Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: ipv6

Disabling IPv6 on *one* network interface in Debian

  

 
nsp ipv6 RSS feed   Index | Next | Previous | View Threaded


frnkblk at iname

Feb 3, 2011, 6:41 PM

Post #1 of 13 (4605 views)
Permalink
Disabling IPv6 on *one* network interface in Debian
Due to our network setup I have asymmetric traffic occurring (post-IPv4 NAT
result) that can be resolved by disabling IPv6 on one of the server's VLANs.
I removed the IPv6 addresses manually using "ip -6 addr del <IPv address>
dev eth0.<VLAN number>" but that will only last until the next reboot.

Any ideas on how to disable IPv6 on *one* network interface in Debian? My
google fu has failed me.

Frank


martin at millnert

Feb 3, 2011, 6:50 PM

Post #2 of 13 (4552 views)
Permalink
Re: Disabling IPv6 on *one* network interface in Debian [In reply to]
Hi Frank,

On Thu, 2011-02-03 at 20:41 -0600, Frank Bulk wrote:
> Due to our network setup I have asymmetric traffic occurring (post-IPv4 NAT
> result) that can be resolved by disabling IPv6 on one of the server's VLANs.
> I removed the IPv6 addresses manually using "ip -6 addr del <IPv address>
> dev eth0.<VLAN number>" but that will only last until the next reboot.
>
> Any ideas on how to disable IPv6 on *one* network interface in Debian? My
> google fu has failed me.
>
> Frank

http://blog.easter-eggs.org/index.php/post/2010/08/23/Disable-IPv6-autoconfiguration

1. Explicitly load IPv6 module
2. Disable autoconf/accept_ra on the interface you want

HTH,
Martin


tdurack at gmail

Feb 3, 2011, 7:09 PM

Post #3 of 13 (4557 views)
Permalink
Re: Disabling IPv6 on *one* network interface in Debian [In reply to]
On Fri, Feb 4, 2011 at 2:41 AM, Frank Bulk <frnkblk [at] iname> wrote:
> Due to our network setup I have asymmetric traffic occurring (post-IPv4 NAT
> result) that can be resolved by disabling IPv6 on one of the server's VLANs.
> I removed the IPv6 addresses manually using "ip -6 addr del <IPv address>
> dev eth0.<VLAN number>" but that will only last until the next reboot.
>
> Any ideas on how to disable IPv6 on *one* network interface in Debian?  My
> google fu has failed me.

you could add something like the following to /etc/network/interfaces:

interface <interface> inet <static|manual|dhcp>
pre-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
...

--
Tim:>


frnkblk at iname

Feb 3, 2011, 9:31 PM

Post #4 of 13 (4553 views)
Permalink
RE: Disabling IPv6 on *one* network interface in Debian [In reply to]
I tried several variations of that, but no success. I would do a if-down
eth0.100, then a if-up eth0.100, and every time it said:
/bin/sh: /proc/sys/net/ipv6/conf/eth0.100/disable_ipv6: No such file
or directory

Frank

-----Original Message-----
From: Tim Durack [mailto:tdurack [at] gmail]
Sent: Thursday, February 03, 2011 9:10 PM
To: frnkblk [at] iname
Cc: ipv6-ops [at] lists; ipv6-techsig [at] mailman
Subject: Re: Disabling IPv6 on *one* network interface in Debian

On Fri, Feb 4, 2011 at 2:41 AM, Frank Bulk <frnkblk [at] iname> wrote:
> Due to our network setup I have asymmetric traffic occurring (post-IPv4
NAT
> result) that can be resolved by disabling IPv6 on one of the server's
VLANs.
> I removed the IPv6 addresses manually using "ip -6 addr del <IPv address>
> dev eth0.<VLAN number>" but that will only last until the next reboot.
>
> Any ideas on how to disable IPv6 on *one* network interface in Debian?  My
> google fu has failed me.

you could add something like the following to /etc/network/interfaces:

interface <interface> inet <static|manual|dhcp>
pre-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
...

