# How a Courier Knows Where to Run If you're new, the story so far — in [What a Switch Actually Does](../networking-journey-portainer-and-switches/) I admitted I'd been faking my way through networking and finally understood what's happening inside one virtual conference room. In [The Art of Buying a Toaster](../networking-journey-buying-a-toaster/) I traced a full web request from a man clicking Buy on his couch to a small database far away and back. This post is about something I cheated on in post 2. ## The Cheat In the toaster story I said _"the Sea of Couriers"_ and waved my hand. > _A vast, restless relay of runners between Jack's home and the shop. Each one knows only the next runner on the route._ I made it sound poetic and you let me and we moved on. The story had momentum and a cat in it. But after I finished writing that post, that one line started bothering me. _Each one knows only the next runner._ Wait — _how_, exactly? If you were the very first courier — standing on Jack's doorstep when Browser-Bot pushed the satchel into your hand — how would you know which way to run? The address on the satchel said `93.184.216.34`. You have never been to `93.184.216.34`. You don't have a map of the world in your pocket. You have two feet. So which direction? I had assumed, for years, that somewhere in the middle of the internet there was a clever piece of infrastructure that _did_ know. The map lived at the top. The little couriers asked the big infrastructure where to go. I never poked at that assumption because nothing in my work had ever forced me to. When I finally poked, the answer was so much weirder, simpler, and more humbling than I had braced for that I'm going to spend the whole post on it. ## A Train Station in Tokyo The cleanest version of the answer I can give isn't technical. It's about something every traveller has done. You're standing in a train station in Tokyo. You speak no Japanese. You have a paper map. You point at it and ask the nearest stranger — fumbled syllables, hopeful expression — _"Eiffel Tower? Paris? France?"_ The stranger looks at the map. Then at you. Then bursts out laughing, because of course she has no idea how to get from Tokyo to the Eiffel Tower. She _lives_ here. But she's kind and doesn't want you to feel stupid, so she points at a sign and says, in slow careful Japanese you mostly parse: _"Information desk. Third floor. They will help."_ You climb three flights of stairs. The man at the information desk doesn't know how to get to the Eiffel Tower either. He has a binder. He flips it open, runs his finger down a column, looks up at you, and says: _"For international travel — Narita Airport. Take the JR Narita Express, platform 4. Sixty minutes."_ You take the train. At Narita, an Air France agent checks her terminal, smiles, hands you a boarding pass: _"You want Paris–Charles-de-Gaulle. Flight 275, departs 21:35, gate 47."_ At Charles-de-Gaulle, a taxi driver outside the terminal nods when you say _"Tour Eiffel,"_ and just drives. He's done this drive ten thousand times. When the taxi pulls up in front of the tower, you step out, tilt your head back, and there it is. Now ask yourself this. At any point along that journey, did _anyone_ know the way from the Tokyo train station to the Eiffel Tower? No. Not the kind stranger. Not the information desk. Not even the airline agent. Each of them knew _one hop closer_ than you did. Each of them delegated upward to someone with a slightly bigger frame of reference. The route from you to the tower _existed_ — but no single mind ever held it. The route was distributed across the five strangers you spoke to, none of whom were in charge. This is, without changing a single load-bearing element, _exactly_ how the internet routes a packet from your doorstep to a server you've never heard of. ## Your Home Router Is the Kind Stranger The first courier on Jack's doorstep — the one I waved at — is your home router. The little plastic box that's been quietly serving your family's WiFi for the last four years. Your home router knows two things. Two. That's it. 1. **Every device on your home network.** Your laptop, your phone, your smart fridge, your printer — anything plugged in or connected to the WiFi. If a parcel is addressed to one of those, the home router walks it there directly. 2. **One phone number.** Its supervisor's. For every parcel _not_ addressed to your home, it does exactly one thing: forwards the parcel up to the supervisor and washes its hands. Whatever that parcel is, wherever it's going — it's no longer the home router's problem. That second rule has a formal name. It's called the **default route**, sometimes called, with mild gallows humour, the **gateway of last resort**. When I first heard those words I assumed they referred to some exotic configuration for niche cases. They don't. The default route is the entire personality of your home router. You can check this for yourself. If you SSH into your router (or peek at most home routers' admin pages) and ask what its routing table looks like, you will see approximately three lines of text. Two of them you can ignore. The third is the default route. _That is your home router._ That is what the box streaming your Netflix actually _does_. I cannot overstate how much this shrank the internet in my head when I first understood it. I had been picturing a clever piece of infrastructure. I was picturing the kind stranger in Tokyo. ## The Supervisor Is Also Mostly Ignorant The supervisor — your ISP's edge router — is a slight upgrade. It has a real, if modest, map. The map covers _its territory_: the few thousand local addresses it serves, plus a handful of direct lines to other networks it's cut deals with. (Big content networks like Netflix and Cloudflare have direct peering arrangements with major ISPs, which is why Netflix loads so fast — your ISP's map has a special shortcut that says _"for Netflix, take this side door."