L4 Load Balancing
Load balancing at the transport layer (TCP/UDP). Routes connections based on IP and port without inspecting HTTP content. Fast and efficient, but can't make routing decisions based on URLs or headers.
Full Explanation
L4 load balancing operates at the TCP/UDP level. It sees source IP, destination IP, and port numbers. That's it. It picks a backend server and forwards the entire connection there. No HTTP parsing, no cookie inspection, no URL-based routing.
The advantage is speed. L4 load balancers handle millions of connections per second because they don't need to parse application-layer data. They're often implemented in hardware or kernel space (DPDK, eBPF, IPVS). CDNs use L4 balancing at the network edge to distribute incoming connections across multiple HTTP servers within a PoP.
The tradeoff: you can't do content-based routing. All requests on a connection go to the same backend, regardless of the URL or Host header. For CDN operations, L4 is used for the initial connection distribution, while L7 handles the smart routing decisions.
Examples
# HAProxy L4 mode
frontend tcp_front
bind *:443
mode tcp
default_backend cdn_edges
backend cdn_edges
mode tcp
balance roundrobin
server edge1 10.0.1.1:443 check
server edge2 10.0.1.2:443 check
server edge3 10.0.1.3:443 check
# Linux IPVS (kernel-level L4 LB)
$ ipvsadm -A -t 203.0.113.1:443 -s rr
$ ipvsadm -a -t 203.0.113.1:443 -r 10.0.1.1:443 -m
$ ipvsadm -a -t 203.0.113.1:443 -r 10.0.1.2:443 -mVideo Explanation
Frequently Asked Questions
Load balancing at the transport layer (TCP/UDP). Routes connections based on IP and port without inspecting HTTP content. Fast and efficient, but can't make routing decisions based on URLs or headers.
# HAProxy L4 mode
frontend tcp_front
bind *:443
mode tcp
default_backend cdn_edges
backend cdn_edges
mode tcp
balance roundrobin
server edge1 10.0.1.1:443 check
server edge2 10.0.1.2:443 check
server edge3 10.0.1.3:443 check
# Linux IPVS (kernel-level L4 LB)
$ ipvsadm -A -t 203.0.113.1:443 -s rr
$ ipvsadm -a -t 203.0.113.1:443 -r 10.0.1.1:443 -m
$ ipvsadm -a -t 203.0.113.1:443 -r 10.0.1.2:443 -mRelated CDN concepts include:
- Anycast — A routing technique where the same IP address is announced from multiple locations worldwide. The …
- L7 Load Balancing — Load balancing at the application layer (HTTP). Can route based on URL path, headers, cookies, …
- TCP (TCP) — Transmission Control Protocol. The reliable, ordered, connection-oriented transport protocol underneath HTTP/1.1 and HTTP/2. TCP's three-way …
- UDP (UDP) — User Datagram Protocol. A connectionless, lightweight transport protocol with no handshake, ordering, or delivery guarantees. …