Ubuntu 18.04 LTS — Cannot Disable IPV6

google-cloud-platformubuntu-18.04

  1. I want to disable ipv6 on my private GCP cloud network. I have no need for it on my internal network since Google terminates ipv6 at the GCP load balancer, so I edited /etc/sysctl.conf

    # disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.ens4.disable_ipv6 = 1

of course sudo /etc/sysctl -p

  1. Edited /etc/default/grub as follows:

sudo vi /etc/default/grub
Modified the GRUB_CMDLINEs to look like:

    GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"
    GRUB_CMDLINE_LINUX="ipv6.disable=1"

Then executed:

sudo update-grub
sudo reboot

  1. After reboot, sudo ps -ae | grep ip shows: 

    ps -ae | grep ip  
87 ?        00:00:00 ipv6_addrconf

WHY IS THIS IPV6 PROCESS RUNNING?

  1. netstat -a shows 

    tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
udp        0      0 localhost:domain        0.0.0.0:*                          
udp        0      0 haproxy.fr:bootpc       0.0.0.0:*                          
udp        0      0 localhost:323           0.0.0.0:*                          
udp6       0      0 ip6-localhost:323       [::]:*                             
raw6       0      0 [::]:ipv6-icmp          [::]:*

I edited sshd_config and removed the ipv6 listener address. This stops SSH from listening on an ipv6 address. Still doesn't answer #3 above.

  1. sudo dmesg | grep IP 

    [    0.012014] Calibrating delay loop (skipped) preset value.. 4400.00 BogoMIPS (lpj=8800000)  
[    0.056601] smpboot: Total of 1 processors activated (4400.00 BogoMIPS)
[    0.201233] NetLabel:  protocols = UNLABELED CIPSOv4 CALIPSO
[    0.471145] Segment Routing with IPv6
[    3.875631] IPv6: ADDRCONF(NETDEV_UP): ens4: link is not ready

  2. cat /proc/sys/net/ipv6/conf/all/disable_ipv6 produces: "1" which in THEORY says ipv6 is disabled. But I'm not sure if ipv6 is fully disabled per #3 above. Can someone tell me what #3 above means?

NOTE: IPV4 is running fine.

Best Answer

I'm pretty sure you actually did disable IPV6 by editing sysctl.

By default, ip a on a stock Ubuntu 18.04 image returns this:

[...]
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000
    link/ether [REDACTED] brd ff:ff:ff:ff:ff:ff
    inet [REDACTED]/32 scope global dynamic ens4
       valid_lft 86257sec preferred_lft 86257sec
    inet6 [REDACTED]/64 scope link 
       valid_lft forever preferred_lft forever

However, after:

printf "\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1\nnet.ipv6.conf.lo.disable_ipv6 = 1\nnet.ipv6.conf.ens4.disable_ipv6 = 1\n">> /etc/sysctl.conf

sysctl -p

With ip a, you should see this instead:

[...]
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000
    link/ether [REDACTED] brd ff:ff:ff:ff:ff:ff
    inet [REDACTED]/32 scope global dynamic ens4
       valid_lft 85786sec preferred_lft 85786sec

Note that the whole inet6 section is gone now.

Ironically, I encountered this bug while testing. The workaround would be to add sysctl -p as a startup script to the instance.

Regarding the ipv6_addrconf process, it's a system process, and disabling the module using modprobe doesn't seem to do much to get rid of it:

modprobe --remove ipv6

Blacklisting it doesn't get rid of it either.

I would advise against this generally because that process is just sitting there doing nothing, and you're potentially running into kernel issues by tampering with it, especially if you're not sure what it does. The only decent article I found going in depth about the IPv6 module is this one. Your network interfaces wouldn't be using IPv6 anyway.

Related Topic