NetworkL4 LB route dựa trên IP/port (nhanh hơn, protocol-agnostic); L7 LB đọc HTTP content để route thông minh hơn (URL path, headers, cookies) nhưng cần terminate connection.
L4 Load Balancer (Transport layer): hoạt động ở tầng TCP/UDP — không đọc HTTP content, chỉ route dựa trên IP + port. Forward packets trực tiếp (NAT hoặc Direct Server Return). Nhanh hơn (< 1ms), throughput cao hơn, xử lý bất kỳ TCP/UDP protocol. Không thể routing dựa trên URL path, host header, hay cookies. Ví dụ: AWS NLB, HAProxy TCP mode.
L7 Load Balancer (Application layer): terminate connection, đọc HTTP headers/body, routing based on URL path (/api → service A, /static → CDN), Host header (virtual hosting), cookie (sticky sessions), content-type. SSL termination. Có thể modify request/response. Chậm hơn L4 một chút nhưng cực kỳ linh hoạt. Ví dụ: AWS ALB, Nginx, HAProxy HTTP mode.
Khi dùng L4: non-HTTP protocol (database TCP, MQTT, custom binary protocol), cần max throughput/performance, stateful connections như WebSocket dài hạn.
Khi dùng L7: HTTP/HTTPS routing, microservices với nhiều service trên cùng port, cần WAF/rate limiting/auth tại LB layer.
L4 LB routes based on IP/port (faster, protocol-agnostic); L7 LB reads HTTP content for smarter routing (URL path, headers, cookies) but needs to terminate the connection.
L4 Load Balancer (Transport layer): operates at the TCP/UDP layer — does not read HTTP content, routes only based on IP + port. Forwards packets directly (via NAT or Direct Server Return). Faster (< 1ms overhead), higher throughput, works with any TCP/UDP protocol. Cannot route based on URL path, Host header, or cookies. Examples: AWS NLB, HAProxy in TCP mode.
L7 Load Balancer (Application layer): terminates the connection, reads HTTP headers/body, and routes based on URL path (/api → service A, /static → CDN), Host header (virtual hosting), cookies (sticky sessions), or content-type. Handles SSL termination and can modify requests/responses. Slightly slower than L4 but extremely flexible. Examples: AWS ALB, Nginx, HAProxy in HTTP mode.
Use L4 when: dealing with non-HTTP protocols (database TCP, MQTT, custom binary), maximum throughput/performance is required, or for long-lived stateful connections like WebSockets.
Use L7 when: HTTP/HTTPS routing is needed, running microservices sharing the same port, or when WAF/rate limiting/auth is required at the load balancer layer.