Edits to user guide + added filesystem section

1 files changed, 10 insertions, 5 deletions

diff --git a/content/docs/user_guide/networking.md b/content/docs/user_guide/networking.md
index 83e75aaf2..f1aa77625 100644
--- a/content/docs/user_guide/networking.md
+++ b/content/docs/user_guide/networking.md
@@ -8,14 +8,19 @@ state, control messages, and packet assembly — keeping it isolated from the ho
 network stack. Data link layer packets are written directly to the virtual
 device inside the network namespace setup by Docker or Kubernetes.
 
-A network passthrough mode is also supported, but comes at the cost of reduced
-isolation.
+The IP address and routes configured for the device are transferred inside the
+sandbox. The loopback device runs exclusively inside the sandbox and does not
+use the host. You can inspect them by running:
 
-## Enabling network passthrough
+```bash
+docker run --rm --runtime=runsc alpine ip addr
+```
+
+## Network passthrough
 
 For high-performance networking applications, you may choose to disable the user
-space network stack and instead use the host network stack. Note that this mode
-decreases the isolation to the host.
+space network stack and instead use the host network stack, including the loopback.
+Note that this mode decreases the isolation to the host.
 
 Add the following `runtimeArgs` to your Docker configuration
 (`/etc/docker/daemon.json`) and restart the Docker daemon: