So far in this series, we’ve built a local network. Machines can talk to each other inside your home. The switch knows where everyone is. Ethernet frames find their destination.
But the moment you want to reach something outside that local network a server in another country, a website hosted on another continent everything we’ve built so far is completely useless.
Your switch doesn’t know about servers in Tokyo. Your MAC address means nothing to a router in Frankfurt. The Ethernet frame structure was designed for local communication, not global routing. For that, an entirely different layer is needed.
And the people who designed it had a very good reference point to work from: the postal system.
If You Understand the Post Office, You Understand the Internet
Think about how a letter gets delivered. You don’t hand your postman an envelope with just a name on it and expect him to find the person. You write an address structured, hierarchical, progressively specific.
The country routes it to the national postal network. The national network looks at the region and passes it down. The regional network hands it to the city. The city delivers it to the street. The street to the building. The building to the person.
No single part of this system needs to know the entire world. The national postal service just needs to know which countries exist and how to hand off to each one’s network. Each level handles its own scope. The complexity is distributed.
The internet is built exactly the same way. Replace “postal networks” with Autonomous Systems and you have the architecture of the internet.
Autonomous Systems: The Building Blocks of the Internet
An Autonomous System, or AS, is a network under a single administrative authority. That typically means an internet service provider, a large company, a university, or a government body.
Each AS gets a unique number an ASN and a range of IP addresses it’s authorized to use. Within its own boundaries, the AS routes traffic however it wants. What matters externally is how it connects to other Autonomous Systems.
These connections form a hierarchy, loosely divided into three tiers.
Tier 1 is the backbone. These are the networks so large and so interconnected that they can reach any point on the internet without paying anyone for transit. AT&T, Orange, NTT, Cogent these are the Tier 1 networks. They own the long-haul infrastructure: the submarine cables on the ocean floor, the terrestrial fiber spanning continents. They exchange traffic with each other freely through agreements called peering essentially “you carry my traffic, I’ll carry yours.”
Tier 2 sits below that. These are the national ISPs the ones most consumers actually deal with. Free, SFR, Deutsche Telekom, Comcast. They can peer with each other for free when it makes sense, but when they need to route traffic through a Tier 1 network, they pay transit fees.
Tier 3 is smaller still regional ISPs, companies, universities. They typically pay a Tier 2 or Tier 1 provider for all their transit. Your home network, technically, sits inside a Tier 3 or Tier 2 AS.
Data traveling from your machine to a server on another continent will pass through several of these. It leaves your local network, hits your ISP’s infrastructure, gets handed up or across to whatever AS is closest to the destination, and works its way down to the target machine.
IP Addresses: The Hierarchical Address System
For all of this routing to work, every machine needs an address that the system can navigate not just a flat identifier, but something with structure built into it.
That’s what an IP address is.
An IPv4 address is 32 bits, written as four groups of 8 bits in decimal, separated by dots. Something like 192.168.1.45. Each group ranges from 0 to 255.
The key insight is that IP addresses aren’t just random numbers assigned to random machines. They’re structured geographically and organizationally. Machines inside the same network share the same prefix, the same leading bits. The more bits they share, the closer they are in the network hierarchy.
This is formalized with CIDR notation: Classless Inter-Domain Routing. You write an IP address followed by a slash and a number, like 203.0.113.0/24. The number after the slash tells you how many bits are the network prefix shared by every machine in that block. The remaining bits identify individual machines within it.
/24 means 24 bits of prefix, leaving 8 bits for hosts up to 256 machines in that block. /16 means 16 bits of prefix, leaving 16 bits for hosts up to 65,536 machines. /8 means only 8 bits of prefix a massive block covering 16 million addresses.
The smaller the prefix number, the broader the block, the more addresses it covers.
