Layer 4 load balancing uses information defined at the networking transport layer (Layer 4) as the basis for deciding how to distribute client requests across a group of servers. For Internet traffic specifically, a Layer 4 load balancer bases the load-balancing decision on the source and destination IP addresses and ports recorded in the packet header, without considering the contents of the packet.

Layer 4 load balancing defined

One of the best known Layer 4 load balancers is Microsoft Network Load Balancer or NLB, this is a core network load balancer software that is available to users of mission critical Microsoft applications including Microsoft Exchange and Microsoft OCS the unified communications platform. Like other Layer 4 load balancer solutions it is fairly simple. Most layer 4 load balancers perform the following functions:

  • Load balances at a simple level and directs traffic based on server response time
  • Each server shares the same IP address
  • The least busy server responds to the content demand
  • Round Robin DNS is extensively used

Layer 4 Load Balancing and NAT

Today the term “Layer 4 load balancing” most commonly refers to a deployment where the load balancer’s IP address is the one advertised to clients for a web site or service (via DNS, for example). As a result, clients record the load balancer’s address as the destination IP address in their requests.

When the Layer 4 load balancer receives a request and makes the load balancing decision, it also performs Network Address Translation (NAT) on the request packet, changing the recorded destination IP address from its own to that of the content server it has chosen on the internal network. Similarly, before forwarding server responses to clients, the load balancer changes the source address recorded in the packet header from the server’s IP address to its own. (The destination and source TCP port numbers recorded in the packets are sometimes also changed in a similar way.)

Layer 4 load balancers make their routing decisions based on address information extracted from the first few packets in the TCP stream, and do not inspect packet content. A Layer 4 load balancer is often a dedicated hardware device supplied by a vendor and runs proprietary load-balancing software, and the NAT operations might be performed by specialized chips rather than in software.

Layer 4 load balancing was a popular architectural approach to traffic handling when commodity hardware was not as powerful as it is now, and the interaction between clients and application servers was much less complex. It requires less computation than more sophisticated load balancing methods (such as Layer 7), but CPU and memory are now sufficiently fast and cheap that the performance advantage for Layer 4 load balancing has become negligible or irrelevant in most situations.

Layer 4 load balancers check the performance of the servers themselves, each server could be virtualized and running many applications over 300 or 400. Layer 4 load balancers are able to monitor the health of the server and decide whether to take it out of the network or to continue to use it, these load balancers cannot monitor the health of the applications. The result is that the server could be performing perfectly but the application, for example Microsoft Lync, has hung but the load balancer continues sending access requests to it. A good example of a popular Layer 4 load balancer is Windows Network Load Balancer or WNLB.