_) If the address is on the map, the supervisor dispatches it. If it's not, the supervisor does what the home router did. Forwards it up to _her_ supervisor. Same pattern. Slightly bigger map. Same single fallback. This pattern repeats. Every level has a slightly more elaborate map. Every level has the same fallback. The whole hierarchy is held together by one tiny humble rule, repeated everywhere: _I'll handle my own area and pass the rest up_. And here is the part that, when it hit me, I had to stand up and walk around the apartment for a minute. The exact same trick is running _inside_ your laptop. Inside Frieda's container, from post 2 — the little frontend in apartment 10 — her tiny routing table looks like this: ``` 10.88.0.0/16 dev eth0 # the corridor — local default via 10.88.0.1 # else → Mama Kernel ``` That's it. Two lines. Same shape as the home router. Same shape as the ISP's edge. One local rule, one default route. Frieda is doing — at the scale of one container — _exactly_ what your home router does at the scale of your house, and what your ISP does at the scale of a neighbourhood. The internet isn't running on different mechanisms at different scales. It's running on _the same tiny mechanism, recursively_, like a tree where every leaf has the same DNA as every branch. The home router is not a smaller version of a Big Important Internet Thing. The home router and the Big Important Internet Thing are _the same shape_. ## Where the Buck Has to Stop But you can't have a tree where everyone delegates upward without someone, somewhere, at the very top, who does _not_ delegate. There is no one above the top. That top layer exists. It's called the **default-free zone** — the **DFZ**. Backbone routers run by Tier-1 carriers and at the world's internet exchange points. Their job is to know enough that they never have to say _"I don't know, ask above me."_ Because there is no above. I had imagined, when I first heard "Tier-1 carriers" and "default-free zone," some kind of throne room. A great central server humming gently in a vault, holding _the map_. The official map. The one everyone else was downloading copies of. There is no throne room. There is no central map. What there is, instead, is a particular kind of conversation that happens, continuously, between every pair of neighbouring backbone networks. ## The Conversation The conversation goes like this. Picture two operators, each sitting at her own desk. Both work for backbone networks — different companies, different countries, doesn't matter. Each has a notebook open in front of her. The first operator reads from her notebook: _"From my side, I can reach the address range `8.8.8.0/24` — those are Google's servers. And `1.1.1.0/24` — that's Cloudflare. And these other three thousand ranges. Here's the full list."_ The second operator writes everything down. Then she reads from _her_ notebook: _"Got it. From my side: I can reach `93.184.216.0/24` — those are some big websites. And these other two thousand ranges. Here's mine."_ They both close their notebooks. They thank each other politely. They walk back to their own offices and update their own networks with what they learned. That's the conversation. That is _all the conversation is_. They don't consult a master. They don't agree to anything except _what each of them claims to be able to reach_, and they take each other's word for it. Then their other peers come asking the same question, and each operator passes along everything she just learned, plus the note _"I heard this from her, by the way."_ This conversation, repeated across every backbone operator on Earth, builds a kind of distributed encyclopedia of how to reach every address range on the internet. The encyclopedia doesn't live in any one place. Each operator has her own copy, slightly different from her neighbour's, but mostly in agreement. The protocol that runs this conversation is called **BGP** — the **Border Gateway Protocol**. The technical name for "a backbone operator" is an **Autonomous System**, abbreviated **AS**. Each AS has a number. Google is 15169. Cloudflare is 13335. Your ISP almost certainly has one. There are about 75,000 of them. When I first learned that BGP — the thing holding the internet together — is _structured gossip_, I had a small moment of disbelief. _That's it? That's what's underneath?_ Yes. That's it. The most important protocol on the internet is two strangers comparing notebooks, repeated everywhere. ## What "Distributed" Actually Means I want to underline something here because I had this part wrong for a long time. I had carried, vaguely, the idea that there were _two kinds of internet things_. The cute distributed-feeling things — peer-to-peer file sharing, blockchain, the cottage projects I'd read about — ran on gossip. The serious, centralised, load-bearing things — the internet itself, the Tier-1s, the infrastructure my company depended on — ran on databases. I imagined a difference of seriousness. Gossip for the toys, real systems for the load-bearing stuff. The internet runs on gossip. The serious thing _is_ the cute thing. There is no master copy of the routing table. There is no central authority you can call to ask _"what is the canonical path to 8.8.8.8?"_ The path is whatever the gossip currently says it is. If the gossip is briefly wrong — if some operator misspeaks, or her notebook gets garbled — the internet briefly routes wrong, and then the gossip corrects itself, and the world keeps turning. The Tier-1 operators are big. They are economically powerful. They are not, however, _in charge_ of routing. They are participants. If one of them disappeared overnight, the others would re-sync their notebooks from the remaining peers and traffic would re-route. It has happened. It will happen again. The internet was not designed to require any of its participants in particular. There _is_ one place where centralisation does live, and I should be honest about it: **address allocation**. Who is allowed to _claim_ the range `8.8.8.0/24` in her notebook is not gossip-determined. There's a real tree of authorities for that — at the top, an organisation called IANA. IANA hands huge chunks of address space to five regional registries (ARIN for North America, RIPE for Europe, APNIC for Asia, and so on). The regional registries hand smaller chunks to ISPs. The ISPs hand smaller chunks to companies. That part is a tree, complete with paperwork. But _allocation_ and _routing_ are different problems. Allocation is _"who's allowed to say they own this range?"