Long time ago, around the beginning of my career, Once I was asked about loopback interface in an interview. Today, thought of a blog came in my mind where I shall explain more about loopback interfaces and try to find why and how it exist in the networking space. So, lets begin.
IANA has reserved 127.0.0.0/8 ip address range for loopback interfaces in the localhost. Lets ping it.
[hakhande@compute infrared]$ ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.088 ms
^C
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.088/0.088/0.088/0.000 ms
Let me ping my hostname as well.
[hakhande@compute infrared]$ hostname
hakhande.remote.csb
[hakhande@compute infrared]$ ping hakhande.remote.csb
PING hakhande.remote.csb (127.0.0.1) 56(84) bytes of data.
64 bytes from hakhande.remote.csb (127.0.0.1): icmp_seq=1 ttl=64 time=0.088 ms
64 bytes from hakhande.remote.csb (127.0.0.1): icmp_seq=2 ttl=64 time=0.093 ms
^C
--- hakhande.remote.csb ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1018ms
rtt min/avg/max/mdev = 0.088/0.090/0.093/0.009 ms
There is reserved ipv6 address for loopback and lets ping that as well.
[root@rhos-nfv-07 ~]# ping6 ::1
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.029 ms
64 bytes from ::1: icmp_seq=2 ttl=64 time=0.014 ms
64 bytes from ::1: icmp_seq=3 ttl=64 time=0.028 ms
^C
--- ::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2038ms
rtt min/avg/max/mdev = 0.014/0.023/0.029/0.008 ms
[root@rhos-nfv-07 ~]# ping6 0:0:0:0:0:0:0:1
PING 0:0:0:0:0:0:0:1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.020 ms
64 bytes from ::1: icmp_seq=2 ttl=64 time=0.028 ms
^C
— 0:0:0:0:0:0:0:1 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1044ms
rtt min/avg/max/mdev = 0.020/0.024/0.028/0.004 ms
[root@rhos-nfv-07 ~]#
So, why i am able to ping my localhost? Answer is, static local dns mapping.
[hakhande@compute infrared]$ ping localhost
PING hakhande.remote.csb (127.0.0.1) 56(84) bytes of data.
64 bytes from hakhande.remote.csb (127.0.0.1): icmp_seq=1 ttl=64 time=0.101 ms
64 bytes from hakhande.remote.csb (127.0.0.1): icmp_seq=2 ttl=64 time=0.088 ms
^C
--- hakhande.remote.csb ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.088/0.094/0.101/0.011 ms
[hakhande@compute infrared]$
[root@rhos-nfv-07 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@rhos-nfv-07 ~]#
Ok, so there is a loopback interface with its reserve ip and user can ping that ip or mapped domain name. But still it is unclear what is its purpose in localhost system.
So, loopback interface/ip is used to access the network services that are running on the host via the loopback network interface. Using the loopback interface bypasses any local network interface hardware. Essentially, these are local applications which have to communicate with each other but they don’t need to send traffic outside or need rout-able traffic.
Lets see few applications running in my laptop and using loopback ip address.
[hakhande@compute network-scripts]$ sudo netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 2301/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1454/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1444/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2364/master
udp 0 0 192.168.122.1:53 0.0.0.0:* 2301/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 2301/dnsmasq
udp 0 0 0.0.0.0:111 0.0.0.0:* 1/systemd
udp 0 0 127.0.0.1:323 0.0.0.0:* 1285/chronyd
udp 0 0 224.0.0.251:5353 0.0.0.0:* 3905/chrome --enabl
udp 0 0 224.0.0.251:5353 0.0.0.0:* 3905/chrome --enabl
udp 0 0 224.0.0.251:5353 0.0.0.0:* 3958/chrome --type=
udp 0 0 224.0.0.251:5353 0.0.0.0:* 3958/chrome --type=
udp 0 0 0.0.0.0:41004 0.0.0.0:* 3305099/openvpn
See chronyd, it is running over local udp port#323 on 127.0.0.1. So, question is, what is it doing with that?
chronyc is the utility of chrony package, admin uses it to write new changes to be done on chronyd. Both chronyc and chronyd speaks over UDP socket session over loopback ip. See below,
[hakhande@hakhande ~]$ chronyc -d
chrony version 4.2
Copyright (C) 1997-2003, 2007, 2009-2021 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and
you are welcome to redistribute it under certain conditions. See the
GNU General Public License version 2 for details.
