Re: Solaris and lack of loopback routes

From: Jon (warchild@spoofed.org)
Date: 08/10/02


Date: Fri, 9 Aug 2002 22:23:33 -0400
From: Jon <warchild@spoofed.org>
To: Darren Moffat <Darren.Moffat@Sun.COM>

Darren,

> I'm willing to log a bug or rfe on this for Solaris but before I do
> I need someone to re-state clearly what the problem is that adding a
> route to the 127.0.0.0 network rather than the 127.0.0.1 host is. In
> addition to that why we should change the existing behaviour of Solaris
> from what it is today.

Crist already did a great job explaining what and why, but I just want to
add a bit as to why I think the Solaris behavior should change.

Traffic destined for the loopback network (127.0.0.0/8) should go out over
the loopback device, and as a result never leave the local machine. Not
only this logically the desired behavior, the RFC says so.

So why is Solaris' default behavior problematic? To be honest, I can't
think of all that many situations where sending loopback traffic over a
device other than the loopback device would be problematic. Combined with
poor and/or incorrect DNS records, mail is obviously a problem. Other
services like http, ssh and telnet aren't so bad because the connection
will quickly timeout and die. DNS is probably in a similar boat. Its more
of annoyance than anything.

When traffic destined to a host on the loopback network (excluding
localhost) is sent from a Solaris/SunOS box, the default behavior is
problematic and in some cases misleading. Thats why I think it should
change.

Even with no route for the loopback network, on all the non-Solaris systems
I've seen, traffic destined for the loopback network will still go out over
the loopback device as long as the netmask allows it. Thats not to say
that Solaris should change its bevahior, but I have yet to hear reasons why
Solaris acts this way or why it shouldn't change.

Cheers,

-jon