Once DNS resolution gives us the IP address of www.google.com, what happens next?
You might assume that your request goes directly to a Google server that hosts Gmail or Search — but it doesn’t.
Instead, it hits a Google Front End (GFE) — a globally distributed smart layer that:
- Accepts incoming HTTP(S) requests
- Handles TLS handshakes
- Terminates SSL
- Enforces load balancing
- Redirects traffic to the most optimal backend
- Protects the system from attacks (e.g., DDoS)
Google's GFEs are the reason why users across any region — even on a slow network — get near-instant results.
What Exactly is a GFE?
Think of a GFE as the entry gate to Google’s entire infrastructure. It decides where your request should go, based on:
- Your location
- Current traffic load
- Application-level routing logic
- Backend health status
It is essentially a software load balancer distributed across hundreds of global locations.
Real-World Analogy: Airport Check-In Desk
Imagine arriving at a busy airport. Instead of going directly to the airplane, you first:
- Pass through check-in (GFE)
- Get verified (SSL termination)
- Receive a boarding pass with seat (load balancing info)
- Then you're routed to your gate (backend server)
This system ensures you don’t accidentally end up on the wrong flight (or an overloaded one).
Step-by-Step: What Happens When a Request Reaches GFE
1. DNS Resolves to a GFE IP
In the previous part, we saw that DNS resolution returns an IP of a GFE closest to the user (via Anycast). This is not the actual web server — it’s the front gate.
2. SSL Termination
- The GFE terminates the TLS/SSL connection.
- It uses SSL certificates hosted on Google’s edge nodes.
- This allows secure communication without overloading internal services.
Internally, after TLS is terminated, Google uses HTTP/2 or gRPC for fast, binary communication.
