Legacy System Architecture

<< Back to Technical Glossary

Legacy System Architecture Definition

Gartner’s legacy architecture definition includes information systems critical to day-to-day operations that may be based on outdated technologies. Replacing legacy applications and systems is among the most significant challenges information systems (IS) professionals face.

Legacy system architecture modernization goes far beyond a software update. Legacy software refers to any software and applications the organization has depended on in the past. This means that legacy software modernization might include partial or complete updating or replacement of inefficient or outdated processes, systems, and applications. Finally, replatforming usually involves moving from self-hosted to a cloud-based platform for business applications.

Some solutions demand more upfront investment than others, and some legacy software and systems present more risk. The best approach to legacy system modernization depends on internal capabilities, business goals, and existing legacy network architecture.

This image shows a comparison between legacy system architecture and new system architecture.

Legacy System Architecture FAQs

What is Legacy System Architecture?

According to Gartner, a legacy application is an information system that is critical to day-to-day operations but based on outdated technologies. Legacy technologies and systems are fairly commonplace in various industries, including finance, banking, healthcare, insurance, and transportation.

Legacy system architecture includes outdated applications, infrastructure, and processes that are usually housed in tightly coupled, monolithic environments. Such enterprise architecture legacy systems also often run on hardware and software that is owned, managed, hosted, and supported by the organization itself, generating even more financial and IT skill burden.

A legacy system architecture is not defined solely by its age. A software system might be considered a legacy simply because it can’t meet business needs or lacks support. Such legacy software and legacy applications are typically difficult, if not impossible, to improve, maintain, develop, support, or integrate with the new systems due to limitations of underlying technology, architecture, or design.

Although they may have helped the organization grow before, architectural legacy systems reach a point of maturity and a stall zone as new strategies and innovative technologies such as AI, cloud, IoT, mobile, and social present a dilemma in the digital transformation journey. This is the time when it is essential to face the problem of legacy system architecture.

Examples of Legacy Architecture Challenges

Despite the proliferation of examples of legacy application architecture, there are many reasons to modernize. Many software engineers consider legacy architecture systems potentially problematic for several reasons. Here are several common legacy architecture challenges.

Maintenance Costs

If legacy software systems run only on antiquated hardware, system maintenance cost and risk will usually outweigh the cost and risk of software and hardware replacement. Updates and changes are challenging with monolithic legacy systems which are typically large in terms of both functionality and the codebase. Just one small update to legacy system architecture requires time and effort and can cause multiple conflicts across the system. Similar to the software system, the underlying infrastructure of legacy systems is more expensive and more difficult to maintain compared to modern cloud-based solutions.

Data Silos

Legacy system architecture tends to create data silos, in part because many legacy software solutions were never designed to integrate and were built on frameworks that literally cannot integrate with more modern systems.


Regulatory compliance requirements such as the GDPR demand knowing and demonstrating which customer data you have, where it is, and who can access it. This is impossible with many of the outdated, siloed systems created by legacy system architecture.

Staff Trouble

It’s more difficult each year to train staff to maintain a software system when the staff who created it have retired or left, and newer staff never mastered it as a legacy technology. Loss or lack of documentation often makes this worse.

Security Risk

Legacy system architecture tends to have production configurations and more vulnerabilities due to lack of security patches applied or available—all of which cause security problems and place the legacy system at risk of being compromised by knowledgeable insiders or attackers. The web services of legacy systems are typically less resistant to malware and cyberattacks, because attackers have had time to access the code and identify its vulnerabilities, and because an outdated software system often lacks vendor support. Even a well-built, well-maintained custom-built legacy system can be like patching a leaky hose when it comes to security.

Integration Difficulties

Integration of modern digital architecture and legacy systems is often difficult. Modern software platforms often access capabilities using third-party APIs for tasks such as data sharing, user authentication, geolocation, and transactions. And while the existing code of modern technologies are ready for this kind of integration by default, legacy systems typically lack compatibility. It often demands a significant amount of custom code to connect modern digital architecture legacy systems, with mixed results.

Once most organizations understand these considerations, an updated, more secure, newer technology stack platform seems less costly based on the proven return on investment (ROI) compared to the alternative.

Approaches to Legacy Application Modernization

Legacy application modernization projects can take more radical or more measured approaches.

Radical or revolutionary modernization means taking a ground-up approach to transforming legacy system architecture. This approach is often needed when businesses merge or when a legacy system has become a risk and requires an immediate fix. A radical, all-at-once approach presents higher costs and risks as well as increased disruption.

For risk-averse organizations, a step-by-step or evolutionary modernization approach is often preferred. This allows the organization to achieve the same business goals using a long-term model to modernize one workload at a time. 

In reality, there are multiple modernization options, from simply encapsulating the existing app’s data and functions to replacing it altogether, with variously impactful options in between. According to Gartner, the easier it is to implement, the less impact and risk it will have on the business processes and the system, and vice versa.