--
Tim:>


frnkblk at iname

Feb 3, 2011, 9:47 PM

Post #5 of 13 (4554 views)
Permalink
RE: Disabling IPv6 on *one* network interface in Debian [In reply to]
I tried that, no luck.
===================================
iface eth0.100 inet static
pre-up sysctl -w net.ipv6.conf.eth0/100.autoconf=0
pre-up sysctl -w net.ipv6.conf.eth0/100.accept_ra=0
address a.b.c.d
netmask 255.255.255.0
network a.b.c.0
===================================

Results in
error: "net.ipv6.conf.eth0.100.autoconf" is an unknown key

Of course, once the interface is up, I can execute sysctl manually. To change the autoconf and accept_ra.
root [at] nagio:/etc/network# sysctl -w net.ipv6.conf.eth0/100.autoconf=0
net.ipv6.conf.eth0/100.autoconf = 0
root [at] nagio:/etc/network# sysctl -w net.ipv6.conf.eth0/100.autoconf=0
net.ipv6.conf.eth0/100.autoconf = 0
root [at] nagio:/etc/network#

Frank

-----Original Message-----
From: Martin Millnert [mailto:martin [at] millnert]
Sent: Thursday, February 03, 2011 8:51 PM
To: frnkblk [at] iname
Cc: ipv6-ops [at] lists; ipv6-techsig [at] mailman
Subject: Re: Disabling IPv6 on *one* network interface in Debian

Hi Frank,

On Thu, 2011-02-03 at 20:41 -0600, Frank Bulk wrote:
> Due to our network setup I have asymmetric traffic occurring (post-IPv4 NAT
> result) that can be resolved by disabling IPv6 on one of the server's VLANs.
> I removed the IPv6 addresses manually using "ip -6 addr del <IPv address>
> dev eth0.<VLAN number>" but that will only last until the next reboot.
>
> Any ideas on how to disable IPv6 on *one* network interface in Debian? My
> google fu has failed me.
>
> Frank

http://blog.easter-eggs.org/index.php/post/2010/08/23/Disable-IPv6-autoconfiguration

1. Explicitly load IPv6 module
2. Disable autoconf/accept_ra on the interface you want

HTH,
Martin


brandon at burn

Feb 3, 2011, 10:02 PM

Post #6 of 13 (4551 views)
Permalink
RE: Disabling IPv6 on *one* network interface in Debian [In reply to]
On Thu, 3 Feb 2011, Frank Bulk wrote:

> I tried that, no luck.
> ===================================
> iface eth0.100 inet static
> pre-up sysctl -w net.ipv6.conf.eth0/100.autoconf=0
> pre-up sysctl -w net.ipv6.conf.eth0/100.accept_ra=0
> address a.b.c.d
> netmask 255.255.255.0
> network a.b.c.0
> ===================================
>
> Results in
> error: "net.ipv6.conf.eth0.100.autoconf" is an unknown key
>
> Of course, once the interface is up, I can execute sysctl manually. To change the autoconf and accept_ra.
> root [at] nagio:/etc/network# sysctl -w net.ipv6.conf.eth0/100.autoconf=0
> net.ipv6.conf.eth0/100.autoconf = 0
> root [at] nagio:/etc/network# sysctl -w net.ipv6.conf.eth0/100.autoconf=0
> net.ipv6.conf.eth0/100.autoconf = 0
> root [at] nagio:/etc/network#
>
> Frank


I'm *thinking* it's a race condition. Debian is going to create that
interface on demand with vconfig. So I think pre-up is trying to run and
the interface isn't created yet. This is messy, but what about:

post-up ifconfig eth0.100 down
post-up sysctl -w net.ipv6.conf.eth0/100.autoconf=0
post-up sysctl -w net.ipv6.conf.eth0/100.accept_ra=0
post-up ifconfig eth0.100 up


matt.addison at lists

Feb 3, 2011, 10:11 PM

Post #7 of 13 (4553 views)
Permalink
Re: Disabling IPv6 on *one* network interface in Debian [In reply to]
On Fri, Feb 4, 2011 at 00:47, Frank Bulk <frnkblk [at] iname> wrote:

