Load Balancers. Managed distribution.

Layer 4 and Layer 7 load balancers with health checks, TLS termination, sticky sessions, and automatic failover. Deploy via API in under 30 seconds. Managed, monitored, and backed by our 99.99% SLA.

L4/L7
Protocols
TLS
Auto termination
Health
Active checks
HA
Multi-node
How it works

Layer 4 — TCP and UDP

Layer 4 load balancing operates at the transport layer. The load balancer forwards TCP or UDP connections to backend servers without inspecting the payload — making it suitable for databases, game servers, DNS, and any protocol that isn't HTTP.

Supported algorithms include round-robin, least-connections, and source-IP hash (for connection affinity without cookies). Health checks can be TCP connect, TCP half-open, or application-specific checks on a configurable port and interval.

Backend servers are specified by IP and port. You can mix VPS, dedicated, and bare metal servers in the same backend pool. Servers are weighted — assign higher weights to more powerful machines to distribute load proportionally.

Layer 4 vs Layer 7 Load Balancing L4 routes by IP/port at the transport layer — L7 inspects HTTP headers for content-based routing LAYER 4 Client TCP connection to :443 L4 Load Balancer Routes by IP + Port Round-robin / Least-conn Server 1 Server 2 Server 3 No packet inspection · fastest TCP/UDP · any protocol LAYER 7 /api/users /static/logo.png /app/dashboard L7 Load Balancer Inspects HTTP headers, path, host path = /api/* path = /static/* path = /app/* API Servers Go · high CPU 3 instances CDN / Static Nginx · cached 2 instances App Servers Node · WebSocket 4 instances Content-aware routing · path, host, headers HTTP/HTTPS only · TLS termination · WebSocket Layer 4 Transport layer · TCP/UDP Fastest · protocol agnostic Layer 7 Application layer · HTTP Content-based · smart routing Both Supported Choose per load balancer Mix L4 + L7 in same stack

Layer 7 — HTTP and HTTPS

Layer 7 load balancing inspects HTTP headers and routes requests based on host, path, headers, or query parameters. This enables advanced patterns like routing api.example.com to one backend and www.example.com to another from a single load balancer.

Path-based routing supports prefix, exact, and regex matching. Header-based routing can inspect any request header, enabling canary deployments (route 5% of traffic with a specific header to a new version) and A/B testing.

HTTP/2 is supported between clients and the load balancer. WebSocket connections are proxied transparently. Response headers can be added, removed, or modified via configurable rules.

Auto TLS. Sticky sessions. Zero downtime.

TLS

TLS termination

Terminate TLS at the load balancer to offload encryption from your backend servers. Certificates are managed automatically via Let's Encrypt — when you add a domain to the load balancer, a certificate is issued and renewed without any manual steps.

For domains that require extended validation (EV) or organization validation (OV) certificates, you can upload custom certificates in PEM format. The load balancer supports SNI, allowing multiple certificates on a single IP address.

TLS 1.3 is preferred, TLS 1.2 is the minimum. Only strong cipher suites are supported. HSTS headers can be configured per domain. OCSP stapling is enabled by default to reduce client-side certificate verification latency.

Pricing

Load balancer tiers

Choose based on your throughput requirements. All tiers include TLS termination, health checks, and API management.

Small
$10/mo
250 Mbps throughput
10,000 concurrent connections
10 backend servers
5 routing rules
Auto TLS (Let's Encrypt)
TCP + HTTP health checks
Medium
$25/mo
1 Gbps throughput
50,000 concurrent connections
50 backend servers
25 routing rules
Auto TLS + custom certs
Sticky sessions
Large
$75/mo
5 Gbps throughput
200,000 concurrent connections
200 backend servers
100 routing rules
Auto TLS + custom certs + SNI
Cross-region backends
Health Checks

Active health monitoring

Configurable health checks ensure traffic is only sent to healthy backends.

Health checks run at configurable intervals (minimum 5 seconds). TCP checks verify the backend port is accepting connections. HTTP checks send a request to a specified path and verify the response status code is in the expected range (e.g. 200-299).

When a backend fails the configured number of consecutive checks (default: 3), it's removed from rotation. Once it passes the recovery threshold (default: 2 consecutive successes), it's added back. This prevents flapping and ensures stable routing during transient issues.

Features
Sticky Sessions
Cookie-based session affinity routes the same client to the same backend for the duration of a configurable TTL. Essential for stateful applications that store session data in memory.
Cookie
WebSocket Support
WebSocket connections are proxied transparently through the load balancer. The upgrade handshake is handled automatically. Long-lived connections are supported without timeout issues.
Proxy
Cross-Region
Large tier load balancers can route to backend servers in multiple regions. Geographic routing sends clients to the nearest healthy region. Useful for global applications with regional deployments.
Global
Logging
Access logs include client IP, request method, path, status code, response time, and backend server. Logs are available via API for integration with your log aggregation system.
Detailed
Metrics
Request rate, error rate, latency percentiles (p50/p95/p99), active connections, and bandwidth. Available via API and Prometheus endpoint for Grafana dashboards.
Prometheus
API Managed
Create, update, and destroy load balancers via REST API. Add and remove backends dynamically. Terraform provider support. Changes take effect within seconds.
REST

Deploy a load balancer in 30 seconds.

Starting at $10/mo. Auto TLS included.