Resolved 127.0.0.1 to 127.0.0.1
Resolved ::1 to ::1
Could not remove /run/chrony/chronyc.723475.sock : Permission denied
Could not bind Unix socket to /run/chrony/chronyc.723475.sock : Permission denied
Opened UDPv4 socket fd=3 remote=127.0.0.1:323
chronyc> First chronyd and chronyc try to talk over dynamic unix socket and failing which they fall back to UDP socket session (in this case). chronyc opens up a stateless connection with loopback ip over port 323.
Typically, routing protocols on routers also use loopback interface for the same purpose. It gives them more control over control messages protocols exchanges between their neighbors or peers.
Now, we know how daemons uses loopback interfaces for their communications.
next question would be, How it is different then link local address then?
So, 127.0.0.0/8 127.0.0.0–127.255.255.255 are used only within the host whereas 169.254.0.0/16 169.254.0.0–169.254.255.255 link-local addresses are used between two hosts on a single link when no IP address is otherwise specified and failed to retrieve ip from a DHCP server.
Can admin create loopback interfaces on the system? Answer is, No (at least on unaltered upstream kernel networking)
[hakhande@compute ~]$ sudo ethtool -i lo
Cannot get driver information: Operation not supportedloopback driver works as part of kernel networking subsystem and created at time of system start up. There is no ifscript for loopack interface.
Can i capture packets on loopback interface? Yes, you can. Interesting this is, mac address is not there in the packets.
[hakhande@compute network-scripts]$ sudo tcpdump -nnvvei lo
dropped privs to tcpdump
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
19:12:14.122293 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 56143, offset 0, flags [DF], proto ICMP (1), length 84)
127.0.0.1 > 127.0.0.1: ICMP echo request, id 21950, seq 23, length 64
19:12:14.122308 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 56144, offset 0, flags [none], proto ICMP (1), length 84)
127.0.0.1 > 127.0.0.1: ICMP echo reply, id 21950, seq 23, length 64
19:12:15.147409 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 56977, offset 0, flags [DF], proto ICMP (1), length 84)
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
So, why don’t we have mac address to loopback interface? Reason was already said above, loopback interface is for communication within the host (Unless routers are using them to communicate outside), we don’t expect packets to ever go to Layer 2. Thus, no need to mac addresses. Wonderful!
Ok, so can admin ping loopback ip from any ip from the host? Isn’t it for localhost communication? Answer is No.
Again reason is, other interfaces on the system like eth1, all are designed to communicate via Layer 2 which is not the case with loopback. So, we cant ping loopback from them. Look below
[hakhande@compute network-scripts]$ ping -I enp0s31f6 127.0.0.1
ping: Warning: source address might be selected on device other than enp0s31f6.
PING 127.0.0.1 (127.0.0.1) from 192.168.0.115 enp0s31f6: 56(84) bytes of data.
^C
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1031msYou dont have loopback ip address in the routing table as well.
[hakhande@compute network-scripts]$ ip route
default via 192.168.0.1 dev wlp0s20f3 proto dhcp metric 600
10.0.0.0/8 via 10.35.206.1 dev tun0 proto static metric 50
10.35.206.0/23 dev tun0 proto kernel scope link src 10.35.206.66 metric 50
82.81.161.53 via 192.168.0.1 dev wlp0s20f3 proto static metric 600
192.168.0.0/24 dev wlp0s20f3 proto kernel scope link src 192.168.0.115 metric 600
192.168.0.1 dev wlp0s20f3 proto static scope link metric 600
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown Alright, so what would be the throughput of loopback interfaces one can get?