> I tried that, no luck.
> ===================================
> iface eth0.100 inet static
> pre-up sysctl -w net.ipv6.conf.eth0/100.autoconf=0
> pre-up sysctl -w net.ipv6.conf.eth0/100.accept_ra=0
> address a.b.c.d
> netmask 255.255.255.0
> network a.b.c.0
> ===================================
>
> Results in
> error: "net.ipv6.conf.eth0.100.autoconf" is an unknown key


The /proc files (and sysctls) will not be populated until the interface is
in an up state (ie, at post-up), try just setting it in 'post-up' parameter
not 'pre-up'

Alternatively you could set the net.ipv6.conf.default.x values at boot, then
enable v6 explicitly on the interfaces you want it on (using the
aforementioned post-up parameter).

~Matt


frnkblk at iname

Feb 3, 2011, 10:11 PM

Post #8 of 13 (4550 views)
Permalink
RE: Disabling IPv6 on *one* network interface in Debian [In reply to]
I'm use the 2.6.26-1-amd64 kernel, and it may be that
"net.ipv6.conf.<interface>.disable_ipv6 = 0" is only supported on newer
kernels.

Frank

-----Original Message-----
From: Frank Bulk [mailto:frnkblk [at] iname]
Sent: Thursday, February 03, 2011 8:42 PM
To: 'ipv6-ops [at] lists'; 'ipv6-techsig [at] mailman'
Subject: Disabling IPv6 on *one* network interface in Debian

Due to our network setup I have asymmetric traffic occurring (post-IPv4 NAT
result) that can be resolved by disabling IPv6 on one of the server's VLANs.
I removed the IPv6 addresses manually using "ip -6 addr del <IPv address>
dev eth0.<VLAN number>" but that will only last until the next reboot.

Any ideas on how to disable IPv6 on *one* network interface in Debian? My
google fu has failed me.

Frank


frnkblk at iname

Feb 3, 2011, 10:21 PM

Post #9 of 13 (4548 views)
Permalink
RE: Disabling IPv6 on *one* network interface in Debian [In reply to]
That did the trick Brandon, many thanks! I still have a link-local address,
but the GUA is gone.

Frank

-----Original Message-----
From: Brandon Applegate [mailto:brandon [at] burn]
Sent: Friday, February 04, 2011 12:03 AM
To: Frank Bulk
Cc: 'Martin Millnert'; ipv6-ops [at] lists;
ipv6-techsig [at] mailman
Subject: RE: Disabling IPv6 on *one* network interface in Debian

On Thu, 3 Feb 2011, Frank Bulk wrote:

> I tried that, no luck.
> ===================================
> iface eth0.100 inet static
> pre-up sysctl -w net.ipv6.conf.eth0/100.autoconf=0
> pre-up sysctl -w net.ipv6.conf.eth0/100.accept_ra=0
> address a.b.c.d
> netmask 255.255.255.0
> network a.b.c.0
> ===================================
>
> Results in
> error: "net.ipv6.conf.eth0.100.autoconf" is an unknown key
>
> Of course, once the interface is up, I can execute sysctl manually. To
change the autoconf and accept_ra.
> root [at] nagio:/etc/network# sysctl -w net.ipv6.conf.eth0/100.autoconf=0
> net.ipv6.conf.eth0/100.autoconf = 0
> root [at] nagio:/etc/network# sysctl -w net.ipv6.conf.eth0/100.autoconf=0
> net.ipv6.conf.eth0/100.autoconf = 0
> root [at] nagio:/etc/network#
>
> Frank


