Trying to understand loopback interface

I’ve been reading about the loopback (lo) interface out of curiosity (triggered by finding that cupsd is connected to one), and tried to understand how it works and where it fits in the network visible to each party. For some reason, it eludes me. All the text I can find, repeats the same basic words and expressions and that’s not helpful here. Also, images about this thing are sorely lacking. Hopefully some one here can check how I’ve understood this, and correct what I’ve missed.

1. About the general idea
As I’ve understood it, lo is a virtual interface. Not the actual physical network adapter, or network card or whatever you want to call it; thinking ways of virtual memory being not on the actual RAM stick on your MB but still functioning similarly from the POV of the process. Lo looks like a real physical thing to the process as well. This enables an interface that’s always up and reachable.

Questions:

1. What manages the lo? An application or some other manager on the system, the OS, or the NIC?
2. Is the interface ‘up’ towards the inside of the system, or the external network? Shouldn’t the the actual NIC be the one visible towards the outside of the system?

2. The need for it
Apparently it works somehow as a mechanism, through which you can bypass a router that is down or otherwise unreachable in a network with multiple routers. Another router somehow nabs the message heading to an unreachable router that would’ve been normally used on the route to the destination. Some text spoke of every router thinking it has the same IP(?) so hearing about the message, and knows to take up the job through that. This avoids having to try the routing several times if several routers are down along the most direct route. How does the message bounce around the network when rerouting?

Three cases using the image:

Case 1: The short route is Source-R1-R2-End, so that’s the default route. If the connection between R2 and End is cut, does the message then go via R4 or R7 and how it’s chosen?

Case 2: If the router R2 is down, does the message go via R3 and R4? How do the know that they need to do it instead of the R5-R6-R7 branch and how does the latter know not to do it if the virtual interface is advertised around the network? Or do they both do it wasting resources?

Case 3: If R2-End and R1-R2 are cut, and R3 is down, does the message still try to return to the “default route” and go to R2 via R5-6 and then pick either R7 or R4 route to end, or does it just go the whole R5-R7 route?

How does the lo fit into all of this?

Questions:

1. AFAIK several devices on a network can’t have the same address. I miss something. What?
2. How does another router know that it’s responsible for the routing now without every other router on the network doing the same thing?

3. The need for direct link for a process
This segment is just one question: Just looking at the output of SS -tulpn, it becomes apparent that many processes use a direct connection through the physical interface. Why? Wouldn’t it be better by default to use the lo for everything, or is this the case just inside the local network?

I would appreciate the help.

I didn’t read all your text, hope I don’t miss anything, but I think that loopback interface is easier to understand than all of that.

Processes in the system need to communicate with each other. One way of do that is the use of “socket files”. Another way is to use the network. But we don’t want to depend on real world network availability (is there even a network card in the computer?). So the system itself provides a “virtual” network adapter called loopback that doesn’t depend on a physical device. And the kernel manages it. Notice that all systems provide this adapter, even Windows (but it usually tries to hide the adapter).

This adapter uses the whole network 127.0.0.0/8, but the canonical address for “localhost” (the local computer") is 127.0.0.1.

So this is an internal network, totally independent from the outside. Not even the firewall should mess with it. And the intent of this network is to provide a network for system processes to communicate between them.

That can, basically, be summed up into:

It’s local and used your computer and its processes only.

You shouldn’t mess with it, it’s really doping a good job.

I think a way to see it as a “network” interface for your processes.

Ty both. Now those were clear explanations, I think. So lo is, in a way a “network” for the insides of the system so processes can communicate with each other through a set system.

The big thing for me was if it’s something I need to protect somehow. Apparently not.

Yes, and one of the many examples of this is how you bring up the CUPS page in your browser. It connects to http://127.0.0.1:631.

So even if you were to click this link now here in this post, it’ll direct your browser to the cupsd server running on your own computer.

The 631 is the port number — every IP address has 65’536 ports, of which the lowest 1’024 (starting at 0 and ending at 1023) are privileged and reserved for server software. Some other server software besides cupsd is also still configured this way, albeit at different port numbers.

No, the IP address 127.0.0.1 is unroutable. Anyone trying to connect to that IP address is only connecting to their own computer, and without the network packets even reaching the network adapter in their machine. It’s a completely internal and isolated thing.

Perhaps a (funny) analogy would be the difference between punching somebody in the face on the one hand, and on the other hand, having a dream at night in which you happen to be punching somebody in the face — it never reaches the real world.

Likewise, there are yet other unroutable IP ranges, such as for instance the 192.168.0.100/24 address range, which is reserved for local area networks — i.e. your personal network of all the computers at your home, or the internal network at a small company.

In the case of this particular IP range — and there are yet other ranges like it — the network packets do leave your computer, but they do not pass beyond your router, and your router will perform network address translation for any traffic between one of the client computers on the network (LAN) and the internet (WAN).

All the internet sees is the public IP address of the router, and any idiot thinking *“Aha, I know that guy’s IP address on his internal LAN, and now I’m going to try breaking into it by connecting my scr1pt k1dd13 h4xing software to 192.168.0.1” will only be making a break-in attempt against his own local computer, or possibly one of the other devices on his local LAN.

That was a new one for me. Thanks! Didn’t know I could bring that up in a browser. Same thing how I set up my home router. Guess I’m done here.

Yes, but your home router is most likely using a LAN IP address in the range 192.168.0.100/24.

So, as the range 127.0.0.0/8 is reserved for and restricted to your own computer — and every computer, tablet, smart TV and/or smartphone you possess responds to that in the same way, regardless of the operating system(s) installed — so is 192.168.0.100/24 reserved for and restricted to your local network behind the router.

Yeah. 192.168.1.1 What’s that “/8” or “/24” you keep adding?

And thanks for the interesting link. It’s going in the same BM-folder with ICANN and the likes.

The number after the slash tells you how many of the leading bits of the IP address are part of the subnet mask. Computers that belong to the same subnet are addressed with an identical group of that number of the most-significant bits of their IP addresses.

Each group of digits in the IP V4 address are a group of 8 bits. So if the subnet mask is /24, the first three groups (the first 24 bits) are the subnet mask and all addresses starting with the same 24 bits are part of the same subnet. If the router sees an address where the first 24 bits are different, the address is not in the local subnet, and the router will send the packets on to another network.

So, the smaller the subnet mask the more devices can be in the subnet.

If the address range is 192.168.0.100/24, then the local subnet can have 256 devices (192.168.0.0 to 192.168.0.255).

Originally started as a subnet mask. I don’t think that’s what the /xx suffix is called, though.

The subnet mask was ion the same syntax as the IP address, I.e. xxx.xxx.xxx.xxx, the most common one which was 255.255.255.0, equivalent of the suffix /24.

Or that’s how I understand it anyway.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.