Internet Infrastructure Decoded

The internet is not a cloud. It is not wireless. It is not immaterial. It is approximately 1.5 million kilometers of undersea fiber-optic cable, several hundred massive data centers, a handful of protocol standards maintained by a surprisingly small number of organizations, and a naming system ultimately governed by a single nonprofit in Los Angeles. The entire global communication infrastructure—every email, video call, financial transaction, military communication—depends on physical objects in physical locations with physical vulnerabilities. Understanding the internet means understanding those objects, those protocols, those chokepoints, and who controls them.

The Physical Layer: How Data Actually Moves

Data travels as pulses of light through glass fibers thinner than a human hair. A single modern fiber-optic cable carries data at speeds measured in terabits per second using wavelength-division multiplexing (WDM)—splitting a single fiber into dozens of channels, each carrying a different wavelength (color) of laser light. Total capacity of a single modern undersea cable: 200+ Tbps. Enough to transmit the entire Library of Congress in under a second.

Undersea cables: ~550 active submarine cable systems as of 2025, carrying approximately 99% of intercontinental data traffic. Satellites handle less than 1%. These cables are typically 17-21mm in diameter on the ocean floor, armored near shore, and buried where possible. They are laid and maintained by a small fleet of specialized ships. Total global submarine cable investment: ~$10 billion/year. The cables land at specific beach points called cable landing stations—there are roughly 1,200 globally. Many critical routes converge at a handful of landing points: Egypt (Suez corridor), Marseille, Mumbai, Singapore, and a few dozen others.

Terrestrial backbone: Once ashore, data travels through fiber networks owned by Tier 1 providers—companies like Lumen (formerly CenturyLink), Telia Carrier, NTT, and Arelion (formerly Telia). These carriers have peering agreements that allow traffic to traverse network boundaries. Last-mile delivery—the connection to your home or phone—uses fiber, coaxial cable, copper DSL, or wireless (cellular/Wi-Fi). The last mile is the bottleneck for most users. Core backbone links rarely saturate; your Netflix buffering problem is almost always local.

Wireless is not wireless: Cell towers connect to fiber. Wi-Fi routers connect to fiber or cable. Satellite internet (Starlink, etc.) uses ground stations connected to fiber. "Wireless" just means the last few hundred meters are radio waves. Everything else is glass and copper.

The Protocol Stack: TCP/IP, DNS, BGP

The internet runs on a layered protocol architecture. Each layer handles one job and passes data to the next.

• Physical layer: Fiber optics, copper, radio waves. Moves raw bits.
• Link layer (Ethernet, Wi-Fi): Moves frames between directly connected devices. MAC addresses, error detection.
• Network layer (IP): Addresses packets and routes them across networks. Every device gets an IP address (IPv4: 32-bit, ~4.3 billion addresses, exhausted; IPv6: 128-bit, effectively unlimited). IP is connectionless—each packet is routed independently. No guarantee of delivery, order, or integrity.
• Transport layer (TCP/UDP): TCP adds reliability—sequencing, acknowledgment, retransmission, flow control. UDP sacrifices reliability for speed—used for streaming, gaming, DNS queries. TCP is what makes "the internet works" feel seamless—it handles the chaos of packet loss and reordering invisibly.
• Application layer (HTTP, SMTP, DNS, etc.): What users actually interact with. HTTP/HTTPS for web, SMTP for email, DNS for name resolution.

BGP (Border Gateway Protocol): The routing protocol that holds the internet together. The internet is not one network—it's ~75,000 Autonomous Systems (ASes), each independently operated. BGP is how these ASes announce which IP address ranges they control and negotiate routes between each other. BGP is trust-based: an AS can announce any route, and neighbors generally believe it. This makes BGP hijacking—where an AS falsely announces ownership of someone else's IP range, rerouting their traffic—a persistent vulnerability. Major BGP incidents: Pakistan accidentally hijacked YouTube globally in 2008; Russian networks have repeatedly hijacked traffic from financial and government targets. BGP has no built-in authentication. RPKI (Resource Public Key Infrastructure) is being deployed as a fix, but adoption is slow and incomplete.

The Naming System: DNS and ICANN

The Domain Name System (DNS) translates human-readable names (google.com) into IP addresses (142.250.80.46). DNS is hierarchical: root servers → top-level domain servers (.com, .org, country codes) → authoritative nameservers for individual domains.

Root servers: 13 root server identities (A through M), operated by 12 organizations including the U.S. Department of Defense, NASA, Verisign, and ICANN itself. These 13 identities are distributed across ~1,700+ physical instances globally via anycast routing (same IP address, multiple physical locations—traffic goes to the nearest one). Root servers are the foundation of the naming hierarchy. If they all went down simultaneously, DNS resolution would begin failing within hours as caches expired. In practice, this has never happened—the system is highly redundant.

ICANN (Internet Corporation for Assigned Names and Numbers): A nonprofit headquartered in Los Angeles that coordinates the global DNS root, IP address allocation, and protocol parameter assignment. ICANN was created in 1998 under a contract with the U.S. Department of Commerce. Until 2016, the U.S. government retained contractual oversight of the root zone through the IANA (Internet Assigned Numbers Authority) function. In October 2016, this oversight was transferred to a multi-stakeholder governance model within ICANN. The U.S. no longer has formal control—but ICANN remains incorporated under California law, subject to U.S. jurisdiction. This structural fact gives the U.S. residual leverage over the naming system that other nations find uncomfortable.

IP address allocation: ICANN delegates to five Regional Internet Registries (RIRs): ARIN (North America), RIPE NCC (Europe/Middle East/Central Asia), APNIC (Asia-Pacific), LACNIC (Latin America), AFRINIC (Africa). These allocate address blocks to ISPs and organizations. IPv4 address space is effectively exhausted—the aftermarket price for IPv4 addresses has climbed to $30-50 per address.

Content Delivery: CDNs and Edge Computing

When you watch Netflix, the video doesn't stream from a single server in California. It streams from one of Netflix's Open Connect Appliances—custom servers physically installed in your ISP's data center or a nearby Internet Exchange Point. Netflix has ~18,000+ of these appliances deployed in ~6,000 locations across ~175 countries. During off-peak hours, popular content is pre-loaded to local caches. Your "stream" travels maybe 50 kilometers, not 5,000.

CDNs (Content Delivery Networks): The same principle generalized. Cloudflare, Akamai, Fastly, and Amazon CloudFront maintain global networks of edge servers that cache and serve content close to users. Cloudflare alone operates in 310+ cities across 120+ countries. CDNs reduce latency (speed of light is fast but finite—light takes ~67ms to cross the Atlantic in fiber, and real latency is higher due to routing, processing, and protocol overhead), reduce backbone congestion, and absorb DDoS attacks by distributing load.

Edge computing: Extension of the CDN principle—move computation, not just content, closer to the user. Cloudflare Workers, AWS Lambda@Edge, and similar services run code at edge locations. Useful for anything latency-sensitive: real-time bidding (ad auctions in <100ms), IoT processing, game state management. The trend is toward pushing more processing out of centralized data centers and into distributed edge nodes.

Cloud Computing: What It Actually Is

"The cloud" is someone else's computer. More precisely: it's rented time on servers in data centers owned by a handful of companies. Three providers dominate: Amazon Web Services (AWS, ~31% market share), Microsoft Azure (~25%), Google Cloud Platform (GCP, ~11%). Together they control roughly two-thirds of the global cloud infrastructure market.

Physical reality: AWS alone operates 100+ data centers across 33 geographic regions. A single large data center may contain 50,000-80,000 servers, consume 30-100+ MW of electricity, and require millions of gallons of water per day for cooling. The cloud's environmental footprint is substantial—hyperscale data centers collectively consume ~1-2% of global electricity and growing, with AI training driving rapid increases.

Concentration risk: A significant fraction of the internet depends on AWS. When AWS's us-east-1 region experienced an outage in December 2021, it took down large portions of Disney+, Slack, Venmo, Roomba vacuums, Ring doorbells, and even some Amazon warehouse operations. This concentration creates systemic fragility. The same companies that provide cloud infrastructure also compete with their customers—Amazon operates the largest e-commerce platform while selling infrastructure to other e-commerce companies. This structural conflict of interest is an ongoing regulatory concern.

Chokepoints: Where the Internet Is Fragile

The internet was designed to route around damage (a legacy of ARPANET's military origins). In practice, traffic concentrates at chokepoints that create single or few points of failure.

• Submarine cable landings: Egypt's Mediterranean coast carries ~17% of global internet traffic through a narrow corridor near Alexandria and Suez. In 2013, three divers were arrested cutting a cable off Alexandria. In February 2024, Houthi-related activity damaged multiple cables in the Red Sea. The Strait of Malacca, the Strait of Luzon, and the English Channel are similarly concentrated.
• Internet Exchange Points (IXPs): Physical locations where networks interconnect. The largest—DE-CIX Frankfurt, AMS-IX Amsterdam, LINX London—each handle peak traffic of 10+ Tbps. IXPs are efficient (direct peering is cheaper and faster than transit) but create geographic concentration. A physical attack or power failure at a major IXP would cause significant regional disruption.
• DNS root infrastructure: While geographically distributed via anycast, the 13 root identities and the organizations operating them represent a logical concentration. A coordinated attack on root DNS would be extraordinarily difficult but theoretically devastating.
• TLS certificate authorities (CAs): HTTPS—the encryption layer protecting nearly all web traffic—depends on certificate authorities. A compromise of a major CA (like the DigiNotar breach in 2011 or the Symantec trust revocation in 2018) undermines the entire web security model. Let's Encrypt alone issues certificates for ~300 million websites.
• BGP single points: Tier 1 networks are few. Route leaks or hijacks by a major provider (as when Facebook's BGP withdrawal took itself completely offline for ~6 hours in October 2021) demonstrate how concentrated routing decisions are.

