Voiced by Amazon Polly |
The exponential growth of internet-connected devices, cloud services, and the Internet of Things (IoT) has placed unprecedented demands on traditional IP addressing systems. IPv4, the fourth version of the Internet Protocol, is now stretched to its limits, leading to the adoption of IPv6 as the new standard for future-proof networking. Microsoft Azure, one of the leading public cloud providers, has embraced IPv6 to support next-generation applications with enhanced scalability, security, and global reach.
In this blog, we explore IPv6 addressing in Azure, including its fundamentals, implementation scenarios, configuration steps, and best practices.
Access to Unlimited* Azure Trainings at the cost of 2 with Azure Mastery Pass
- Microsoft Certified Instructor
- Hands-on Labs
- EMI starting @ INR 4999*
What is IPv6?
IPv6 (Internet Protocol version 6) is the successor to IPv4, offering a vastly expanded address space and improved packet routing. Where IPv4 provides around 4.3 billion unique addresses (32-bit), IPv6 boasts 340 undecillion addresses (128-bit), effectively eliminating address exhaustion concerns.
Key Features of IPv6:
- 128-bit address length (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334)
- Simplified header format for faster processing
- Auto-configuration capabilities (stateless and stateful)
- Mandatory IPsec support for better security
- No need for NAT (Network Address Translation) due to abundant address availability
Why Use IPv6 in Azure?
Azure supports IPv6 IP addressing for benefits of enterprises and developers:
- Global Reachability: IPv6 allows your applications to communicate over the internet without NAT, simplifying global service delivery.
- Compliance and Future Readiness: Regulatory requirements and industry standards are increasingly mandating IPv6 readiness.
- Scalability for IoT and Mobile: Massive device deployments require the expansive address space of IPv6.
- Improved Network Simplicity: Removing NAT improves end-to-end connectivity and performance.
IPv6 Support in Azure: Overview
Microsoft Azure allows to use both IPv4 and IPv6 IPs on a single network interface(Dual Stack). IPv6 in Azure is designed to work across various networking resources and services.
Supported Scenarios:
- Virtual Networks (VNets) with dual-stack addressing
- Load balancers (standard) supporting IPv6 frontends
- Azure Virtual Machines with IPv6 addresses
- Application Gateway (v2) with IPv6
- IPv6 peering in ExpressRoute
- IPv6 support in Azure DNS and Public IPs
IPv6 Addressing in Azure Virtual Networks (VNets)
Dual Stack Virtual Networks
This type of VNet includes both IPv4 and IPv6 address spaces. While creating IPv6 subnets need to manually defined. By default, it is not enabled.
Example Address Spaces:
- IPv4: 10.0.0.0/16
- IPv6: 2001:db8:1234:1a00::/56
Setting Up IPv6 in Azure: Step-by-Step
Here’s how to create a dual-stack VNet and assign IPv6 addresses in Azure:
- Create a Dual-Stack VNet
az network vnet create \
–name MyDualStackVNet \
–resource-group MyResourceGroup \
–location eastus \
–address-prefixes 10.0.0.0/16 2001:db8:1234:1a00::/56
- Create Dual-Stack Subnets
az network vnet subnet create \
–name MySubnet \
–resource-group MyResourceGroup \
–vnet-name MyDualStackVNet \
–address-prefixes 10.0.0.0/24 2001:db8:1234:1a00::/64
- Create a Network Interface (NIC) with IPv6
az network nic create \
–resource-group MyResourceGroup \
–name MyNic \
–vnet-name MyDualStackVNet \
–subnet MySubnet \
–ip-config-name ipconfig1 \
–private-ip-address-version DualStack
- Associate with a VM
When creating a VM, specify the NIC that has IPv6 support.
az vm create \
–resource-group MyResourceGroup \
–name MyIPv6VM \
–nics MyNic \
–image UbuntuLTS \
–admin-username azureuser \
–generate-ssh-keys
Public IPv6 Addresses
We can attach a Public IPv6 address to an Azure VM or an Azure Load Balancer if we need to expose them to the public internet.
Example: Create Public IPv6 Address
az network public-ip create \
–name MyIPv6PublicIP \
–resource-group MyResourceGroup \
–version IPv6 \
–sku Standard
Attach this to a load balancer or VM NIC as needed.
IPv6 with Azure Load Balancer
You can define separate frontend IP configurations for IPv4 and IPv6, enabling load-balanced access from both protocols.
Example Configuration:
az network lb create \
–resource-group MyResourceGroup \
–name MyDualStackLB \
–sku Standard \
–frontend-ip-name IPv6Frontend \
–backend-pool-name MyBackendPool \
–public-ip-address MyIPv6PublicIP
Security Considerations
Azure automatically provides basic protection via Network Security Groups (NSGs). When enabling IPv6, be mindful to:
- Define separate NSG rules for IPv6 traffic. (IPv6 rules do not apply to IPv4 and vice versa).
- Consider Application Security Groups (ASGs) for logical segmentation.
- Use Azure Firewall or third-party appliances for deep inspection of IPv6 traffic if needed.
Monitoring and Diagnostics
Azure provides various tools for monitoring IPv6 traffic:
- Network Watcher: Regional service allows Monitor VNet flow logs, NSG flow logs and connection diagnostics.
- Azure Monitor: Track metrics for Azure VM or Azure Load Baancer having IPv6 address.
IPv6 Limitations in Azure
IPv6 in Azure still has some limitations:
- Not all Azure services support IPv6 (e.g., classic networking, Azure Kubernetes Service without dual-stack).
- No support for IPv6-only networks — dual-stack is mandatory.
- Inbound NAT rules must be created separately for IPv6 addresses.
Best Practices
- Plan Addressing Early: Choose a /56 IPv6 prefix per VNet and reserve appropriately.
- Use NSGs and ASGs: Secure traffic for each IP version individually.
- Test Connectivity: Use ping6, curl, and other tools to validate IPv6 functionality.
- Audit Regularly: Use flow logs and diagnostics to maintain security and performance.
- Automate: Use ARM templates, Bicep, or Terraform to define and manage dual-stack configurations consistently.
Conclusion
IPv6 in Azure is a critical enabler for future-proof cloud networking. As organizations scale their cloud-native and IoT deployments, embracing dual-stack architecture ensures readiness, performance, and compliance. By leveraging the powerful IPv6 capabilities in Azure Virtual Networks, Load Balancers, and public IP services, you can deliver resilient, secure, and globally accessible applications.
Whether you’re preparing for digital transformation or simply modernizing your network stack, now is the time to integrate IPv6 into your Azure strategy.
Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.
- Cloud Training
- Customized Training
- Experiential Learning
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner, Amazon CloudFront Service Delivery Partner, Amazon OpenSearch Service Delivery Partner, AWS DMS Service Delivery Partner, AWS Systems Manager Service Delivery Partner, Amazon RDS Service Delivery Partner, AWS CloudFormation Service Delivery Partner, AWS Config, Amazon EMR and many more.
WRITTEN BY Kunal Khadke
Comments