Loopback address --Loopback

Language 2020-03-05 16:07:25 views: null

The main role of (1) Loopback interfaces

 Loopback is a logical interface inside the router. It refers to a logical interface that can exchange data function, but does not physically exist, the interface needs to be established through configuration. Once Loopback interface is created, its physical state and link state protocol always is Up, even if no IP address on the interface. It is because of this feature, Loopback interface has a special purpose. Here are common scenarios Loopback interfaces.

First, improving the reliability of
an application in the IP address borrowing
       when the interface is not a long-term IP address, in order to save IP address, configure the unnumbered interface IP address. Loopback is generally configured to interface borrowed address, in order to maintain the stability of the interface. 2, Application Router ID of        some dynamic routing protocols require routers must have Router ID, which uniquely identifies a router in the autonomous system.        For example, OSPF and BGP when no manual configuration Router ID, the system requires a maximum selected IP address from the IP address of the local interface as the Router ID. If you choose the IP address of the physical interface, when the physical interface goes Down, the system will not re-select Router ID, unless the selected IP address is deleted.        It is recommended to use the IP address of Loopback interface as the Router ID of the router. Because Loopback interface is stable, it has been in the Up state. 3, the BGP application        in order to make a physical interface BGP sessions are not affected by the fault, may be sent to BGP packets source interface Loopback interface.        When using the Loopback interface as the source interface of BGP packets must be aware of the following:        Confirm BGP peer address Loopback interfaces are reachable.        If EBGP connection, but also allow the establishment of EBGP neighbor not directly connected by relationships. 4, the application of MPLS LDP        in MPLS LDP in order to maintain the stability of the network, the IP address is generally used as the transport address Loopback interface. The IP address of the Loopback interface may be public addresses. 5, application in VPN
 




 





 


 

       In L2TP, the recommended to specify the source interface LAC initiates the tunnel when a tunnel type request is used Loopback interface. This is to access when the LAC LNS, LAC and the LNS improve reliability in communication.
       When configuring GRE and IPv6 over IPv4 tunnel, you need to create Tunnel interface. While the configuration of the tunnel interface source IP address or source interface. That is, the tunnel bearer protocol specifies the source IP address or source interface. IP address or Loopback interface is generally used at this time is also Loopback interfaces. Second, information classification 1, SNMP applications in        if you are using SNMP SNMP (Simple Network Management Protocol), you can set the source IP address of the sending trap packets is the IP address of Loopback interfaces.        In order to protect the security of the server, SNMP trap IP address Loopback interface as the source IP address instead of the IP address of the interface. Such filters can be used to protect SNMP management systems. The system allows only the packets from the interface IP address Loopback SNMP access port, so that the information is easy to read and write trap. 2, used in the NTP        Network Time Protocol NTP (Network Time Protocol) time can make all devices synchronized. NTP can Loopback interface IP address as the source address of all NTP packets sent from the router.        For security reasons for the NTP, NTP IP address (instead of the IP address of the interface) Loopback interface as the source address. The system only allows Loopback interface address of the NTP packet access ports. Such filters can be used to protect the NTP system. 3, the application of information in terms of record
 




 



 

       Recording the output network traffic, configure the source IP address is the IP address of the network traffic output Loopback interface.
       This is from a security perspective servers consideration. Such filters can be used to protect network traffic collection, because only allow packets to access Loopback interface address of the designated ports. 4, application in security        user log server, identified by source IP address of the log, the log information sources may be positioned quickly. Loopback address as the recommended configuration log packets based on source IP address. 5, in application of HWTACACS        configuration HWTACACS, so that the source address of packets from the originating address of the router is Loopback. Such filters can be used to protect the HWTACACS server.        Because it only allows messages to be sent from the address of Loopback interfaces to access HWTACACS server, so that the logs easier to read and write. HWTACACS logging only address Loopback interfaces, without the interface address. 6, in the user authentication RADIUS application        configuration RADIUS server that originated from the source IP address of the router packet is the IP address of the interface Loopback.
 


 



 


       And HWTACACS Similar applications, this configuration is the server from a safety point of consideration. It can use a filter to protect the RADIUS server and proxy. This only allows Loopback interface address of the port packet access RADIUS server, making it easy to read and write the log. RADIUS logging only address Loopback interfaces, without the address of the interface.