I'm *thinking* it's a race condition. Debian is going to create that
interface on demand with vconfig. So I think pre-up is trying to run and
the interface isn't created yet. This is messy, but what about:

post-up ifconfig eth0.100 down
post-up sysctl -w net.ipv6.conf.eth0/100.autoconf=0
post-up sysctl -w net.ipv6.conf.eth0/100.accept_ra=0
post-up ifconfig eth0.100 up


bjorn at mork

Feb 4, 2011, 6:16 AM

Post #10 of 13 (4592 views)
Permalink
Re: Disabling IPv6 on *one* network interface in Debian [In reply to]
Brandon Applegate <brandon [at] burn> writes:

> I'm *thinking* it's a race condition. Debian is going to create that
> interface on demand with vconfig. So I think pre-up is trying to run
> and the interface isn't created yet.

Correct. You can see this if you add non-failing pre-up commands and
run "ifup --verbose". The pre-up commands are run first, and then

run-parts /etc/network/if-pre-up.d

which eventually will call

/etc/network/if-pre-up.d/vlan

which in turn will create the interface using vconfig. So you either
need to stick the sysctl cmmands into e.g.

/etc/network/if-pre-up.d/zz-late-pre-up

or something like that, or use some other trick.


> This is messy, but what about:
>
> post-up ifconfig eth0.100 down
> post-up sysctl -w net.ipv6.conf.eth0/100.autoconf=0 post-up sysctl -w
> net.ipv6.conf.eth0/100.accept_ra=0
> post-up ifconfig eth0.100 up

Yes, that will work, but seems a bit messy like you say. How about just
changing the defaults for new interfaces before bringing this interface up:

iface eth0.100 inet static
pre-up sysctl -w net.ipv6.conf.default.autoconf=0
pre-up sysctl -w net.ipv6.conf.default.accept_ra=0
address a.b.c.d
netmask 255.255.255.0
network a.b.c.0


You might want to add

up sysctl -w net.ipv6.conf.default.autoconf=1
up sysctl -w net.ipv6.conf.default.accept_ra=1

as well, to restore the proper defaults for other interfaces brought up
later.



Bjørn


frnkblk at iname

Feb 4, 2011, 10:04 AM

Post #11 of 13 (4539 views)
Permalink
RE: Disabling IPv6 on *one* network interface in Debian [In reply to]
Thanks for all the feedback on and off-list. This is my final config
snippet:

=========================
iface eth0.100 inet static
address a.b.c.d
netmask 255.255.255.0
network a.b.c.0
broadcast a.b.c.255
up sysctl -w net.ipv6.conf.eth0/100.autoconf=0
up sysctl -w net.ipv6.conf.eth0/100.accept_ra=0
post-up ip -6 addr flush eth0.100
=========================

The systcl's can apparently be done while the interface is up, which avoids
taking it down and up again like I had previously. The last line removes
any link-local addresses.

Again, for those kernels which support
"net.ipv6.conf.<interface>.disable_ipv6 = 0", that is the better option.

Frank

-----Original Message-----
From: Frank Bulk [mailto:frnkblk [at] iname]
Sent: Friday, February 04, 2011 12:11 AM
To: 'ipv6-ops [at] lists'; 'ipv6-techsig [at] mailman'
Subject: RE: Disabling IPv6 on *one* network interface in Debian

I'm use the 2.6.26-1-amd64 kernel, and it may be that
"net.ipv6.conf.<interface>.disable_ipv6 = 0" is only supported on newer
kernels.

Frank

-----Original Message-----
From: Frank Bulk [mailto:frnkblk [at] iname]
Sent: Thursday, February 03, 2011 8:42 PM
To: 'ipv6-ops [at] lists'; 'ipv6-techsig [at] mailman'
Subject: Disabling IPv6 on *one* network interface in Debian

Due to our network setup I have asymmetric traffic occurring (post-IPv4 NAT
result) that can be resolved by disabling IPv6 on one of the server's VLANs.
I removed the IPv6 addresses manually using "ip -6 addr del <IPv address>
dev eth0.<VLAN number>" but that will only last until the next reboot.

