Whats a loopback?

boekholtjboekholtj Member Posts: 5 ■□□□□□□□□□
I just passed my CCENT exam. I'm now working towards the CCNA with the ICND2 course. I'm watching some videos and the instructor is using loopback addresses but fails to explain what they are. Can someone explain to me what they are? and more imporantly why they are used.

Thanks!

Comments

  • zrockstarzrockstar Member Posts: 378
    Loopbacks are basically virtual interfaces on hardware that serve for testing and protocol stability. Once you get into your ICND2 material you will see how they can influence elections for different protocols. The idea is that since they are virtual they don't go down unless the hardware goes down. You can assign them an address, ping them, etc. Their uses will all make sense very soon for you.
  • MrXpertMrXpert Member Posts: 586 ■■■□□□□□□□
    Loopbacks are a good way to simulate end user/host devices. To configure it you can type interface loopback 0 in global config mode and then assign it an IP address. You can create lots of loopback addresses on a router but I normally use logic and have the loopback number match the subnet number.
    I'm an Xpert at nothing apart from remembering useless information that nobody else cares about.
  • Michael2Michael2 Member Posts: 305 ■■■□□□□□□□
    MrXpert wrote: »
    I normally use logic and have the loopback number match the subnet number.

    Isn't that a bad idea from a security standpoint? It's fine for lab work. In a real world scenario, however, it seems like there would be a possibility of someone quietly configuring telnet on the router and then using it to send commands to the other devices on your network.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    How would that create any sort of security issue?
    An expert is a man who has made all the mistakes which can be made.
  • Michael2Michael2 Member Posts: 305 ■■■□□□□□□□
    How would that create any sort of security issue?

    Well, what if there's a fire drill or a bomb threat and everyone evacuates the building, except that one malicious user. He (she) decides to quickly jack in to the router and set up a remote connection which enables the router to be used to reconfigure the network.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    That doesn't make any sense. Just because someone knows the logical number of a loopback interface it will not allow them to gain access to the router.
    An expert is a man who has made all the mistakes which can be made.
  • Michael2Michael2 Member Posts: 305 ■■■□□□□□□□
    Maybe I misunderstood what MrXpert said. I thought he was saying that he configures the loopback router with an ip address that's in the same range as the subnet that it's connected to.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Even if that was the case (not taking the routing issues that would cause into consideration) it would not allow someone to just break in the router. If it did everyone could just break in by knowing their default gateway.
    An expert is a man who has made all the mistakes which can be made.
  • Michael2Michael2 Member Posts: 305 ■■■□□□□□□□
    No, what I am saying, Networker, is that if the loopback interface were configured to be in the same subnet as the network it was connected to, then it might be possible for someone to physically connect their own laptop to the router and send commands to other devices on the network. I might be wrong about that, I admit. I was waiting for a response from someone who might know what I was talking about.
  • NetworkVeteranNetworkVeteran Member Posts: 2,338 ■■■■■■■■□□
    then it might be possible for someone to physically connect their own laptop to the router
    If a user is granted physical access to the router--rare--they could press the off button, take out its flash disk, recover the password, etc. Any network security begins with physical security. This has nothing to do with whatever particular address is chosen for the loopback interface. If you simply mean plugging into its ports, proceed to the next item ;)
    and send commands to other devices on the network.
    Putting the loopback address on the same subnet as some users (hypothetical, as IOS typically disallow such misconfigurations) wouldn't affect its hardening. It would still have the same ACLs, authentication, etc. as normal to protect it. It would just have two known addresses that a user could access it from instead of one. Similarly, if you added a second number to your house, your locks and alarm system wouldn't break. :p
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Similarly, if you added a second number to your house, your locks and alarm system wouldn't break. :p

    Exactly! Knowing the IP of a device does not just allow someone in and give them free range.
    An expert is a man who has made all the mistakes which can be made.
  • boekholtjboekholtj Member Posts: 5 ■□□□□□□□□□
    Thanks for the info guys... I understand that its an additional ip address to any interface. I just don't understand the benifit.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    That is not correct. It is not an additional address to an interface. It is a logical interface that an IP address can be assigned to. This logical interface will never go down (as long as the router is up) so the most common use is for management of the device due to stability. All physical interfaces can go up or down but you still want to be able to reach the device as long as one interface is up so you manage the device via the loopback. This is basically the routers address.
    An expert is a man who has made all the mistakes which can be made.
Sign In or Register to comment.