Layer 4 (transport) vs Layer 7 (application) — Dstat comparison

Layer 4 and Layer 7 describe two different planes of a DDoS test, measured in different units and defended in different ways.

Layer 4 (transport)

Measured in bandwidth (Gbps) and packets per second (pps).
Targets raw TCP/UDP capacity of links and devices.
Mitigated upstream by scrubbing and capacity.

Layer 7 (application)

Measured in requests per second (RPS).
Targets application/CPU cost of HTTP handling.
Mitigated by WAF, JS challenges, CAPTCHA and rate limits.

Takeaway

Use Layer-4 Dstat to gauge link saturation, and Layer-7 Dstat to gauge how well application protections hold up under request floods.

Related

Live Dstat dashboard Glossary: Dstat