loopback interface

Unanswered Question
Apr 29th, 2008

Hi all, is it always advisable to have a loopback interface on a router/multilayer switch, what are the benifits? If I plugged my pc into any vlan on the switch, would I always be able to reach the loopback ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Sushil Kumar Katre Tue, 04/29/2008 - 04:43


Similar question at TCPMAG Courtesy Scott

That's always a tough question to answer There are many reasons why some people do things. But you always have to look at the answers in the context of both the technology (problem being solved) and the business reasons (why you think you have a problem that needs to be solved)

Loopbacks are used for a variety of purposes: some well understood, others just because Let's look at a few

First a loopback is a virtual interface on a router that really doesn't go down. Theres no such thing as a physical circuit failure for something for which there is no physical presence. So this makes loopback interfaces quite reliable

Loopbacks are used for management interfaces. It's good to have a separate set of network addresses spread throughout the network to manage things. Various strategically placed access lists can also help make sure that only appropriate personnel/locations can access these loopback addresses. You can also use this as the source address for locally generated traffic, which provides some stability to the network and consistency in the ACL generation

Management interfaces really only need to have a /32 route (host-specific) for management. Logically, how many management things does it take to talk to the same device? One is plenty. This also conserves IP addresses in case the 16.7 million or so in the 10.x.x.x range weren't enough for you

Beyond that loopback interfaces are often used to indicate router IDs for routing protocols such as BGP or OSPF. It's a good to have a known IP address that must be unique in the network to keep some semblance of sanity within the routing protocols. The router IDs between routing protocols should match.

Inside a routing protocol like OSPF, router IDs are used specifically for setting up OSPF Virtual Links. You can also hard code a router ID with the router-id command within the routing process. These router IDs are again a single IP address, so using a /32 would be acceptable.

Next, we get into pools of addresses. Think about the “ip local pool” command. This can be used in reference to dial-in users or Virtual Private Dial Network users within PPPoE, PPPoA or just plain dial-up PPP connections. Or the “ip nat pool” command used to set a pool of addresses for Virtual Private Network (IPSec or PPTP) users in terminating their connection.

Whenever a user establishes a connection to the router, they are assigned a “local” address from one of these pools. They use this assigned address to communicate with the rest of the network. Makes sense so far, right?

Well, in the IP world we rely on routes. The router that has these pools to assign, we certainly assume that it has routes to go places and therefore packets get sent. But then what? Always remember that routing works in both directions. Going to someplace and getting back from that someplace. So, if you obtain an address from a pool somewhere, it should stand to reason that other devices know how to get back to your pool.

That's where routing protocols come into play. Routing protocols can't advertise a network from a “pool:” that isn't an interface, and only interfaces are allowed to be part of the routing process. So, we need to use an interface to hold the pool of addresses for us. And this is where loopback interfaces yet again help us out by holding these addresses. Here we would use something larger than a /32 subnet to accommodate all of the IP addresses that are assigned into pools.

We may have more than one pool and therefore more than one loopback address going on with a larger mask. So, like many things, the answer lies somewhere in the “it depends” world. But watch what you are using IP addresses for. Remember that routes work both ways and then ponder the idea why you may want to use multiple IP addresses and have some subnet masks larger than a host route.

Link for the post -




This Discussion