Interviewer: What is the essential difference between layer 4 and layer 7 proxies?
2025.04.15
Introduction
I was asked this question many times during the interview, but I didn't answer it very comprehensively. Although sometimes the interviewer thought it was okay, I knew it was not comprehensive enough, so we took a deeper look.
If there is any problem in the article, please point it out.
Start
Introduction: Thoughts triggered by a real failure
During the promotion of an e-commerce platform in 2024, the core payment system suddenly suffered from network paralysis. The maintenance team found that the four-layer load balancer evenly distributed millions of requests per second to the API gateway, but the seven-layer gateway consumed 75% of CPU resources due to HTTP header parsing. This exposed a fundamental problem: without understanding the essential difference between the four-layer and the seven-layer, it is impossible to build a highly reliable modern network architecture.
This article will analyze the differences between the two through three dimensions:
1. Differences in the nature of the protocol: fundamental differences in packet processing methods
2. Performance boundary comparison: using measured data to break technical rumors
3. Selection decision framework: six key issues determine the technical direction
1. The nature of the protocol: two philosophies of packet processing
1.1 Four-layer proxy: the art of connection
Core features:
• Transparent forwarding: application data is not parsed, only TCP/UDP headers are processed
• State maintenance: sessions are managed through the connection tracking table (conntrack)
• Typical scenarios:
Game server (UDP low latency)
Live video (large traffic transmission)
Financial trading system (high-frequency messages)
1.2 Layer 7 proxy: content understander
Core capabilities:
• Semantic awareness: understanding HTTP/HTTPS and other application protocols
• Content rewriting:
• Typical scenarios:
API gateway (routing/current limiting)
Web application firewall (WAF)
A/B testing (traffic coloring)
2. Performance Boundary: The Truth Revealed by Measured Data
2.1 Benchmark Test Environment
2.2 Comparison of Key Indicators
Performance Conclusion:
• Four-layer proxy: Suitable for high-throughput, low-latency scenarios, but sacrifices business perception
• Seven-layer proxy: Provides deep business control, but requires performance costs
3. Decision Architecture: Six Questions to Lock the Technical Direction
3.1 Key Decision Tree
3.2 Six Soul-searching Questions
1. Protocol Type: Is it an L7 protocol such as HTTP/WebSocket?
2. Traffic Characteristics: Request size, connection duration, burst traffic?
3. Security Requirements: Is WAF or CC protection required?
4. Maintenance Cost: Is there a team that can maintain complex strategies?
5. Infrastructure: Does it support DPDK/eBPF acceleration?
6. Evolution direction: Is there a plan to migrate to a service grid?
IV. Hybrid architecture practice: practical experience of a video platform
4.1 Pain points of the initial architecture
4.2 Optimized hybrid architecture
Optimization effect:
• Cost reduction: 45% bandwidth cost savings
• Latency reduction: The first frame time of the video is reduced from 2.1s to 0.7s
• Simplified operation and maintenance: Fault location time is shortened by 80%
5. Future Trends: Technology Evolution Roadmap
5.1 Hardware Revolution of L4 Proxy
• Smart Network Card Acceleration: NVIDIA BlueField Achieves 100G Line-Speed Forwarding
• eBPF Core Bypass: Cilium L4 Proxy Latency Reduced to 0.1ms
5.2 Cloud Native of L7 Proxy
• Service Grid Integration: Istio Traffic Management + Envoy Dynamic Configuration
• WebAssembly Extension: Execute Custom Filtering Logic at the Proxy Layer
Conclusion: Choice is more important than effort
When faced with the choice between layer 4 and layer 7 proxies, please keep three principles in mind:
1. Protocol determines the lower limit: UDP chooses layer 4, HTTP chooses layer 7
2. Data-driven decision: Use stress test data instead of empirical guesswork
3. Architecture is evolution-oriented: Reserve space for cloud native and hardware acceleration
Finally, a self-check list is given:
• Draw a business traffic protocol distribution map
• Quantify performance requirements (throughput/delay/jitter)
• Evaluate the matching degree of the team's technology stack
• Develop a three-year technology evolution roadmap