Networking - Versus

Last Updated: 2023-09-02

L4 vs L7 Load Balancer

TL;DR: L4 for TCP/UDP/IP traffic, at the connection level; L7 for HTTP/HTTPS traffic, at the request level, keep the connections open and balance requests across the connections.

L4 Load Balancer ("Network Load Balancers"):

  • a combination of L3 and L4 (L3/L4 Load balancers).
  • calculating the best server based on fewest connections and fastest server response times.
  • The source and destination IP of each packet is changed by the load balancer using NAT (Network address translation). When a response is received from the server, the same translation is performed again at the load balancer.
  • L4 load balancers are unaware of the data: we cannot make any decisions based on data in our request. The only thing we have is IPs (source and destination) and ports.
  • Disadvantages
    • No smart load balancing.
    • Doesn’t work with streaming/keep-alive connections.
    • No TLS termination.

L7 Load Balancer (Application Load Balancers):

  • actually layer 5,6,7
  • bases its routing decisions on various characteristics of the HTTP/HTTPS header, the content of the message, the URL type, and information in cookies.
  • When a client makes a request, it creates a TCP connection with the load balancer. The Load Balancer then creates a new TCP connection with one of the upstream servers. Thus, there are 2 TCP connections as compared to 1 in a TCP/UDP passthrough L4 Load balancer.
  • Since we are at layer7, we are aware of the data in our request. This allows us to perform a variety of operations like
    • Authentication — 401 if some header is not present
    • Smart Routing — Route /payments call to a particular upstream
    • TLS termination
    • woks with multiplexed/keep-alive protocols
  • L7 load balancer creates a TCP connection with every upstream for a single client connection rather than choosing a single upstream.
  • run and scale your services behind a single IP address. (HTTP or HTTPS)

Proxy Load Balancer vs Passthrough Load Balancer

Layer 4 load balancers can handle TCP, UDP, or other IP protocol traffic. There are proxy load balancers and passthrough load balancers

Proxy Passthrough
Terminate at load balancer backend
LB to backend a new request original request
Response through load balancer directly to client

More details:

  • Proxy: Traffic is terminated at the load balancing layer and then forwarded to the closest available backend by using TCP. (Used for TCP with or without TLS offload)
  • Passthrough: not proxies. Load-balanced packets are received by backend VMs with the packet's source and destination IP addresses, protocol, and, if the protocol is port-based, the source and destination ports unchanged. Load-balanced connections are terminated at the backends. Responses from the backend VMs go directly to the clients, not back through the load balancer. The industry term for this is direct server return (DSR). More protocols: TCP, UDP, ESP, GRE, ICMP, and ICMPv6

InfiniBand vs Ethernet


  • InfiniBand: used in high-performance computing that features very high throughput and very low latency.
  • Ethernet: IEEE 802.3, a family of wired computer networking technologies.
    • divide a stream of data into shorter pieces called frames.
    • Ethernet provides services up to and including the data link layer. (L2)
    • The 48-bit MAC address was adopted by other IEEE 802 networking standards, including IEEE 802.11 (Wi-Fi).
    • one of the key technologies that make up the Internet.
  • Wi-Fi: IEEE 802.11

In 2016, Ethernet replaced InfiniBand as the most popular system interconnect of TOP500 supercomputers.


  • VXLAN scales to 16 million unique identifiers versus 4,000 VLAN identifiers.
    • VLAN: 12 bit identifier, up to 4094 virtual networks.
    • VXLAN: 24-bit identifier, around 16 million VXLANs.

VLANs connect geographically separate devices.

In VLAN, a layer 2 network is divided into subnetworks using virtual switches and creating multiple broadcast domains within a single LAN network.

In VXLAN, a layer 2 network is overlaid on an IP underlay, and the layer 2 ethernet frame is encapsulated in a UDP packet and sent over a VXLAN tunnel.


Physically connected but isolated at the data link layer (Layer 2).

VLANs work by creating multiple virtual switches over a single physical switch, with each virtual switch handling the communication for a single VLAN.

"Virtual" = a physical object recreated and altered by additional logic, within the local area network. VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks.

Software defined: can group hosts together even if the hosts are not directly connected to the same network switch.

Many Internet hosting services use VLANs to separate customers' private zones from one other, allowing each customer's servers to be grouped in a single network segment no matter where the individual servers are located in the data center.


Virtual eXtensible Local Area Network (VXLAN): a tunneling protocol that carries layer 2 packets over a layer 3 network, that is ethernet over IP; creating multiple L2 overlay networks in a given L3 overlay network.


Optic cable categories:

  • SMF: Single-Mode Fiber
    • "single": uses laser light following a single path.
    • for long distance: a smaller core size from 8.3 to 10 microns in diameter.
    • higher cost.
    • Color: yellow.
  • MMF: Multi-Mode Fiber
    • "multi": takes multiple paths, which may result in a differential mode delay, and the distance between connections must decrease.
    • for short distance: much larger than SMF with diameter from 50 to 100 microns; shorter distance due to signal distortion.
    • lower cost.
    • Color: orange or agua.

LOM port vs Console port

  • console / serial port:
    • allow root access through a terminal or laptop interface without using the network.
    • connect to serial ports (RS-232).
  • LOM (e.g. iLO):
    • used to monitor and manage the devices by using a dedicated management channel (connects to a management switch), isolated from the traffic in data plane. it requires and IP address configured on the device
    • RJ-45 jack / CAT5 or 6 cable.
    • iLO has a Virtual Serial Port.
    • iLO is on a separate chip: "a remote server management processor embedded on the system boards"

Channel Bonding vs Load Balancing

Channel bonding is differentiated from load balancing in that load balancing divides traffic between network interfaces on per network socket (layer 4) basis, while channel bonding implies a division of traffic between physical interfaces at a lower level, either per packet (layer 3) or a data link (layer 2) basis.