DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
Load balancing is one of the most important functions of an application delivery controller (ADC), optimally distributing network traffic across servers to provide the best possible application performance and application availability. There are a few different ways this can be done; you’ll see references to layer 4 load balancing, layer 7 load balancing, and even L4 load balancing / L7 load balancing. What does this mean, and which of these is the most useful?
The difference between layer 4 load balancing and layer 7 load balancing is based on the various layers in the Open Systems Interconnection (OSI) Reference Model for networking. An Layer 4 load balancer works at the transport layer, using the TCP and UDP protocols to manage transaction traffic based on a simple load balancing algorithm and basic information such as server connections and response times. An Layer 7 load balancer works at the application layer—the highest layer in the OSI model—and makes its routing decisions based on more detailed information such as the characteristics of the HTTP/HTTPS header, message content, URL type, and cookie data. An L4-7 load balancer manages traffic based on a set of network services across ISO layers 4 through 7 that provide data storage, manipulation, and communication services.
To understand the value of each of these approaches, we’ll first look at the differences between them.
Layer 4 load balancing, operating at the transport level, manages traffic based on network information such as application ports and protocols without visibility into the actual content of messages. This is an effective approach for simple packet-level load balancing. The fact that messages are neither inspected nor decrypted allows them to be forwarded quickly, efficiently, and securely. On the other hand, because layer 4 load balancing is unable to make decisions based on content, it’s not possible to route traffic based on media type, localization rules, or other criteria beyond simple algorithms such as round-robin routing.
Layer 7 load balancing operates at the application level, using protocols such as HTTP and SMTP to make decisions based on the actual content of each message. Instead of merely forwarding traffic unread, a layer 7 load balancer terminates network traffic, performs decryption as needed, inspects messages, makes content-based routing decisions, initiates a new TCP connection to the appropriate upstream server, and writes the request to the server.
While the need for encryption incurs a performance penalty for layer 7 processing, this can be largely reduced through the use of SSL offload functionality. Enabling application-aware networking, layer 7 load balancing allows more intelligent load balancing decisions and content optimizations. By viewing or actively injecting cookies, the load balancer can identify unique client sessions to provide server persistence, or “sticky sessions,” sending all client requests to the same server for greater efficiency. Packet-level visibility allows content caching to be used, holding frequently accessed items in memory for easy retrieval. Importantly for modern organizations, layer 7 load balancing provides the intelligence to handle protocols that piggyback or multiplex requests onto a single connection to optimize traffic and reduce overhead.
A10 Thunder® Application Delivery Controller (ADC) provides advanced layer 4/Layer 7 load balancing to ensure high availability and business continuity for application services.
Learn More about Thunder ADC
Although layer 7 load balancers offer more extensive functionality and allow more intelligent routing decisions, there are appropriate use cases for each. Layer 7 offers essential visibility and application awareness to enable intelligent routing decisions, optimizations, and performance enhancement. For example, the language indicated in the browser header can be used to redirect visitors to the appropriate content version. To provide the best possible experience for any user, device, and location, while meeting the organization’s requirements for compliance, content localization, and efficiency, an ADC should offer load balancing capabilities across both layer 4 and layer 7 to meet various different application needs.
Take this brief multi-cloud application services assessment and receive a customized report.