Any ideas on how to disable IPv6 on *one* network interface in Debian? My
google fu has failed me.

Frank


frnkblk at iname

Feb 15, 2011, 12:43 AM

Post #12 of 13 (4362 views)
Permalink
RE: Disabling IPv6 on *one* network interface in Debian [In reply to]
After a server reboot this morning I did see link-local recreated, not being
wiped out by "post-up ip -6 addr flush eth0.100". I've added a "up ip -6
addr flush eth0.100" and will see if that makes a difference in the future.

Frank

-----Original Message-----
From: Frank Bulk [mailto:frnkblk [at] iname]
Sent: Friday, February 04, 2011 12:05 PM
To: 'ipv6-ops [at] lists'; 'ipv6-techsig [at] mailman'
Subject: RE: Disabling IPv6 on *one* network interface in Debian

Thanks for all the feedback on and off-list. This is my final config
snippet:

=========================
iface eth0.100 inet static
address a.b.c.d
netmask 255.255.255.0
network a.b.c.0
broadcast a.b.c.255
up sysctl -w net.ipv6.conf.eth0/100.autoconf=0
up sysctl -w net.ipv6.conf.eth0/100.accept_ra=0
post-up ip -6 addr flush eth0.100
=========================

The systcl's can apparently be done while the interface is up, which avoids
taking it down and up again like I had previously. The last line removes
any link-local addresses.

Again, for those kernels which support
"net.ipv6.conf.<interface>.disable_ipv6 = 0", that is the better option.

Frank

-----Original Message-----
From: Frank Bulk [mailto:frnkblk [at] iname]
Sent: Friday, February 04, 2011 12:11 AM
To: 'ipv6-ops [at] lists'; 'ipv6-techsig [at] mailman'
Subject: RE: Disabling IPv6 on *one* network interface in Debian

I'm use the 2.6.26-1-amd64 kernel, and it may be that
"net.ipv6.conf.<interface>.disable_ipv6 = 0" is only supported on newer
kernels.

Frank

-----Original Message-----
From: Frank Bulk [mailto:frnkblk [at] iname]
Sent: Thursday, February 03, 2011 8:42 PM
To: 'ipv6-ops [at] lists'; 'ipv6-techsig [at] mailman'
Subject: Disabling IPv6 on *one* network interface in Debian

Due to our network setup I have asymmetric traffic occurring (post-IPv4 NAT
result) that can be resolved by disabling IPv6 on one of the server's VLANs.
I removed the IPv6 addresses manually using "ip -6 addr del <IPv address>
dev eth0.<VLAN number>" but that will only last until the next reboot.

Any ideas on how to disable IPv6 on *one* network interface in Debian? My
google fu has failed me.

Frank


bjorn at mork

Feb 15, 2011, 2:47 AM

Post #13 of 13 (4344 views)
Permalink
Re: Disabling IPv6 on *one* network interface in Debian [In reply to]
"Frank Bulk - iName.com" <frnkblk [at] iname> writes:

> After a server reboot this morning I did see link-local recreated, not being
> wiped out by "post-up ip -6 addr flush eth0.100". I've added a "up ip -6
> addr flush eth0.100" and will see if that makes a difference in the future.

That's very unlikely to make any difference. "post-up" is an alias for
"up", just as "pre-down" is an aliase for "down".


>From ifupdown-0.6.10/ifupdown.nw:

@

Dealing with the per-interface options is the next thing to deal
with.

<<process iface option line>>=
<<convert [[post-up]] and [[pre-down]] aliases to [[up]] and [[down]]>>
<<check for duplicate options>>
<<add option>>
@

<<convert [[post-up]] and [[pre-down]] aliases to [[up]] and [[down]]>>=
if (strcmp(firstword, "post-up") == 0) {
strcpy(firstword, "up");
}
if (strcmp(firstword, "pre-down") == 0) {
strcpy(firstword, "down");
}
@



This is also documented in interfaces(5) if you don't want to read the
code.



Bjørn

nsp ipv6 RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.