cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9961
Views
30
Helpful
7
Replies

What IP address should be assigned to loopback interface

linustsang
Level 1
Level 1

Many tutorials are using 1.1.1.1, 2.2.2.2,etc. as the loopback address.

I am confused about what IP address is actually assigned in the real networking environment?

Should it use the IP from ISP or use Private IP?

Can somebody tell me about this?

Thanks in advance!

1 Accepted Solution

Accepted Solutions

Rick raises an interesting issue about a loopback using public or private IP.

In Enterprises, a loopback is likely not to be a public IP (at least using IPv4) unless perhaps its an ISP router. To avoid the NAT issue using private IPs from the Internet, if any direct external/Internet access is allowed to the device, you likely can access it using one of its external interfaces that has a public IP.

You can also do this with internal interfaces using private IPs, but you normally use a loopback IP for the reason as then you don't need to "know" whether the interface in question is up.

As a common (?) example of all the forgoing, we have "branch" VPN routers with a public/Internet connected interface, and with private IPs for the loopback and internally attached interface. When the VPN is working, we generally manage/access the device by its internal/private loopback IP. However, if the VPN is down, we can connect to the public IP on the Internet attached interface.

View solution in original post

7 Replies 7

Hello,

 

loopback interfaces (which essentially are virtual interfaces) use the same IP addresses you have mentioned (1.1.1.1/2.2.2.2/etc.) in real, live networks as well.

What is the context of your question, that is, what network do you have configured ?

Hi Georg Pauwen,

Thanks for your reply.

I am confusing about why they can use the public IP address like 1.1.1.1 as their loopback address.

If it works well in real networking environment,

how can they reach the loopback interface from the external network?

They don't own the IP address. Traffic cannot route to the loopback interface if using 1.1.1.1.

I don't have any config, just the question comes out during my networking learning, and I don't have any hand on experience in live networks.

 

 

Joseph W. Doherty
Hall of Fame
Hall of Fame
Depends what you're using the loopback for.

Often, it's also used as a L3 device's management IP, so the IP used would need to be routed to. Depending on your routing topology, such an IP might be a private IP or a public IP.

Tutorial example often use 1.1.1.1, 2.2.2.2, etc., basically just to also indicate device 1, device 2, etc.

The original question was simple and asked about addressing for loopback interfaces. Georg responded correctly that some networks do use addresses such as 1.1.1.1 or 2.2.2.2 for loopback addresses. The followup to the question added an important refinement of can those loopback addresses be accessed from external networks. As Joseph suggests these addresses are frequently used as management interface addresses and as such are intended for only internal access and for that they work. If you want to use those addresses for external access then you would need to use address translation for them to be externally accessible. And if you want the external network to be able to initiate traffic to the loopback interface then the address translation would need to be static translation. So if you want external access to the loopback then it is much better to use private addressing for the loopback.

 

HTH

 

Rick

HTH

Rick

Rick raises an interesting issue about a loopback using public or private IP.

In Enterprises, a loopback is likely not to be a public IP (at least using IPv4) unless perhaps its an ISP router. To avoid the NAT issue using private IPs from the Internet, if any direct external/Internet access is allowed to the device, you likely can access it using one of its external interfaces that has a public IP.

You can also do this with internal interfaces using private IPs, but you normally use a loopback IP for the reason as then you don't need to "know" whether the interface in question is up.

As a common (?) example of all the forgoing, we have "branch" VPN routers with a public/Internet connected interface, and with private IPs for the loopback and internally attached interface. When the VPN is working, we generally manage/access the device by its internal/private loopback IP. However, if the VPN is down, we can connect to the public IP on the Internet attached interface.

Thanks for your reply, Joseph!

Hi Rick, Thanks for your reply!
Review Cisco Networking for a $25 gift card