Full Stack • Java • System Design • Cloud • AI Engineering

Layer 4 vs Layer 7 Load Balancing

Learn the differences between Layer 4 and Layer 7 Load Balancing from a System Design perspective. This guide explains how they work, routing mechanisms, OSI layers, SSL termination, health checks, traffic routing, real-world architectures, AWS ALB vs NLB, Kubernetes Ingress, and enterprise best practices.

Introduction

Imagine Amazon receives 5 million requests per minute.

These requests include:

  • Product Search
  • Login
  • Payments
  • Image Downloads
  • Order Tracking

A simple load balancer that distributes traffic equally may not be enough.

Some requests need to be routed based on:

  • URL Path
  • Host Name
  • HTTP Header
  • Cookie
  • API Version

Other applications only require routing based on:

  • TCP Port
  • IP Address

This is where Layer 4 and Layer 7 Load Balancers differ.

Understanding these differences is essential for every Solution Architect.

Learning Objectives

After completing this article, you will understand:

  • OSI Model Overview
  • What is Layer 4 Load Balancing?
  • What is Layer 7 Load Balancing?
  • Request Processing
  • Traffic Routing
  • SSL Termination
  • Health Checks
  • Path-Based Routing
  • Host-Based Routing
  • AWS ALB vs NLB
  • Kubernetes Ingress
  • Real-World Examples

OSI Model

flowchart TD

A[Layer 7 Application]

B[Layer 6 Presentation]

C[Layer 5 Session]

D[Layer 4 Transport]

E[Layer 3 Network]

F[Layer 2 Data Link]

G[Layer 1 Physical]

A --> B
B --> C
C --> D
D --> E
E --> F
F --> G

Layer 4 and Layer 7 Load Balancers operate at different levels of the OSI model.

Load Balancer Position

flowchart LR

A[Users]

B[DNS]

C[Load Balancer]

D[Spring Boot Cluster]

E[(Database)]

A --> B
B --> C
C --> D
D --> E

Layer 4 Load Balancer

Layer 4 works at the Transport Layer.

It makes routing decisions using:

  • Source IP
  • Destination IP
  • TCP Port
  • UDP Port

It does not inspect HTTP requests.

Layer 4 Architecture

flowchart LR

A[Client]

B[Layer 4 Load Balancer]

C[Spring Boot 1]

D[Spring Boot 2]

E[Spring Boot 3]

A --> B

B --> C
B --> D
B --> E

Layer 4 Routing Decision

Layer 4 looks only at:

Source IP

Destination IP

TCP Port

UDP Port

Example

Client

↓

TCP 443

↓

Server

No knowledge of:

  • URLs
  • Cookies
  • Headers
  • HTTP Methods

Layer 7 Load Balancer

Layer 7 operates at the Application Layer.

It understands HTTP and HTTPS.

It can inspect:

  • URL
  • HTTP Headers
  • Cookies
  • Query Parameters
  • Host Names
  • Request Methods

Layer 7 Architecture

flowchart TD
    USERS["Users"]
    ALB["Application Load Balancer"]

    CUSTOMER["Customers Service"]
    ORDERS["Orders Service"]
    PAYMENTS["Payments Service"]
    INVENTORY["Inventory Service"]

    USERS --> ALB

    ALB --> CUSTOMER
    ALB --> ORDERS
    ALB --> PAYMENTS
    ALB --> INVENTORY

Request Processing

Layer 4

Packet

↓

IP

↓

Port

↓

Server

Layer 7

HTTP Request

↓

URL

↓

Header

↓

Cookie

↓

Target Service

Banking Example

Customer calls

GET /accounts

Layer 7 routes request to

Account Service

Customer calls

POST /payments

Layer 7 routes request to

Payment Service

Path-Based Routing

flowchart TD
    ALB["Application Load Balancer"]

    USERS["Users API"]
    ORDERS["Orders API"]
    PAYMENTS["Payments API"]
    NOTIFY["Notifications API"]

    ALB --> USERS
    ALB --> ORDERS
    ALB --> PAYMENTS
    ALB --> NOTIFY

Example

/customers

↓

Customer Service

/orders

↓

Order Service

Host-Based Routing

flowchart TD

A[Application Load Balancer]

B[api.company.com]

C[admin.company.com]

D[shop.company.com]

A --> B
A --> C
A --> D

Example

admin.company.com

↓

Admin Service

Header-Based Routing

Layer 7 can inspect HTTP headers.

Example

X-Version: v2

Route to

API Version 2

Useful for:

  • API Versioning
  • A/B Testing
  • Canary Releases

Cookie-Based Routing

Premium User

↓

Premium Cluster

Regular User

↓

Standard Cluster

SSL Termination

One of the biggest advantages of Layer 7.

flowchart LR

A[Browser]

B[HTTPS]

C[ALB]

D[HTTP]

E[Spring Boot]

A --> B
B --> C
C --> D
D --> E

Benefits

  • Centralized certificate management
  • Reduced CPU usage
  • Easier maintenance

Health Checks

flowchart TD
    ALB["Application Load Balancer"]
    HC["Health Check"]
    APP1["Spring Boot Instance 1"]
    APP2["Spring Boot Instance 2"]

    ALB --> HC
    HC --> APP1
    HC --> APP2

Spring Boot

GET /actuator/health

Only healthy servers receive traffic.