Why This Structure Makes the Internet Scalable
Here’s the problem this solves. There are billions of machines on the internet. If every router needed a separate entry for every single IP address, routing tables would be enormous gigabytes of data just to store where to forward packets. The hardware required would be absurd, and keeping everything updated in real time would be impossible.
CIDR solves this through route aggregation.
Instead of routing to individual IPs, routers route to blocks of addresses. An AS doesn’t advertise each of its millions of customers’ IP addresses to the rest of the world. It advertises its prefix one entry and says “everything starting with these bits comes through me.”
When a packet needs to go somewhere, a router doesn’t search through billions of addresses. It finds the most specific prefix match in its table maybe a /24 that matches the destination and forwards the packet toward whoever owns that block. That AS then finds an even more specific match, and so on down the chain until the packet reaches its destination network.
Fewer table entries. Faster lookups. A network that scales to billions of devices without collapsing under its own complexity. That’s what route aggregation buys.
Why Your IP Address Reveals Where You Are
This is a side effect nobody usually explains directly.
ISPs don’t have one point of presence for an entire country. They have regional infrastructure a point of presence in Lyon, another in Marseille, another in Strasbourg. Customers who connect through the Marseille infrastructure get IP addresses from the prefix block assigned to that location.
Because the prefix is tied to a physical place, and your IP address carries that prefix, anyone who looks up your IP can make a reasonable guess about your city. They’re not hacking anything. They’re just reading the structure that’s built into the address itself.
This is how “geolocation by IP” works. It’s not particularly precise it typically gets you to city level, sometimes just region level but the mechanism is entirely transparent. Your IP prefix is publicly routed, and the routing registry records show who owns it and where their infrastructure is.
VPNs work by replacing your IP address with one from a different prefix belonging to a server somewhere else. The geolocation then reads that server’s location, not yours.
Who Manages All This?
IP address blocks don’t get handed out randomly. There’s a system.
At the top, IANA the Internet Assigned Numbers Authority oversees the entire address space. Below that, five Regional Internet Registries divide the world geographically: ARIN for North America, RIPE NCC for Europe and the Middle East, APNIC for Asia-Pacific, LACNIC for Latin America, and AFRINIC for Africa.
An ISP or large organization applies to their regional registry for an address block a prefix and gets allocated a range they can use. They can then subdivide that range further, assigning smaller prefixes to their customers or internal networks.
The same system manages AS numbers. Every Autonomous System has a number, allocated by the same registries, used to identify it in routing protocols.
The Address Shortage Problem
IPv4 addresses are 32 bits. That gives you about 4.3 billion possible addresses. In the early days of the internet, that seemed like an absurd abundance. It wasn’t.
The world ran out of unallocated IPv4 addresses around 2011. IANA distributed the last blocks to the regional registries, and the registries have been managing the scraps ever since.
The answer, in theory, is IPv6 128-bit addresses instead of 32. The number of possible IPv6 addresses is so large it’s effectively inexhaustible. You could give a unique address to every grain of sand on Earth and barely make a dent.
The transition is slow. Most of the internet still runs on IPv4 for the majority of traffic, with various stopgap measures mainly NAT, which we’ll cover in the next article keeping it functional despite the shortage. IPv6 adoption is growing, but the two systems run in parallel for now and will for years to come.
One More Thing: DNS
Before we close out this article, it’s worth addressing something that sits on top of all this IP infrastructure: the fact that you never actually type IP addresses into your browser.
You type youtube.com. Your computer types 142.250.74.110.
The translation between the two happens through DNS — the Domain Name System. It’s essentially a distributed phone book for the internet. When you type a domain name, your machine queries a DNS server — usually one provided by your ISP or a public resolver like Google’s 8.8.8.8 — and gets back the IP address associated with that name.
The domain name system is itself a hierarchical structure (noticing a pattern?) — root servers, top-level domain servers for .com or .fr, then authoritative servers for specific domains. But from your machine’s perspective, you ask a question and you get an IP address back. Everything else in this article then takes over.
