computer
networks.

OpeningWhat a network is.

A computer network is a set of machines that exchange messages by following a shared protocol. The internet is the network of networks: an interconnection of autonomously operated networks, glued together by a small set of universal protocols.

The remarkable thing about the internet is not that it works — local-area networks have worked since the 1970s — but that it works at planetary scale, across hundreds of thousands of independently operated networks, with no central authority deciding routing or operating policy. The protocols hold the system together; the rest is convention, contract, and goodwill.

This deck walks the layers — Ethernet at the bottom, IP and TCP in the middle, DNS and HTTP at the top — and the people who designed each of them.

Chapter ITwo reference models.

Two layered models compete for textbook space. The OSI seven-layer model (ISO, 1984) defined Physical, Data Link, Network, Transport, Session, Presentation, and Application layers. It was a planned architecture meant to organise a future telecommunications standard.

The TCP/IP four-layer model — Link, Internet, Transport, Application — is the descriptive model of the protocols that actually shipped. It collapses the OSI top three layers into a single Application layer.

OSI lost the standards war but won the vocabulary war: networking engineers still talk about "layer-7 problems" and "layer-2 switches."

Chapter IIARPANET.

On 29 October 1969 a graduate student at UCLA, Charley Kline, sent the first message on ARPANET — the letters "lo" before the receiving computer at SRI crashed. Two more letters and a reboot later, "login" was sent successfully. The network grew through the 1970s as the ARPA-funded research community connected its mainframes through dedicated 50-kilobit lines and IMPs (Interface Message Processors).

Leonard Kleinrock's queueing-theoretic work at MIT and UCLA in the early 1960s laid the theoretical groundwork. Paul Baran at RAND and Donald Davies at NPL independently invented packet switching — the idea that messages should be broken into small datagrams and routed independently, rather than carried over a circuit reserved end-to-end.

ARPANET was decommissioned in 1990. By then the internet — its successor, running on the TCP/IP protocols developed for it — was already vastly larger.

Chapter IIICerf and Kahn.

Vint Cerf and Bob Kahn are the fathers of the internet. Their 1974 paper A Protocol for Packet Network Intercommunication proposed the architecture that became TCP/IP: an internet-layer protocol (IP) carrying datagrams between heterogeneous networks, plus a transport-layer protocol (TCP) providing reliable, ordered streams atop the unreliable IP.

The original 1974 protocol was a single TCP. The decision to split it — to factor connectionless IP out of TCP — came in the late 1970s and is what made the internet flexible enough to carry voice, video, and applications nobody had thought of when it was designed.

The transition flag day was 1 January 1983: ARPANET cut over from NCP to TCP/IP overnight. Cerf and Kahn shared the 2004 Turing Award and the Presidential Medal of Freedom in 2005. Cerf later joined Google as Chief Internet Evangelist.

Chapter IVEthernet.

Robert Metcalfe, at Xerox PARC, sketched the original Ethernet on a memo dated 22 May 1973. The system used a shared coaxial cable, broadcast addressing, and CSMA/CD — Carrier Sense Multiple Access with Collision Detection: a station listens before transmitting, and if its signal collides with another, both back off for a random interval and retry.

The 1980 DIX standard (Digital, Intel, Xerox) and the IEEE 802.3 standard (1983) made Ethernet vendor-neutral and open. Ethernet beat Token Ring, its IBM-backed rival, by being simpler and cheaper. By 1995, Token Ring was effectively dead in new deployments.

The modern Ethernet runs on twisted-pair copper or fibre, at 1 Gbps, 10 Gbps, 100 Gbps, and now 400 Gbps. Switched Ethernet replaced shared-cable Ethernet in the 1990s, removing the collisions altogether. Wi-Fi (IEEE 802.11) is essentially Ethernet over radio, with collision avoidance instead of detection.

Chapter VThe Internet Protocol.

IP is connectionless and unreliable: it makes a best-effort attempt to deliver a datagram, with no guarantees about delivery, ordering, or duplication. Reliability, when needed, is the responsibility of higher layers.

IPv4 (RFC 791, 1981) uses 32-bit addresses — about 4.3 billion of them. The address space was effectively exhausted by 2011. Mitigations — NAT (Network Address Translation), CIDR (1993), and address-recycling — have kept IPv4 alive far longer than predicted.

