Cloudmedium

L4 vs L7 load balancer — what’s the difference?

Answer

L4 works on transport (TCP/UDP) and routes connections without understanding HTTP. L7 understands application protocols (HTTP) so it can route by path/headers, do TLS termination, and apply more advanced rules.

Advanced answer

Deep dive

The difference is what the load balancer understands.

L4 (transport)

Routes based on IP/port and TCP/UDP connection info.
Doesn’t inspect HTTP paths/headers.
Often lower overhead and works for non-HTTP protocols.

L7 (application)

Understands HTTP/HTTPS (and often gRPC/WebSockets).
Can do host/path/header-based routing, TLS termination, redirects, and WAF-like rules.
Enables features like rate limiting and advanced health checks (depending on the product).

Practical guidance

Use L7 for most web apps (routing, TLS termination, HTTP features).
Use L4 for raw TCP/UDP services or when you want minimal overhead.

Common pitfalls

Terminating TLS in the wrong place (visibility vs end-to-end encryption).
Not preserving client IP (use `X-Forwarded-For`/proxy protocol when needed).
Assuming every L7 supports every protocol feature (verify WebSocket/gRPC support).

L4 vs L7 load balancer — what’s the difference?

Answer

Advanced answer

Deep dive

L4 (transport)

L7 (application)

Practical guidance

Common pitfalls

Related questions

L4 vs L7 load balancer — what’s the difference?

Answer

Advanced answer

Deep dive

L4 (transport)

L7 (application)

Practical guidance

Common pitfalls

Related questions