OEL 7 – How to disable IPv6 on Oracle Linux 7
In case you are not interested in IPv6, you can use the following HowTo to disable it on Oracle Linux 7. Unless you have something very very special on your System, these 10 Steps should do it.
- First of all, check if IPv6 is active at all
- Add the disable_ipv6 = 1 entries to the /etc/sysctl.conf file
- Disable IPv6 in all /etc/sysconfig/network-scripts/ifcfg-* files, e.g.
- Disable IPv6 in /etc/sysconfig/network
- Remove the “::1″ line from the /etc/hosts file
- Remove the “restrict -6″ line from the /etc/ntp.conf
- Add ipv6.disable=1 to the GRUB_CMDLINE_LINUX entry in the /etc/default/grub file
- Regenerate a GRUB configuration file and overwrite the existing one
- Reboot the server
- Confirm if IPV6 is disabled
First of all, check if IPv6 is active at all
1
2
3
4
5
6
7
8
9
10
|
[root@dbidg01 ~]# /sbin/ip - 6 addr 1 : lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 inet6 :: 1 / 128 scope host valid_lft forever preferred_lft forever 2 : enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 inet6 fe80::ad02:9b6a:bf40:5a3a/ 64 scope link valid_lft forever preferred_lft forever 3 : enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 inet6 fe80::a00:27ff:feb8: 3544 / 64 scope link valid_lft forever preferred_lft forever |
Add the disable_ipv6 = 1 entries to the /etc/sysctl.conf file
1
2
3
|
#-- Disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf. default .disable_ipv6 = 1 |
Disable IPv6 in all /etc/sysconfig/network-scripts/ifcfg-* files, e.g.
1
2
|
cat /etc/sysconfig/network-scripts/ifcfg-enp0s3 | grep IPV6INIT IPV6INIT=no |
Disable IPv6 in /etc/sysconfig/network
1
2
|
cat /etc/sysconfig/network | grep NETWORKING_IPV6 NETWORKING_IPV6=no |
Remove the following line from the /etc/hosts file
1
|
:: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 |
Remove the following line from the /etc/ntp.conf
1
2
3
|
cat /etc/ntp.conf | egrep ' -6' restrict - 6 default kod nomodify notrap nopeer noquery restrict - 6 :: 1 |
Add ipv6.disable=1 to the GRUB_CMDLINE_LINUX entry in the /etc/default/grub file
1
2
|
[root@dbidg01 /]# cat /etc/ default /grub | grep GRUB_CMDLINE_LINUX GRUB_CMDLINE_LINUX= "ipv6.disable=1 crashkernel=auto rd.lvm.lv=ol/root rd.lvm.lv=ol/swap rhgb quiet numa=off transparent_hugepage=never" |
Regenerate a GRUB configuration file and overwrite the existing one
1
2
3
4
5
6
7
8
9
10
11
|
[root@dbidg01 /]# grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... Found linux image: /boot/vmlinuz- 4.1 . 12 - 61.1 . 19 .el7uek.x86_64 Found initrd image: /boot/initramfs- 4.1 . 12 - 61.1 . 19 .el7uek.x86_64.img Found linux image: /boot/vmlinuz- 4.1 . 12 - 61.1 . 18 .el7uek.x86_64 Found initrd image: /boot/initramfs- 4.1 . 12 - 61.1 . 18 .el7uek.x86_64.img Found linux image: /boot/vmlinuz- 3.10 . 0 - 514 .el7.x86_64 Found initrd image: /boot/initramfs- 3.10 . 0 - 514 .el7.x86_64.img Found linux image: /boot/vmlinuz- 0 -rescue-547c48bd53614a2ca2d16909b3c14419 Found initrd image: /boot/initramfs- 0 -rescue-547c48bd53614a2ca2d16909b3c14419.img done |
Reboot the server
1
|
init 6 |
Confirm if IPV6 is disabled
1
2
|
[root@dbidg01 ~]# /sbin/ip - 6 addr [root@dbidg01 ~]# lsmod | grep -i v6 |
In case the ip and the lsmod command do not return anything back, then you have successfully disabled IPv6.
And 10 reasons why by disabling IPv6 you are costing your company and customer money!
Enabling IPv6:
1. Identify application problems such as hard-coded IPv4 addresses <- hurts scaling!
2. Identify misconfigured network, applications, virtualized systems, and containers <-exposes downtime risks!
3. Eliminate overlapping IPv4 addresses <-Eliminiate operations and application complexity
4. Eliminate DHCPv4 address exhaustion (2^8 vs. 2^64 per network) <-Eliminiate operations and application complexity
5. Reduce battery usage on IoT and mobile devices between 12% and 30% <-Eliminiate NAT – Happer customers
6. Offer customers new IOT solution [Machine2Machine, Machine2Cloud, Machine2Cloud+Customer, Customer to Macine+Cloud)
7. Harder for attackers to scan, harder to target, easier to find attackers <-Lowers risk
8. Reduction in customer latency between 10% and 40% <- Happer Customers
9. Reduction in Opex/Capex for data centers – 10-30% <- Happer management and investors
10. Reduction in SPAM (to 7%) and DDOS (2%) <- Happer customers, management and investors
Bonus: Eliminate NAT all devices end-to-end <- reduced code size, inclusion of additional libraries, and complexity
Contact me if you want details.
Joe Klein, CTO Disrupt6; IPv6 Forum – Fellow