IPv6 (RFC 8200, 2017; first deployed 1998) uses 128-bit addresses — 340 undecillion of them, more than enough to give every grain of sand on Earth its own subnet. Adoption has been slow but steady; by 2024, roughly 40% of Google's traffic was IPv6. Dual-stack deployment (IPv4 and IPv6 coexisting) is the practical norm.

Chapter VITCP.

TCP (RFC 793, 1981) provides a reliable, ordered byte stream over IP's unreliable datagrams. The mechanism: a three-way handshake to establish state, sequence numbers to detect loss and reordering, acknowledgements to confirm receipt, and a sliding window to control how much data is in flight.

Three milestones in TCP's evolution:

Slow start and congestion avoidance (Van Jacobson, 1988) saved the internet from congestion collapse. Senders increase their window exponentially when starting, then linearly until loss; on loss they cut back. Most modern TCP implementations are descended from this algorithm.

SACK — Selective Acknowledgement (1996) lets the receiver tell the sender exactly which segments are missing, rather than re-transmitting everything from the gap forward. BBR (Google, 2016) ditches loss-based congestion control entirely, modelling the path's bottleneck bandwidth and round-trip time directly. BBR is now widely deployed on YouTube and Google Cloud.

Chapter VIIUDP.

UDP — User Datagram Protocol (RFC 768, 1980) — is the opposite of TCP. No connection, no reliability, no ordering, no congestion control. The header is eight bytes: source port, destination port, length, checksum.

UDP is right when you don't need TCP's guarantees, and especially when you can't afford its latency. The classical use cases: DNS (you'd rather retry quickly than wait for a TCP connection), NTP (time synchronisation), DHCP (you don't have an IP address yet, so you can't open a TCP connection), video and audio streaming (a dropped packet is a dropped frame, not a stall), online games (yesterday's position is worse than no position).

UDP is also the foundation for higher-level protocols that build their own reliability: QUIC runs on UDP because TCP's mechanics couldn't be modified without breaking middleboxes. The shape of internet traffic has shifted toward UDP-based protocols since the mid-2010s.

Chapter VIIIBGP.

BGP — Border Gateway Protocol (RFC 4271; first version 1989, current version 4 from 1994) is the routing protocol of the internet between autonomous systems. Each AS — a network with a single administrative policy — speaks BGP to its neighbours, advertising the prefixes it can reach and propagating advertisements it has learned.

BGP is a path-vector protocol: routes carry the full sequence of ASes they have traversed, used both for loop avoidance and for policy. The protocol is famously trust-based: an AS that mis-advertises someone else's prefixes can hijack their traffic. The 2008 Pakistan Telecom incident took YouTube offline globally for two hours when a Pakistani ISP, attempting to block YouTube domestically, accidentally announced YouTube's prefix to the world.

Mitigations have been slow. RPKI — Resource Public Key Infrastructure — and BGPsec add cryptographic authentication; deployment crossed 50% of routes by 2024 but remains uneven. The internet's routing system is held together as much by reputation and operator vigilance as by protocol design.

Chapter IXDNS.

Before DNS, every machine on ARPANET fetched a single HOSTS.TXT file from SRI listing the names and addresses of the few hundred other machines on the network. The system did not scale.

Paul Mockapetris's 1983 RFCs 882 and 883 — refined as RFCs 1034 and 1035 in 1987 — defined the Domain Name System: a hierarchical, distributed, cached database mapping names to addresses (and to other resource records). The name space is rooted at "." with thirteen "root server" letter-named clusters; under it are top-level domains (.com, .org, country codes); under those, registered domains; and under those, subdomains an organisation manages itself.

DNS lookups are recursive and aggressively cached. A modern web page resolves dozens of names per second through the resolver-recursive-authoritative chain. DNSSEC adds cryptographic signatures; DNS-over-HTTPS (RFC 8484, 2018) and DNS-over-TLS encrypt the queries themselves, removing a long-standing surveillance and tampering vector.

Chapter XHTTP/0.9 to HTTP/1.1.

Tim Berners-Lee's 1991 HTTP/0.9 was a single command: GET /path, which returned the document and closed the connection. HTTP/1.0 (RFC 1945, 1996) added headers, status codes, and content types. HTTP/1.1 (RFC 2068, 1997; revised 2616 in 1999) added persistent connections, pipelining, virtual hosting, and chunked transfer encoding.

HTTP/1.1 was the workhorse for two decades. The major performance pain point was head-of-line blocking: a slow request blocks any request behind it on the same connection. Browsers worked around this by opening 6 connections per origin and aggressively sharding assets across hostnames.

By 2010 the workarounds were grotesque. Pages loaded hundreds of resources, each with a hand-tuned cache header and a hand-managed bundle. The community knew HTTP/1.1 was past its limits and that a successor was needed — but the successor, eventually, would have to come from outside the IETF process.

Chapter XIHTTP/2.

SPDY, a Google-internal protocol started in 2009, became the basis for HTTP/2 (RFC 7540, 2015). The big changes: binary framing (no more parsing ASCII headers), multiplexing (many requests interleaved on one TCP connection), server push (the server can send resources the client hasn't asked for yet), header compression (HPACK reduces header bloat).

HTTP/2 ended the per-origin connection-sharding tricks. Browsers retired the practice of spreading assets across img1.example.com, img2.example.com, etc. — the trick now hurt rather than helped, since multiplexing required one connection.

The TCP head-of-line problem, however, remained. A lost packet on the underlying TCP connection still stalls every multiplexed stream. Solving this required a transport-layer redesign — and that meant moving off TCP.

Chapter XIIQUIC and HTTP/3.

QUIC began at Google in 2012 as Jim Roskind's experiment in fixing TCP's deficiencies without waiting for TCP to be fixed. It runs on UDP, multiplexes multiple streams without head-of-line blocking, integrates encryption with the transport layer (so the handshake is encrypted from the first byte), and supports connection migration across IP addresses.

By 2017, Google was running QUIC on YouTube. The IETF began standardising it in 2016; the IETF version diverged from Google's and was finalised as RFC 9000 in May 2021. HTTP/3 (RFC 9114, 2022) is HTTP semantics over QUIC.

Adoption has been quick. By 2024, around 30% of all internet traffic by volume was QUIC. Cloudflare, Akamai, Fastly, and the major browsers all support it. The transport-layer ossification problem — the difficulty of changing TCP because middleboxes have hard-coded its behaviour — has been routed around by moving to a transport that lives above UDP.

Chapter XIIITLS.

SSL — Secure Sockets Layer was a Netscape invention (Phil Karlton, Tom Weinstein, others, 1994–96). The IETF took it over and renamed it TLS — Transport Layer Security. SSL 3.0 became TLS 1.0 (1999), then 1.1, 1.2, and finally TLS 1.3 (RFC 8446, 2018).

The TLS handshake establishes a shared secret over an authenticated channel, using public-key cryptography (RSA, then ECDHE) to bootstrap symmetric encryption (AES, ChaCha20). The server proves its identity with an X.509 certificate signed by a trusted certificate authority.

TLS 1.3 was the biggest cleanup in the protocol's history. It eliminated decades of accumulated cryptographic baggage (RC4, MD5, CBC-mode oracle attacks), reduced the handshake to one round-trip (down from two), and added 0-RTT resumption for repeat connections. Modern TLS is one of the few internet protocols that has gotten meaningfully simpler over time.

Chapter XIVLet's Encrypt.

Until 2015, TLS certificates cost money — typically $50–$200 per year — and required a manual process to obtain. Most websites accepted unencrypted HTTP because encrypting was a chore. Let's Encrypt — a non-profit certificate authority operated by ISRG, with founding sponsors including Mozilla, EFF, Cisco, and Akamai — launched in beta in late 2015, offering free, automated certificates via the ACME protocol (RFC 8555).

The effect was rapid. The fraction of web pages loaded over HTTPS in Firefox went from under 30% in 2014 to over 80% by 2019. By 2024, Let's Encrypt was issuing more than five million certificates per day — more than every other CA combined.

The lesson was simple. Take a friction-laden process, make it free and automatic, and the entire web reorganises around the new default. The default became "encrypted unless there's a reason not to be."

Chapter XVCDNs.

A content delivery network caches popular web content at edge sites close to users. The first major CDN was Akamai (founded 1998 by MIT graduate student Daniel Lewin and his advisor Tom Leighton). Akamai's insight was that bandwidth and latency to a website are dominated by distance from the user; caching at the edge puts the bytes geographically near where they are needed.

Akamai grew explosively after a brutal 1999 launch: its content servers carried the load that brought Apple's QuickTime stream of the Star Wars Episode I trailer through the day's traffic spike. Today's CDN landscape includes Cloudflare (founded 2009), Fastly (2011), AWS CloudFront, Akamai, and others, each operating tens of thousands of edge servers in hundreds of cities.

The CDN role has expanded steadily: from static-asset caching to WAF (web application firewall), DDoS mitigation, edge compute, image optimisation, and TLS termination. Most modern websites of any traffic volume sit behind a CDN; many would be unreachable for hours per year without one.

Chapter XVICloudflare and the edge.

Cloudflare — founded 2009 by Matthew Prince, Lee Holloway, and Michelle Zatlyn — built itself by offering DDoS protection and CDN services to small sites for free. By 2023, the company operated over 300 city-level points of presence and routed roughly 20% of all web traffic.

The platform has expanded along the stack. Workers (2017) lets developers run JavaScript and WebAssembly at every edge location. 1.1.1.1 (2018) is a public DNS resolver with privacy guarantees and low latency. R2 is S3-compatible object storage with no egress fees. Zero Trust, WARP, D1, Durable Objects — the menu has grown into a full edge platform.

The CDN has eaten a chunk of the cloud. Whether the trend continues, or hyperscalers (AWS, Azure, GCP) co-opt the edge model from above, is the open architectural question of the late 2020s.

Chapter XVIIWi-Fi.

IEEE 802.11 standardised wireless LAN in 1997, with several revisions: 802.11b (1999, 11 Mbps), 802.11g (2003, 54 Mbps), 802.11n (2009, 600 Mbps), 802.11ac (2014, multi-gigabit), 802.11ax (2019, also called Wi-Fi 6), and 802.11be (Wi-Fi 7, 2024).

The marketing rebrand to "Wi-Fi 6," "Wi-Fi 6E," and "Wi-Fi 7" finally gave consumers numbers they could understand instead of the cryptic letter codes. Wi-Fi 6 added OFDMA for efficient multi-station scheduling; Wi-Fi 6E added the 6 GHz band; Wi-Fi 7 added 320 MHz channels and multi-link operation.

The protocol is in its sixth decade and still adapting. The bottlenecks of the future are unlikely to be Wi-Fi — they will be the gateway link, the ISP, or the cellular fallback.

Chapter XVIIIMobile networks.

The cellular evolution: 1G analogue (1980s), 2G digital with GSM (1991), 3G packet-switched UMTS (2001), 4G LTE all-IP (2009), 5G NR (2019). Each generation roughly tenfolds the throughput and halves the latency of the previous one.

5G's headline numbers — gigabit-class downlink, 1 ms latency — apply mostly to the mmWave high-band spectrum, which has poor propagation and is mainly used for stadiums, airports, and dense urban hot spots. Most everyday 5G is mid-band (~3.5 GHz), which improves capacity but doesn't transform latency.

The architectural revolution under 5G is network slicing — virtualised network functions running on commodity hardware, with logically isolated slices for different use cases. The transition is from telco-as-hardware-vendor-monoculture to telco-as-cloud-service-operator. The pace, as ever in telecommunications, is glacial.

Chapter XIXSDN.

Software-Defined Networking separates the network's control plane (which decides where packets go) from its data plane (which actually forwards them). The control plane runs as software on commodity hardware, programming the data plane through a protocol like OpenFlow (2008, Stanford / Nick McKeown).

SDN promised to do for networking what virtualisation did for servers: replace expensive, vertically-integrated boxes with software running on commodity hardware. The promise was partly fulfilled in the data centre — Google's B4 inter-datacentre WAN (2013) was the most-cited early SDN success — but slower in carrier networks, which run on a long tail of legacy protocols.

The data-centre fabric of every hyperscaler today is some flavour of SDN: VXLAN-based overlays, BGP EVPN signalling, programmable switches running open-source NOSes (SONiC, FBOSS). The vertically integrated network vendor (Cisco, Juniper) has lost market share at the high end and held it in the enterprise mid-market.

Chapter XXEmail.

Ray Tomlinson sent the first networked email in 1971, between two PDP-10s on ARPANET, choosing the @ sign as the separator between user and host. SMTP — Simple Mail Transfer Protocol (RFC 821, 1982; revised 5321, 2008) is the protocol that has carried email between mail servers ever since.

The email ecosystem accumulates anti-abuse machinery in layers. SPF (sender-policy framework) lets a domain declare which servers may send mail on its behalf. DKIM (DomainKeys Identified Mail) cryptographically signs outgoing messages. DMARC tells receivers what to do when SPF and DKIM fail. BIMI attaches verified brand logos.

The unfortunate truth: spam, phishing, and impersonation remain endemic. The big providers (Gmail, Microsoft 365) have the operational scale to filter most of it; the long tail of self-hosted email servers struggles. Email is the longest-running, most resilient, and most despairingly insecure-by-default protocol still in heavy use.

Chapter XXIPeer-to-peer.

The internet's architecture is symmetric: any host can talk to any other. Napster (Shawn Fanning, 1999), Gnutella, FastTrack, and BitTorrent (Bram Cohen, 2001) realised that file distribution didn't need a central server — peers could share among themselves.

BitTorrent's design is a textbook in incentive engineering. A file is split into pieces; peers swap pieces with each other; tit-for-tat rewards peers who upload to you and punishes free-riders. The protocol is responsible for somewhere between 2% and 30% of total internet traffic at various points in its history.

The peer-to-peer wave subsided as streaming consolidated content distribution. But the techniques — distributed hash tables, gossip protocols, swarm-based replication — became infrastructure for IPFS, blockchain protocols, distributed databases, and content delivery within data centres. The architecture survived even as the original consumer use case faded.

Chapter XXIIVoIP and WebRTC.

Voice over IP began in the late 1990s with H.323 (ITU) and SIP — Session Initiation Protocol (RFC 3261, 2002). Skype (founded 2003 by Niklas Zennström and Janus Friis) brought peer-to-peer VoIP to consumers; Microsoft acquired it for $8.5 billion in 2011.

The browser-native real-time API is WebRTC, standardised at the W3C and IETF starting in 2011. WebRTC handles audio/video capture, codec negotiation, NAT traversal (via STUN and TURN servers), and encrypted peer-to-peer media transport — without plug-ins, without downloads, in any modern browser.

WebRTC is the substrate beneath Google Meet, Discord, Zoom (when used in browsers), Microsoft Teams, and a long tail of telehealth and customer-support applications. The pandemic of 2020 made it a strategic infrastructure overnight; it has remained one.

Chapter XXIIIIXPs and peering.

An internet exchange point is a physical facility — usually a few rooms in a colocation building — where networks plug into a shared switching fabric to exchange traffic directly. AMS-IX (Amsterdam, founded 1994) and DE-CIX (Frankfurt, 1995) are the largest in the world by traffic; LINX (London) and Equinix Ashburn are the largest in their regions.

Peering at an IXP is cheaper than buying transit from a tier-1 ISP. The economic logic — settlement-free peering, paid peering, transit, and the occasional depeering dispute — is the structural force that keeps the internet's traffic patterns evolving. CDN-to-eyeball-network peering, in particular, is what enables the modern streaming-video internet to exist.

The hierarchy of Tier 1 backbones (who don't pay anyone for transit) has gradually flattened as content networks (Google, Facebook/Meta, Microsoft, Cloudflare) and ISPs peer directly. Whether "Tier 1" still means anything in 2025 is contested.

Chapter XXIVAnycast.

Anycast is a routing technique: announce the same IP prefix from multiple locations, and let BGP send each user to whichever announcement is "closest" by routing metric. The user gets a single address; the address resolves to whichever server is best for them.

Anycast underpins the modern internet's resilience. The DNS root servers are anycast clusters — there are far more than 13 physical machines, but each of the 13 letter-named services answers from many locations worldwide. Cloudflare's 1.1.1.1, Google's 8.8.8.8, and Quad9's 9.9.9.9 are anycast. Most CDN edge networks use anycast for the initial connection.

The technique requires that the upper-layer protocol tolerate the connection landing on any of the announcing servers — TCP and TLS state must not assume server identity. UDP-based and stateless protocols are naturally anycast-friendly. The technique is one of the quiet structural enablers of the modern internet.

Chapter XXVContainer networking.

The container revolution (Docker 2013, Kubernetes 2014) drove a renaissance in networking software. A Kubernetes cluster has its own internal address plan, its own service-discovery layer, its own load balancing, its own east-west and north-south traffic patterns. The CNI — Container Network Interface — became a de-facto standard interface for plugging in network drivers.

