L7 — Application

Where the actual payload is understood. Most modern “networking” complexity lives here.

What lives at L7

• HTTP / HTTP/2 / HTTP/3
• TLS (technically presentation, but pragmatically L7)
• DNS (the protocol)
• SMTP, IMAP, SSH
• gRPC, WebSocket

L7 devices

• ALB (AWS), Application Gateway (Azure)
• Reverse proxies — nginx, HAProxy, Envoy, Traefik
• API gateways
• WAF
• Service mesh sidecars (Istio, Linkerd)

Why it matters

L7 load balancers can route by host, path, header, cookie — things L4 cannot see because of TLS encryption (unless terminated).