WEBVTT 1 00:00:00.040 --> 00:00:02.439 Ever sent an email, streamed a movie, or maybe just 2 00:00:02.520 --> 00:00:04.839 you know, browse to web page. It feels almost like 3 00:00:04.960 --> 00:00:07.799 magic sometimes, doesn't It Just a few taps, a few clicks, 4 00:00:07.799 --> 00:00:10.560 and boom your message or your video, It just zips 5 00:00:10.560 --> 00:00:14.960 across the globe. What's actually really happening under that digital hood. 6 00:00:15.240 --> 00:00:18.000 Well, that's exactly what we're diving into today. We're aiming 7 00:00:18.079 --> 00:00:23.079 to peel back those seemingly simple layers and really reveal 8 00:00:23.160 --> 00:00:26.559 the intricate engineering and the foundational principles that make the 9 00:00:26.600 --> 00:00:29.600 Internet actually work. It's honestly, it's far more ingenious and 10 00:00:29.879 --> 00:00:32.159 often's surprising than most people probably realize. 11 00:00:32.200 --> 00:00:35.359 Okay, And to guide us on this journey, we're leaning 12 00:00:35.439 --> 00:00:39.439 on a leading textbook on computer networking. Think of it 13 00:00:39.479 --> 00:00:42.960 as our well, our expert map for navigating this incredibly 14 00:00:43.079 --> 00:00:46.679 complex but yeah, utterly fascinating world. We're going to explore 15 00:00:46.759 --> 00:00:49.240 the protocols, these kind of hidden rules that govern how 16 00:00:49.240 --> 00:00:52.399 all that information flows, and hopefully uncover some of the 17 00:00:52.399 --> 00:00:57.159 surprising efficiency and resilience behind it all. So let's start 18 00:00:57.200 --> 00:00:59.280 right at the beginning. When we say the Internet, what 19 00:00:59.320 --> 00:01:01.200 exactly are we retre talking about? Because it's not just 20 00:01:01.240 --> 00:01:01.880 the web. 21 00:01:01.640 --> 00:01:04.319 Right, no, no, definitely not. It's much bigger than that. 22 00:01:05.560 --> 00:01:09.959 Our source defines the Internet fundamentally, not as some single thing, 23 00:01:10.319 --> 00:01:14.879 but as this vast global network of networks. So imagine 24 00:01:15.159 --> 00:01:18.920 countless individual networks like your home Wi Fi, your office network, 25 00:01:19.799 --> 00:01:22.599 university campus network, maybe all of them are connected. It's 26 00:01:22.599 --> 00:01:25.120 really built from end systems you know, your PC, your 27 00:01:25.159 --> 00:01:27.719 smartphone talking to servers, and then all these things called 28 00:01:27.760 --> 00:01:31.560 packet switches like routers that guide the information along. 29 00:01:31.760 --> 00:01:33.640 Okay, and network of networks. That makes sense. 30 00:01:33.879 --> 00:01:36.000 But if it's all these different pieces, how do they 31 00:01:36.040 --> 00:01:39.879 communicate without just digital chaos. What's the sort of fundamental 32 00:01:39.920 --> 00:01:41.480 secret sauce holding it all together. 33 00:01:41.719 --> 00:01:44.280 Yeah, that's where protocols come in. The power of protocols, 34 00:01:44.359 --> 00:01:48.280 As you might say, think of protocols as the critical 35 00:01:48.359 --> 00:01:52.359 rules of the road. They're like universal languages, allowing different machines, 36 00:01:52.400 --> 00:01:56.040 different systems to actually understand each other. Our source highlights 37 00:01:56.040 --> 00:01:59.079 two really key ones TCP, which is the transmission control protocol, 38 00:01:59.319 --> 00:02:03.480 and IP, the Internet protocol. They're so basic, so fundamental, 39 00:02:03.719 --> 00:02:06.879 we often just lump them together and say TCPIP IP. 40 00:02:07.040 --> 00:02:09.439 For example, it's kind of like the common postal address 41 00:02:09.439 --> 00:02:11.800 system for every single package of data. 42 00:02:12.120 --> 00:02:13.879 Okay, TCPIP got it. 43 00:02:14.319 --> 00:02:16.960 And here's where I think it gets really interesting, this 44 00:02:17.080 --> 00:02:19.840 idea of packet switching. I mean, most of us probably 45 00:02:19.879 --> 00:02:21.680 don't think about how our data gets sent, but it 46 00:02:21.759 --> 00:02:24.840 sounds like a pretty revolutionary shift from older systems. Can 47 00:02:24.879 --> 00:02:26.400 you maybe paint a picture of that for us? 48 00:02:26.680 --> 00:02:29.439 Absolutely? Yeah, it's a huge deal. Imagine the old telephone 49 00:02:29.479 --> 00:02:33.120 system that used something called circuit switching. When you ate 50 00:02:33.159 --> 00:02:37.680 a call, you essentially reserved a dedicated private line, a 51 00:02:37.680 --> 00:02:40.479 circuit between you and the other person, and that was 52 00:02:40.520 --> 00:02:43.199 for the entire duration of the call. Even if you 53 00:02:43.240 --> 00:02:45.360 both went silent for a minute, maybe put the phone down, 54 00:02:45.759 --> 00:02:49.680 that dedicated path, that circuit was still yours, completely idle, 55 00:02:49.960 --> 00:02:53.080 but reserved. Our source gives an example where a link 56 00:02:53.280 --> 00:02:57.879 using circuit switching might only support say ten simultaneous users, 57 00:02:58.199 --> 00:02:58.840 just ten. 58 00:02:59.319 --> 00:03:01.400 So it's like have a reserved highway lane just for 59 00:03:01.439 --> 00:03:03.360 your car, even if you're pulled over on the shoulder 60 00:03:03.360 --> 00:03:04.680 and not actually driving. 61 00:03:04.840 --> 00:03:08.280 Exactly like that. Yes, now, packet switching, it's a completely 62 00:03:08.280 --> 00:03:12.520 different philosophy, a different approach. Your data, whether it's an email, 63 00:03:12.599 --> 00:03:16.039 a video stream, a web page request, whatever, gets chopped 64 00:03:16.120 --> 00:03:19.199 up into these small independent chunks. We call them packets. 65 00:03:19.560 --> 00:03:22.560 And here's the magic bit. These packets share the same 66 00:03:22.680 --> 00:03:25.680 communication links with packets from loads of other users. 67 00:03:25.759 --> 00:03:28.479 Ah, and that's where the efficiency boost comes from, right, 68 00:03:28.560 --> 00:03:31.080 because they're not hogging the whole road anymore. 