Surveillance Infrastructure: What's Visible at Each Layer

Every layer of the internet stack exposes different information to different observers.

Physical layer: Fiber-optic cables can be tapped. The NSA's PRISM and Upstream programs (revealed by Edward Snowden in 2013) included direct taps on submarine cable landing points and backbone fiber. The UK's GCHQ operated TEMPORA—a program that buffered all traffic crossing certain cables for three days of full content and 30 days of metadata. Cable tapping requires physical access but is undetectable by the end user.

Network layer: IP addresses are visible to every router in the path. Metadata—who is communicating with whom, when, for how long, and how much data—is visible even when content is encrypted. Metadata analysis is extraordinarily powerful. Former NSA director Michael Hayden stated: "We kill people based on metadata."

DNS layer: Traditional DNS queries are unencrypted plaintext. Your ISP (and anyone between you and the DNS resolver) can see every domain you look up. DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) encrypt queries but shift trust from ISPs to resolver operators (often Google or Cloudflare). You don't eliminate surveillance—you choose who surveils you.

Application layer: HTTPS encrypts content in transit. But endpoints see everything—the server you connect to sees your requests in full. Cloud providers hosting those servers can access the data at rest. Email stored in Gmail is accessible to Google. Files in Dropbox are accessible to Dropbox. End-to-end encryption (Signal, iMessage, WhatsApp) is the exception—the provider can't read the content. This is why governments repeatedly push for "lawful access" backdoors to E2EE, and why cryptographers consistently warn that backdoors cannot be limited to lawful use.

Structural reality: The architecture of the internet makes comprehensive surveillance technically straightforward for any actor with access to backbone infrastructure or major platforms. Privacy depends not on the network's design but on encryption deployed at the application layer—and that encryption exists only because specific people fought to keep it legal and accessible.

Fragmentation Risk: The Splinternet

The internet was built on the assumption of a single, global, interoperable network. That assumption is breaking down.

China's Great Firewall: The most mature model of internet fragmentation. Deep packet inspection, DNS poisoning, IP blacklisting, VPN detection, and mandatory real-name registration. Google, Facebook, Twitter, Wikipedia, and thousands of other sites are blocked. Domestic alternatives (Baidu, WeChat, Weibo, Douyin) create a parallel information ecosystem under state control. Approximately 1 billion users operate within this system. The technical infrastructure works—it demonstrates that a national internet boundary is feasible at scale.

Russia's RUNET sovereignty: Russia's 2019 "Sovereign Internet" law mandated the ability to disconnect the Russian internet from the global network. TSPU (Technical Measures for Countering Threats) equipment—deep packet inspection boxes—has been deployed at ISPs and exchange points. Russia has tested disconnection drills. Following the 2022 invasion of Ukraine, Russia accelerated domestic internet control: blocking VPNs, restricting access to Western social media, and expanding content filtering. Russia's approach is less comprehensive than China's but is rapidly evolving.

Broader trend: India has repeatedly imposed internet shutdowns in Kashmir and during protests—over 700 shutdowns between 2012-2023, more than any other country. Iran built its National Information Network (SHOMA/NIN) as a domestic alternative. The EU's GDPR and Digital Services Act create regulatory boundaries around data flows. The U.S. has banned TikTok's parent company from operating in the country (effective 2025). Even democratic nations are establishing digital borders—not through firewalls but through regulation, data localization requirements, and content mandates.

Splinternet trajectory: The trend is toward a world of interconnected but nationally regulated networks rather than one open global internet. The technical underpinnings (BGP, DNS, TCP/IP) still interoperate, but the policy, content, and access layers are diverging. Three emerging blocs: the U.S.-aligned open internet (with increasing surveillance and platform regulation), the Chinese model (state-controlled, parallel services, firewall enforced), and a messy middle of countries borrowing from both approaches. The original vision of a borderless, ungovernable network is already gone. The question is how far the fragmentation goes.

How I Decoded This

Traced the physical path of data from the photon in the fiber to the pixel on the screen, mapping the infrastructure, protocols, governance, and vulnerability at each layer. Cross-referenced submarine cable databases (TeleGeography), ICANN governance documents, BGP routing data (RIPE RIS, RouteViews), cloud market share analyses (Synergy Research, Gartner), Snowden archive revelations (as documented by The Intercept and The Guardian), and Freedom House's annual internet freedom assessments. The core insight: the internet is not a cloud or an abstraction—it is a physical system with physical owners, physical chokepoints, and physical vulnerabilities. Understanding who controls the infrastructure is essential to understanding who controls the information. The architecture determines the power structure.

— Decoded by DECODER.