I don't think the link-level IPv6 addrs are a problem, but I am trying to find a way to control whether or not the system listens to router advertisements for the autoconfiguration of global IPv6 addresses.
Putting the ipv6 kernel module in the initrd should solve the problem of the module not being loaded on time. But I'm not sure it would solve the issue of the sysctls not having the corresponding sysfs nodes to configure (since these, I gather, are created as the network is being brought up). And, unless there's an easier and "safer" way to modify the initrd for SLES than unpacking it to a temporary location, adding/modifying files, and repacking it with gzip and cpio, I'm not sure this is an approach I would advocate for administrators who aren't used to building kernels/ramdisks (or are nervous about breaking support agreements and assumptions). I know I'm used to doing these kinds of modifications on personal systems, but personally would prefer to stick with the distro-provided kernel and initial ramdisk for anything being used in a production environment. When I specify a static IPv6 address on an interface, I am getting both that static address *and* a different autoconfigured global IPv6 address on that interface (assuming, of course, that I have a router-advertisement daemon active on the local link-layer network). Assuming that Fedora's network-up scripts are set up the same way as RHEL's (which I would imagine they are, given their lineage), they benefit from extra logic that the distro mainteners have built in to recognize options like IPV6_AUTOCONF=[yes/no] and try to guess sane defaults for settings not explicitly defined based on the values given for those which were explicitly defined. Looking through the equivalent scripts on SLES, I did not see any such logic or recognition of configuration parameters for autoconfiguration. Also, using a layer-3 vswitch prevents autoconfiguration. But it also prevents the use of IPv6 altogether for interfaces backed by that switch, making it a non-option for a system where static-only IPv6 is desired. Manually adding a static IPv4/IPv6 address to an ifcfg file and then doing an ifdown/ifup or `service network restart` works as expected. It is autoconfiguration specifically which is not working consistently between the first time an interface comes up after boot an subsequent ifups of that interface. On Wed, May 4, 2011 at 12:34 PM, Richard Troth <ri...@velocitysoftware.com>wrote: > Chris -- > > Are you simply trying to make the link-level IPv6 addrs go away? If > so, don't. (That feature confused me for years.) > But it does sound like you're after something more. > > One thing that might help is to have ipv6.ko loaded in your INITRD. > Then IFF the IPv6 support is there, I would recommend turning off > autoconf in /etc/sysctl.conf (which you said is failing with that > module not present, so ... force it to be present). > > On a new Fedora system, I see "IPV6_AUTOCONF=no" after I explicitly > set an IPv6 address. This leads me to believe that setting a static > IPv6 addr may help your situation. > > ... > > Has anyone on this list successfully disabled IPv6 autoconfiguration at* > *boot > > time for a SLES system, and if so then what approach did you take to do > so? > > I chose to use static addresses. Am also looking for DHCP6 when the > time comes. Then I recently learned that there is some vulnerability > w/r/t autoconfig. (Not meaning to slam the capability. Just making > an observation.) Autoconf is/was one of the reasons a lot of early > adopters pursued V6. > > > Also, has anyone else seen (and/or found a way to prevent) the issue I've > > encountered with interfaces on SLES failing to regain their > autoconfigured > > network addresses when they or the network service is restarted without > > rebooting the Linux? > > Guessing this is in the distributor's network start/stop/restart > logic. In my limitted experience, I can always manually add a V6 > address. No reboot. > > -- R; <>< > Rick Troth > Velocity Software > http://www.velocitysoftware.com/ > > > > > > On Wed, May 4, 2011 at 12:06, Christian Paro <christian.p...@gmail.com> > wrote: > > It is possible on RHEL systems to disable IPv6 autoconfiguration either > > system-wide (in /etc/sysconfig/network) or or specific interface (in that > > interface's /etc/sysconfig/network-scripts/ifcfg-* file) using the > > IPV6_AUTOCONF=[yes/no] statement. > > > > I have been looking for an equivalent mechanism in SLES, so far without > > success. Approaches already tried include adding sysctls to /etc/sysctl, > > /etc/sysconfig/network/ifsysctl, and interface-specific ifsysctl files > under > > /etc/sysconfig/network, as well as specifying these sysctls in that > > interface's own ifconfig file. > > > > Speicifcally, {net.ipv6.conf.all.autoconf, > net.ipv6.conf.default.autoconf, > > net.ipv6.conf.all.accept_ra, net.ipv6.default.accept_ra} when attempting > to > > control this behavior system-wide, and (for example) > > {net.ipv6.conf.eth0.autoconf and net.ipv6.conf.eth0.accept_ra} when > > attempting to do so on a per-interface basis. > > > > Depending on the timing of when these configuration files are read an > > interpreted during the boot process, however, in all cases either the > > attempt to apply the sysctls fails because the ipv6 kernel module hasn't > yet > > been loaded or the relevant sysfs nodes have not yet been created, or > > because the sysctls are applied after the network interface has already > been > > brought online and accepted a router advertisement and global > autoconfigured > > IPv6 address as per its default behavior. > > > > Disabling these sysctls and then restarting the network (or a specific > > interface) will disable autoconfiguration for that interface, but I have > not > > been able to do so for the first time the interface comes up after boot. > > > > Also, at least in our environment, restarting a network interface causes > it > > to fail to re-autoconfigure itself even with all the autoconfiguration > > sysctls left "on" - such that the interface will not regain an > > autoconfigured IPv6 address until after it the Linux has been rebooted. > This > > behavior has not been seen on our RHEL systems, so I believe it is a > symptom > > of something happening within the operating system rather than something > in > > our network's configuration. > > > > Has anyone on this list successfully disabled IPv6 autoconfiguration at* > *boot > > time for a SLES system, and if so then what approach did you take to do > so? > > > > Also, has anyone else seen (and/or found a way to prevent) the issue I've > > encountered with interfaces on SLES failing to regain their > autoconfigured > > network addresses when they or the network service is restarted without > > rebooting the Linux? > > > > Thank you. > > > > - Chris > > > > ---------------------------------------------------------------------- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