69 00:03:31.280 --> 00:03:36.199 Precisely, that sharing allows for incredible over subscription. It's much 70 00:03:36.240 --> 00:03:39.039 more efficient. So in that same example, where circuit switching 71 00:03:39.039 --> 00:03:42.719 supported what ten users, packet switching could often support more 72 00:03:42.800 --> 00:03:45.759 than three times the number of users, offering essentially the 73 00:03:45.759 --> 00:03:48.800 same kind of performance level. But the real genius, I think, 74 00:03:48.840 --> 00:03:51.639 isn't just the raw efficiency, although that's huge, it's also 75 00:03:51.680 --> 00:03:55.520 the resilience and the scalability. Think about it. If one 76 00:03:55.639 --> 00:03:59.360 path gets congested or maybe even breaks entirely, packets can 77 00:03:59.439 --> 00:04:03.560 usually just another route to their destination. This completely changed 78 00:04:04.120 --> 00:04:08.159 the economic model, the resilience model of telecommunications. We went 79 00:04:08.159 --> 00:04:11.520 from these rigid, dedicated lines to a much more flexible, 80 00:04:11.639 --> 00:04:15.039 shared and robust infrastructure. And honestly, that's what allowed the 81 00:04:15.039 --> 00:04:18.319 Internet to just grow explosively and foster all this innovation 82 00:04:18.639 --> 00:04:21.079 that circuit switching well, it just couldn't have supported. 83 00:04:21.160 --> 00:04:21.439 Wow. 84 00:04:21.560 --> 00:04:25.040 Okay, so it's this incredibly robust shared system, but it 85 00:04:25.079 --> 00:04:27.439 didn't just pop up overnight, did it. What were some 86 00:04:27.480 --> 00:04:29.120 of those crucial early steps. 87 00:04:29.519 --> 00:04:33.839 No, definitely not overnight. Our source traces its history back 88 00:04:33.959 --> 00:04:38.199 way back to pioneering work on internetworking people like Vitten 89 00:04:38.279 --> 00:04:41.800 Surf and Robert Kahn working under Darbest sponsorship. By the 90 00:04:41.920 --> 00:04:44.439 end of the nineteen seventies, the sort of conceptual groundwork 91 00:04:44.480 --> 00:04:47.120 for TCP and IP was already being laid down. Then 92 00:04:47.199 --> 00:04:50.240 the nineteen nineties that's when things really took off. That 93 00:04:50.360 --> 00:04:54.759 ushered in the big Internet explosion and commercialization ARPINET that 94 00:04:54.839 --> 00:04:57.160 was the original network, it actually ceased to exist, and 95 00:04:57.199 --> 00:05:01.920 commercial Internet service providers ISPs gradually started taking over the 96 00:05:01.959 --> 00:05:05.959 backbone traffic from the government funded networks like NSF net. 97 00:05:06.120 --> 00:05:08.639 It is a really pivotal shift, you know, from basically 98 00:05:08.639 --> 00:05:11.519 a research project to a global commercial utility. 99 00:05:11.879 --> 00:05:12.040 Right. 100 00:05:12.079 --> 00:05:14.600 The nineties were huge for that. Okay, now let's talk 101 00:05:14.600 --> 00:05:18.480 about how this massive system is actually organized. Our source 102 00:05:18.519 --> 00:05:22.199 describes the Internet's architecture as a five layer Internet architecture. 103 00:05:22.279 --> 00:05:25.240 At least from an application developers perspective, people often compare 104 00:05:25.279 --> 00:05:28.199 it to a layered cake. What's the main idea behind 105 00:05:28.279 --> 00:05:30.079 breaking it down into these distinct layers? 106 00:05:30.079 --> 00:05:30.639 Why do that. 107 00:05:30.879 --> 00:05:33.959 Yeah, the layered cake analogy is pretty good. Actually, imagine 108 00:05:33.959 --> 00:05:37.639 a really complex assembly line. Each layer is like a 109 00:05:37.680 --> 00:05:41.959 specialized team. They're responsible for just one specific part of 110 00:05:42.000 --> 00:05:46.319 the whole process, and crucially, they only really interact directly 111 00:05:46.360 --> 00:05:49.519 with the layer immediately above and immediately below them. So 112 00:05:49.639 --> 00:05:52.920 your email, for instance, starts at the top the application layer. 113 00:05:53.000 --> 00:05:55.279 That's the message itself, which you wrote. That thing gets 114 00:05:55.319 --> 00:05:58.240 passed down to the transport layer. Its job is making 115 00:05:58.279 --> 00:05:59.800 sure it gets to the right piece of software on 116 00:05:59.800 --> 00:06:03.040 the computer. Then it goes down again to the network layer, 117 00:06:03.319 --> 00:06:05.600 which figures out the best root across the whole planet, 118 00:06:06.639 --> 00:06:08.720 and so on down the sack. This sort of division 119 00:06:08.759 --> 00:06:12.480 of labor makes the whole system incredibly robust, much easier 120 00:06:12.480 --> 00:06:16.319 to manage, and it allows for innovation at one layer 121 00:06:16.360 --> 00:06:19.560 without necessarily breaking all the others. The application architecture, you know, 122 00:06:19.600 --> 00:06:22.000 the stuff you actually see and interact with that's built 123 00:06:22.040 --> 00:06:24.199 on top of this fixed network architecture underneath. 124 00:06:24.199 --> 00:06:26.759 Okay, layers make sense. Starting at the top, then the 125 00:06:26.800 --> 00:06:29.800 application layer, This is the stuff we actually see and 126 00:06:29.879 --> 00:06:32.879 interact with every day, browsing the web, sending emails, that 127 00:06:32.959 --> 00:06:35.680 kind of thing, and the web of course runs on HTTP. 128 00:06:36.560 --> 00:06:41.360 What makes HTTP so fundamental to well our whole web experience? 129 00:06:41.639 --> 00:06:45.399 Right, HTTP hypertext Transfer protocol. It's basically the language of 130 00:06:45.399 --> 00:06:49.120 the web. When you request a web page, HTTP uses 131 00:06:49.160 --> 00:06:53.000 something called persistent connections. What that means is your browser 132 00:06:53.000 --> 00:06:55.800 can keep a single connection open to the server and 133 00:06:55.879 --> 00:06:58.480 use it to fetch multiple things like the main web 134 00:06:58.480 --> 00:07:01.560 page HTML. Then it's in images, it's style sheets, maybe 135 00:07:01.560 --> 00:07:04.120 some scripts, all without having to set up a brand 136 00:07:04.199 --> 00:07:07.160 new connection for every single little file. It can even 137 00:07:07.199 --> 00:07:10.079 do something called pipelining, where it sends multiple requests back 138 00:07:10.120 --> 00:07:12.000 to back without even waiting for the first reply to 139 00:07:12.000 --> 00:07:13.639 come back. Makes things faster. 140 00:07:13.879 --> 00:07:15.959 And what's kind of wild is how simple it seems 141 00:07:16.079 --> 00:07:19.399 underneath it all. Right, our source actually says HTTP request 142 00:07:19.480 --> 00:07:21.560 messages are just ordinary ASKI text. 143 00:07:21.959 --> 00:07:25.800 Yeah, that's one of its uh elegant features. I suppose 144 00:07:25.839 --> 00:07:28.439 it's design to be readable boost by someone who's reasonably 145 00:07:28.439 --> 00:07:33.120 computer savvy. These requests, they contain a method like get T, 146 00:07:33.360 --> 00:07:35.959 which just means please give me this thing than the 147 00:07:36.120 --> 00:07:37.800 URL the address of the thing you want, and the 148 00:07:37.959 --> 00:07:41.079 HTTP version being used. And then there can be additional 149 00:07:41.079 --> 00:07:43.639 info in what are called header lines. It's essentially just 150 00:07:43.680 --> 00:07:45.600 a clear written instruction to the server. 151 00:07:45.920 --> 00:07:49.800 Speaking of instructions, cookies, those little bits of data. They've 152 00:07:49.839 --> 00:07:52.199 always fascinated me because they enable so much of our 153 00:07:52.240 --> 00:07:55.959 personalized web experience, you know, log ins, shopping carts. 154 00:07:56.560 --> 00:07:58.439 But how do they actually work behind the scenes. 155 00:07:58.439 --> 00:07:59.399 What's the mechanism? 156 00:07:59.639 --> 00:08:02.839 Cookie? These are surprisingly clever for something so seemingly small. 157 00:08:03.600 --> 00:08:07.399 Our source breaks them down nicely into four main components. First, 158 00:08:07.600 --> 00:08:10.439 there's a special line in the HTTP response message coming 159 00:08:10.439 --> 00:08:13.040 from the server that basically says, hey, browser, here's a 160 00:08:13.079 --> 00:08:16.480 cookie for you. It sets the cookie. Second, there's a 161 00:08:16.519 --> 00:08:20.639 line in subsequent HTTP request messages going to the server 162 00:08:20.879 --> 00:08:23.680 where your browser sends it back saying, hey server, remember me, 163 00:08:23.759 --> 00:08:27.560 here's that cookie you gave me. Third, there's a small 164 00:08:27.600 --> 00:08:30.920 file actually stored on your computer, managed by your browser, 165 00:08:30.959 --> 00:08:34.360 where these little cookie values are kept. And fourth, there's 166 00:08:34.440 --> 00:08:37.440 usually a back end database at the website itself where 167 00:08:37.440 --> 00:08:40.720 the server links that cookie id to your information. So 168 00:08:40.759 --> 00:08:43.679 this whole system allows websites to well remember who you are, 169 00:08:43.799 --> 00:08:46.600 maybe keep you logged in, track your shopping cart contents, 170 00:08:46.679 --> 00:08:49.679 or personalized ads, all by associating that little cookie with 171 00:08:49.759 --> 00:08:51.360 your previous activity on their site. 172 00:08:51.399 --> 00:08:55.919 That's a fantastic example of those hidden layers doing complex work. Okay, 173 00:08:55.960 --> 00:08:57.480 so let's move down the stack a bit to the 174 00:08:57.480 --> 00:09:02.320 transport layer. Our source says it codes logical communication between 175 00:09:02.360 --> 00:09:06.759 application processes. From an applications point of view, What does 176 00:09:06.799 --> 00:09:08.759 that really mean, what's the experience? 177 00:09:09.360 --> 00:09:11.840 What it means is that the transport layer basically creates 178 00:09:11.840 --> 00:09:15.480 this illusion, an illusion that application process is running on 179 00:09:15.519 --> 00:09:18.960 different computers, different hosts, even if they're on opposite sides 180 00:09:19.000 --> 00:09:21.600 of the planet, are directly connected, like they're having a 181 00:09:21.639 --> 00:09:26.080 private one on one conversation just between them. It effectively 182 00:09:26.200 --> 00:09:30.240 hides or abstracts away all the messy physical details of 183 00:09:30.279 --> 00:09:33.759 the actual network in between all the routers, the cables, 184 00:09:33.840 --> 00:09:36.799 the wireless signals, everything. It's kind of like having a 185 00:09:36.840 --> 00:09:39.679 postal service that guarantees delivery to the specific person you 186 00:09:39.679 --> 00:09:42.120 address the letter to, not just dumping it at the 187 00:09:42.120 --> 00:09:43.000 front door of the building. 188 00:09:43.080 --> 00:09:44.159 Ah okay. 189 00:09:44.399 --> 00:09:47.879 And this is where TCP's famous reliability comes into play, 190 00:09:47.919 --> 00:09:50.360 isn't it. Because down at the lower levels, the Internet 191 00:09:50.360 --> 00:09:53.799 itself can be a pretty unreliable place. Packets can get lost, 192 00:09:53.840 --> 00:09:56.279 they can get duplicated, maybe arrive out of order. 193 00:09:56.399 --> 00:09:59.600 It's exactly right. The underlying IP layer, the network layer, 194 00:10:00.120 --> 00:10:03.440 is inherently unreliable. It makes what we call a best 195 00:10:03.559 --> 00:10:08.720 effort delivery, but no guarantees. But TCP huh. TCP takes 196 00:10:08.720 --> 00:10:12.639 that unreliable service and magically transforms it into a robust, 197 00:10:12.840 --> 00:10:16.720 reliable data transfer service for the application above it. It 198 00:10:16.759 --> 00:10:19.279 achieves this through a whole suite of clever mechanisms. It 199 00:10:19.360 --> 00:10:21.639 uses sequence numbers to keep track of the data order, 200 00:10:21.679 --> 00:10:25.240 making sure everything gets reassembled correctly. It uses acknowledgments or 201 00:10:25.279 --> 00:10:28.440 ACKs to confirm that data segments have been received successfully, 202 00:10:28.720 --> 00:10:31.960 and it uses timers. If an ACK isn't received back 203 00:10:31.960 --> 00:10:34.480 within a certain time, TCP assumes the pack it got 204 00:10:34.519 --> 00:10:38.519 lost and retransmits it. It's constantly checking, confirming, and resending 205 00:10:38.519 --> 00:10:41.240 if needed, until it's sure all the data has arrived 206 00:10:41.240 --> 00:10:42.559 correctly and in the right order. 207 00:10:42.799 --> 00:10:46.799 And TCP also does something called congestion control. That sounds important. 208 00:10:46.799 --> 00:10:49.759 It feels almost like the Internet social contract, maybe making 209 00:10:49.759 --> 00:10:52.200 sure one greedy user doesn't just hog all the bandwidth. 210 00:10:52.320 --> 00:10:55.080 That's actually a perfect way to describe it, a social contract. 211 00:10:55.919 --> 00:11:00.600 TCP's congestion control is designed precisely to prevent any connection 212 00:11:00.639 --> 00:11:05.679 from just completely swamping the links overwhelming the network. It 213 00:11:05.720 --> 00:11:09.080 works to ensure a relatively fair sharing of bandwidth across 214 00:11:09.120 --> 00:11:11.960 all the connections using that part of the network. If 215 00:11:12.000 --> 00:11:15.080 a TCP connection starts to sense congestion, maybe by seeing 216 00:11:15.159 --> 00:11:18.200 packets get dropped or noticing that round trip times are increasing, 217 00:11:18.360 --> 00:11:21.039 it will actually slow down as sending rate voluntarily. It's 218 00:11:21.080 --> 00:11:24.159 a cooperative mechanism really designed to keep the overall network 219 00:11:24.159 --> 00:11:26.320 stable and performing well for everyone using it. 220 00:11:26.559 --> 00:11:29.200 That sounds like a major difference compared to UDP, the 221 00:11:29.279 --> 00:11:31.080 other main transport protocol, right. 