Understanding Forward and Reverse Proxies and Their Role in Load Balancing

Everyone is greeted by a senior architect who introduces the topic of proxies, likening them to intermediaries that connect two parties in a network.

Proxy

A proxy acts as a middle‑man server that provides a connection channel between clients and servers. In networking, proxies are divided into forward proxies and reverse proxies.

Forward Proxy

A forward proxy serves clients that cannot directly reach the server. The client sends a request to the proxy, which forwards it to the server and returns the response to the client. From the server’s perspective, the request appears to come from the proxy.

Provides network channels to bypass firewalls or geographic restrictions (e.g., accessing Google).

Hides client identity, useful for scenarios like compromised machines.

Reverse Proxy

A reverse proxy sits in front of servers that are not directly exposed to the internet. It receives external requests, forwards them to internal servers, and returns the responses. From the client’s view, the proxy appears to be the server.

Exposes a public address and forwards traffic to internal services.

Implements load balancing by distributing requests among multiple back‑end servers.

Provides security by shielding internal servers from direct attacks.

Improves access speed by using geographically close proxy nodes (e.g., CDN).

Differences

Forward proxy mediates client‑to‑server interactions; reverse proxy mediates server‑to‑client interactions.

Forward proxy is typically deployed alongside clients; reverse proxy is deployed alongside servers.

Forward proxy solves access‑restriction problems; reverse proxy solves external service exposure and load‑balancing problems.

Load Balancing

Load Balancing Introduction

Load balancing distributes workload or request traffic across multiple operational units (servers, components) to achieve high performance, high availability, and horizontal scalability.

Load balancing can be implemented in software or hardware. Software solutions include:

DNS‑based load balancing, which resolves a single domain name to multiple IP addresses.

Reverse‑proxy load balancing (e.g., Nginx with stream module) that forwards requests based on configured policies.

NAT‑based load balancing (e.g., LVS) that translates client connections to different internal server addresses.

Network Model and Load Balancing

According to the OSI model, load balancing can operate at the data link (L2), network (L3), transport (L4), or application (L7) layers. In practice, L4 and L7 load balancing are most common.

Four‑Layer Load Balancing (IP + Port)

Four‑layer load balancing works at the IP and port level, modifying packet headers to direct traffic to the appropriate back‑end server. Common software includes LVS, Nginx (with stream module), and HAProxy.

Seven‑Layer Load Balancing (Application Layer)

Seven‑layer load balancing operates on application protocols such as HTTP, routing requests based on URL, headers, or content. Common tools are HAProxy, Nginx, and Apache.

Load Balancing vs. Reverse Proxy

Both concepts involve a middle server, but their core goals differ: load balancing focuses on evenly distributing requests, while reverse proxy focuses on hiding internal server details and providing external access. Many reverse‑proxy solutions (e.g., Nginx) also offer load‑balancing capabilities, which can cause confusion.

Overall, understanding the distinctions and appropriate use cases for forward/reverse proxies and various load‑balancing techniques is essential for designing robust backend architectures.