are usually specified as part of the installation
You usually acquire it from your router using DHCP, so you'll end up using your ISP's DNS server. But you can specify your own if you want to.
>when you enter a web address into your web browser, the browser first connects to your primary DNS server. After obtaining the IP address for the domain name you entered, the browser then connects to the target computer and requests the web page you wanted
Yes, that's how it works.

>>58051887
>My (limited) understanding is that at the ISP level, the routers share information to each other about how to reach certain resources.
You're confusing DNS with routing. What you're thinking of is how routers figure out how to actually reach a given IP address, which ISPs share with each other using the BGP protocol.

The DNS system is totally separate, and built entirely on top of this (just like any other arbitrary internet application).

DNS is hierarchical. There are “master” DNS servers which are well-known, fixed and hard-coded.

For example, if I want to know the IP address of boards.4chan.org, I would first contact the fixed/known root servers, which would give me the reply “I dunno, but I know that *.org is handled by <IP>, you should go ask them”. So then I would ask that server the same question, and it would tell me “I dunno, but I know that *.4chan.org is handled by <IP>, you should go ask them”. And so on, until I get to a server that can service the exact request I wanted to know.

Since this recursive lookup is time consuming and puts strain on the shared central servers, in practice you end up using a DNS cache that does all of this for you in the background and also caches (memorizes) the results, so it doesn't have to re-run the full request for “www.google.com” for each of the hundreds of google.com page requests it's servicing per second.

A well known example of such a cache is 8.8.8.8 (google's public DNS), and your ISP will also be running one. But if you don't trust these, you can always just run your own with ease (e.g. using the ‘unbound’ software).

File: logic_gates.webm (650KB, 948x519px) Image search: [Google]

650KB, 948x519px

>>58052014
>>58051934
>>58051933

Looks like I have some fundamental misconception. Let me try asking in this way:

Let's say 4chan.org's IP adress is 104.16.68.203.

What is the difference in flow between entering "4chan.org" and "104.16.68.203" in my browser window?

>P.S. I tried entering 104.16.68.203 directly and expected to be redirected to 4chan's homepage, but wasn't - what gives?

>>58052111
>I tried entering 104.16.68.203 directly and expected to be redirected to 4chan's homepage, but wasn't - what gives?
That's some cloudflare bullshit. Don't worry about that.
It's just rejecting you because your HTTP headers weren't correct.

It's a series of tubes

>>58052111
>What is the difference in flow between entering "4chan.org" and "104.16.68.203" in my browser window?
Entering 4chan.org:

1. Your browser asks its operating system what the IP address of 4chan.org is
2. Your operating system asks its configured primary DNS server what the IP address of 4chan.org is
3. Your primary DNS server answers “it's 104.16.68.203” to your OS
4. Your operating system answers “it's 104.16.68.203” to your browser
5. Your browser proceeds as if you had typed “104.16.68.203” into the address bar directly(*)

(*) There's actually a subtle difference in that your browser tells the server what address you typed to reach it (so you can for example host example.org and foobar.com on the same IP address and the server would be capable of figuring out which site it should serve)

>>58052169
>>58052111
>P.S. I tried entering 104.16.68.203 directly and expected to be redirected to 4chan's homepage, but wasn't - what gives?
That is an example of exactly that (*) I gave in my post.

Since CloudFlare conceptually uses a shared server (on a single IP) for a bunch of different websites, 4chan included, it *needs* to know what domain you typed into the address bar so it knows which site it's supposed to serve you.

When you type in the IP directly, your browser just says “Host: 104.16.68.203” instead of “Host: 4chan.org” in its HTTP request, so the cloudflare server ends up confused and doesn't know what to do.

>>58052169
>>58052199

So only in the step 6 is the request for tranny porn being sent to 4chinz IP? If so, I don't get >>58052140, brb playing with request headers.

>>58052199
>When you type in the IP directly, your browser just says “Host: 104.16.68.203” instead of “Host: 4chan.org” in its HTTP request, so the cloudflare server ends up confused and doesn't know what to do.
And technically, it's even more complicated than that when you bring in SSL/TLS. Host headers are sent in after the TLS communication is established, but the Cloudflare server doesn't know which certificate to send you unless you explicitly tell it. To get around this limitation, SNI (server name indicator) is sent along with the initial TLS request.

File: Leclerc_Smoke.webm (767KB, 640x480px) Image search: [Google]

767KB, 640x480px

                    <title>Direct IP access not allowed | CloudFlare</title>

Hmm, I get this shit when I try to hit it with Postman.

I guess this is still confusing, because I thought that "under the covers", shit works on IP and address is just convenience, but I guess not.

I understand >>58052199

>Since CloudFlare conceptually uses a shared server (on a single IP) for a bunch of different websites, 4chan included, it *needs* to know what domain you typed into the address bar so it knows which site it's supposed to serve you.

and see what you mean (sort of). But that leads to the assumption that "4chinz.org" gets passed around with the request, not just the IP, which confuses me, given the earlier assumption.

>>58052332
You're starting to bring the complexities of HTTP into this.
That has nothing to do with how the internet fundamentally works.

>>58052404

I genuinely think it does and it's fucking with my overall understanding.

I thought request was sent with address:

104.16.68.203

between nodes, and it's looking like it's not. Or is my browser just doing some weird shit? How so?

>>58052527
Your computer is using the IP address alone to find the computer it's connecting to. That computer that you're looking for happens to be a cloudflare node. The cloudflare node has no idea what site you're attempting to access until it reads into the request you're sending and sees in the request headers that you are attempting to access 4chan.org. Cloudflare then knows what page to serve you based on that.

The connection is established using the IP address

The content served depends on data inside your request, which includes the domain of the site you're trying to access.

>>58052527
>I thought request was sent with address: 104.16.68.203
It is. It's to do with the configuration of the web server on their end.
When you connect to a website using HTTP, there are a several bits of extra data you send with the request to let the webserver know about some stuff.
One such field is the "Host" field. It lets the server know which hostname the user typed to reach the website.
So when you put "4chan.org" into the browser, you send "Host: 4chan.org" and when you write "104.16.68.203", you send "Host: 104.16.68.203".

The reason this is done is so that it's possible to host more than one website on the same IP address. The server will use this Host field to distinguish which one it's actually going to show you.
Since the webserver isn't configured to show you 4chan with "Host: 104.16.68.203", it just sends back an error page.

>>58052527
This is an application specific concept. It applies to your browser and HTTP, but not to any other protocol like SMTP. Whether you consider it to be related to "how the internet fundamentally works" depends on how much importance you place on websites, I guess.

Your request is sent to that IP address, but the request contains additional information;

Host: a.4cdn.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
If-Modified-Since: Sun, 18 Dec 2016 01:36:53 GMT
Referer: https://boards.4chan.org/
origin: https://boards.4chan.org
DNT: 1
Connection: keep-alive

And again, it's actually even more complicated when you bring in the fact that everything done here is encrypted with a layer of TLS. I like this page for an explanation on that (the transport section): https://cranklin.wordpress.com/2013/05/23/why-your-website-is-insecure-cryptosystem-basics/

I'm not an expert, I'll outline some of what I know
Yes, basically they're big computers in huge server farms, though not servers in the way people usually think, servers such as ftp servers depend on the internet and these "servers" provide the infrastructure for the internet.
Basically an ISP provides it's own 'backbone' which is a bunch of server farms all over the country, and they communicate with one another through yet other farms which merely act as bridges between the ISPs. Often ISPs are really just renting the backbone from some big nameless company that actually provides for the whole country (depends on the country of course).

DNS is indeed just for pretty names, I don't know of any other role that it has on the internet infrastructure. The protocol implementation of DNS though is very interesting.

https (and just about every other internet protocol reliant on SSL or TLS) uses public-key cryptography. You should look that up for this to make sense: basically you send them your public key, with which they encrypt their message and you use your private key to decrypt it. Public key can't be used to decrypt the message, only you with your private key can do that. Both the server and the client exchange keys on initiating a session.

There's a shitload to network communications, i can tell you more if you want (within my limited knowledge)

>>58052688
>Server farms drive the internet
No. Just, no.
Very big and very expensive routers drive the internet.
A router is not a server.

>>58052639

Reading the link. I tried duplicating the request headers from what is being called when simply going to 4chan.org, but no luck. Anyway, don't spend any more time on it, reading blog now, ty.

>>58052332
>and see what you mean (sort of). But that leads to the assumption that "4chinz.org" gets passed around with the request, not just the IP, which confuses me, given the earlier assumption.
ISO/OSI layer model

Layer 1: Physical (bits and electronics and shit)
Layer 2: Link (ethernet, switches, MAC addresses etc.)
Layer 3: Network (IP addresses, routers, networks)
Layer 4: Transport (ports, sockets, TCP/UDP etc.)

After that it gets fuzzy but for a typical example of HTTPS you'd have something like

Layer 5: Session (encryption, TLS/SSL, certificates)
Layer 6: Application (HTTP headers, GET/POST/whatever, URLs)

>>58052776
To expand a bit more, each layer is basically self-contained and free from the concerns of the layers above it.

For example, routers (and the “internet” as we're discussing it in this thread) are *all* on the layer 3. They don't give a shit whether the contents of the IP packet are TCP, or UDP, or ICMP; whether's it a request for furry porn or a live stream packet.

All it sees are the layer 3 details (source IP, destination IP) and the packet paylod (arbitrary bits), and that's where the concerns of the routing (and therefore your ISP) ends. (*)

Each layer basically builds on top of the one below it:

Layer 1 allows you to send bits across a wire between two hosts.
Layer 2 allows you to connect multiple hosts to a single local network, so that any host can connect to any other host on the same network.
Layer 3 allows you to connect networks together to form the internet (inter-network), so that any host can connect to any other host in the world.
Layer 4 allows you to establish (multiple) logical connections between services running on those hosts, and in the case of TCP also provides fault tolerance and correct ordering.

(*) Except of course in practice all ISPs like to spy on the bits regardless to figure out what exactly it is you're doing on the internet, either for QoS purposes or simply to sell the data off to the highest bidder

>>58052688
>https (and just about every other internet protocol reliant on SSL or TLS) uses public-key cryptography. You should look that up for this to make sense: basically you send them your public key, with which they encrypt their message and you use your private key to decrypt it. Public key can't be used to decrypt the message, only you with your private key can do that. Both the server and the client exchange keys on initiating a session.
Mind that this is a gross oversimplification. Modern HTTPS in practice uses the Diffie-Hellman key exchange to agree on a temporary shared secret, which is then used by both parties to encrypt and decrypt messages using a symmetric block cipher (like AES).

Public-key cryptography is only used to verify the authenticity of the connection, via the use of X.509 certificates, so that the server you've just agreed on a key with can prove it's actually 4chan.org and not nsa.gov. (*)

(*) Note that faking a certificate is trivial for any government-class adversary, so take it with a grain of salt.

>>58052527
You're mixing up two concepts

IP addresses connect machines to each other through routers, this is all that is required to make a 'connection'.

Web servers (stationed at an IP address) need to know what content you are requesting, as one IP address might serve lots of different content, which is why simply entering the IP doesn't work.

>>58053137
To further clarify, entering the IP address actually does 'WORK', in terms of making a connection.

All I've really gotten from this thread is
>The internet is essentially a shitton of p2p
>That is relayed to other p2p points
>Which is related to more points
>That deliver the content
>Via a p2p chain
>But is not a single point but instead a web of peers

So that said why the fuck is there a reason to pay when its all p2p that's relayed.

>>58052776
Actually, it's layer 6:presentation and 7:application in the OSI model, but whatever I guess

>>58053690
Infrastructure and equipment costs, maintenance costs, salaries for both the bunch of tech people and the bunch of business monkeys. And of course, obscene profits to be made.

>>58053382
And to extend on top of all of this, you could request services from a number of sockets (ip address/tcp port) to a single server. By using a browser, you're requesting shit to port 80 on the remote server (unless you use HTTPS).

>>58053051
I just happened to read up about these kind of things on Tanembaum's Computer Networks. Networking security is a very interesting topic indeed.

>>58052940
>each layer is basically self-contained and free from the concerns of the layers above it.

At least in theory. This is why NAT is frowned upon.

>>58054451

Which one of these is right:

1. I type in 4chinz --> send "4chinz" to DNS --> DNS returns IP --> send IP to router (if so, do I still go to DNS via ISP?)

2. Send 4chinz to ISP --> ISP sends to DNS --> gets IP --> sends request on?

3. Something else

>>58055611
first one

which is why many companies use local DNS cacheing

think about your local network. you've got some pcs that communicate and they have a gateway/firewall/router that negotiates access to a higher up network.

multiply by a lot.

>>58053690
The employees need to be paid, which includes HIGHLY paid shiny rare network engineers.
Also you need to man the call center, and customer care, and lower network admins which configure the access for customers.

The cables usually need to be dug, which is expensive. In our case (I work for a small ISP), our mother company (a gas/water provider) just throws some fibres in whenever they dig up some street for whatever reason, then they rent the fibres to us, which is also expensive.

You need a lot of very expensive routers - we're using Juniper, which is second behind Cisco in terms of prices (though we're cheating and using layer3 switches for everything except our three gateways).

Then you need to add redundancy, so that one component failing doesn't influence the customers. This means you can double the cost for your routers as you need at least two of them for every node and you need a lot more fibres.
This is why most backbones are a ring and not fully-meshed: A ring achieves simple redundancy with only one extra fibre.

To connect to the internet, the ISP needs to peer up with other ISPs - and established ISPs will charge the new one for that because the new one gains more than the old one. Also, you need to rent the rack space at your chosen internet exchange - and you should be present at multiple exchanges for redundancy again.

>>58054285
Yeah, but the OSI model isn't exactly used as-is in practice either. It's more like there are a handful of higher-level OSI layers that are conceptually used sometimes and not at other times. I wouldn't say the struct numbering provided by the OSI makes any sense when they're not actually used in that order 99.9% of the time.

>>58055611
If you look at >>58052776, then the IP address is on the layer 3 and the DNS system is on the layer 6 (or 7, whatever you want to call the application layer)

They are so far removed from each other it isn't even funny, which is why people keep asking you to stop confusing them and associating they're somehow related at all.

>>58057952
>This is why most backbones are a ring and not fully-meshed: A ring achieves simple redundancy with only one extra fibre.
Interesting, I didn't know this. How big of a latency between one end of the ring and the other end of the ring are we talking about? How big are they geographically? Does the ring ever get overloaded in the case of a failure?

>>58058219
I can only speak for the ISP I work for. We are a small ISP, the backbone runs through a single (albeit big) city, and the spokes in the neighboring cities connect to the nodes in the ring.
Our backbone is switched, not routed, therefore latency is quite low. Other ISPs might route and then throw MPLS over it, but other ISPs might not use a ring - I was talking about city-scale campuses.
We are using a protocol called ERP - Ethernet Ring Protection. It's a castrated version of Spanning Tree that is statically configured and promises converging times below 20ms.
Each node in the ring has an east and a west interface. We are using aggregated LACP interfaces consisting of two 10G fibres, the interfaces belonging to each aggregated one are distributed over all members of the virtual chassis consisting of up to four members.
The ring has a master node that collects status information from the nodes. If no node is down, the master will shutdown one ring port on itself.
If the master receives a message that a node went down, it will activate the port that it shut down on itself. Therefore, you always have a chain.
Newer versions of ERP support double rings and other fun stuff, but we haven't upgraded to that yet.

>>58058310
Thanks, that sounds pretty cool. How do you connect multiple cities together? (Or do you only service one city's geographic range?)

Do you use a “second ring” connecting each of the city systems into your state-wide network with a similar topology, or do you mesh those?

>>58058362
we only serve our city and some towns around.
also we own two high-security data centers (one of the most secure in our country actually), which is our main business - the network is for connecting the cities' businesses to the DC mostly.
for customers we can't reach, we got a deal with another carrier of another city and a direct handoff via a special vlan range. Also we can reach customers they can't reach, so we're good.
for customers neither can reach (we got customers all over the country), we rent a line from the big pink T who drops the lines off on a single spoke node of ours.

We actually do have a second ring in the same city. It's a legacy 1G thing that we're looking to migrate to the newer one.
The two rings both pass the Data Centers, where we just run a cable between to access ports if a customer needs this.

>>58058428
>big pink T
Deutsche Telekom?