Source: https: //www.douban.com/note/563742468/



Usage (2) loopback interface

Such an interface is the most widely used as a virtual interface, almost always used on each router. Common in the following purposes. 
  1 as the management address of a router. 
  After the system administrator complete network planning, in order to facilitate the management, will create a loopback interface for each router and specify an IP address as a separate management address on the interface, the administrator can use the address of the router remote login (telnet), the address actually played a similar device name for a class of functions. 
  However, there are usually a number of interface and address on each router, why not just pick one from the game? 
  For the following reasons: Because telnet command uses the TCP packet, there will be the following: a router interface is down due to a failure, but other interfaces but can still telnet, that is to say, this router to reach the TCP connection is still there. So choose telnet address must never 
  fall down, and the virtual interface happens to meet such requirements. Since there is no demand for such an interface interconnection end, the address in order to save resources, the address of the loopback interface generally designated 32-bit mask. 
  2 using the interface address as a dynamic routing protocol OSPF, BGP router id of dynamic routing protocol OSPF, BGP to specify a protocol for the Router id In operation, as the unique identifier of the router, and must be unique in the entire autonomous system. Since the router id is a 32-bit unsigned integer, which is very similar to the IP address. And the IP address is no duplication phenomenon, it is usually the router's router id assigned to the same address of an interface on the device. Since the IP address of the loopback interface is generally considered to identify the router, it will become the best choice for the router id. 
  3, in BGP, neighbor relationship established using the interface address as the source address of the TCP connection between two BGP BGP router through the established TCP connection is completed. 
  Typically a loopback when configuring the interface to establish a neighbor source address of the TCP connection (typically used only for an IBGP, with 2.1 reasons, is to enhance the robustness of the TCP connection) 
  configuration command as follows: 
  Router ID 61.235.66.1 
  interface 0 loopback 
  IP address 255.255.255.255 61.235.66.1 
  Router 100 BGP 
  neighbor Remote-AS 200 is 61.235.66.7 

  neighbor 61.235.66.7 update-source LoopBack0

Configuration logic port
logical port is a physical port relative terms, it refers to the ability to exchange data, but does not physically exist, the port need to be established through the configuration. Routers typically provides logical port 5 categories: Loopback (loop) port, NULL (blank) port, Tunnel (tunnel) port, Dialer (dial-up) and the sub-port port.
12.3.1 Loopback port configuration
Loopback (loop) port is completely software simulation of the local port router, it is always at the UP state. Loopback sent to port, the packet will be processed locally in the router, including routing information. Loopback IP address of the router port may be used to identify as the OSPF routing protocol, network port sent to the embodiment as a remote Telnet Telnet access or the like. Configuring a Loopback interface is similar to configuring an Ethernet port, you can see it as a virtual Ethernet port.
Set Loopback port. After you create a Loopback specify the port number, you can configure the communication parameters Loopback port Ethernet ports configured as the same (such as IP address, etc.) a.
Router (config) #interface loopback loopback- interface-number
delete Loopback port. Since Loopback is virtual port, it only exists in a logical sense, you can use the no command to delete the specified Loopback port when needed.
Router (config) #no interface loopback loopback -interface-number
display Loopback port status.
 # Show the Loopback the Loopback in the interfaces Router-interface-Number The
 
NULL port configuration
The router also provides a NULL (empty) virtual port. The virtual port is only equivalent to a system equipment available. NULL (blank) always in the UP state and never actively send or receive network data sent any packets will be dropped to port NULL, NULL port on any attempt to link layer protocol encapsulation will not succeed.
NULL enter port configuration.
 
Router (config) #interface null 0
allows sending ICMP port unreachable message is NULL.
Router (config-if) #ip unreachables
prohibit sending ICMP port unreachable message is NULL.
 Router (config-IF) #no IP unreachables
NULL more ports for filtering network data stream. If air-port may be formed by undesirable network traffic routing processing to NULL port, without using an access list, for example:
Router (config) #ip route 127.0.0.0 255.0.0.0 null 0
since NULL port functionally an "empty" system equipment, it will not be the same as other ports like Ethernet or can be displayed (for example, use the command show running-config can not see it). At the same time, as the system equipment can not be used no interface null command to delete NULL port.


Source: http: //www.360doc.com/content/12/0411/12/6973384_202718660.shtml

NoobMaster--CISSP
Published an original article · won praise 1 · views 354
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_35686185/article/details/104676386
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com