← field notes

The Invisible Giants: How CDNs Secretly Run the Internet

one afternoon a single company has a bad day. somewhere in a control room, a routine change goes out to a network, the kind of change that ships hundreds of times a week and is never news. this time it is wrong in a small way, and the small way spreads.

within minutes, sites that have nothing to do with each other start showing the same error page. a bank login. a coffee shop’s order app. a government portal. a news homepage. none of them share an owner or a city, and yet they all break in the same second, because underneath all of them was the same invisible company. most people never learn its name. they assume the internet itself went down, because from where they sit, it did.

that company was almost certainly running a content delivery network. once you understand what one of those is, a lot of the modern web stops looking like a sprawling, independent place and starts looking like a handful of very large walls that everyone is quietly leaning on.

what is a cdn

when you type an address and a page appears, it feels like you reached across the world and touched a specific computer somewhere. that picture is decades out of date. for most of the popular web, you never get anywhere near the original machine that owns the site.

a content delivery network is a global mesh of servers whose job is to keep copies of websites close to the people who want them. those copies live on machines called edge servers, scattered across hundreds of cities and plugged directly into the local internet. when you request a page, you are quietly routed to the nearest edge server instead of the distant origin. if it already holds the file you asked for, it hands it straight back, and the original server, which might be on another continent, is never even bothered.

the trick works because most of what a website sends you does not change from one visitor to the next. the logo, the layout, the fonts, the background video, all identical. there is no reason to drag those files across the planet for every person who shows up. you stage them once, close to where the people are, and serve them from there.

why distance is the enemy

the reason this matters is simple physics. data moves fast, but not instantly, and every thousand miles adds delay. a request that has to cross an ocean and come back can feel sluggish no matter how powerful the machine on the far end is.

caching a copy nearby collapses that distance. caching just means keeping a ready made copy of something so you do not have to fetch it from scratch every time. the first person in a city to ask for a page triggers the edge server to pull a fresh copy from the origin, and everyone after them gets that stored copy at local speed. one trip to the far away machine ends up serving thousands of nearby visitors.

the network also keeps those copies honest. every cached file carries quiet rules about how long it can be trusted before the edge checks back with the origin. when a site updates its homepage, the stale version expires and a fresh copy slides in behind it, usually without you ever noticing the swap.

absorbing spikes and standing in front of attacks

speed is only half of the story. the other half is surviving sudden surges of traffic. a product launch, a breaking news story, a viral video, any of these can send more visitors in a minute than a site normally sees in a month. a single origin server would simply fall over. spread across thousands of edge servers, the same flood becomes survivable, because each node handles its own slice of the crowd while the origin barely notices the storm out at the edges.

the same shape that absorbs a traffic spike also absorbs an attack. when someone tries to knock a site offline by drowning it in junk requests, that flood hits the content delivery network first, not the real server behind it. with capacity in hundreds of locations, the network soaks up an enormous amount of hostile traffic and filters out the obvious garbage before it reaches the origin. the site behind the wall stays standing, often without its owner ever seeing the wave that broke against it.

there is a clever piece underneath all of this. when your device looks up a site’s address, the answer it gets back is not fixed. it depends on where you are. a viewer in tokyo and a viewer in london request the exact same site and get two completely different servers, each one close to them. if a city’s servers are overloaded or down, traffic is quietly nudged to the next best place. you think you reached the site. really, the site reached out and met you halfway.

the handful that run it

here is where it gets strange. building this kind of global network is brutally expensive and brutally hard. you need real estate in hundreds of cities, deals with local networks, and a staff that can run all of it around the clock. so almost nobody does it themselves.

instead, a huge share of the entire web rents space behind the same small group of providers. a few names you might recognize, like cloudflare, akamai, fastly, and the big cloud arms of amazon and google, sit in front of a staggering portion of all the websites you use. for a site owner the appeal is obvious. you flip a switch, point your domain at one of these networks, and overnight your little server inherits a global footprint it could never have built alone, for a fraction of the cost of doing it yourself.

the result is millions of those sensible individual choices stacking up into something nobody planned. millions of independent sites, run by people who have never met, all funnel their traffic through the same few companies. those companies are not on the front of the page. you would never know they were there, and yet it is one of the largest concentrations of power on the internet.

when one of them stumbles

this is why a single bad afternoon can feel like the whole internet breaking. if one of these providers pushes a broken change or has a serious outage, every site sitting behind it goes dark at the same moment. to a normal person it looks like chaos with no explanation. the bank, the airline, the smart doorbell, the food order, all stuttering in unison. the common thread is invisible from the outside, because the company they all share was never something the public was meant to notice.

none of this means these companies are careless. running infrastructure at this scale is genuinely hard, and the people doing it are very good at it. the issue is structural, not personal. when so much of the web depends on the same few walls, those walls become single points of failure for things that were never supposed to be connected. a mistake that would once have taken down one website can now ripple across a meaningful slice of the internet in seconds.

inside the encrypted path

there is a deeper part of this that most people never think about. to do its job, a content delivery network has to actually handle your traffic, not pass it along blind. and most of that traffic is encrypted.

so to serve and protect a site, the provider usually sits inside the encrypted connection itself. the lock icon in your browser often represents a secure link to the edge server, not all the way to the origin. the network unlocks the request, does its work, and secures it again on the way to the real server behind it. this is not a flaw or a backdoor. you cannot filter an attack you cannot read, and you cannot cache a page you cannot open. the provider has to be inside the conversation, which means the encryption protects you from everyone except the company in the middle.

sitting in that spot is enormously useful and quietly powerful. to filter attacks and cache the right things, the provider can see a great deal about the traffic flowing through it. which sites are busy, where the visitors are coming from, what is being requested, and how it all behaves. for these companies this is simply the cost of doing the work, not spying. but it is worth understanding plainly. a small number of firms occupy a privileged seat inside a huge fraction of the world’s web traffic, in a position to observe patterns almost nobody else can.

the giants holding it up

when you load a site, you are extending a quiet kind of trust to a company you did not choose and probably cannot name. the site’s owner picked them, and you inherit that decision every time you visit. that is not inherently sinister. it is just the shape of the modern web, and it is a long way from the picture most people carry in their heads, where they imagine a direct line between their device and the site they wanted.

so the strange truth is this. a few companies most people have never heard of are quietly holding a large part of the internet upright. they make it fast, they keep it standing under attack, and they sit inside the encrypted path of a remarkable share of all the traffic that flows. they are invisible by design, named on no page you visit, and yet the modern web would buckle without them. the next time half the internet seems to break at once, it is usually not the internet at all. it is one of these giants, having a bad afternoon, in front of more of the world than anyone realized.

The Hidden Internet takes apart the systems that quietly run the modern web, explained from the inside. No products, just the machinery. Subscribe on YouTube.

watch
The Hidden Internet on YouTube

Every field note starts as a short documentary. Watch the systems in this piece explained on screen.

subscribe →
read on
More field notes

The rest of the series on how the modern internet detects, tracks, and sorts the traffic that reaches it.

browse the archive →