222 00:11:31.080 --> 00:11:35.559 Oh, absolutely a huge difference. UDP, the User Datagram Protocol, 223 00:11:35.639 --> 00:11:38.879 is the polar opposite in many ways. It's connectionless, meaning 224 00:11:38.879 --> 00:11:42.039 there's no setup handshake like tcps, and crucially it has 225 00:11:42.039 --> 00:11:45.919 no built in congestion control our sources. UDP does just 226 00:11:45.960 --> 00:11:48.679 about as little as a transport protocol can do. It's 227 00:11:48.879 --> 00:11:51.919 very simple, very minimal overhead. It basically just takes the 228 00:11:51.960 --> 00:11:54.440 application's data, slaps on a header, and throws the resulting 229 00:11:54.440 --> 00:11:57.559 packet onto the network, hoping for the best. No guarantees, 230 00:11:57.559 --> 00:12:01.440 no retransmissions, no flow control. This simplicity makes it useful 231 00:12:01.480 --> 00:12:04.120 for certain things like quick DNAs lookups, where speed matters 232 00:12:04.480 --> 00:12:07.240 and a lost packet isn't catastrophic, or maybe real time 233 00:12:07.240 --> 00:12:10.919 gaming where slightly old data is useless. Anyway, but our 234 00:12:10.960 --> 00:12:14.120 source does highlight a key controversy here. Running high band 235 00:12:14.120 --> 00:12:17.399 with multimedia applications like video streaming purely over UDP, well, 236 00:12:17.559 --> 00:12:20.120 that can be problematic. It can result in high loss 237 00:12:20.200 --> 00:12:22.399 rates for the UDP stream itself, and it can even 238 00:12:22.480 --> 00:12:25.600 end up crowding out of TCP sessions. Why because the 239 00:12:25.639 --> 00:12:28.799 UDP centers, unlike TCP, won't back off when the network 240 00:12:28.799 --> 00:12:32.840 gets congested. They just keep blasting data, acting like a 241 00:12:32.919 --> 00:12:35.879 rude guest at a crowded party, taking more than their. 242 00:12:35.759 --> 00:12:38.919 Fair share, right, the rude guest protocol? I like that. 243 00:12:39.440 --> 00:12:41.679 Okay, so TCP is making sure the data gets there 244 00:12:41.720 --> 00:12:46.279 reliably and fairly. But how does that data actually know 245 00:12:46.360 --> 00:12:50.559 which way to go across this gigantic network of networks. 246 00:12:50.600 --> 00:12:53.039 That sounds like the job of the next layer down, 247 00:12:53.080 --> 00:12:55.840 the network layer. You called it the Internet's GPS earlier. 248 00:12:55.879 --> 00:12:58.600 That's a great analogy. Yeah, the network layer is all 249 00:12:58.639 --> 00:13:02.240 about navigation, And here we make an important distinction between 250 00:13:02.240 --> 00:13:07.679 two related concepts, forwarding and routing. Forwarding is the immediate 251 00:13:07.840 --> 00:13:10.600 local action a router takes. It gets a packet on 252 00:13:10.600 --> 00:13:13.320 one of its input links, looks up the destination address 253 00:13:13.360 --> 00:13:15.799 in a table, and quickly moves that packet to the 254 00:13:15.840 --> 00:13:18.360 correct output link. It's like a traffic cop at a 255 00:13:18.399 --> 00:13:22.840 single intersection, just directing cars based on their immediate destination. Routing, 256 00:13:22.919 --> 00:13:25.000 on the other hand, that's the bigger picture. It's about 257 00:13:25.039 --> 00:13:28.039 the algorithms and protocols that run across the entire network 258 00:13:28.159 --> 00:13:31.200 to determine the good paths or routes that packets should take. 259 00:13:31.840 --> 00:13:35.440 Routing effectively builds those traffic maps the forwarding tables that 260 00:13:35.480 --> 00:13:37.799 thought outers then use for their quick forwarding decisions. 261 00:13:37.919 --> 00:13:40.879 And the fundamental address used for this global navigation is 262 00:13:40.919 --> 00:13:42.039 the IP address. 263 00:13:41.759 --> 00:13:45.360 Right Exactly, every interface, every connection point on every device 264 00:13:45.399 --> 00:13:48.799 connected to the Internet, your laptop's Wi Fi card, a 265 00:13:48.840 --> 00:13:53.080 server's network port, a router's interface needs a globally unique 266 00:13:53.120 --> 00:13:55.600 IP address, at least public one if it's directly on 267 00:13:55.600 --> 00:13:59.720 the Internet. These addresses are assigned hierarchically. Think of it 268 00:13:59.759 --> 00:14:04.519 like geographical addresses with countries, states, cities, streets. We use 269 00:14:04.559 --> 00:14:08.200 a system called classless intra domain routing or CIDR, which 270 00:14:08.240 --> 00:14:10.519 you see written as that ABC dot d X notation 271 00:14:10.919 --> 00:14:12.559 like one nine two point one six eight or one 272 00:14:12.559 --> 00:14:15.559 point zero two four. That X part defines the size 273 00:14:15.559 --> 00:14:18.679 of the network block. This hierarchical structure is key to 274 00:14:18.759 --> 00:14:21.759 making routing efficient. A router doesn't need a specific entry 275 00:14:21.759 --> 00:14:23.919 for every single address on the planet. It just needs 276 00:14:23.960 --> 00:14:26.639 to know which larger block and address belongs to and 277 00:14:26.679 --> 00:14:28.840 which direction to send packets for that block. 278 00:14:29.360 --> 00:14:31.320 Okay, hierarchical addressing makes sense. 279 00:14:31.480 --> 00:14:33.879 And speaking of IP addresses, you mentioned something earlier in 280 00:14:33.879 --> 00:14:35.399 that network address translation. 281 00:14:35.480 --> 00:14:36.279 You said it was clever. 282 00:14:36.600 --> 00:14:39.120 How does that actually let all the devices in my home, 283 00:14:39.240 --> 00:14:41.600 you know, my laptop, my phone, the smart TV all 284 00:14:41.600 --> 00:14:44.440 shared just one single public IP address from my ISP 285 00:14:44.960 --> 00:14:45.240 on that. 286 00:14:45.600 --> 00:14:49.080 Yes, it's genuinely fantastic, a really clever piece of engineering 287 00:14:49.360 --> 00:14:52.200 born partly out of necessity as we started running out 288 00:14:52.200 --> 00:14:56.159 of the original IPv for addresses. Think of your home router. 289 00:14:56.240 --> 00:14:58.799 The box your ISP probably gave you is acting like 290 00:14:58.799 --> 00:15:01.559 a kind of concierge reptionists for your local home network. 291 00:15:02.039 --> 00:15:05.320 All your devices inside your home, the laptop, phone, TV, 292 00:15:05.519 --> 00:15:08.000 maybe a gaming console, they each get a private IP address. 293 00:15:08.440 --> 00:15:10.519 These are addresses like one nine two point one six 294 00:15:10.679 --> 00:15:13.360 eight point one, one, zero, which are only unique within 295 00:15:13.399 --> 00:15:15.639 your home network. Now, when one of those devices wants 296 00:15:15.639 --> 00:15:17.679 to send a packet out to the public Internet, it 297 00:15:17.720 --> 00:15:20.399 first goes to your gnat router. The gnat router then 298 00:15:20.440 --> 00:15:23.399 cleverly rewrites the source IP address on that packet, changing 299 00:15:23.399 --> 00:15:26.279 it from the private internal address to your single globally 300 00:15:26.360 --> 00:15:29.000 unique public IP address, the one signed by your ISP. 301 00:15:29.320 --> 00:15:31.679 It also usually rewrites the source port number. It keeps 302 00:15:31.720 --> 00:15:34.840 a table remembering, okay, internal device X using internal port 303 00:15:35.000 --> 00:15:37.720 Y sent this packet out using public port Z. Then 304 00:15:37.799 --> 00:15:39.879 when the response comes back from the Internet addressed to 305 00:15:39.919 --> 00:15:43.399 your public IP and that specific public port Z, the 306 00:15:43.480 --> 00:15:46.559 gnat router looks up at the table sees ah that 307 00:15:46.639 --> 00:15:49.639 corresponds to internal device X on port Y, rewrites the 308 00:15:49.639 --> 00:15:52.559 destination IP import back to the private ones and forwards 309 00:15:52.600 --> 00:15:54.919 the packet to the correct device inside your home. It's 310 00:15:54.960 --> 00:15:58.320 incredibly efficient. Our source notes that allows a single public 311 00:15:58.399 --> 00:16:03.720 wan side IP address to support over sixty thousand simultaneous connections. Potentially, 312 00:16:04.039 --> 00:16:06.639 it was absolutely crucial for scaling the Internet within homes 313 00:16:06.679 --> 00:16:07.600 and small businesses. 314 00:16:07.679 --> 00:16:10.759 Wow, okay, that is clever. That really paints a picture 315 00:16:10.759 --> 00:16:12.919 of how my home network actually connects to the wider 316 00:16:13.000 --> 00:16:16.759 world a train trace. A slightly more involved but still 317 00:16:16.919 --> 00:16:20.759 super common everyday scenario when I boot my laptop, Right, 318 00:16:21.120 --> 00:16:22.960 how does it even get an ipodress in the first 319 00:16:22.960 --> 00:16:25.320 place so it can start browsing the Internet? And how 320 00:16:25.360 --> 00:16:27.519 do all these layers kind of work together for dispatching 321 00:16:27.559 --> 00:16:28.360 a simple web page? 322 00:16:28.559 --> 00:16:29.200 Right? Good question. 323 00:16:29.240 --> 00:16:31.519 It's quite an intricate little dance that happens almost instantly. 324 00:16:31.600 --> 00:16:34.039 So when your laptop first boots up and connects to 325 00:16:34.039 --> 00:16:36.320 the network, say via Wi Fi, it doesn't have an 326 00:16:36.320 --> 00:16:38.159 IP address yet. It needs one, so the first thing 327 00:16:38.159 --> 00:16:40.679 it typically does is broadcast a special message onto the 328 00:16:40.679 --> 00:16:44.919 local network. This is a DHCP discover message DHCP sends 329 00:16:44.919 --> 00:16:48.240 for Dynamic Host Configuration Protocol. It's basically shouting out, Hello, 330 00:16:48.440 --> 00:16:49.879 is there a DHGP server out there? 331 00:16:49.879 --> 00:16:50.840 I need an IP address? 332 00:16:51.159 --> 00:16:54.039 I mean your home rotor usually has a DHCHGPP server 333 00:16:54.080 --> 00:16:57.240 running on it. Here's this broadcast discovered message. The rotter 334 00:16:57.279 --> 00:16:59.559 then looks at this pool of available private LP addresses 335 00:16:59.600 --> 00:17:01.919 that it's allowed to assign. It picks one and sends 336 00:17:01.960 --> 00:17:05.039 back at DHGP offer message directly to your laptop using 337 00:17:05.039 --> 00:17:08.160 its Hondwa address. Initially, this message says, hey, laptop, I'm 338 00:17:08.160 --> 00:17:10.480 a DHCP server. How about you use this IP address, 339 00:17:10.480 --> 00:17:12.400 say one ninety two point one six eight point one 340 00:17:12.599 --> 00:17:14.640 zero one for the next twenty four hours, and here's 341 00:17:14.680 --> 00:17:17.279 the address of the gateway ROTA and the DNS server. Two. 342 00:17:18.240 --> 00:17:20.440 Your laptop perceeeds this offer and typically sends back a 343 00:17:20.680 --> 00:17:24.880 DGP request message saying okay, sounds good, I'll take that address. Finally, 344 00:17:24.920 --> 00:17:28.200 the roater sends back at DHGP ack and acknowledgment confirming 345 00:17:28.200 --> 00:17:28.720 the assignment. 346 00:17:28.880 --> 00:17:33.000 Great, that addresses yours for the least duration. And often 347 00:17:33.039 --> 00:17:36.119 this involves what our source calls a self learning switch 348 00:17:36.400 --> 00:17:39.440 inside your router. That switch quickly learns which physical port 349 00:17:39.440 --> 00:17:41.759 your laptop is connected to, even wirelessly, so it can 350 00:17:41.759 --> 00:17:45.319 deliver that final DHCP ACK directly to your laptop, not 351 00:17:45.400 --> 00:17:49.079 broadcast it unnecessarily. So now your laptop has its unique 352 00:17:49.079 --> 00:17:51.640 IP address, It knows the router's address, the gateway, and 353 00:17:51.680 --> 00:17:54.319 it knows the address of a DNS server. Then when 354 00:17:54.359 --> 00:17:57.480 you type a web address like www dot Google dot com, 355 00:17:57.680 --> 00:18:01.119 your laptop uses DNS usually over US, to ask the 356 00:18:01.200 --> 00:18:04.680 DNS server what's the IP address for www dot Google 357 00:18:04.680 --> 00:18:07.359 dot com. Once it gets the IP address back, your 358 00:18:07.359 --> 00:18:10.200 browser can initiate a TCP connection using that three way 359 00:18:10.200 --> 00:18:13.000 handshake we mentioned to Google server at that IP address. 360 00:18:13.400 --> 00:18:16.160 Once the TCP connection is established, your browser sends an 361 00:18:16.240 --> 00:18:19.400 htpadt request over that connection, asking for the web page. 362 00:18:19.680 --> 00:18:22.200 Google server sends back the web page content again using 363 00:18:22.279 --> 00:18:26.119 HTTP over TCPIP. Your browser receives it, renders it, and boom, 364 00:18:26.160 --> 00:18:28.480 you see the Google home page. It's really a beautifully 365 00:18:28.559 --> 00:18:32.720 orchestrated sequence evolving multiple protocols across multiple layers, all happening 366 00:18:32.720 --> 00:18:34.279 in fractions of a second. 