Infrastructure at your Service

William Sescu

OEL 7 – How to disable IPv6 on Oracle Linux 7

In case you are not interested in IPv6, you can use the following HowTo to disable it on Oracle Linux 7. Unless you have something very very special on your System, these 10 Steps should do it.

  1. First of all, check if IPv6 is active at all
  2. Add the disable_ipv6 = 1 entries to the /etc/sysctl.conf file
  3. Disable IPv6 in all /etc/sysconfig/network-scripts/ifcfg-* files, e.g.
  4. Disable IPv6 in /etc/sysconfig/network
  5. Remove the “::1″ line from the /etc/hosts file
  6. Remove the “restrict -6″ line from the /etc/ntp.conf
  7. Add ipv6.disable=1 to the GRUB_CMDLINE_LINUX entry in the /etc/default/grub file
  8. Regenerate a GRUB configuration file and overwrite the existing one
  9. Reboot the server
  10. Confirm if IPV6 is disabled

 

First of all, check if IPv6 is active at all

[root@dbidg01 ~]# /sbin/ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::ad02:9b6a:bf40:5a3a/64 scope link
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::a00:27ff:feb8:3544/64 scope link
       valid_lft forever preferred_lft forever

 

Add the disable_ipv6 = 1 entries to the /etc/sysctl.conf file

#-- Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

 

Disable IPv6 in all /etc/sysconfig/network-scripts/ifcfg-* files, e.g.

cat /etc/sysconfig/network-scripts/ifcfg-enp0s3 | grep IPV6INIT
IPV6INIT=no

 

Disable IPv6 in /etc/sysconfig/network

cat /etc/sysconfig/network | grep NETWORKING_IPV6
NETWORKING_IPV6=no

 

Remove the following line from the /etc/hosts file

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

 

Remove the following line from the /etc/ntp.conf

cat /etc/ntp.conf | egrep ' -6'
restrict -6 default kod nomodify notrap nopeer noquery
restrict -6 ::1

 

Add ipv6.disable=1 to the GRUB_CMDLINE_LINUX entry in the /etc/default/grub file

[root@dbidg01 /]# cat /etc/default/grub | grep GRUB_CMDLINE_LINUX
GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rd.lvm.lv=ol/root rd.lvm.lv=ol/swap rhgb quiet numa=off transparent_hugepage=never"

 

Regenerate a GRUB configuration file and overwrite the existing one

[root@dbidg01 /]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.1.12-61.1.19.el7uek.x86_64
Found initrd image: /boot/initramfs-4.1.12-61.1.19.el7uek.x86_64.img
Found linux image: /boot/vmlinuz-4.1.12-61.1.18.el7uek.x86_64
Found initrd image: /boot/initramfs-4.1.12-61.1.18.el7uek.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-514.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-514.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-547c48bd53614a2ca2d16909b3c14419
Found initrd image: /boot/initramfs-0-rescue-547c48bd53614a2ca2d16909b3c14419.img
done

 

Reboot the server

init 6

 

Confirm if IPV6 is disabled

[root@dbidg01 ~]# /sbin/ip -6 addr
[root@dbidg01 ~]# lsmod | grep -i v6

 

In case the ip and the lsmod command do not return anything back, then you have successfully disabled IPv6.

Cheers, William

 

 

 

 

3 Comments

  • Joe Klein says:

    And 10 reasons why by disabling IPv6 you are costing your company and customer money!

    Enabling IPv6:
    1. Identify application problems such as hard-coded IPv4 addresses <- hurts scaling!
    2. Identify misconfigured network, applications, virtualized systems, and containers <-exposes downtime risks!
    3. Eliminate overlapping IPv4 addresses <-Eliminiate operations and application complexity
    4. Eliminate DHCPv4 address exhaustion (2^8 vs. 2^64 per network) <-Eliminiate operations and application complexity
    5. Reduce battery usage on IoT and mobile devices between 12% and 30% <-Eliminiate NAT – Happer customers
    6. Offer customers new IOT solution [Machine2Machine, Machine2Cloud, Machine2Cloud+Customer, Customer to Macine+Cloud)
    7. Harder for attackers to scan, harder to target, easier to find attackers <-Lowers risk
    8. Reduction in customer latency between 10% and 40% <- Happer Customers
    9. Reduction in Opex/Capex for data centers – 10-30% <- Happer management and investors
    10. Reduction in SPAM (to 7%) and DDOS (2%) <- Happer customers, management and investors

    Bonus: Eliminate NAT all devices end-to-end <- reduced code size, inclusion of additional libraries, and complexity
    Contact me if you want details.

    Joe Klein, CTO Disrupt6; IPv6 Forum – Fellow

     
    • William Sescu says:

      Hello Joe, my blog post was not about advantages and disadvantages of IPv6. It is simply a step by step instruction how to disable it, in case you want to. There are a lot of reasons why it could make sense to disable it. For example, the Oracle Enterprise Manager. A lot of customers out there use Cloud Control 12c or even versions older than that. Oracle has issues with IPv6 or does not support it at all with versions below Cloud Control 13.2. However, the new Enterprise Manager 13.2 supports IPv6 addresses, allowing targets to be managed on IPv6-enabled hosts. See the following blog entry. https://blogs.oracle.com/oem/reasons-to-upgrade-to-enterprise-manager-132-v2
      But how many customers out there have already 13.2? Maybe not too many. So, a lot of reasons still exists, why it is better to disable IPv6 and to save people a lot of headaches and money. Cheers, William

       
  • RickL says:

    William, Thanks for your clear instructions regarding disabling IPv6 in OL 7. Nicely done…

    Joe, your comments regarding IPv6 are understood. However, whether they are applicable is dependent upon your network environment. In my case, I am a systems admin and work within an organization that disables IPv6 at the firewall. Inside our network, IPv6 traffic goes nowhere. In this case, any IPv6 traffic on the segment is nothing but noise consuming cycles and dragging down network performance. So for us, the obvious choice is to disable it all together. We do have some VLAN’s that allow IPV6 traffic because our storage systems use it to communicate with each other. But it is only enabled on an as needed basis, and is confined to only that subnet. My point is that although your points are well taken, they don’t fit every organizations needs. I have found, for instance, that running out of IPv4 addresses is normally due to improperly managing your addresses in the first place. Using non-routable addressing where you can minimizes address consumption. I agree that eventually everyone will need to move to IPv6, but as with any migration, it is slow moving… and in the meantime, there are a lot of good reasons to not use it just yet.

     

Leave a Reply


three − 1 =

William Sescu
William Sescu

Consultant