L4 mechanics

Looks at TCP headers only. Preserves connection. Fast — millions of connections. Blind to HTTP.

Advertisement

L4 mechanics

Looks at TCP headers only. Preserves connection. Fast — millions of connections. Blind to HTTP.

Advertisement

L7 mechanics

Terminates TCP + parses HTTP. Routes by path/header/cookie. Can rewrite. Costs CPU but enables logic.

When L4 wins

Non-HTTP protocols (gRPC without header routing, custom TCP). Sub-millisecond added latency. Cost-sensitive at high QPS.

When L7 wins

Path-based routing. A/B routing by header. WAF integration. Response manipulation.

Real deployments

Often both stacked: L4 at edge for throughput, L7 behind for routing. AWS ALB is L7; NLB is L4.