Fortinet black logo

Handbook

Loopback interfaces

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:344609
Download PDF

Loopback interfaces

A loopback interface is a logical interface that's always up (no physical link dependency) and the attached subnet is always present in the routing table.

The IP address of the FortiGate loopback interface doesn't depend on one specific external port, and therefore you can access it through several physical or VLAN interfaces. You can configure multiple loopback interfaces in either non-VDOM mode or in each VDOM.

Loopback interfaces still require appropriate firewall policies to allow traffic to and from the interfaces.

A loopback interface can be used with:

  • Management access
  • BGP (TCP) peering
  • PIM RP
  • IS-IS

Loopback interfaces are a good practice for OSPF. To make troubleshooting OSPF easier, you should set the OSPF router ID to the same value as the loopback IP address, and remember the management IP addresses (ssh to “router ID”).

You can enable dynamic routing protocols on loopback interfaces.

For blackhole static routes, use the blackhole route type instead of the loopback interface.

VXLAN loopback binding

A Virtual Extensible LAN (VXLAN) unicast device can bind to a loopback interface as its underlying interface. The IP address of the loopback interface is taken as the source IP address for its outgoing VXLAN packets so the peer knows where to reply. Among the parameters that are passed to the kernel, the ifindex of the loopback interface isn't passed down to the kernel, so the kernel can choose the outgoing physical interface. This way, VXLAN traffic can be routed across multiple physical links and it provides resistance to a single point of failure.

To configure VXLAN loopback binding - CLI:

config system vxlan

edit <name>

set interface <interface>

set vni <VXLAN network ID>

set remote-ip <IP address>

next

end

Loopback interfaces

A loopback interface is a logical interface that's always up (no physical link dependency) and the attached subnet is always present in the routing table.

The IP address of the FortiGate loopback interface doesn't depend on one specific external port, and therefore you can access it through several physical or VLAN interfaces. You can configure multiple loopback interfaces in either non-VDOM mode or in each VDOM.

Loopback interfaces still require appropriate firewall policies to allow traffic to and from the interfaces.

A loopback interface can be used with:

  • Management access
  • BGP (TCP) peering
  • PIM RP
  • IS-IS

Loopback interfaces are a good practice for OSPF. To make troubleshooting OSPF easier, you should set the OSPF router ID to the same value as the loopback IP address, and remember the management IP addresses (ssh to “router ID”).

You can enable dynamic routing protocols on loopback interfaces.

For blackhole static routes, use the blackhole route type instead of the loopback interface.

VXLAN loopback binding

A Virtual Extensible LAN (VXLAN) unicast device can bind to a loopback interface as its underlying interface. The IP address of the loopback interface is taken as the source IP address for its outgoing VXLAN packets so the peer knows where to reply. Among the parameters that are passed to the kernel, the ifindex of the loopback interface isn't passed down to the kernel, so the kernel can choose the outgoing physical interface. This way, VXLAN traffic can be routed across multiple physical links and it provides resistance to a single point of failure.

To configure VXLAN loopback binding - CLI:

config system vxlan

edit <name>

set interface <interface>

set vni <VXLAN network ID>

set remote-ip <IP address>

next

end