_ Routing is _"how do I actually get there?"_ The first is centrally administered. The second is gossiped between equals. They sit on top of each other in a way I had collapsed in my head for years. ## A Quiet Algorithmic Surprise There's one more thing I want to mention, because it surprised me. I had a half-memory from undergrad of a clever pathfinding algorithm — something with a heuristic, A\*-style. I was sure routing used something like it. The internet is, after all, the world's largest graph. Surely some elegant shortest-path algorithm is running somewhere? There is — but only _inside_ a single AS. Not between them. Inside a single autonomous system — say, all the routers within Google's network — every router runs **Dijkstra's algorithm** over a freshly-flooded map of the local topology. A\* is the heuristic-enhanced version of Dijkstra you might be remembering; same family. Inside an AS, you really do find the shortest path. The protocol family that does this is called **OSPF** (or its cousin **IS-IS**), and right now, on tens of thousands of routers around the world, Dijkstra is running. The exact clean graph-search you imagined. Between ASes, though — between Google's network and Cloudflare's — there is _no_ shortest-path calculation. BGP doesn't compute distance. BGP picks paths by **business policy**. Each operator's notebook is annotated with her bosses' preferences: _"prefer routes through our cheap peer over our expensive transit provider."_ Those preferences dominate path selection. This means the route a packet actually takes between two points on the internet is _not_ necessarily the geographically shortest one. It's the cheapest-and-contractually-permitted one. A packet from Spain to Brazil might legitimately go through London because the Spanish operator has a sweetheart deal with a British peer and a punishing one with a French peer. The map of the internet is, in this sense, a financial document as much as it is a topological one. I found this deeply uncomfortable when I realised it. I had imagined the internet as a pure physical structure — bones and veins. The actual structure is bones plus contracts. It is a network of physical wires held in place at the joints by negotiation. Not necessarily worse, but aesthetically different from what I'd been using. ## The Aha Here is what I now think the picture is. ![How a packet finds its way across the internet: each home router knows only its local devices and a default route up to its ISP; each ISP edge has a slightly larger local map and the same default fallback; at the top, Tier-1 backbones in the default-free zone gossip reachability to each other via BGP. Inside any single AS, Dijkstra (OSPF/IS-IS) computes true shortest paths; between ASes, BGP picks paths by business policy. The full route from any source to any destination is never held by one node — it emerges from every node along the way being honest about the limits of what it knows.](how_a_packet_find_its_way_across_the_internet.png) The internet works because nobody tries to know the whole map. Every node — from the cheapest home router to the largest Tier-1 — plays the same little game: _I know my immediate neighbours, and I delegate the rest_. The whole vast distributed system is built out of one humble move, repeated billions of times, with structured gossip at the top to keep everyone in rough agreement. The internet is not a cathedral with a divine architect. The internet is a forest of strangers asking each other for directions, and somehow it _works_. What I find quietly beautiful about this is that the design choice — _delegate, don't accumulate_ — was not chosen because it was elegant. It was chosen because the alternative was unbuildable. There was no way to make any single brain big enough to hold the whole map and keep it current as the world changed. So the engineers built no brain at all. They built only the protocol for two strangers to compare notebooks and trust each other's word. The next time you open a browser tab — your couch, your half-finished coffee, a casual click — there's a fact you can hold onto. Somewhere in the middle of that request, a row of strangers each admitted they didn't know where it was going and passed it to a neighbour. Then that neighbour did the same. Then another. The packet found its way home not because anyone _planned_ the route, but because every node along the way was honest about the limits of what it knew. I had spent years quietly assuming the internet was a triumph of centralised intelligence. It's the opposite. It's a triumph of cooperative ignorance. That is what your internet bill pays for. ## What I Still Don't Understand Two things, both unsettling. First — what happens when one of the operators _lies_? What if an AS announces, by accident or on purpose, _"hi, I can reach all of Google's address ranges,"_ and the neighbours believe her, and the lie propagates outward? I have a dim memory of this happening to YouTube once. Something about Pakistan, an entire afternoon, a country accidentally swallowing a popular website's traffic. I think I have the pieces now to actually understand how that worked. And, more uncomfortably, _why_ it's hard to prevent without giving up the gossip-based design that makes the rest of the system work. Second — I keep promising namespaces. Frieda still has an apartment that I have not, technically, explained how _exists_. One kernel. Multiple parallel networks. Each container with its own private `127.0.0.1` that doesn't trample anyone else's. I waved at this in post 1 and again in post 2. I am, frankly, embarrassed about it. I'll get there. One of these is the next post. I'm not going to decide which until I sit down to write it. See you then. --- _(Written by Human, improved using AI where applicable.)_