Loopback Address: IPv6's Internal Address for Local Routing
1. Skip to Main content
Journals & Books
Loopback Address
Related terms:
Internet Protocol
Intranets
Autonomous System
Border Router
Label Distribution
Route Reflector
View all Topics
Add to Mendeley
Introduction
Derrick Rountree, in Windows 2012 Server Network Security, 2013
IPv6 Special Addresses
There are several special addresses in IPv6. These addresses or groups of addresses serve very
specific function. We will cover the loopback address, link-local addresses, and unique local
addresses.
Loopback Address
The loopback address, also called localhost, is probably familiar to you. It is an internal address
that routes back to the local system. The loopback address in IPv4 is 127.0.01. In IPv6, the
loopback address is 0:0:0:0:0:0:0:1 or ::1.
Link-Local Addresses
Link-local addresses are intended to only be used on a single network segment or subnet. Routers
will not route link-local addresses. Link-local addresses also existed in IPv4. They existed in the
address block 169.254.0.0/16. These addresses were used by the DHCP autoconfiguration
2. service on a system when a DHCP address could not be obtained. Link-local addresses allow you
to have network connectivity until another more suitable address can be obtained. In IPv6, the
address block fe80::/64 has been reserved for link-local addresses. The bottom 64 bits used for
the address are random. In IPv6 link-local addresses may be assigned by the stateless address
autoconfiguration process. IPv6 system must have a link-local address in order for some of
internal protocol functions to work properly. So, during a normal startup process, an IPv6 system
will obtain a link-local address before it receives a regular, routable IP address.
Unique Local Address
Unique local addresses are a set of addresses that are intended for use in internal networks. They
are similar to “private” IPv4 addresses. These addresses can only be used within a specified
organization. They are not routable on the global Internet. Using unique local addresses can help
prevent external systems from having direct access to your internal systems. The address block
fc00::/7 has been reserved to use for unique local addresses.
Implementing the OSPF Protocol
Dale Liu, ... Luigi DiGrande, in Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816
Preparation Kit, 2009
Configuring the Loopback Address
For any OSPF process to initialize, it must be able to define an RID for the entire OSPF process.
Once the router-wide data structures are built, it is then necessary to define the networks that the
router will advertise and the area numbers into which these networks will be advertised.
There are several potential sources for the RID. The most common stable source is the IP address
set on loopback 0. If more than one loopback address is defined, the internetwork operating
system (IOS) will select the numerically highest IP address configured on a loopback interface.
For example, 192.1.1.1 is numerically higher than 172.255.255.254. In other words, it is the IP
address on the loopback interface that breaks ties, not the number of the loopback interfaces. In
other words, loopback 1 is not automatically preferred to loopback 0.4
A few key points to remember about defining the RID using the loopback address:
■
The highest loopback address is used in preference to a real interface address.
■
A loopback address is a virtual interface and is automatically up, so it cannot fail with
this method for choosing an RID more stable as well.
3. You can configure multiple loopbacks on a single router, so it becomes important to be able to
determine, which will result in the generation of the RID. Table 7.1 depicts a router configured
with multiple loopback interfaces. In this scenario, the router would end up with a RID of
5.6.7.8, since it is the highest of the three addresses listed in the table.
Table 7.1. Router ID (RID) with Multiple Loopback
Loopback Interface 0 Loopback Interface 1 Loopback Interface 2
int loop 0 int loop 1 int loop 2
ip addr 1.2.3.4 ip addr 5.6.7.8 ip addr 2.3.4.6
If no loopback interfaces are defined, the OSPF process uses the numerically highest IP address
value on an active physical interface. If no physical interfaces are active and configured with an
IP address, the OSPF code will not initialize. In recent IOS versions, the router issues an error
message if it cannot find a RID. Older versions simply do not initialize OSPF.
If there is only a single loopback interface, its IP address will always be the RID. In Table 7.2,
the router has two serial interfaces that are active and have a higher IP value than the configured
loopback address. In this case, the RID will be 1.2.3.4, since it is the only loopback interface, and
the loopback interfaces are used preferentially over real interface addresses.
Table 7.2. Router ID (RID) with a Single Loopback
Loopback Interface 0 Serial Interface 0 Serial Interface 1
int loop 0 int ser 0 int ser 1
ip addr 1.2.3.4 ip addr 5.6.7.8 ip addr 2.3.4.6
If there were no loopback interfaces configured, the numerically highest active interface would
be used. The router depicted in Table 7.3 does not have any loopback interfaces configured. In
evaluating the three interfaces based on IP address, first, you will see that Serial Interface 0 has
the highest IP address; however, it is not an active interface indicated by the shutdown state.
Since the value used for the RID must come from an active interface only Ethernet Interface 0
and Serial Interface 1 can be evaluated for the RID. Since Serial interface 1 has the higher IP
address the RID for this device will be 2.3.4.6.
Table 7.3. Router ID (RID) with No Loopback and Highest IP shutdown
Ethernet Interface 0 Serial Interface 0 Serial Interface 1
int eth 0 int ser 0 int ser 1
ip addr 1.2.3.4 ip addr 5.6.7.8 ip addr 2.3.4.6
No shutdown Shutdown No shutdown
It is a good practice to configure the loopback interface on each of your routers to allow for an
interface that will always be up and available to determine the RID and initiate the OSPF
4. protocol without error. This task is performed by typing interface loopback < # > at the Global
Configuration mode prompt, where the # represents the number of the loopback interface from 0
to 2,147,483,647.
Figure 7.2 is an example of how to configure the loopback across three different routers.
Download full-size image
FIGURE 7.2. How to Configure Loopback Addresses
Transmission Control Protocol/Internet Protocol (TCP/IP)
Ray Hunt, in Encyclopedia of Information Systems, 2003
III.C Loopback and Reserved IP Addresses
The IP address 127.0.0.1 is called a loopback address. Packets sent to this address never reach
the network but are looped through the network interface card only. This can be used for
diagnostic purposes to verify that the internal path through the TCP/IP protocols is working.
From the table above the number 127, which should be in the Class A range of values, is
missing. This number is reserved for the software loopback address. Any packet sent by a
TCP/IP application to an IP address of the form 127.x.x.x, where 0 < x < 255 results in the
packet returning to the application without reaching the network, i.e., the packet is copied from
transmit to receive buffer on the same machine. Although any address of the type 127.x.x.x
indicates a loopback address, Windows NT servers use the IP address 127.0.0.1.
A hostid value of 0 or all 1s is never assigned to an individual TCP/IP node. An IP address with
a hostid value of 0 indicates the network itself. The IP address of 132.181.0.0 indicates the Class
B network 132.181.
If the hostid value contains all 1s in the bit pattern, it indicates a directed broadcast address
which is sent to all nodes in the network. For the network number 132.181, the broadcast address
is 132.181.255.255. The network number 132.181 is a Class B address and has 16 bits in the
hostid field. If 1s are used for the 16 bits of the hostid, they correspond to a decimal value of
255.255.
5. Another type of broadcast, called the local broadcast, is specified by the value of
255.255.255.255. This type of broadcast address is used in LANs, since a broadcast never
crosses a router boundary. It is used by the broadcast name resolution method in Windows NT.
An IP address of 0.0.0.0 is used to refer to the network itself. The Windows NT dynamic host
configurable protocol (DHCP) clients on requesting IP parameter information from a DHCP
server use a source address of 0.0.0.0. The 0.0.0.0 address is also used in routing tables to
indicates the network entry for the default router's (often called default gateway) IP address.
Scaling Packet Ethernet Services Using Seamless MPLS
Vinod Joseph, Srinivas Mulugu, in Network Convergence, 2014
Hierarchical LSPs between CSG and MTG for Integrated Core and Aggregation
Design
This scenario applies to inter-domain LSPs between the loopback addresses of CSGs in the RAN
and the MTGs in the integrated core and the aggregation network. It is relevant to 4G LTE and
3G UMTS/IP services deployed using MPLS L3 VPNs, or 2G GSM and 3G UMTS/ATM
services deployed using MPLS L2 VPNs, that use the /32 loopback address of the remote PEs as
the endpoint identifier for the t-LDP or MP-iBGP sessions. The MTGs and CSGs are labeled
BGP PEs and advertise their loopback using labeled IPv4 unicast address family
(AFI/SAFI = 1/4), as seen in Figure 4.29.
6. Download full-size image
Figure 4.29.
The CSG in the RAN access learns the loopback address of the MTG through BGP-labeled
unicast. For traffic flowing between the CSG in the RAN and the MTG in the MPC, the
following sequence occurs:
1.
The downstream CSG node will first push the BGP label corresponding to the remote
prefix, then push the LDP label that is used to reach the AGN that is the labeled BGP
next-hop.
2.
The CSGs that transit the inter-domain LSP will swap the intra-domain LDP-based LSP
label and perform a PHP before handing to the AGN.
7. 3.
Since the AGN has reachability to the MTG via the aggregation IGP, it will swap the
BGP label with an LDP label corresponding to the upstream MTG intra-domain
aggregation LDP LSP.