Layer 4 vs Layer 7 Comparison

Feature Layer 4 Layer 7
OSI Layer Transport Application
Protocols TCP, UDP HTTP, HTTPS, gRPC
Routing IP & Port URL, Header, Cookie, Host
SSL Termination No Yes
Path Routing No Yes
Host Routing No Yes
Header Inspection No Yes
Performance Faster Slightly Slower
Intelligence Basic Advanced

AWS Load Balancers

Service Layer
Network Load Balancer (NLB) Layer 4
Application Load Balancer (ALB) Layer 7
Gateway Load Balancer Layer 3/4
Classic Load Balancer Legacy

AWS Architecture

flowchart TD

A[Users]

B[Route53]

C[CloudFront]

D[ALB]

E[Spring Boot]

F[(Amazon RDS)]

A --> B
B --> C
C --> D
D --> E
E --> F

Kubernetes Example

flowchart TD

A[Users]

B[Ingress Controller]

C[Pod 1]

D[Pod 2]

E[Pod 3]

A --> B

B --> C
B --> D
B --> E

Ingress Controllers such as NGINX Ingress act as Layer 7 Load Balancers.

Netflix Example

Netflix uses Layer 7 routing to:

  • Route API requests
  • Authenticate users
  • Perform Canary Releases
  • Route traffic by region

Amazon Example

Amazon routes requests differently.

/products

↓

Product Service

/orders

↓

Order Service

/payments

↓

Payment Service

Banking Example

flowchart TD

A[Mobile Banking]

B[ALB]

C[Account Service]

D[Payment Service]

E[Loan Service]

F[(Core Banking)]

A --> B

B --> C
B --> D
B --> E

C --> F
D --> F
E --> F

Performance

Layer 4

Advantages

  • Lower latency
  • Less CPU usage
  • High throughput

Layer 7

Advantages

  • Intelligent routing
  • Better security
  • SSL termination
  • API routing

Monitoring

Monitor

  • Active Connections
  • Backend Latency
  • Request Count
  • Healthy Targets
  • Unhealthy Targets
  • HTTP Status Codes
  • SSL Handshake Time
  • Target Response Time

Tools

  • CloudWatch
  • Datadog
  • Prometheus
  • Grafana

Common Mistakes

❌ Using Layer 4 when URL routing is required

❌ No health checks

❌ Terminating SSL on every application server

❌ Deploying a single Load Balancer

❌ Ignoring backend latency

❌ Sticky sessions for stateless services

Best Practices

  • Use Layer 7 for REST APIs and microservices.
  • Use Layer 4 for raw TCP/UDP applications.
  • Enable health checks.
  • Perform SSL termination at the Load Balancer.
  • Use path-based routing for microservices.
  • Deploy Load Balancers across multiple Availability Zones.
  • Monitor response times and unhealthy targets.
  • Combine Load Balancers with Auto Scaling Groups.

Common Interview Questions

What is a Layer 4 Load Balancer?

A Layer 4 Load Balancer routes traffic using transport-layer information such as IP addresses and TCP/UDP ports without inspecting application data.

What is a Layer 7 Load Balancer?

A Layer 7 Load Balancer understands HTTP/HTTPS traffic and can route requests based on URLs, hostnames, headers, cookies, and request methods.

When should you choose Layer 4?

Use Layer 4 for high-performance TCP or UDP workloads where application-level inspection is unnecessary, such as databases, messaging systems, or gaming servers.

When should you choose Layer 7?

Use Layer 7 for web applications, REST APIs, microservices, and applications requiring intelligent routing, SSL termination, or API-based traffic management.

What is the difference between AWS ALB and NLB?

AWS ALB AWS NLB
Layer 7 Layer 4
HTTP/HTTPS TCP/UDP
Path & Host Routing Port-Based Routing
SSL Termination Pass-through or TLS support
Microservices High-performance networking

Summary

Layer 4 and Layer 7 Load Balancers solve different problems.

Layer 4 provides fast, efficient transport-level routing, while Layer 7 offers intelligent application-aware routing with advanced capabilities such as path-based routing, host-based routing, SSL termination, and API traffic management.

In this article, we covered:

  • OSI Model
  • Layer 4 Load Balancing
  • Layer 7 Load Balancing
  • Traffic routing
  • Health checks
  • Path-based routing
  • Host-based routing
  • SSL termination
  • AWS ALB vs NLB
  • Kubernetes Ingress
  • Banking, Amazon, and Netflix examples
  • Best practices

For modern cloud-native applications and Spring Boot microservices, Layer 7 Load Balancers (such as AWS ALB or NGINX Ingress) are the preferred choice because they provide the flexibility, security, and routing intelligence required by today's distributed systems.

Loading likes...

Comments

Share a question, correction, or practical insight about this article.

Loading approved comments...