[root@rhos-nfv-07 ~]# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 127.0.0.1, port 35830
[ 5] local 127.0.0.1 port 5201 connected to 127.0.0.1 port 35832
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-1.00 sec 3.66 GBytes 31.4 Gbits/sec
[ 5] 1.00-2.00 sec 4.05 GBytes 34.8 Gbits/sec
[ 5] 2.00-3.00 sec 4.02 GBytes 34.5 Gbits/sec
[ 5] 3.00-4.00 sec 3.99 GBytes 34.3 Gbits/sec
[ 5] 4.00-5.00 sec 4.04 GBytes 34.7 Gbits/sec
[ 5] 5.00-6.00 sec 4.01 GBytes 34.5 Gbits/sec
[ 5] 6.00-7.00 sec 3.96 GBytes 34.0 Gbits/sec
[ 5] 7.00-8.00 sec 4.02 GBytes 34.5 Gbits/sec
[ 5] 8.00-9.00 sec 3.99 GBytes 34.3 Gbits/sec
[ 5] 9.00-10.00 sec 4.04 GBytes 34.7 Gbits/sec
[ 5] 10.00-10.04 sec 159 MBytes 33.6 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-10.04 sec 0.00 Bytes 0.00 bits/sec sender
[ 5] 0.00-10.04 sec 39.9 GBytes 34.2 Gbits/sec receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------Above result could be very much depends on system to system, But one thing is clear, this communication channel is giving High, Very High throughput while using available system resources.
Can admin bring down loopback interface? Yes, Of course, interface link can be bring up/down by “ip” utility.
How does loopback interface get its ip address?
The ip address of loopback address is defined here. https://github.com/torvalds/linux/blob/master/include/uapi/linux/in.h#L317
#define INADDR_LOOPBACK 0x7f000001 /* 127.0.0.1 */It gets assigned to loopback interface at https://github.com/torvalds/linux/blob/master/net/ipv4/devinet.c#L1558
case NETDEV_UP:
if (!inetdev_valid_mtu(dev->mtu))
break;
if (dev->flags & IFF_LOOPBACK) {
struct in_ifaddr *ifa = inet_alloc_ifa();
if (ifa) {
INIT_HLIST_NODE(&ifa->hash);
ifa->ifa_local =
ifa->ifa_address = htonl(INADDR_LOOPBACK);
ifa->ifa_prefixlen = 8;
ifa->ifa_mask = inet_make_mask(8);
in_dev_hold(in_dev);
ifa->ifa_dev = in_dev;
ifa->ifa_scope = RT_SCOPE_HOST;
memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
set_ifa_lifetime(ifa, INFINITY_LIFE_TIME,
INFINITY_LIFE_TIME);
ipv4_devconf_setall(in_dev);
neigh_parms_data_state_setall(in_dev->arp_parms);
inet_insert_ifa(ifa);
}
}
ip_mc_up(in_dev);
fallthrough;So, loopback does not go for link local or dhcp addresses. However, it is possible to send dhcp discover packets from loopback interface. Packet would look like something below. But there wont be any offer to this packet.
09:59:17.011051 00:00:00:00:00:00 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 16, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request, length 300, htype 0, hlen 255, xid 0xf5c6b131, secs 37, Flags [none] (0x0000)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 10:
Subnet-Mask, BR, Time-Zone, Default-Gateway
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTPCan admin define any security rules on loopback interface? Yes, One can.
I just configured to drop all icmp packets in the host and this security rule equally applies on loopback interface and reject all icmp packets intended for loopback interface ip.
iptables -A INPUT -p icmp -j REJECTComing back to routing, How is routing for loopback interface stopped?
Look at the code line from https://elixir.bootlin.com/linux/v4.4/source/include/linux/in.h#L42
static inline bool ipv4_is_loopback(__be32 addr)
{
return (addr & htonl(0xff000000)) == htonl(0x7f000000);
}These codelines defines the ip address for lookpack interface. If we convert Hex 0x7f000000 to binary then it would be “1111111 00000000 00000000 00000000” and it takes us to 127.0.0.0.
Now, look at code lines from https://github.com/torvalds/linux/blob/master/net/ipv4/route.c#L2271
if (ipv4_is_loopback(daddr)) {
if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
goto martian_destination;
} else if (ipv4_is_loopback(saddr)) {
if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
goto martian_source;
}so, any packets with 127.0.0.0/8 as source or destination ip address would throw martian_source/destination error and exit the routing lookup code.
System i used here is rhel8 and most code/behavior is as per upstream linux kernel, Note that, this behavior may change as per needs like in commercial routers where admin create many loopback interfaces and assign ips as per their network ip schemes.
That is the end of this blog!, hope now, you are ready for the interview questions on loopback :-).
Welcome to Haresh's blogs!! 