367 00:18:34.400 --> 00:18:36.720 That really does make the invisible visible, doesn't it? 368 00:18:36.720 --> 00:18:40.000 Seeing how DHTP, DNS, TCP, IPHDGP all. 369 00:18:39.880 --> 00:18:43.039 Play their part just to load one page amazing. Okay, 370 00:18:43.119 --> 00:18:44.319 let's shift gears slightly. 371 00:18:44.599 --> 00:18:46.880 Let's talk about wireless networks like the Wi Fi we 372 00:18:46.920 --> 00:18:49.880 all rely on so heavily now. It feels so seamless 373 00:18:49.920 --> 00:18:52.559 most of the time, But you mentioned earlier wireless communication 374 00:18:52.640 --> 00:18:55.119 is inherently more complex than just plugging in a wire. 375 00:18:55.559 --> 00:18:57.319 Why is that? What are the main challenges? 376 00:18:57.559 --> 00:19:02.119 Yeah? Wired connections like Ethernet cables their relatively contained, shielded 377 00:19:02.200 --> 00:19:06.880 and predictable environments. Wireless, though, it's a much much trickier 378 00:19:06.960 --> 00:19:10.759 environment to communicate reliably. In your radio signals as they 379 00:19:10.759 --> 00:19:13.640 travel through the air are constantly battling a whole host 380 00:19:13.680 --> 00:19:16.640 of impairments. There's a tenuation, which just means the signal 381 00:19:16.720 --> 00:19:20.160 naturally gets weaker the further it travels, pretty intuitive. Then 382 00:19:20.160 --> 00:19:23.680 there's multipath propagation. This is where the radio signals bounce 383 00:19:23.680 --> 00:19:27.640 off walls, furniture, people, other objects, so the receiver doesn't 384 00:19:27.680 --> 00:19:30.759 just get the direct signal, it gets multiple reflected copies 385 00:19:30.880 --> 00:19:33.759 arriving at slightly different times, and these can interfere with 386 00:19:33.799 --> 00:19:37.680 each other, sometimes constructively, sometimes destructively, causing fading or distortion. 387 00:19:38.279 --> 00:19:41.400 And on top of all that, there's just omnipresent background 388 00:19:41.400 --> 00:19:45.319 noise interference from other Wi Fi networks, microwave ovens, bluetooth devices, 389 00:19:45.319 --> 00:19:47.519 cordless phones, all sorts of stuff operating in the same 390 00:19:47.559 --> 00:19:50.559 frequency bands. This is why metrics like signal to noise 391 00:19:50.640 --> 00:19:53.799 ratio or SNR and bit error rate or b error 392 00:19:53.880 --> 00:19:57.599 are so absolutely crucial for understanding and measuring wireless performance. 393 00:19:57.839 --> 00:19:59.720 It really is like trying to have a perfectly clear 394 00:19:59.720 --> 00:20:04.279 commentversation in a very noisy echoe room, much harder than 395 00:20:04.319 --> 00:20:05.880 talking through a direct private. 396 00:20:05.599 --> 00:20:08.680 Tube that makes sense a noisy echoe room. And because 397 00:20:08.720 --> 00:20:11.319 of those specific challenges, Wi Fi, which is based on 398 00:20:11.359 --> 00:20:14.400 the IEE eight to two point one standard, it has 399 00:20:14.440 --> 00:20:17.599 to use a fundamentally different approach to avoiding collisions. Right 400 00:20:18.039 --> 00:20:20.519 compared to old school wired Ethernet, How does Wi Fi 401 00:20:20.559 --> 00:20:23.440 handle that potential digital traffic jam when multiple devices want 402 00:20:23.440 --> 00:20:24.039 to talk at once. 403 00:20:24.200 --> 00:20:27.559 It's exactly It uses a mechanism called CSMSS MACACA that 404 00:20:27.640 --> 00:20:31.839 stands for Carrier Sense Multiple Access with collision Avoidance. Now 405 00:20:31.880 --> 00:20:35.720 compare that to traditional Ethernet, which used cs MAND collision detection. 406 00:20:36.240 --> 00:20:40.440 With Ethernet's collision detection, devices would basically start transmitting, but 407 00:20:40.480 --> 00:20:43.440 they'd also listen while doing so. If they detected that 408 00:20:43.519 --> 00:20:46.359 someone else started transmitting at the same time a collision, 409 00:20:46.640 --> 00:20:49.160 they'd immediately stop, send out a jam signal, wait a 410 00:20:49.240 --> 00:20:52.720 random amount of time, and then try again. Wi Fi, however, 411 00:20:52.880 --> 00:20:56.440 focuses on collision avoidance. The goal is to avoid collisions 412 00:20:56.440 --> 00:20:59.640 whenever possible in the first place, So wireless devices do 413 00:20:59.720 --> 00:21:03.279 care sense. They listen before they talk. If the channel 414 00:21:03.319 --> 00:21:06.160 the airwave seems busy, they wait, but even if it 415 00:21:06.200 --> 00:21:09.079 seems clear, they often wait a short random additional time, 416 00:21:09.240 --> 00:21:12.119 just in case someone else was about to start transmitting simultaneously, 417 00:21:12.680 --> 00:21:15.359 and Wi Fi often uses acknowledgments at the link layer two, 418 00:21:16.319 --> 00:21:18.880 The receiver sends back a quick ACK frame to confirm 419 00:21:18.880 --> 00:21:21.400 it got the data frame correctly. If the center doesn't 420 00:21:21.400 --> 00:21:24.039 get an ACK, it assumes a collision or error occurred 421 00:21:24.240 --> 00:21:28.440 and retransmits. Why the big difference why avoidance over detection? 422 00:21:28.599 --> 00:21:32.039 Well two more reasons. First, in wireless, it's very difficult 423 00:21:32.079 --> 00:21:35.039 for a device to effectively listen for collisions while it's 424 00:21:35.079 --> 00:21:38.440 transmitting it full power. Its own transmission tends to drown 425 00:21:38.480 --> 00:21:42.599 out everything else. This is sometimes called a near far problem. Second, 426 00:21:42.799 --> 00:21:45.640 even if you could detect a collision, stopping a wireless 427 00:21:45.680 --> 00:21:49.079 transmission midway is much harder and less effective than with 428 00:21:49.119 --> 00:21:53.119 wired signals. The propagation delays and reflections make it messy. 429 00:21:53.880 --> 00:21:56.599 So for Wi Fi prevention, avoiding the collision in the 430 00:21:56.599 --> 00:21:59.200 first place turns out to be much better strategy than 431 00:21:59.200 --> 00:22:02.079 trying to detect to recover from one after it's happened. 432 00:22:02.440 --> 00:22:04.359 It's all about trying to be polite and take turns 433 00:22:04.359 --> 00:22:07.079 on that shared invisible and rather noisy medium. 434 00:22:07.160 --> 00:22:08.440 Being polite on the airwaves. 435 00:22:08.519 --> 00:22:12.279 I like that Okay, let's shift gears again towards something crucial, 436 00:22:12.359 --> 00:22:15.480 security and computer networks. We kind of implicitly trust the 437 00:22:15.519 --> 00:22:17.759 Internet a lot, but we also know, as our source 438 00:22:17.759 --> 00:22:20.440 puts it, there are bad guys out there. So how 439 00:22:20.440 --> 00:22:24.240 do we actually protect our data, our identities, our systems online. 440 00:22:24.279 --> 00:22:27.200 What are the sort of foundational security requirements we need? 441 00:22:27.400 --> 00:22:30.920 That's a huge topic, obviously, but yeah, absolutely critical. The 442 00:22:31.000 --> 00:22:33.799 Internet wasn't really designed with security in mind initially, so 443 00:22:33.880 --> 00:22:35.920 we've had to bolt a lot of it on Afterwards. 444 00:22:36.359 --> 00:22:42.599 Our source outlined some key fundamental requirements for secure communication. First, confidentiality. 445 00:22:43.079 --> 00:22:46.640 This means ensuring that only the intended authorized recipient can 446 00:22:46.680 --> 00:22:52.279 actually read the message, preventing eavesdropping. Second, message integrity. This 447 00:22:52.400 --> 00:22:54.920 guarantees that the message received is exactly the same as 448 00:22:54.920 --> 00:22:57.160 the message sent, that it hasn't been tampered with or 449 00:22:57.200 --> 00:23:01.720 altered in transit. Third endpoint of emication. This is about 450 00:23:01.720 --> 00:23:04.079 proving identity. How does Bob know he's really talking to 451 00:23:04.119 --> 00:23:06.759 Alice and not an imposter and vice versa. And Fourth, 452 00:23:07.079 --> 00:23:11.039 access and availability. This means ensuring that the network services 453 00:23:11.079 --> 00:23:14.000 are actually available and accessible to legitimate users when they 454 00:23:14.039 --> 00:23:17.000 need them. Protecting against things like denial of service attacks, 455 00:23:17.240 --> 00:23:19.880 and at the core, the technological core of many of 456 00:23:19.920 --> 00:23:23.720 these protections is cryptography. The science of secret codes and 457 00:23:23.759 --> 00:23:25.960 cryptography relies heavily on the use of keys. 458 00:23:26.119 --> 00:23:26.359 Keys. 459 00:23:26.400 --> 00:23:28.839 Okay, like a literal lock and key. How does that 460 00:23:28.880 --> 00:23:31.640 concept translate into the digital world of bits and bytes. 461 00:23:31.799 --> 00:23:34.720 It's a very similar concept. Actually, yes, broadly. We talked 462 00:23:34.720 --> 00:23:37.599 about two main types of key systems. First, there are 463 00:23:37.680 --> 00:23:40.720 symmetric key systems. In this case, it's like Alice and 464 00:23:40.759 --> 00:23:44.359 Bob share an identical secret physical key. They both use 465 00:23:44.400 --> 00:23:46.960 the same secret key to encrypt the message before sending, 466 00:23:47.319 --> 00:23:49.960 and the recipient uses that exact same secret key to 467 00:23:50.079 --> 00:23:54.200 decrypt it. The security relies entirely on keeping that shared 468 00:23:54.279 --> 00:23:58.759 key absolutely secret between them. Examples include algorithms like AES 469 00:23:58.920 --> 00:24:03.359 or dies. Then there are public key systems, also called 470 00:24:03.359 --> 00:24:06.839 asymmetric cryptography. This is maybe a bit less intuitive, but 471 00:24:06.920 --> 00:24:10.039 incredibly powerful. Here, it's more like having a special kind 472 00:24:10.079 --> 00:24:13.039 of mailbox with two different keys. There's a public key, 473 00:24:13.079 --> 00:24:15.400 which is like the mail slot address. You can share 474 00:24:15.440 --> 00:24:18.160 this public key widely. Anyone can know it. People use 475 00:24:18.160 --> 00:24:20.720 your public key to encrypt messages for you, but only 476 00:24:20.759 --> 00:24:23.759 you possess a corresponding unique private key, which is the 477 00:24:23.759 --> 00:24:26.559 only key that can open the mailbox and decryptose messages. 478 00:24:26.880 --> 00:24:29.039 So anyone can send you a secure encrypted message use 479 00:24:29.119 --> 00:24:31.400 your public key, but only you with your private key 480 00:24:31.400 --> 00:24:34.519 can actually read it. Examples here include RSA and elliptic 481 00:24:34.599 --> 00:24:35.440 curve cryptography. 482 00:24:35.519 --> 00:24:38.240 Okay, public and private keys, that's clever? And how do 483 00:24:38.279 --> 00:24:41.160 we use these cryptographic ideas to ensure that a message 484 00:24:41.200 --> 00:24:44.240 hasn't been tampered with the integrity part? Or to prove 485 00:24:44.279 --> 00:24:46.079 that it really came from the person who claims to 486 00:24:46.079 --> 00:24:47.680 have scented the authentication part? 487 00:24:48.079 --> 00:24:52.359 Right? Good questions. For message integrity, simple checksums like the 488 00:24:52.400 --> 00:24:55.559 ones used in TCP and UDP can detect some accidental 489 00:24:55.680 --> 00:24:59.160 errors caused by transmission noise, but they're not secure against 490 00:24:59.200 --> 00:25:02.759 deliberate modification by an attacker. For stronger integrity, we use 491 00:25:02.799 --> 00:25:06.359 things like message authentication codes or m makus. A MAKA 492 00:25:06.519 --> 00:25:09.759 is calculated using the message content and a shared secret key. 493 00:25:10.200 --> 00:25:13.880 In symmetric systems, the receiver recalculates the EMMY using the 494 00:25:13.880 --> 00:25:16.559 same key and compares it. If they match, the message 495 00:25:16.599 --> 00:25:21.000 is likely unaltered. For even stronger guarantees, especially combining integrity 496 00:25:21.039 --> 00:25:24.559 with authentication the sender. We use digital signatures, which typically 497 00:25:24.559 --> 00:25:28.759 rely on public key cryptography. People like this. Alice writes 498 00:25:28.759 --> 00:25:31.960 a message. She then calculates a hash, a unique fingerpoint 499 00:25:32.000 --> 00:25:34.759 of that message. Then she encrypts that hash using her 500 00:25:34.799 --> 00:25:38.359 private key. This encrypted hash is the digital signature, and 501 00:25:38.400 --> 00:25:41.119 she attaches it to the message. When Bob receives the 502 00:25:41.119 --> 00:25:43.759 message and the signature, he first decrypts the signature using 503 00:25:43.759 --> 00:25:47.440 Alice's public key, which everyone knows. This reveals the original 504 00:25:47.440 --> 00:25:50.599 hash Alice calculated. Bob then calculates his own hash of 505 00:25:50.640 --> 00:25:53.440 the message he received. If his calculated hash matches the 506 00:25:53.480 --> 00:25:57.160 decrypted hash from the signature, Bob knows two things. First, 507 00:25:57.440 --> 00:26:00.519 the message hasn't been altered integrity because as the hash 508 00:26:00.559 --> 00:26:04.759 matches in Second, it definitely came from Alice authentication because 509 00:26:04.759 --> 00:26:06.799 only Alice has the private key needed to create that 510 00:26:06.880 --> 00:26:10.640 specific signature. It's like a combination of a tamperproof wax 511 00:26:10.680 --> 00:26:14.039 seal and a verified stamp of authenticity from a trusted source, 512 00:26:14.279 --> 00:26:17.119 often managed through a public key infrastructure or PKI. 513 00:26:17.440 --> 00:26:17.720 Wow. 514 00:26:17.720 --> 00:26:18.039 Okay. 515 00:26:18.119 --> 00:26:22.319 Digital signatures are powerful now thinking about practical security, especially 516 00:26:22.359 --> 00:26:25.160 when we're maybe working remotely or using public Wi Fi 517 00:26:25.319 --> 00:26:28.559 Virtual private networks or VPNs seem really important. How do 518 00:26:28.640 --> 00:26:32.559 they actually create that secure corridor, that private connection over 519 00:26:32.640 --> 00:26:35.079 the potentially insecure public Internet. 520 00:26:35.319 --> 00:26:39.039 VPNs are indeed vital for that. They typically rely on 521 00:26:39.079 --> 00:26:42.839 a suite of protocols called IPsec, which provides security at 522 00:26:42.839 --> 00:26:46.759 the network layer layer three. IPSI can operate in different modes, 523 00:26:46.799 --> 00:26:50.319 but for a typical VPN scenario connecting a remote user 524 00:26:50.359 --> 00:26:53.119 back to their company network, it often uses what's known 525 00:26:53.200 --> 00:26:57.559 as tunnel mode. Imagine the public Internet as this big busy, 526 00:26:57.839 --> 00:27:01.079 completely unsecured highway where any one can potentially see the 527 00:27:01.119 --> 00:27:04.440 traffic going by. Ip SEC in tunnel mode essentially creates 528 00:27:04.440 --> 00:27:07.759 an encrypted, secure tunnel right through that public highway. How 529 00:27:08.319 --> 00:27:10.640 it takes the original IP packet that your computer wants 530 00:27:10.680 --> 00:27:14.000 to send, which might contain sensitive company data, and it 531 00:27:14.119 --> 00:27:18.000 encrypts the entire original packet. Then it absolutes it, basically 532 00:27:18.000 --> 00:27:20.440 wraps it up inside a new IT packet. This new 533 00:27:20.480 --> 00:27:23.000 outer packet has the source address of your VPN client 534 00:27:23.240 --> 00:27:25.599 and the destination address of the VPN gateway server at 535 00:27:25.640 --> 00:27:28.200 your company. So as this outer packet travels across the 536 00:27:28.200 --> 00:27:31.759 public Internet, the original sensitive packet inside is completely scrambled 537 00:27:31.759 --> 00:27:34.839 and protected by encryption. Anyone snooping on the public network 538 00:27:34.880 --> 00:27:37.519 just sees encrypted shibbish going between your VPN client and 539 00:27:37.559 --> 00:27:40.240 the gateway. When the packet arrives at the VPN gateway, 540 00:27:40.720 --> 00:27:44.319 the gateway decrypts, it extracts the original inner packet, and 541 00:27:44.400 --> 00:27:48.079 then forwards that original packet securely onto the internal company network. 542 00:27:48.720 --> 00:27:52.519 It's a fundamental technology for enabling secure remote access and 543 00:27:52.559 --> 00:27:55.400 connecting different office sites securely over the public Internet. 544 00:27:55.480 --> 00:27:57.759 That makes a lot of sense wrapping the secure packet 545 00:27:57.839 --> 00:28:00.920 inside another one for the public journey. Okay, pulling this 546 00:28:00.960 --> 00:28:04.319 all together, all these complex systems, you know, the protocols 547 00:28:04.319 --> 00:28:07.519 like TCP, I, P h gtp d N SDHCP, the 548 00:28:07.680 --> 00:28:11.200 layers of the architecture, the security measures like encryption, digital 549 00:28:11.279 --> 00:28:14.799 signatures VPNs. It's truly, truly incredible when you stop and 550 00:28:14.799 --> 00:28:17.759 think about the layers upon layers of ingenuity that are 551 00:28:17.839 --> 00:28:21.160 underlying every single interaction we have with the Internet these days. 552 00:28:21.160 --> 00:28:24.039 I mean, from just sending a quick text message to 553 00:28:24.119 --> 00:28:27.279 streaming a huge blockbuster movie. There's this whole invisible symphony 554 00:28:27.319 --> 00:28:29.759 of protocols and systems working away behind the scenes. 555 00:28:30.000 --> 00:28:32.440 It really is staggering and you know, this journey of innovation, 556 00:28:32.599 --> 00:28:34.880 it is no over by any means. Our source actually 557 00:28:34.920 --> 00:28:37.319 shares a really inspiring vision from Bob Cohn, one of 558 00:28:37.359 --> 00:28:41.759 the Internet's pioneers. His vision looks towards the future of networking, 559 00:28:42.279 --> 00:28:45.279 moving beyond just simple pair wise conversation, you know, one 560 00:28:45.319 --> 00:28:49.440 machine talking directly to another. He envisions embracing something more 561 00:28:49.519 --> 00:28:54.200 like information propagation, much more broadly, where information flows more 562 00:28:54.240 --> 00:28:57.519 like a fluid adapting to its environment, maybe being stored 563 00:28:57.599 --> 00:29:02.240 and forwarded intelligently within the network. And he even dreams 564 00:29:02.359 --> 00:29:05.880 quite literally of an interplanetary extension of the terrestrial Internet. 565 00:29:06.480 --> 00:29:10.039 Imagine networking reaching across the Solar System, where our digital 566 00:29:10.039 --> 00:29:13.039 reach truly extends beyond our planet, maybe even out into 567 00:29:13.039 --> 00:29:13.799 the heaven someday. 568 00:29:14.039 --> 00:29:17.680 Wow, an interplanetary Internet. That's quite a thought to end on. 569 00:29:17.759 --> 00:29:19.440 So maybe the next time you click anchors and a 570 00:29:19.440 --> 00:29:21.400 message or watch a video online, let just pause for 571 00:29:21.400 --> 00:29:25.680 a second consider that invisible, incredibly complex journey your data 572 00:29:25.799 --> 00:29:29.200 is taking, traversing this vast network of networks, guided by 573 00:29:29.200 --> 00:29:35.119 all these ingenious proto pares of complex cryptography like public 574 00:29:35.200 --> 00:29:39.920 key systems and VPN tunnels, and managed constantly by dedicated systems. 575 00:29:40.000 --> 00:29:43.200 It's really a profound testament to decades of human ingenuity 576 00:29:43.200 --> 00:29:47.039 and collaboration, continually pushing the boundaries of what's possible with communication, 577 00:29:47.519 --> 00:29:49.680 maybe even eventually out into the cosmos.