When evaluating which approach is best for your organization, assess the current state of legacy enterprise systems and related factors. Legacy software should just be the beginning of your analysis, which should also include all other systems in place, from architecture to code, in the context of plans for future growth:

  • Workload. Assess workloads holistically in the context of business goals. Audit software and applications for criticality, business value, and opportunities for modernization.
  • Architecture. Review infrastructure performance, components, and return on investment (ROI) to prioritize for simplicity and assess where newer technologies can deliver better outcomes. Consider a scalable, microservices architecture approach, and ensure the application will work well with the other default business tools—or provide replacements.
  • Financial. Evaluate strategies for resource optimization and spend to find budget burdens to support existing system operations and be ready for the future.
  • Risk. Compare the desired outcomes of your legacy system modernization project to possible business disruption and any associated impacts to organizational culture and business processes. Factor in the risks of not acting.
  • Operations. Identify necessary new training, skill sets, and processes that must be factored into modernization timelines and costs.
  • Security. Develop a governmental and industry compliant security plan to avoid outages, data loss, or exposure and protect systems before, during, and after modernization.


Select the modernization approach that would be the fastest to deliver value. For example, if there is a SaaS solution available at a fraction of the cost, there is no need to start from scratch. If you want to build more features on top of your existing system or it solves specific tasks, custom product development services or agile software development practices might be a better approach to the problem.

Reengineer the system with a technology stack that is future-ready and will deliver optimal user experience and performance for your specific needs. Avoid making the same mistakes with the new system by adopting a set of internal processes and coding standards to document for future system growth.

Finally, create a support and retirement schedule for the legacy software, including documented and archived solutions for easy reference. And remember, there’s a learning curve here. Leave room in the budget for training and system updates so the team can master the new system.

Benefits of Digital Transformation and Application Modernization

There are many reasons to update legacy system architecture. Application modernization offers a number of benefits:

Improved performance. Modernized IT systems and containerized applications deliver faster time-to-market, more reliable processes, improved performance, reduced risks, and better user experiences

Reduced costs. Decommissioning data center space, monolithic apps, and physical servers reduces costs for hardware, software, and licensing—all financial inefficiencies of legacy software and systems

Competitive advantage, enhanced innovation. Create or maintain a competitive advantage with a lightweight solution competitors can’t match. Modernized systems can adapt to business conditions, integrate systems to optimize processes, leverage data across the organization, react quickly to seasonal fluctuations, or rapidly adopt new innovations on the marketplace.

Better customer experiences. Happier employees and customers come from meeting and exceeding performance and UX standards.

Secure the system. Secure IT infrastructure from internal breaches and external threats.

Simplify integration. Integration is exponentially simpler with new enterprise software built to work together.

What is the Difference Between Legacy vs Cloud Native Architecture?

There are several key differences between legacy vs modern architecture:

Predictability. Cloud native architectures are more predictable than traditional enterprise applications and architectures that are built over comparatively long periods of time. Cloud native projects are designed to scale up and maximize resilience, following predictable rules and behaviors.

Independence. Cloud native architecture is independent of operating systems, whereas traditional legacy system architecture is OS dependent.

Collaborative. Cloud native architecture is open and collaborative, while traditional application architecture runs with finished application code and develops silos.

Automated. In general, fully cloud-native architecture involves automation of systems, in contrast to traditional legacy system architecture which is manual, relies on human operators to diagnose and repair issues, and runs the risk of hard-coding human error into actual infrastructure.

For more on the actual implementation of load balancing, security applications and web application firewalls check out our Application Delivery How-To Videos.

Layer 4 Load Balancing

<< Back to Technical Glossary

Layer 4 Load Balancing Definition

A load balancer distributes application traffic or network traffic across multiple servers, acting as a reverse proxy. Load balancers can increase the reliability and capacity—or possible number of concurrent users—of applications. Load balancers perform application-specific tasks and decrease the burden on servers associated with maintaining and managing network and application sessions to improve overall application performance.

There are two broad categories of load balancers: layer 4 and layer 7. These types of load balancers operate and make decisions based on different factors.

Layer 4 load balancing makes its routing decisions based on information defined at Layer 4, the networking transport layer. Layer 4 represents the fourth layer of the Open Systems Interconnection [OSI] Reference Model, which defines seven networking layers total, found here.

Layer 4 is the transport level, which includes the user datagram protocol (UDP) and transmission control protocol (TCP). For internet traffic, a Layer 4 load balancer does not consider packet contents as it makes its load-balancing decisions, and instead distributes client requests across a group of servers based on the destination and source IP addresses and ports the packet header records.

This image depicts a layer 4 load balancer with the application clients (end users) are connected to the servers through load balancers.

Layer 4 Load Balancing FAQs

What is Layer 4 Load Balancing?

Layer 4 load balancing most often describes deployments where the IP address of the load balancer is advertised to clients for a service or website, for example via DNS. In this layer 4 load balancer example, client requests record the address of the load balancer as the destination IP address.

How Does Layer 4 Load Balancing Work?

Layer 4 load balancing makes its routing decisions based on information defined at the networking transport layer, L-4. The layer 4 load balancer also performs Network Address Translation (NAT) on the request packet as it receives a request and makes the load balancing decision. In the NAT process, the layer 4 load balancer chooses a content server on the internal network and changes the destination IP address from its own to that of the selected server.

Similarly, the load balancer changes the source address recorded in the packet header from the server’s IP address to its own before forwarding server responses to clients. At times, the layer 4 load balancer may also change the source and destination TCP port numbers recorded in the packets in a similar fashion.

Layer 4 load balancers do not inspect packet content, instead extracting address information from the first few packets in the TCP stream and using it to make routing decisions. Because layer 4 load balancers are often vendor-supplied, dedicated hardware devices, specialized chips may perform NAT operations rather than proprietary load-balancing software.

Layer 4 load balancing was a more popular approach to handling traffic when interaction between application servers and clients was less complex. Initially, Layer 7 and other more sophisticated load balancing methods demanded significantly more computation than Layer 4 load balancing, but the advantages of layer 4 load balancing in terms of performance have been greatly reduced in most situations thanks to modern memory and CPU which are low cost and fast.

However, to meet a broader variety of application needs, an ADC should offer load balancing capabilities across both layer 4 and layer 7, even though layer 7 load balancers allow more intelligent routing decisions and offer more extensive functionality. In other words, layer 4 load balancing capacity remains important, even for users with sophisticated architectures.

Layer 4 Load Balancing for Kubernetes

Many of the same principles of a Layer 4 load balancer apply for microservices architectures as well. Layer 4 load balancing Kubernetes solutions are needed as are layer 7 load balancing solutions. Layer 7 load balancing is frequently referred to as ingress load balancing.

Layer 4 vs Layer 7 Load Balancing

Applications need both layer 4 and layer 7 load balancing. The distinctions between the various layers in the Open Systems Interconnection (OSI) Reference Model for networking define the difference between layer 4 and layer 7 load balancing.

A layer 4 load balancer manages transaction traffic at the transport layer using the UDP and TCP protocols, basic information such as response times and server connections, and a simple load balancing algorithm. Layer 4 load balancing manages traffic based on network information such as protocols and application ports without requiring visibility into actual content of messages.

This approach is effective for simple load balancing at the packet level. Messages can be forwarded efficiently, quickly, and securely because they are neither decrypted nor inspected. However, it’s not possible to route traffic based on localization rules, media type, or other more complex criteria; layer 4 load balancing cannot make content-based decisions, so it relies upon simple algorithms such as round-robin routing.

A Layer 7 load balancer works at the highest OSI model layer: the application layer. It therefore makes its routing decisions based on more detailed information such as message content, cookie data, HTTP/HTTPS header characteristics, type of data (video, text, graphics, etc.), and URL type. DNS, FTP, HTTP, and SMTP protocols are all at the application traffic level. In other words, the difference between layer 4 and 7 load balancing is the source and type of information the load balancer can use to make decisions.

Layer 7 load balancers terminate and distribute network traffic; decrypt and inspect messages as needed; make routing decisions that are content-based; select an appropriate upstream server based on the right criteria and initiate new TCP connections to it; and write those requests to the server—rather than merely forwarding unread traffic.

Layer 7 processing incurs a performance penalty for encryption, but SSL offload functionality can largely reduce this problem. Layer 7 load balancing allows application-aware networking, enabling smarter content optimizations and load balancing decisions.

A layer 7 load balancer can provide “sticky sessions” or server persistence by identifying unique client sessions viewing or actively injecting cookies. This enhances efficiency by sending all client requests to the same server. It can also use content caching, more easily retrieving frequently accessed items held in memory, thanks to visibility at the packet level. A layer 7 load balancer can also manage protocols that reduce overhead and optimize traffic by multiplexing many requests onto a single connection—an important load balancing feature for modern organizations.

All of these features can make layer 7 load balancing more costly in terms of required computing power and time than layer 4 load balancing. However, in many cases layer 7 load balancing achieves greater overall efficiency, reducing duplications of data in requests, for example.

Modern general-purpose load balancers that serve as full reverse proxies often operate at Layer 7. However, compared to the routing-based methods which are not acting as full proxies, the load balancer is acting as a full proxy it doesn’t have the same high layer 4 load balancer throughput.

Some load balancers can be configured based on the nature of the service, and can provide layer 4 or layer 7 load balancing. An L4-7 load balancer solves this problem by using a set of network services across the entire networking stack that provides services such as data storage and communications, ISO layers 4 through 7 to base traffic management decisions. This means it offers the benefits of both layer 4 and layer 7 load balancers.

There are appropriate use cases for layer 4 or layer 7 load balancing, despite the enhanced intelligence of routing decisions and functionality layer 7 load balancers offer. To meet an enterprise level demand for compliance, content localization, and efficiency and meet a variety of application needs while providing the best possible experience for any device, user, and location, application delivery controllers (ADCs) will ideally provide load balancing and manage traffic across layers.

Does VMware NSX Advanced Load Balancer Offer Layer 4 Load Balancing?

Yes. The VMware NSX Advanced Load Balancer’s multi-cloud Software Load Balancer delivers applications at scale across all levels of the networking stack (L4-7) and any infrastructure. VMware NSX Advanced Load Balancer’s software load balancer offers modern enterprises performance, speed, and reliability, forming the backbone of the Platform. Learn more about VMware NSX Advanced Load Balancer’s layer 4 load balancing solution and how elastic load balancing can handle sudden changes in traffic and other challenges here.

For more on the actual implementation of load balancers, check out our Application Delivery How-To Videos.

Layer 7

<< Back to Technical Glossary

OSI Layer 7 Definition

Layer 7 refers to the outermost seventh layer of the Open Systems Interconnect (OSI) Model. This highest layer, also known as the application layer, supports end-user applications and processes.

This layer is closest to the end user and is wholly application-specific. Layer 7 identifies the parties as they communicate, assesses service quality between them, and deals with issues such as constraints on data syntax, user authentication, and privacy.

Image depicts a Layer 7 OSI Model with the details for all layers starting from Layer 1.


Layer 7 FAQs

What is Layer 7?

Layer 7 or the application layer of the OSI reference model deals directly with applications. Within this narrow scope, layer 7 is responsible for displaying data and images to the user in a format humans can recognize. This in turn enables users to interface with the presentation layer below the application level. Layer 7 then helps implement a communication component by interacting with software applications.

Layer 7 functions include identifying communication partners, determining availability and quality of resources, and finally synchronizing communication. Layer 7 identifies available communicators and then determines whether the selected communication method and sufficient resources exist to determine communication partners. Then, layer 7 establishes and synchronizes communication through the cooperating communication partners.

What is the OSI Model?

The Open Systems Interconnection (OSI) model was created by the International Organization for Standardization as a conceptual model to enable communication via standard protocols between diverse communication systems. In other words, the OSI reference model serves as a common communication standard for different computer systems, much like a common language or monetary system for humans.

In some sense, the 7 layer OSI model is a computer networking universal language. The model itself is based on a notion of seven abstract layers of a communication system, each stacked upon the last. Each OSI reference model layer communicates with the layers above and below it, and handles specific tasks.

[In fact, some DDoS attacks target specific network connection layers. For example, protocol layer attacks target layers 3 and 4, and application layer attacks target layer 7. We will discuss more on these kinds of DDoS attacks and layer 4 vs layer 7 DDoS methods in the section below.]

What are the seven layers of the OSI model?

Layer 7: The Application Layer

Closest to the end user, layer 7 is the only layer that interacts directly with user data. Email clients, web browsers, and other software applications all rely on layer 7 to initiate communications. However, client software applications do not reside at, and are not part of, the application layer.

Instead, the application layer establishes connections with applications at the other end to present meaningful data to the user after facilitating communication through lower layers. Layer 7 is responsible for the data manipulation and protocols that software needs to present data so it is meaningful to humans. For example, layer 7 protocols include HTTP which enables internet communication and SMTP which enables email communications.

Layer 6: The Presentation Layer

The presentation layer represents the translation or preparation to and from application and network formats. Layer 6 prepares and presents data for use and consumption by the network or applications. The presentation layer is responsible for data encryption, translation, and compression.

Various devices may be communicating using different methods for encoding, so layer 6 translates incoming data into a comprehensible syntax for the receiving device’s application layer. The presentation layer also adds sender side layer 7 encryption and decodes encryption upon receipt to present usable data at the application layer.

Finally, layer 6 also compresses and delivers data it receives from layer 7 to the session layer. This minimizes the amount of data transferred, improving the efficiency and speed of communication.

Layer 5: The Session Layer

The session layer opens and closes sessions, or communication times between devices. The session layer strikes a balance between saving resources by closing sessions promptly, and ensuring all exchanged data is properly transferred by maintaining the open session for a sufficient amount of time.

The session layer creates a session any time two computers, devices, or servers need to communicate. Functions at this layer involve session setup, coordination, and termination. The session layer also protects data transfers from crashes and other problems by synchronizing transfers with checkpoints. This allows the session to be resumed from the point of the most recent checkpoint in the case of a crash or disconnect.

Layer 4: The Transport Layer

Layer 4 handles data transfer and end-to-end communication between devices, end systems, and hosts. This includes segmenting data from the session layer before sending it to layer 3, and reassembling the segmented data on the receiving end into consumable data for the session layer.

In addition, the transport layer handles error control and flow control. On the receiving end, the transport layer performs error control by ensuring the data is complete and if it isn’t, requesting a retransmission. To ensure that receivers with slower connections are not overwhelmed by senders with faster connections, flow control determines an optimal data transmission speed and ideal targets and quantities for sending.

The Transmission Control Protocol (TCP), built atop the Internet Protocol (IP), is the best known example of the transport layer. This is typically called TCP/IP. Layer 4 is home to TCP and UDP port numbers, while the network layer or layer 3 is where IP addresses work.

Layer 3: The Network Layer

The network layer supports router functionality by facilitating data transfer between networks. Layer 3 breaks transport layer segments on the sender’s device into smaller units, called packets. It then forwards the packets and identifies the optimal physical path for them to the destination through routers, and reassembles them at the receiving device. The network layer enables routers to find the best way among millions of options for different servers or devices to connect efficiently.

Layer 2: The Data Link Layer

The data link layer facilitates node-to-node data transfer between devices on the same network. Layer 2 also breaks data packets, in this case from the network layer, into smaller pieces. At the data link layer these pieces are called frames. Layer 2 also manages error control and flow control in intra-network communication.

Layer 1: The Physical Layer

This layer is the physical and electrical manifestation of the system and it includes the equipment involved in the data transfer, such as the switches, radio frequency link, and cable types, and physical requirements from voltages to pin layouts. Data is converted into a bitstream at this layer, and so communicating devices can distinguish 1s from 0s on both devices, the physical layers of devices must agree on a signal convention.

If the modern internet more closely follows the simpler and less theoretical 4 layer TCP/IP model, why is OSI 7 layer technology still important to understand? The structure of the OSI theoretical model still frames troubleshooting context for network problems and discussions of protocols. The layered structure of the model helps isolate problems, identify their causes, and break them down into more manageable tasks while avoiding unnecessary work in irrelevant layers.

Data flows through the OSI 7 layer network model in a specific way to render data readable and usable by humans and devices. Here is an example:

  • A writes an email to B. A uses an email application to compose the message on a laptop and sends it.
  • The application sends the message to the application layer.
  • Layer 7 selects a protocol (SMTP) and passes the data to layer 6.
  • The presentation layer compresses the data and passes it to layer 5.
  • The session layer initializes the communication session and sends A’s data to layer 4.
  • The transport layer segments the data in the message and passes them to layer 3.
  • The network layer breaks the segments into packets and sends them to layer 2.
  • The data link layer breaks the packets down even further into frames and delivers them layer 1.
  • The physical layer converts the email data into a bitstream of 1s and 0s and transmits it through a cable or other physical medium.
  • B’s computer receives the bitstream physically through a wifi or other physical medium, and the email data begins to flow back through the same series of layers in the opposite order on B’s device.

What is a Layer 7 DDoS Attack?

Application layer attacks, also called layer 7 DDoS attacks, refer to malicious cyberattacks that target requests such as HTTP POST and HTTP GET from the outermost or top OSI model layer. In contrast to DNS amplification attacks and other network layer attacks, these DoS layer 7 attack methods are particularly effective due to their consumption of network and server resources.

Most layer 7 DDoS methods are based on the relative disparity between the amount of resources it requires to successfully launch compared to the resources required for layer 7 DDoS mitigation. It simply demands less total bandwidth to create the same amount of damage and disruption with a layer 7 attack.

For example, responding to user requests to login to sites, query databases, or even just produce a webpage, all demand disproportionately greater amounts of resources from the server. Multiple targeted requests directed at the same online property can overwhelm a server, causing a denial-of-service or even taking the service offline.

It is difficult to prevent application layer DDoS attacks because it is particularly tricky to distinguish between normal traffic and attack traffic, especially in the case of a layer 7 problem. A botnet launching an HTTP flood attack can make each network request to the victim’s server seem as though it is not spoofed.

To respond to and prevent layer 7 application attacks, it is important to deploy an adaptive traffic limiting strategy based on particular rules which can fluctuate regularly and layer 7 monitoring tools. A properly configured layer 7 firewall or web application firewall (WAF) can greatly diminish the impact of a layer 7 DoS attempt by mitigating how much bogus traffic is passed on to the server. A challenge to devices such as a CAPTCHA test can also help mitigate application layer attacks. Other layer 7 protection strategies for HTTP floods include network analysis by engineers and using an IP reputation database to filter and manage traffic.

OSI Model vs 4 Layer TCP/IP Model

The TCP/IP model of the internet does not focus as much on layering and strict hierarchical encapsulation in terms of the design of protocols compared to the OSI 7 layer protocol model. Rather than seven layers, TCP/IP derives four broad layers of functionality from their contained protocols’ respective operating scopes. These are:

  • The application layer derived from the software application scope;
  • The transport layer derived from the path of the host-to-host transport;
  • The internet layer derived from the internetworking range; and
  • The network interface layer derived from the scope of other nodes directly linked on the local network.

Although the layering concept is distinct between the models, these TCP/IP layers are frequently compared with the OSI layering scheme as follows:

  • The OSI application layer, presentation layer, and most of the session layer (layers 5, 6, and 7) map to the internet application layer.
  • The OSI session and transport layers (layers 4 and 5) map to the TCP/IP transport layer.
  • A subset of the OSI network layer (layer 3) maps to the internet layer’s functions.
  • The OSI data link and network layers (layers 2 and 1) map to the link layer and may include similar protocols and functions.

In terms of layer 7 or application layer implementations, these vary depending on the stack. On the OSI stack X.400 Mail, Common Management Information Protocol (CMIP), and File Transfer and Access Management Protocol (FTAM) are all layer 7 implementations. On the transmission control protocol/internet protocol TCP/IP stack application layer implementations include: File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), and Simple Network Management Protocol (SNMP).

Layer 4 vs Layer 7 Load Balancing

There are load balancing options at various layers in the OSI networking model. Here are two layer 4 and layer 7 load balancing examples to illustrate the differences between layer 4 vs layer 7 load balancing.

Layer 4 concerns message delivery, not message content, and operates at the intermediate transport layer. Layer 4 load balancers simply inspect the first few packets in the TCP stream, and make limited routing decisions based on their inspections, forwarding network packets to and from the upstream server without really getting into packet content.

Layer 7 load balancing deals with the actual content of each message and operates at the high level application layer. More sophisticated than Layer 4 load balancers, Layer 7 load balancers terminate network traffic and review its content to make load balancing decisions. They reuse an existing TCP connection or create a new one to write the request to the server.

Many application delivery controllers and load balancers blend simpler, traditional layer 4 load balancing with layer 7 content switching technology which is more sensitive. Layer 7 content switching is also known as application switching, request switching, or content based routing.

As an example of layer 7 OSI protocols, consider a user visiting a high traffic website to access dynamic content such as a news feed, static content such as video or images, or the status of an order or other transactional details. During the session, the layer 7 load balancer routes request based on what kind of content is in the requests themselves. This allows requests for media to be routed to servers that are highly optimized to store and serve up multimedia content, for example, and requests for transactional data to be routed to the application server that manages those details.

In this way, layer 7 routing enables application and network architects to create an optimized server infrastructure or application delivery network that scales efficiently to meet demand and is reliable. A layer 7 reverse proxy server also performs layer 7 load balancing.

Benefits of layer 7 load balancing include:

  • CPU intensive Layer 7 load balancing is still less likely to hurt performance than packet based Layer 4 load balancing.
  • Layer 7 load balancing applies optimizations such as encryption and compression to the content and makes smarter load balancing decisions.
  • Layer 7 load balancing improves performance by buffering to offload slow connections from servers upstream.

Does VMware NSX Advanced Load Balancer Offer a Layer 7 Load Balancer?

Yes. The software-defined Load Balancer from the VMware NSX Advanced Load Balancer provides scalable application delivery across L4 and L7 protocols in the networking stack and any infrastructure. The Software Load Balancer delivers performance, speed, and reliability for modern enterprises, forming the backbone of the Platform. Learn more about VMware NSX Advanced Load Balancer’s layer 7 traffic shaping features and layer 7 load balancing configuration.

For more on the actual implementation of load balancers, check out our Application Delivery How-To Videos.

L4-L7 Network Services

<< Back to Technical Glossary

L4-L7 Network Services Definition

L4-L7 Network Services Definition are a set of functions such as: load balancing, web application firewalls, service discovery, and monitoring for network layers within the Open Systems Interconnection (OSI) model. The OSI model is a standard for telecommunications and computing systems. Within this communication system there are partitions called abstraction layers. Layers 4 to 7 (L4-L7) are delineated by function:

L4 – the Transport Layer is for transmission of data between points on a network. Example protocols: TCP/UDP.

L5 – the Session Layer is for managing the dialogues between computers. L5 establishes and manages connections between applications.

L6 – the Presentation Layer is responsible for establishing context within the applications, in which different syntax and semantics are present. This layer provides mapping and communication to various applications. Example protocols: SSL/TLS.

L7- the Application Layer is nearest to the end user. The user and the application are directly interacting, communicating with both. Example protocols: HTTP/SIP

Diagram depicting the Networking Infrastructure (OSI Model) Layers emphasizing on L4-L7 Network Services.

What are L4-L7 Service Networks?

L4-L7 service networks are application services running within those OSI layers. L7 service network is at the application layer and helps with the distribution of traffic. The L4 service network is known as a transport layer that includes TCP and UDP. L4-L7 network services provide data storage, manipulation, and communication services.

What is the Difference between L4 and L7 Load Balancing?

L4 load balancing offers traffic management of transactions at the network protocol layer (TCP/UDP). L4 load balancing delivers traffic with limited network information with a load balancing algorithm (i.e. round-robin) and by calculating the best server based on fewest connections and fastest server response times.

L7 load balancing works at the highest level of the OSI model. L7 bases its routing decisions on various characteristics of the HTTP/HTTPS header, the content of the message, the URL type, and information in cookies.

Does VMware NSX Advanced Load Balancer Offer L4-L7 Load Balancing?

Yes! The VMware NSX Advanced Load Balancer offers enterprise-grade L4-L7 load balancing. VMware NSX Advanced Load Balancer has built a disruptive platform for L4–L7 application services with a software-centric approach, enabling customers to scale network automation and application delivery across both private and public clouds. VMware NSX Advanced Load Balancer offers :

• Fully automated elastic load balancing (L4-L7), SSL offload, DDoS protection, and WAF with central management and control on private clouds, public clouds and SDN solutions (Cisco ACI, Nuage Networks, and Juniper Contrail)

• Consistent feature set and automation across on-premises, in VMware Cloud on AWS, and other Public Clouds (AWS, Microsoft Azure, and Google Cloud Platform)

• Built-in visibility and analytics for real time application performance monitoring, security insights, and network log analytics

For more on the actual implementation of load balancing, security applications and web application firewalls check out our Application Delivery How-To Videos.

For more information on L4-L7 Network Services see the following resources:

Load Balancing

<< Back to Technical Glossary

Load Balancing Definition

Load Balancing is the process of distributing network traffic across multiple servers. This ensures no single server bears too much demand. By spreading the work evenly, load balancing improves responsiveness. Load balancing methods also increase availability of applications and websites for users. Modern applications cannot run without load balancing.