The MTG in the MPC learns the loopback address of the remote RAN CSG through BGP-
labeled unicast. For traffic flowing between the MTG and the CSG in the RAN, the following
sequence occurs:
1.
The downstream MTG node will first push the BGP label corresponding to the remote
prefix, then push the LDP label that is used to reach the AGN that is the labeled BGP
next-hop.
2.
The CN and AGN nodes that transit the inter-domain LSP will swap the intra-domain
LDP-based LSP label and perform a PHP before handing to the AGN connecting the
RAN Access.
3.
Since the AGN has reachability to the CSG via the RAN IGP area-x/level-1, it will swap
the BGP label with an LDP label corresponding to the upstream CSG intra-domain RAN
LDP LSP.
Internet Multicast and Multicast VPNs Based on MDLP In-
Band Signaling
Vinod Joseph, Srinivas Mulugu, in Deploying Next Generation Multicast-enabled Applications,
2011
5.2.2.1.1 Root Address
The root address defines the root of the MP LSP and will normally be the loopback address of
the ingress PE router. The root address is selected by the MLDP client application egress router
and can be derived from the BGP next-hop of the IP source address, either statically configured
or through some other method.
It is the root address that is used to build the MP LSP. Each LSR in the path resolves the next-
hop of the root address and then sends a Label Mapping Message with the relevant Multicast
FEC Element information to that next-hop. This process is executed hop-by-hop until the root is
reached, resulting in a dynamically created MP LSP. The IGP is used to find the path to the root.
8. Web Technologies
Henry Dalziel, in How to Hack and Defend your Website in Three Hours, 2015
1.18.1 Solution
Download full-size image
Image 18.
The first step is to understand what this application is trying to do for a typical user. So, on the
Command Execution page, enter the loopback address, 127.0.0.1, submit it, and see what
happens.
9. Download full-size image
Image 19.
The web application is pinging that IP address, which sends a request to that IP and waits for a
response to see if that host is “alive.” We see the results of the pings, telling us that the packet
(the “ping”) is transmitted and received, with 0% packet loss, meaning the host is alive.
Download full-size image
Image 20.
10. Now we will use Burp Suite to examine this traffic to better understand it.
Looking at the captured request, we notice that it is POSTing some information
to/vulnerabilities/exec, so the answer to the first question is that the application is using a POST
request.
We also see that it is passing the IP address in two parameters, “ip = 127.0.0.1&submit =
submit” which is all very standard.
Download full-size image
Image 21.
Those familiar with Linux will understand the output in Image 21, but now let us see what
happens when we ping 127.0.0.1 in the terminal. That output is almost exactly the same as what
we see in the application. That tells us that this application is using the underlying operating
system to perform a ping, and then give us back those results. All it is doing is submitting
whatever IP you enter into the box into the ping command in your terminal, and then taking that
output and dumping it to the application. The answer to the next question, therefore, is that it is
interacting with the underlying operating system.
In terms of the actual workflow of the page, we enter an IP address that is submitted via a POST
request, that information is sent to our underlying operating system, which performs a ping, then
the application grabs that output and dumps it to the page.
11. Download full-size image
Image 22.
Now let us look at the XSS Stored page, which is a dummy guest book-signing page. As a first
step, try to use it as a normal user to get a general feel of how the application works. We notice
that our name and message is stored on the page as soon as we click “Sign Guestbook.”
Download full-size image
Image 23.
12. Back in Burp Suite turn “Intercept On” and see what happens when we enter a different message.
Download full-size image
Image 24.
We can see that it is using a POST request to/vulnerabilities/xss_s and submitting our
information through these two parameters: “TxtName” and “MtxMessage” (refer to box on
Image 24).
We can reason that there must be some sort of persistent storage within this application because
the name and message are persistently available on the page – if you reload the page you will see
that information again, it does not go away. Because the information is persistent, we know that
it must be stored in a database.
Now turn “Intercept Off” in Burp Suite and refresh the DVWA page (see Image 25).
13. Download full-size image
Image 25.
You will see that the messages have persisted on the page (see Image 26).
Download full-size image
Image 26.
14. Remember that we mentioned SQL previously – to retrieve information from the database the
application must be executing SQL query, or command.
To recap, the workflow of this page is: a user enters a name and a message, which gets passed as
a POST request, and the information is stored into the database and retrieved via a SQL
command each time that page is loaded.
