Your browser doesn't know what example.com is. It needs an IP address like 93.184.216.34.

DNS (Domain Name System) is the internet's phone book. It translates human-readable domains into IP addresses through a chain of lookups.

The resolution chain:

1. Browser cache - checked first, fastest
2. OS cache - system-level DNS cache
3. Router cache - your local network
4. ISP's recursive resolver - does the heavy lifting
5. Root → TLD → Authoritative - the full chain when nothing is cached

The authoritative nameserver returns a DNS record. Key types:

Every record has a TTL (Time To Live), which tells resolvers how long to cache the answer. A TTL of 300 means “cache this for 5 minutes.”

This is why DNS changes “take time to propagate” - it's really just caches expiring worldwide.

Now that the browser has an IP address, it needs to establish a reliable connection using the TCP three-way handshake.

Three packets bounce between client and server before any data is sent:

This adds one round-trip (~20-50ms) before any HTTP data flows. For HTTPS, a TLS handshake follows to negotiate encryption keys, adding another 1-2 round trips.

This is why Connection: keep-alive exists - reusing TCP connections avoids repeating this overhead.

With the TCP connection established, the request hits a CDN (Content Delivery Network), a globally distributed network of servers that cache content close to users.

The problem it solves: Your server is in Virginia. A user in Tokyo is 11,000 km away. Even at the speed of light in fiber (~200,000 km/s), physics adds ~70ms per round trip.

CDNs also provide DDoS protection, SSL termination, edge compute, and WAF capabilities - all before traffic ever reaches your origin.

Not every app uses a CDN. Server-side rendered apps (Next.js SSR, Rails), services running in Kubernetes pods, or internal tools may skip this layer entirely. In those cases, the request goes straight from the browser to your origin or load balancer.

For API requests that aren't served from cache, traffic reaches the API Gateway, the front door to your backend services.

Before your application code runs, the gateway handles:

• →Authentication - validate JWTs, API keys, OAuth tokens
• →Rate limiting - 100 req/min per API key
• →Routing - direct to the correct service based on path
• →Transformation - reshape requests/responses

This keeps cross-cutting concerns out of your business logic.

The request is now authenticated and routed. The Load Balancer distributes it across healthy application servers.

The selected server processes your HTTP request - runs the application logic, queries the database, and builds a response. This is usually the only latency most engineers think about and control!

The server sends an HTTP response back through the same chain: origin → load balancer → gateway → CDN edge → browser.

Along the way, the CDN may cache the response for future requests with proper Cache-Control headers.

After the data transfer is complete, the TCP connection is closed with a four-way handshake:

In practice, modern HTTP uses persistent connections - the TCP connection stays open for multiple requests. HTTP/2 goes further with multiplexing, where many requests share a single connection simultaneously.

All of this - DNS, TCP, TLS, CDN, gateway, LB, processing, and response - happens in roughly 100-300ms. Understanding each layer tells you where to optimize, where to cache, and where things break.