Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Cloud load balancers, firewalls, and proxies are sold by layer — an L4 NLB behaves nothing like an L7 ALB, and pricing reflects it. If you can't articulate which layer a problem lives at, you'll reach for the wrong service and pay for headers you never inspect.
Inspect how AWS exposes layer-3 routing, layer-4 NLB, and layer-7 ALB as distinct primitives.
Use these three in order. Each builds on the one before.
In one paragraph, explain the OSI model layers 3, 4, and 7 like I'm new to cloud — what each layer can and cannot see about a packet.
Walk me through how a request from a browser to a cloud-hosted API traverses the OSI stack, naming the cloud component at each layer it passes through.
Given a service that needs both mTLS termination and IP allow-listing, would you put the IP filter at L3, L4, or L7 — and why does that choice affect cost and latency?
# Layer 3: route table (IP-level forwarding)
aws ec2 describe-route-tables \
--query 'RouteTables[0].Routes[*].[DestinationCidrBlock,GatewayId]' \
--output table
# Layer 4: Network Load Balancer (TCP/UDP, no header inspection)
aws elbv2 describe-load-balancers \
--query 'LoadBalancers[?Type==`network`].[LoadBalancerName,Scheme]'
# Layer 7: Application Load Balancer (HTTP host/path routing)
aws elbv2 describe-listeners \
--load-balancer-arn <alb-arn> \
--query 'Listeners[*].[Protocol,Port,DefaultActions[0].Type]'