A Scale-Up Optimized Layer7 Proxy Architecture with Deterministic Session Control and Logical Slicing

This paper proposes a bidirectional Layer7 Proxy architecture using NGINX and a minimal Acceptor module. In conventional Layer7 load balancers, NGINX issues connect() to the backend for each request, making context switches between kernel and user space structurally unavoidable due to TCP handshakes. In the proposed approach, service modules register sockets with completed TCP handshakes to the Acceptor in advance, and NGINX receives the file descriptors via UNIX domain sockets. This eliminates connect() calls and skips per-request TCP handshakes.Performance evaluation demonstrates that the proposed method directly translates context switch reduction into throughput (RPS) improvement and latency reduction. While the conventional method shows no correlation between context switches and RPS, the proposed method enables context switches to function as a “controllable performance parameter,” forming the foundation for deterministic throughput control. Additionally, the Acceptor queue functions as a buffer, structurally limiting requests exceeding the service module’s processing capacity during traffic spikes, thereby avoiding non-linear performance degradation.This approach enables dynamic reconfiguration and graceful restarts through socket file descriptor passing, without relying on health checks or frequent configuration reloads. It presents a new design guideline that achieves deterministic throughput control at the application layer, complementing scale-out dependent resource operations in cloud environments.