Do I need disable IPv6 on CentOS 6.0? If yes, how exactly?

Issues related to configuring your network

Do I need disable IPv6 on CentOS 6.0? If yes, how exactly?

Postby yngens » 2011/08/04 18:58:22

http://wiki.centos.org/FAQ/CentOS5#head ... 366b421dc4 gives instructions on how to remove ipv6 form CentOS5. I could not find similar wiki page for CentOS6. Searching Internet gives different instructions and many of them suggest editing '/etc/modprobe.conf' file, which is not present in CentOS6. So what is the most appropriate way of disabling (removing) IPv6 from CentOS6? Does removing it really somehow effect performance?
yngens
 
Posts: 20
Joined: 2010/10/24 02:02:35

Re: Do I need disable IPv6 on CentOS 6.0? If yes, how exactly?

Postby TrevorH » 2011/08/04 19:07:27

The instructions for 5.4 talk about using a file in /etc/modprobe.d and that should work on C6 (untested by me).
User avatar
TrevorH
Forum Moderator
 
Posts: 9167
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Do I need disable IPv6 on CentOS 6.0? If yes, how exactly?

Postby pschaff » 2011/08/04 21:32:24

Found on the rhelv6-list:
Add a new file /etc/modprobe.d/ipv6-off.conf containing
Code: Select all
alias net-pf-10 off
alias ipv6 off

Edit /etc/sysconfig/network and add a line
Code: Select all
NETWORKING_IPV6=no

Then
Code: Select all
chkconfig ip6tables off

Reboot.

Minimally tested but seems to work. Please report your experiences.

Disabling IPv6 may minimize network timeout delays. I notice no difference in my minimal tests.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: Do I need disable IPv6 on CentOS 6.0? If yes, how exactly?

Postby TrevorH » 2011/08/04 22:09:20

The ipv6 module on CentOS 6 seems to still support the 'disable' parameter that was used on 5.6 - at least modinfo ipv6 reports so.
User avatar
TrevorH
Forum Moderator
 
Posts: 9167
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Do I need disable IPv6 on CentOS 6.0? If yes, how exactly?

Postby yngens » 2011/08/04 23:18:50

I found instructions elsewhere to to put

'install ipv6 /bin/true'

in

/etc/modprobe.d/disable-ipv6.conf

Seems working for me.

Thanks all!
yngens
 
Posts: 20
Joined: 2010/10/24 02:02:35

Re: Do I need disable IPv6 on CentOS 6.0? If yes, how exactly?

Postby TrevorH » 2011/08/04 23:34:44

Hmmm, I did some digging and found this

Code: Select all
sysctl net.ipv6.conf.default.disable_ipv6=1
sysctl net.ipv6.conf.all.disable_ipv6=1


Which looks much more elegant and almost like it was done by design :-)

Oh, and for this to work, the ipv6 module has to be loaded.

The comment on the bugzilla about loads of selinux denials as all processes that are ipv6 enabled try to load the ipv6 module was

Eric Paris

I believe the networking kernel community recommends (and it will shut up these
AVCs) that IPv6 be disabled by:

echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6

It still loads the module but unhooks almost all of the calls into the module.
(apparently the IPv6 module has become so ingrained in the kernel that a number
of other things, like certain firewall modules, require it. I didn't design
it, I'm just telling it how it is)
User avatar
TrevorH
Forum Moderator
 
Posts: 9167
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Do I need disable IPv6 on CentOS 6.0? If yes, how exactly?

Postby pschaff » 2011/08/05 11:04:53

So, we have multiple potential approaches, but what is the Right Way [TM] to implement disabling IPv6 so it survives reboots and does not break SELinux or other things?
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: Do I need disable IPv6 on CentOS 6.0? If yes, how exactly?

Postby TrevorH » 2011/08/05 11:21:17

The quote I provided was from a Redhat employee commenting in a bugzilla about the correct approach on RHEL6.

The problem with the alias to off or /bin/false or /bin/true is that it stops the ipv6 module from loading altogether and there are now lots of other modules that require it. Disabling it in this way has the side effect of disabling, e.g. bonding and possibly also flooding your logs with SELinux AVC messages.

The old Centos 5.4 approach of allowing it to load but with the parameter 'disable=1' should still work but I am not sure if that let's you re-enable it without unloading the module.

The final approach is this one, and adding the keys to /etc/sysctl.conf should make it persistent across reboots. It also means that you can enable it on the fly (which may still be possible with disable=1).

https://bugzilla.redhat.com/show_bug.cgi?id=641836

Apparently this method will also work on Centos 5.4 onwards but there's a memory leak that's only fixed in 2.6.18-238+ kernels.
User avatar
TrevorH
Forum Moderator
 
Posts: 9167
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Do I need disable IPv6 on CentOS 6.0? If yes, how exactly?

Postby pschaff » 2011/08/05 13:24:16

Good enough for me - thanks. Updated CentOS-5 FAQ and added a CentOS 6 FAQ entry.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: Do I need disable IPv6 on CentOS 6.0? If yes, how exactly?

Postby yngens » 2011/08/05 21:23:00

I wonder could the issue I described in another thread https://www.centos.org/modules/newbb/vi ... 4&forum=58 (to which, unfortunately, nobody replied) have something with my [improper] turning off of IPv6?
yngens
 
Posts: 20
Joined: 2010/10/24 02:02:35

Next

Return to CentOS 6 - Networking Support

Who is online

Users browsing this forum: eadwig and 0 guests