R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101
14
data packets sent to the loopback interface are considered as packets sent to the firewall itself, so the
firewall does not forward these packets.
Because a loopback interface is always up, it can be used for some other special purposes. For example,
if no router ID is configured for a dynamic routing protocol, the highest loopback interface IP address is
selected as the router ID. For another example, to avoid BGP sessions being interrupted by physical port
failure, you can use a loopback interface as the source interface of BGP packets. However, you must
ensure that the IP address of the loopback interface on the BGP peer is reachable. If EBGP connection is
involved, you must allow the establishment of EBGP connections to non-directly-connected peers.
Configuration procedure
Follow these steps to configure a loopback interface:
To do… Use the command…
Remarks
Enter system view system-view —
Create a Loopback interface and
enter Loopback interface view
interface loopback
interface-number
—
Set a description for the loopback
interface
description text
Optional
By default, the description of a
loopback interface is in the format
of interface name Interface.
Shut down the loopback interface shutdown
Optional
By default, a loopback interface is
up.
NOTE:
The subnet mask of the IP address assigned to a loopback interface can only be 32 bits in length.
Configuring the null interface
Introduction to the null interface
A null interface is a completely software-based logical interface, and is always up. However, you cannot
use it to forward data packets or configure an IP address or link layer protocol on it. With a null interface
specified as the next hop of a static route to a specific network segment, any packets routed to the
network segment are dropped. The null interface provides you a simpler way to filter packets than ACL.
You can filter uninteresting traffic by transmitting it to a null interface instead of applying an ACL.
For example, by executing the ip route-static 92.101.0.0 255.255.0.0 null 0 command (which configures
a static route leading to null interface 0), you can have all the packets destined to the network segment
92.101.0.0/16 discarded.
Only one null interface, interface Null 0, is supported on your firewall. You cannot remove or create a
null interface.
Configuration procedure
Follow these steps to configure the null interface:
To do… Use the command…
Remarks
Enter system view system-view —