Layer 3 is the network layer, basically they mean the attack is just generating enough traffic at the network level to overload the target.
Layer 7 is the application layer which means they are overloading the application. A web server connected to a 10gbit link won't be able to handle 10gbit of traffic if each request it has to do a complicated SQL query for each load. Layer 7 requires much less bandwidth though it depends on sending correctly formatted data.
A layer 3 attack doesn't even get to the application so it doesn't matter what the data is which means they can use techniques like the Open DNS resolver reflector and hence can get much more traffic with a little amount of seed traffic. As well this hides the "original" source of the attack.
http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-of...