Cilium (Isovalent, 2017) leverages eBPF — extended Berkeley Packet Filter — to implement Kubernetes networking in the Linux kernel without iptables, with policy enforcement, observability, and load balancing all in one stack. eBPF more generally is the most consequential thing to happen to Linux networking in two decades.

Service meshes (Istio, Linkerd, Cilium Service Mesh) add per-request authentication, traffic shaping, and observability between microservices. The mesh either uses sidecar proxies (Envoy) or kernel-level eBPF interception. The architectural debate is unresolved; both approaches are in production at scale.

Chapter XXVICensorship and resilience.

The internet was designed without authentication or origin verification. National-scale interference is now common: the Great Firewall of China, Iran's filtering, Russia's blocking of Twitter and Facebook after 2022, India's regional shutdowns. The mechanisms range from DNS hijacking to BGP rerouting to TLS-handshake fingerprinting and active probing.

Counter-techniques have evolved in lockstep. Encrypted SNI (renamed ECH — Encrypted Client Hello) hides the destination hostname from passive observers. Tor provides multi-hop onion routing with bridges to circumvent IP-based blocking. Pluggable transports (obfs4, meek, snowflake) disguise censored traffic as benign protocols.

The protocol-level cat-and-mouse game has accelerated. QUIC's encrypted transport metadata, ECH, DNS over HTTPS — each protocol-level privacy improvement is also a censorship-circumvention tool. The architectural commitments of the internet's designers — universal connectivity, end-to-end encryption — turned out to have political consequences nobody had fully anticipated.

Chapter XXVIIThe IETF.

The Internet Engineering Task Force develops the protocols by which the internet works. It is an open organisation: anyone can attend meetings, anyone can contribute. Its motto, attributed to Dave Clark in 1992: "We reject kings, presidents, and voting. We believe in rough consensus and running code."

The output is RFCs — Requests for Comments — published by the RFC Editor and numbered sequentially. RFC 1 was Steve Crocker's 1969 Host Software, written tentatively because Crocker wasn't sure he had authority to publish it. By 2024 the series had passed 9500.

The IETF's process is slow, consensus-oriented, and produces remarkable documents. RFC 791 (IP), RFC 793 (TCP), RFC 1034/1035 (DNS), RFC 2616 / 9110 (HTTP), RFC 8446 (TLS 1.3), RFC 9000 (QUIC) are the working internet's load-bearing texts. The community that produces them is, by any reasonable measure, one of the most consequential standards organisations in the history of technology.

Chapter XXVIIITwenty essentials.

• 1996Computer NetworksTanenbaum
• 2017Computer Networking: A Top-Down ApproachKurose & Ross
• 1994TCP/IP Illustrated, Vol. 1Stevens
• 1999UNIX Network Programming, Vol. 1Stevens
• 1998Routing in the InternetHuitema
• 2003The Innovator's Dilemma (Cisco/Juniper era)Christensen
• 1996Where Wizards Stay Up LateHafner & Lyon
• 2010The Internet GalaxyCastells
• 2012Tubes: A Journey to the Center of the InternetBlum
• 2002BGP4: Inter-Domain Routing in the InternetStewart
• 2018BGP in the Data CenterDutt
• 2007The Trustworthy InternetVarious
• 2003SSL and TLS EssentialsThomas
• 2014Bulletproof SSL and TLSRistić
• 2013High Performance Browser NetworkingGrigorik
• 2017HTTP/2 in ActionPollard
• 2020Learning eBPFRice
• 2018Designing Data-Intensive ApplicationsKleppmann
• 2021Computer Networking Problems and SolutionsWhite & Donohue
• 2024HTTP/3 Explained (online book)Stenberg

Chapter XXIXWatch & read.

↑ What is TCP/IP? — a clean introduction to the internet's transport stack

More on YouTube

Watch · What is BGP (Border Gateway Protocol)?
Watch · What is Cloudflare?

And read

Kurose and Ross's Top-Down Approach is the cleanest modern textbook. Stevens's TCP/IP Illustrated is the operator's bible, packet-by-packet. Hafner and Lyon's Where Wizards Stay Up Late tells the ARPANET story without mythologising it. For the modern web, Ilya Grigorik's High Performance Browser Networking (free online) is unbeatable.