Diagram depicting load balancing for application delivery and application services.

How Does Load Balancing Work?

When one application server becomes unavailable, load balancing directs all new requests to other available servers. Load balancing can be offered by hardware appliances or software. Hardware appliances often run proprietary software optimized to run on custom processors. As traffic increases, the vendor simply adds more load balancing appliances to handle the volume. Load balancing software usually runs on less-expensive, standard x86 hardware. Installing the software in cloud environments like AWS EC2 eliminates the need for a physical appliance.

What Are Load Balancing Methods?

Load balancing methods include:

  • Geographic load balancing
  • TCP load balancing
  • UDP load balancing
  • Multi-site load balancing
  • Load balancing-as-a-service
  • SDN load balancing
  • Global server load balancing

Why Is Load Balancing Important?

Network load balancing can do more than just act as a traffic cop for incoming requests. Load balancing software provides benefits like predictive analytics that determine application traffic bottlenecks before they happen. As a result, software-based load balancing gives an organization actionable insights. These are key to automation and can help drive business decisions.

What Is Load Balancing In Cloud Computing?

Software load balancing provides application services in the cloud. This provides a managed, off-site solution that can draw resources from an elastic network of servers. Cloud computing also allows for the flexibility of hybrid hosted and in-house solutions. Primary load balancing could be in-house while the backup is in the cloud. This ensures high availability of application and web servers.

Load balancing in the cloud has the following benefits:

  • Single point of control for distributed load balancing
  • Pinpoint analytics and visibility into web application performance
  • Predictive autoscaling of balancers, backend servers and applications
  • Accelerates application delivery from weeks to minutes
  • Troubleshoots app issues visually in minutes for health checks
  • Eliminates over-provisioning

What Are Load Balancing Algorithms?

There is a variety of load balancing methods, which use different algorithms best suited for a particular situation.

  • Least Connection Method: directs traffic to the server with the fewest active connections. Most useful when there are a large number of persistent connections in the traffic unevenly distributed between the servers.
  • Least Response Time Method: directs traffic to the server with the fewest active connections, the fewest send requests and the lowest average response time.
  • Round Robin Method: rotates servers by directing traffic to the first available server and then moves that server to the bottom of the queue. Most useful when servers are of equal specification, in a single geographic location and there are not many persistent connections.
  • IP Hash: the IP address of the client determines which server receives the request.

Does VMware NSX Advanced Load Balancer Provide Load Balancing?

The VMware NSX Advanced Load Balancer’s platform provides scalable application delivery for any infrastructure. This forms the backbone of VMware NSX Advanced Load Balancer, providing speed, performance and reliability for modern enterprise infrastructures. VMware NSX Advanced Load Balancer provides the following benefits:

  • Elastic Load Balancing: Software architecture gives the elasticity needed to support dynamic scale up or scale out of load balancing services.
  • Central Control and Automation: Overcome the complexity of application delivery across data centers and public clouds with distributed architecture by centrally managing your application resources.
  • Lower Total Cost of Ownership: Outperform legacy hardware with faster provisioning and by eliminating expensive hardware refreshes and management.
  • Responsive Self-Service: Allow business units to deploy applications without using central IT resources, increasing responsiveness and reducing support costs.
  • Application Analytics and Troubleshooting: Single dashboard displays real-time telemetry for actionable insights and efficient troubleshooting.

For more on the actual implementation of load balancers, check out our Application Delivery How-To Videos.

For more information on load balancing see the following resources:

Load Balancing as a Service (LBaaS)

<< Back to Technical Glossary

Load Balancer as a Service (LBaaS) Definition

Load Balancer as a Service (LBaaS) enables self-service for L4-L7 services for application teams. LBaaS was developed as the networking service for load balancing in OpenStack private cloud environments. LBaaS can be implemented with open source load balancers as well as fully-supported, commercial implementations. The same “as-a-service” approach to load balancing is what multi-cloud load balancers have adopted.

Diagram depicting load balancer as a service for application delivery between companies and end users using a third-party load balancing virtual server.

What is Load Balancing as a Service?

Load Balancer as a Service (LBaaS) uses advances in load balancing technology to meet the agility and application traffic demands of organizations implementing private cloud infrastructure. Using an as-a-service model, LBaaS creates a simple model for application teams to spin up load balancers.

Can Load Balancer as a Service be Used in Cloud Computing?

LBaaS can be used in cloud computing in OpenStack private cloud implementations. While Load Balancer as a Service refers to distributing client requests across multiple application servers in OpenStack environments, cloud load balancers follow a similar model as LBaaS. A cloud load balancing service allows you to maximize application performance and reliability. Cloud load balancers lower cost and and can elastically scale up or down to maintain performance as application traffic changes.

How Does Load Balancing as a Service Work?

The LBaaS service in OpenStack is implemented from the LBaaS v2 spec in which the load balancer occupies an OpenStack Neutron port with an IP address assigned from a subnet. Load balancers can listen for requests on multiple ports with each port specified by a Listener. Health monitors associated with pools help to make the system It routes incoming requests from overloaded servers, and then re-routes those requests to servers with highly available by diverting traffic away from pool members that may not be responding properly. Elastic load balancing service refers to the application delivery controller’s ability to scale traffic loads up or down automatically and LBaaS implementations provide on-demand elasticity for load balancing services. LBaaS is commonly used for load balancing web services.

Why Use Load Balancer as a Service?

Load Balancer as a Service (LBaaS) has many benefits:

• Multi-cloud: Consistent application experience across on-premises and cloud environments

• Maximize your Performance: 90% faster application provisioning

• Handles on-demand traffic: provides additional server availability

• Scalability: LBaaS can use cloud scalability to keep costs lower that load balancers hosted by the client business itself.

Who Uses Load Balancers as a Service?

Enterprises moving from a legacy load balancers to Load Balancers as a Service can set new standards for scaling applications and re-routing network port traffic to other servers as well as save on total cost of ownership.

Does VMware NSX Advanced Load Balancer Offer Load Balancers as a Service?

Yes. The VMware NSX Advanced Load Balancer uses software-defined principles to deliver advanced load balancer-as-a-service LBaaS for OpenStack in minutes. Vantage delivers software-defined application services integrated natively with Openstack components to deliver a fully orchestrated, self-service driven OpenStack LBaaS architecture. The VMware NSX Advanced Load Balancer offers central control and visibility through direct integration with the Horizon dashboard. Troubleshooting applications is easy with visual aids and record-and-replay capabilities for traffic events. With VMware NSX Advanced Load Balancer, companies can automate application services while accelerating their OpenStack implementation.

For more on the actual implementation of load balancers, check out our Application Delivery How-To Videos.

For more information on LBaaS see the following resources:

Load Balancer

<< Back to Technical Glossary

Load Balancer Definition

A load balancer manages the flow of information between the server and an endpoint device (PC, laptop, tablet or smartphone). A load balancer is a hardware or software solution that helps to move packets efficiently across multiple servers, optimizes the use of network resources and prevents network overloads.

Diagram depicting a software load balancer and hardware load balancer for application delivery in different application architectures.

How Does A Load Balancer Work?

As an organization meets demand for its applications, the load balancer plays the role of the traffic cop in the network, deciding which servers can handle that traffic. This traffic management is intended to deliver a good user experience. Load balancers monitor the health of web servers and backend servers to ensure they can handle requests. If necessary, it removes unhealthy servers from the pool until they are restored. Some even trigger the creation of new virtualized application servers to cope with increased demand and maintain response times. The most effective load balancers operate with workloads across multiple environments (on-premises and cloud) and diverse infrastructures (bare metal servers, VMs, and containers).

Software Load Balancer Vs Hardware Load Balancer

The types of load balancers may include hardware, virtual, or software. Traditionally, load balancers consist of a hardware or virtual appliance. Increasingly, and in order to meet the needs of modern applications, they are using software-defined architectures. Hardware load balancers are optimized to run on custom processors. As traffic increases, the vendor simply requires the addition of more load balancer appliances to handle the volume. Software load balancers usually run on less-expensive, standard x86 hardware, virtual machines, or event containers. These are also particularly well-suited in cloud environments like Amazon AWS or Microsoft Azure where physical appliances cannot be deployed.

Why Use A Software Load Balancer?

Using a software load balancer provides the following benefits:

  • Flexibility to adjust for changing needs.
  • Ability to scale beyond initial capacity by adding more software instances.
  • Lower cost than purchasing and maintaining proprietary hardware appliances. Software can run on any standard hardware or virtual machine, which tends to be cheaper.
  • Consistent load balancing capabilities across multiple cloud environments.

Why Use A Load Balancer In Cloud Computing?

Using a cloud load balancer provides a managed application networking solution in the cloud that can draw resources from a network of elastic load balancers and servers. Cloud computing also allows for the flexibility of hybrid, hosted, and multi-cloud solutions. They could be deployed on-premises as well as in the cloud and managed centrally.

The Network Load Balancer and Application Services

Load balancers occupy an important position in the path of application traffic on a network. Yet, traditional application delivery controllers (ADCs) are unable to provide meaningful application insights to drive business decisions. As computing moves to the cloud, virtual ADCs perform similar tasks to hardware. They also come with added functionality and flexibility. Today’s software load balancers do more than ensure high availability. They let an organization quickly and securely scale up its application services based on demand in the cloud. Modern ADCs allow organizations to consolidate network-based services. Those services include SSL/TLS offload, caching, compression, intrusion detection and application firewalls. This creates even shorter delivery times and greater scalability.

Does VMware NSX Advanced Load Balancer Offer A Load Balancer?

Yes. The VMware NSX Advanced Load Balancer’s Intent-based Software Load Balancer provides scalable application delivery across any infrastructure. VMware NSX Advanced Load Balancer provides 100% software load balancing to ensure a fast, scalable and secure application experience. It delivers elasticity and intelligence across any environments. It scales from 0 to 1 million SSL transactions per second in minutes. It achieves 90% faster provisioning and 50% lower TCO than traditional appliance-based approach.

For more on the actual implementation of load balancers, check out our Application Delivery How-To Videos.

For more information on multi-cloud see the following resources: