Azure

3 Mins Read

IPv6 Addressing in Microsoft Azure: A Comprehensive Guide

Voiced by Amazon Polly

The exponential growth of internet-connected devices, cloud services, and the Internet of Things (IoT) has placed unprecedented demands on traditional IP addressing systems. IPv4, the fourth version of the Internet Protocol, is now stretched to its limits, leading to the adoption of IPv6 as the new standard for future-proof networking. Microsoft Azure, one of the leading public cloud providers, has embraced IPv6 to support next-generation applications with enhanced scalability, security, and global reach.

In this blog, we explore IPv6 addressing in Azure, including its fundamentals, implementation scenarios, configuration steps, and best practices.

Access to Unlimited* Azure Trainings at the cost of 2 with Azure Mastery Pass

  • Microsoft Certified Instructor
  • Hands-on Labs
  • EMI starting @ INR 4999*
Subscribe Now

What is IPv6?

IPv6 (Internet Protocol version 6) is the successor to IPv4, offering a vastly expanded address space and improved packet routing. Where IPv4 provides around 4.3 billion unique addresses (32-bit), IPv6 boasts 340 undecillion addresses (128-bit), effectively eliminating address exhaustion concerns.

Key Features of IPv6:

  • 128-bit address length (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334)
  • Simplified header format for faster processing
  • Auto-configuration capabilities (stateless and stateful)
  • Mandatory IPsec support for better security
  • No need for NAT (Network Address Translation) due to abundant address availability

Why Use IPv6 in Azure?

Azure supports IPv6 IP addressing for benefits of enterprises and developers:

  1. Global Reachability: IPv6 allows your applications to communicate over the internet without NAT, simplifying global service delivery.
  2. Compliance and Future Readiness: Regulatory requirements and industry standards are increasingly mandating IPv6 readiness.
  3. Scalability for IoT and Mobile: Massive device deployments require the expansive address space of IPv6.
  4. Improved Network Simplicity: Removing NAT improves end-to-end connectivity and performance.

IPv6 Support in Azure: Overview

Microsoft Azure allows to use both IPv4 and IPv6 IPs on a single network interface(Dual Stack). IPv6 in Azure is designed to work across various networking resources and services.

Supported Scenarios:

  • Virtual Networks (VNets) with dual-stack addressing
  • Load balancers (standard) supporting IPv6 frontends
  • Azure Virtual Machines with IPv6 addresses
  • Application Gateway (v2) with IPv6
  • IPv6 peering in ExpressRoute
  • IPv6 support in Azure DNS and Public IPs

IPv6 Addressing in Azure Virtual Networks (VNets)

Dual Stack Virtual Networks

This type of VNet includes both IPv4 and IPv6 address spaces. While creating IPv6 subnets need to manually defined. By default, it is not enabled.

Example Address Spaces:

  • IPv4: 10.0.0.0/16
  • IPv6: 2001:db8:1234:1a00::/56

Setting Up IPv6 in Azure: Step-by-Step

Here’s how to create a dual-stack VNet and assign IPv6 addresses in Azure:

  1. Create a Dual-Stack VNet

az network vnet create \

–name MyDualStackVNet \

–resource-group MyResourceGroup \

–location eastus \

–address-prefixes 10.0.0.0/16 2001:db8:1234:1a00::/56

  1. Create Dual-Stack Subnets

az network vnet subnet create \

–name MySubnet \

–resource-group MyResourceGroup \

–vnet-name MyDualStackVNet \

–address-prefixes 10.0.0.0/24 2001:db8:1234:1a00::/64

  1. Create a Network Interface (NIC) with IPv6

az network nic create \

–resource-group MyResourceGroup \

–name MyNic \

–vnet-name MyDualStackVNet \

–subnet MySubnet \

–ip-config-name ipconfig1 \

–private-ip-address-version DualStack

  1. Associate with a VM

When creating a VM, specify the NIC that has IPv6 support.

az vm create \

–resource-group MyResourceGroup \

–name MyIPv6VM \

–nics MyNic \

–image UbuntuLTS \

–admin-username azureuser \

–generate-ssh-keys

Public IPv6 Addresses

We can attach a Public IPv6 address to an Azure VM or an Azure Load Balancer if we need to expose them to the public internet.

Example: Create Public IPv6 Address

az network public-ip create \

–name MyIPv6PublicIP \

–resource-group MyResourceGroup \

–version IPv6 \

–sku Standard

Attach this to a load balancer or VM NIC as needed.

IPv6 with Azure Load Balancer

You can define separate frontend IP configurations for IPv4 and IPv6, enabling load-balanced access from both protocols.

Example Configuration:

az network lb create \

–resource-group MyResourceGroup \

–name MyDualStackLB \

–sku Standard \

–frontend-ip-name IPv6Frontend \

–backend-pool-name MyBackendPool \

–public-ip-address MyIPv6PublicIP

Security Considerations

Azure automatically provides basic protection via Network Security Groups (NSGs). When enabling IPv6, be mindful to:

  • Define separate NSG rules for IPv6 traffic. (IPv6 rules do not apply to IPv4 and vice versa).
  • Consider Application Security Groups (ASGs) for logical segmentation.
  • Use Azure Firewall or third-party appliances for deep inspection of IPv6 traffic if needed.

Monitoring and Diagnostics

Azure provides various tools for monitoring IPv6 traffic:

  • Network Watcher: Regional service allows Monitor VNet flow logs, NSG flow logs and connection diagnostics.
  • Azure Monitor: Track metrics for Azure VM or Azure Load Baancer having IPv6 address.

IPv6 Limitations in Azure

IPv6 in Azure still has some limitations:

  • Not all Azure services support IPv6 (e.g., classic networking, Azure Kubernetes Service without dual-stack).
  • No support for IPv6-only networks — dual-stack is mandatory.
  • Inbound NAT rules must be created separately for IPv6 addresses.

Best Practices

  1. Plan Addressing Early: Choose a /56 IPv6 prefix per VNet and reserve appropriately.
  2. Use NSGs and ASGs: Secure traffic for each IP version individually.
  3. Test Connectivity: Use ping6, curl, and other tools to validate IPv6 functionality.
  4. Audit Regularly: Use flow logs and diagnostics to maintain security and performance.
  5. Automate: Use ARM templates, Bicep, or Terraform to define and manage dual-stack configurations consistently.

Conclusion

IPv6 in Azure is a critical enabler for future-proof cloud networking. As organizations scale their cloud-native and IoT deployments, embracing dual-stack architecture ensures readiness, performance, and compliance. By leveraging the powerful IPv6 capabilities in Azure Virtual Networks, Load Balancers, and public IP services, you can deliver resilient, secure, and globally accessible applications.

Whether you’re preparing for digital transformation or simply modernizing your network stack, now is the time to integrate IPv6 into your Azure strategy.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAWS GenAI Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery Partner AWS Microsoft Workload PartnersAmazon EC2 Service Delivery PartnerAmazon ECS Service Delivery PartnerAWS Glue Service Delivery PartnerAmazon Redshift Service Delivery PartnerAWS Control Tower Service Delivery PartnerAWS WAF Service Delivery PartnerAmazon CloudFront Service Delivery PartnerAmazon OpenSearch Service Delivery PartnerAWS DMS Service Delivery PartnerAWS Systems Manager Service Delivery PartnerAmazon RDS Service Delivery PartnerAWS CloudFormation Service Delivery PartnerAWS ConfigAmazon EMR and many more.

WRITTEN BY Kunal Khadke

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!