Understanding Advanced MPLS Layer 3 VPN Services
Vinod Joseph, Srinivas Mulugu, in Network Convergence, 2014
Option C – VPNv4 Route Distribution between RRs
In Option C, illustrated in Figure 2.32, VPNv4 routes are neither maintained nor distributed by
the ASBRs. The ASBR only requires knowledge of all the PE router loopback addresses. The
ASBR uses eBGP to distribute the PE router loopback addresses to the neighbor AS. Therefore,
each ASBR will learn the loopback routes to all the PE routers in the other AS that have
customers requiring the inter-AS service. The ASBR can then redistribute these loopbacks into
its own AS (providing a view of the PE routers in the other AS), thereby providing direct next
hop access to the PE routers between ASs.
Download full-size image
Figure 2.32.
The other option is for the ASBR to change the next hop to itself. Therefore any VPNv4 routes
destined to the other AS would use a next hop of the local ASBR. The VPNv4 routes are then
exchanged between the ASs using route reflectors (RR). Since the RRs already hold the VPNv4
routes, there is no need for the ASBR to hold them, as is the case in Option B. Option C is the
15. most scalable of all options; however, it does require a greater level of trust between carriers, as
IGP routes are being exchanged.
TCP/IP and Routing
Naomi J. Alpern, Robert J. Shimonski, in Eleventh Hour Network+, 2010
Rules For Network IDS
The following rules apply for creating or using network IDs in a class-based system:
■
Network IDs cannot begin with 127 as the first octet, since it is reserved for loopback
address.
■
A Network ID cannot have all bits set to 1. This configuration is reserved for broadcast
addresses.
■
A Network ID cannot have all bits set to 0. This configuration is reserved for indicating a
host on the local network.
■
A Network ID must be unique to the IP network.
Table 6.2 lists three network address classes.
Table 6.2. Network Address Classes
Address Class Octets Used First Network ID Last Network ID Number of Networks
Class A 1 1.x.y.z 126.x.y.z 126
Class B 2 128.0.y.z 191.255.y.z 16,384
Class C 3 192.0.0.z 223.255.255.z 2,097152
MCSA/MCSE 70-291: Reviewing TCP/IP Basics
Deborah Littlejohn Shinder, ... Laura Hunter, in MCSA/MCSE (Exam 70-291) Study Guide,
2003
16. Rules for Network IDs
The following rules apply to creating or using network IDs in a class-based system.
1.
Network IDs cannot begin with 127 as the first octet, such as 127.14.102.6.127.x.y.z is
reserved for loopback addresses. A loopback address is used to test IP software on the
host computer and is not associated with the computer’s hardware.
2.
All bits of a Network ID cannot be set to 1. This configuration is reserved for broadcast
addresses.
3.
All bits of a Network ID cannot be set to 0. This configuration is reserved for indicating a
host on the local network.
4.
A Network ID must be unique to the IP network. If you have three network segments in
your corporate network, each segment must have a unique network ID.
Overview of IP Multicast
Vinod Joseph, Srinivas Mulugu, in Deploying Next Generation Multicast-enabled Applications,
2011
1.1.4.7.2 MSDP Application in Anycast RP
As discussed in the previous section, MSDP was developed to allow RPs in different domains
(e.g., domains between service providers) to learn about active global sources inside those
domains. By using MSDP, a service provider only has to manage its own RPs. MSDP is
primarily used in an inter-domain environment; however, it can also be applied in an intra-
domain environment to provide redundancy and load-sharing capabilities to RPs. This feature is
referred to as Anycast RP. Essentially Anycast RP allows a group of RPs on the same network
(e.g., Service Provider) to use the same loopback address. The loopback address of the RPs will
be learned by multicast routers using the normal methods of static configurations or Auto-RP.
The result is that all multicast routers will receive one RP address group regardless of the number
of RPs that are advertising these groups. Although there will be more than one RP using the
same IP address, the routing protocol will choose the RP closest to each source and/or receiver.
Using a common RP address across many RPs allows sources and receivers to be evenly
distributed across the network therefore providing a form of load sharing. Because it is possible
that a source may register with one RP and a receiver may join a different RP, MSDP must be
17. used between the RPs to indicate an active source to receivers. In Anycast RP, the RPs are
configured to be peers of each other. When a source registers with one RP, an SA message will
be sent to other RPs. The result is that all RPs will be aware of the sources that are active. In the
event of a failure of an RP, the routing protocol will converge and the next closest RP would be
selected for subsequent source register and receiver join requests.
Recommended publications
MCSE (Exam 70-293) Study Guide
Book • 2003
MCSA/MCSE (Exam 70-291) Study Guide
Book • 2003
Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816 Preparation Kit