Routeable Loopback Addresses

⁨17⁩ ⁨likes⁩

Submitted ⁨⁨6⁩ ⁨months⁩ ago⁩ by ⁨vegetaaaaaaa@lemmy.world⁩ to ⁨selfhosted@lemmy.world⁩

https://etherarp.net/routeable-loopback-addresses/

Old article I found in my bookmarks. Although I didn’t have the use for it, I thought it was interesting.

source

Comments

Sort:hotnew top

solidgrue@lemmy.world ⁨6⁩ ⁨months⁩ ago
I do this, but I also work in tech and have a pretty solid grasp of routing and how that all works. I agree it may seem overkill for many nstalls, but makes sense for certain use cases. I’ll try to explain without writing a book. I’ll ve glossing over a LOT of texture in the following…

In networking, a router is considered to be a node in a graph with multiple host IP addresses, one for each edge. It has an interface, sometimes physical but more often viirtual, on each edge (network segment, VLAN) that connects to it which serves as the gateway IP for that edge. In larger networks where there is more than a single router, the routers must tell each other which router has which destination network segment, so they all speak a routing protocol like RIP, OSPF or IS-IS. Each of the speakers must be able to identify itself uniquely among others so the other know which node is making the advertisement. To do this, they are each assigned a unique router IDz which is normally a 32 bit integer value represented as a dotted quad. Customarily, this is an IP address, and the protocols further this idea by adopting one the highest numbered IP address in the device or the addrss of its loopback interface if defined.

The point of a routing protocol is for the participating nodes to advertise the IP ranges of their connected edges. They assert advertisements for each edge when this active.(I.e., the interface is UP) and withdraw or expire them when the edge is unavailable (I.e., the interface is.in any.state other than UP). Every time an edge changes state-- goes from up to not-up, or.not-upnto up-- that advertisement must.propagate across the whole system, and every node must stop forwarding traffic and recalculate the best path to the remaining available edges. This is called a reconvergence, and network engineers try to do things to minimize the amount the frequency of these events.

Practically, one of the things.network engineers try to avoid is having the ID of a speaker change dynamically. Going back to how the device selects its router ID, it considers the loopback IP first, or the highest numbered IP active on the device at the time of evaluation. Edge interfaces could go up or down for any number of reasons at any time, so.they are.kess.than ideal to.use for the router ID. Loopback interfaces by contrast is always up. This interface typically receives the IP the routing protocol uses for its router ID

In practice, the loopback is the only interface on a router than can be said to belong to the router itself¹, and not to an edge connected to the router². There are other practical reasons in routing to do this, but they all come back to the fact that the loopback is always up, and therefore it’s always apt to be advertised as an available edge.

So what does any of this have to do with servers, applications and self hosting?

Applications that provide services over the network, DNS servers for example, need to bind to at least one IP address and protocol port. On servers with multiple interfaces, these applications normally bind to all available interface addresses, using the address 0.0.0.0. In some situations this might be undesirable. Maybe you don’t want your pihole serving tour internal DNS to your ISP, or maybe you have several VLANs at your house and want to use a single IP address for DNS across all of your VLANs, and you don’t trust the VLAN interface IPs to always be up.

Adding an IP to the lo interface ensures the IP is always available and reachable. It provides a single place for all hosts in the system to go that isn’t pinned to any one of the possible VLAN IPs.

In my own home setup, I define several IPs on the loopback for different containers that all want to use port 8443/TCP for their public port. This gives me the flexibility of being able to assign different services their own IP (which I can reference in DNS) on their native port vis-à-vis the documentation. So.my Pihole container has its address and my Unifi controller container has its own as well.

Anyway, this is very much a Done Thing in the industry. Not everyone needs it, but its a useful technique in the right circumstances.

Considered from to perspective of graph theory, network nodes and the edges they connect are distinct things. A router participates in a LAN, but the LAN is its own thing, and not formally part of the router.

In large IP networks, there are frequently tra sport topologies like VLANs or other shared.media that connect two or more routers, and are used exclusively to distribute traffic among themselves. Which of the participating routers is said to “own” that advertisement?
source
atzanteol@sh.itjust.works ⁨6⁩ ⁨months⁩ ago
That seems like a terrible idea.

Why not just assign multiple IPs to eth0 instead?

source
tagginator@utter.online [bot] ⁨6⁩ ⁨months⁩ ago
New Lemmy Post: Routeable Loopback Addresses (https://lemmyverse.link/lemmy.world/post/14496347)
Tagging: #SelfHosted
(Replying in the OP of this thread (NOT THIS BOT!) will appear as a comment in the lemmy discussion.)
I am a FOSS bot. Check my README: https://github.com/db0/lemmy-tagginator/blob/main/README.md
source

Decronym@lemmy.decronym.xyz ⁨6⁩ ⁨months⁩ ago

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters	More Letters
DNS	Domain Name Service/System
HTTP	Hypertext Transfer Protocol, the Web
IP	Internet Protocol
TCP	Transmission Control Protocol, most often over IP
Unifi	Ubiquiti WiFi hardware brand
nginx	Popular HTTP server

[Thread #692 for this sub, first seen 20th Apr 2024, 14:25] [FAQ] [Full list] [Contact] [Source code]

source

pyrosis@lemmy.world ⁨6⁩ ⁨months⁩ ago
I like to utilize nginx proxy manager alongside docker-ce and portainer-ce.

This allows you to forward web traffic to a single internal NPM IP. As for setting up the service ips. I like to utilize the gateway ips that docker generates for each service.

If you have docker running on the same internal IP as NPM you can directly configure the docker gateway ips for each service within the NPM web configuration.

This dumps the associated traffic into the container network for another layer of isolation.

This is a bit of an advanced configuration but it works well for my environment.

I would just love some support for quic within NPM.

source
catloaf@lemm.ee ⁨6⁩ ⁨months⁩ ago
Assigning non-loopback addresses to the loopback interface seems like a dumb idea. I don’t see any reason to do this over assigning the address to eth0 or whatever.

source