The load-balancer is in the middle of all transactions between the user and the server.
It maintains two separated TCP connections:

  • With the user: the load-balancer acts as a server. It takes requests and forward responses
  • With the server: the load-balancer acts as a user: it forward requests and get responses

It is really close to the proxy mode, but has one main difference: the load-balancer opens the connection to the server using the client IP address as source IP.

Of course, the backend server default gateway must be the load-balancer.

TCP connection overview

The diagram shows clearly the two TCP connections maintained by the load-balancer.

Data flow

Since the load-balancer opens the TCP connection to the server with the user IP address, the server must use the load-balancer as its default gateway.
Otherwise, the server would forward response directly to the client and the client would drop it…

Pros and cons


  • servers see the client IP address at network layer
  • secure: server aren’t reached directly
  • allows protocol inspection and validation


  • intrusive: must change the default gateway of the server.
  • „slower“ than layer 4 load-balancing (we speak about micro-seconds)
  • clients and servers must be in two different subnets.

When use this mode?

  • when the load-balanced service needs client IP at network layer (IE: anti-spam services)
  • when you need application layer intelligence (content switching, etc…)
  • in order to protect an application