Interviewer: What is the essential difference between layer 4 and layer 7 proxies?

Introduction
I was asked this question many times during the interview, but I didn't answer it very comprehensively. Although sometimes the interviewer thought it was okay, I knew it was not comprehensive enough, so we took a deeper look.

If there is any problem in the article, please point it out.

Start
Introduction: Thoughts triggered by a real failure
During the promotion of an e-commerce platform in 2024, the core payment system suddenly suffered from network paralysis. The maintenance team found that the four-layer load balancer evenly distributed millions of requests per second to the API gateway, but the seven-layer gateway consumed 75% of CPU resources due to HTTP header parsing. This exposed a fundamental problem: without understanding the essential difference between the four-layer and the seven-layer, it is impossible to build a highly reliable modern network architecture.

This article will analyze the differences between the two through three dimensions:

1. Differences in the nature of the protocol: fundamental differences in packet processing methods

2. Performance boundary comparison: using measured data to break technical rumors

3. Selection decision framework: six key issues determine the technical direction

1. The nature of the protocol: two philosophies of packet processing

1.1 Four-layer proxy: the art of connection

Core features:

• Transparent forwarding: application data is not parsed, only TCP/UDP headers are processed

• State maintenance: sessions are managed through the connection tracking table (conntrack)

• Typical scenarios:

Game server (UDP low latency)

Live video (large traffic transmission)

Financial trading system (high-frequency messages)

1.2 Layer 7 proxy: content understander


Core capabilities:

• Semantic awareness: understanding HTTP/HTTPS and other application protocols

• Content rewriting:

• Typical scenarios:

API gateway (routing/current limiting)

Web application firewall (WAF)

A/B testing (traffic coloring)

2. Performance Boundary: The Truth Revealed by Measured Data
2.1 Benchmark Test Environment
2.2 Comparison of Key Indicators
Performance Conclusion:
• Four-layer proxy: Suitable for high-throughput, low-latency scenarios, but sacrifices business perception
• Seven-layer proxy: Provides deep business control, but requires performance costs

3. Decision Architecture: Six Questions to Lock the Technical Direction
3.1 Key Decision Tree
3.2 Six Soul-searching Questions
1. Protocol Type: Is it an L7 protocol such as HTTP/WebSocket?

2. Traffic Characteristics: Request size, connection duration, burst traffic?

3. Security Requirements: Is WAF or CC protection required?

4. Maintenance Cost: Is there a team that can maintain complex strategies?



5. Infrastructure: Does it support DPDK/eBPF acceleration?

6. Evolution direction: Is there a plan to migrate to a service grid?

IV. Hybrid architecture practice: practical experience of a video platform

4.1 Pain points of the initial architecture

4.2 Optimized hybrid architecture

Optimization effect:

• Cost reduction: 45% bandwidth cost savings

• Latency reduction: The first frame time of the video is reduced from 2.1s to 0.7s

• Simplified operation and maintenance: Fault location time is shortened by 80%



5. Future Trends: Technology Evolution Roadmap
5.1 Hardware Revolution of L4 Proxy
• Smart Network Card Acceleration: NVIDIA BlueField Achieves 100G Line-Speed ​​Forwarding

• eBPF Core Bypass: Cilium L4 Proxy Latency Reduced to 0.1ms

5.2 Cloud Native of L7 Proxy
• Service Grid Integration: Istio Traffic Management + Envoy Dynamic Configuration

• WebAssembly Extension: Execute Custom Filtering Logic at the Proxy Layer



Conclusion: Choice is more important than effort
When faced with the choice between layer 4 and layer 7 proxies, please keep three principles in mind:

1. Protocol determines the lower limit: UDP chooses layer 4, HTTP chooses layer 7

2. Data-driven decision: Use stress test data instead of empirical guesswork

3. Architecture is evolution-oriented: Reserve space for cloud native and hardware acceleration

Finally, a self-check list is given:

• Draw a business traffic protocol distribution map

• Quantify performance requirements (throughput/delay/jitter)

• Evaluate the matching degree of the team's technology stack

• Develop a three-year technology evolution roadmap