Stop disabling IPv6 in your system images

Seriously.  Just stop that.

Stop disabling IPv6 as part of your standard OS install and network configurations.

If you’re like a lot of IT shops, you’ve probably been building “golden images” of your operating systems to use as the template for OS installation. While these images are (hopefully) on a regular patch cycle after installation, the basic configurations and options can remain unchanged for years.

The upshot of this is that there are a lot of operating system images out there that were initially created around the time that the base OS was released, and which have had minimal changes since then, other than mandatory patches.

Windows 7 and Server 2008R2 were released in 2009. Centos 5 was released in 2007. Both are still in very wide use. Even if you’ve moved up to Windows Server 2012 or Centos 6 (both released in 2011), it is not uncommon for golden images of these to retain the network and other configurations such as IPv6 from prior versions.

In other words, it is quite likely that your brand new OS install is using assumptions and configurations from 2009 or even 2007, when it was still considered good practice to disable IPv6 at every opportunity. We’re beginning to see new OS features, such as DirectAccess, that require functioning IPv6, either native or tunneled.

I have yet to find any service that’s available in the MacOS X, Centos or Ubuntu systems that can’t make use of IPv6, or is negatively impacted in any way by dual-stacking the host. I have also not found any instance where taking a dual-stack-capable host onto an IPv4-only network has caused an issue, in at least 2 years.

Here’s some more info for you Windows folks, including a list of MS services that do, or don’t use IPv6.

So just quit disabling IPv6 by default, mmmkay?

  1. #1 by wwwdrich on February 22, 2015 - 6:14 pm

    We still disable IPv6 because as least as recently as RHEL6.5 RedHat was still putting localhost as an alias for both the IPv4 and IPv6 addresses in /etc/hosts. For applications that are dual-stack this isn’t a problem. However I have lost track of the number of times we have had something fail because some service was only listening on and due to the IPv6 alias being first apps were trying to connect to ::1. Yes we could just fix the host table and hope that an update didn’t revert it, but since we aren’t deploying IPv6 any time soon, disabling it was decided as the “better” solution.

    That said, my entire home network is dual-stack with no issues.

%d bloggers like this: