IPv6 Addressing in Microsoft Azure: A Comprehensive Guide

The exponential growth of internet-connected devices, cloud services, and the Internet of Things (IoT) has placed unprecedented demands on traditional IP addressing systems. IPv4, the fourth version of the Internet Protocol, is now stretched to its limits, leading to the adoption of IPv6 as the new standard for future-proof networking. Microsoft Azure, one of the leading public cloud providers, has embraced IPv6 to support next-generation applications with enhanced scalability, security, and global reach.

In this blog, we explore IPv6 addressing in Azure, including its fundamentals, implementation scenarios, configuration steps, and best practices.

What is IPv6?

IPv6 (Internet Protocol version 6) is the successor to IPv4, offering a vastly expanded address space and improved packet routing. Where IPv4 provides around 4.3 billion unique addresses (32-bit), IPv6 boasts 340 undecillion addresses (128-bit), effectively eliminating address exhaustion concerns.

Key Features of IPv6:

• 128-bit address length (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334)
• Simplified header format for faster processing
• Auto-configuration capabilities (stateless and stateful)
• Mandatory IPsec support for better security
• No need for NAT (Network Address Translation) due to abundant address availability

Why Use IPv6 in Azure?

Azure supports IPv6 IP addressing for benefits of enterprises and developers:

1. Global Reachability: IPv6 allows your applications to communicate over the internet without NAT, simplifying global service delivery.
2. Compliance and Future Readiness: Regulatory requirements and industry standards are increasingly mandating IPv6 readiness.
3. Scalability for IoT and Mobile: Massive device deployments require the expansive address space of IPv6.
4. Improved Network Simplicity: Removing NAT improves end-to-end connectivity and performance.

IPv6 Support in Azure: Overview

Microsoft Azure allows to use both IPv4 and IPv6 IPs on a single network interface(Dual Stack). IPv6 in Azure is designed to work across various networking resources and services.

Supported Scenarios:

• Virtual Networks (VNets) with dual-stack addressing
• Load balancers (standard) supporting IPv6 frontends
• Azure Virtual Machines with IPv6 addresses
• Application Gateway (v2) with IPv6
• IPv6 peering in ExpressRoute
• IPv6 support in Azure DNS and Public IPs

IPv6 Addressing in Azure Virtual Networks (VNets)

Dual Stack Virtual Networks

This type of VNet includes both IPv4 and IPv6 address spaces. While creating IPv6 subnets need to manually defined. By default, it is not enabled.

Example Address Spaces:

• IPv4: 10.0.0.0/16
• IPv6: 2001:db8:1234:1a00::/56

Setting Up IPv6 in Azure: Step-by-Step

Here’s how to create a dual-stack VNet and assign IPv6 addresses in Azure:

1. Create a Dual-Stack VNet

az network vnet create \

–name MyDualStackVNet \

–resource-group MyResourceGroup \

–location eastus \

–address-prefixes 10.0.0.0/16 2001:db8:1234:1a00::/56

2. Create Dual-Stack Subnets

az network vnet subnet create \

–name MySubnet \

–resource-group MyResourceGroup \

–vnet-name MyDualStackVNet \

–address-prefixes 10.0.0.0/24 2001:db8:1234:1a00::/64

3. Create a Network Interface (NIC) with IPv6

az network nic create \

–resource-group MyResourceGroup \

–name MyNic \

–vnet-name MyDualStackVNet \

–subnet MySubnet \

–ip-config-name ipconfig1 \

–private-ip-address-version DualStack

4. Associate with a VM

When creating a VM, specify the NIC that has IPv6 support.

az vm create \

–resource-group MyResourceGroup \

–name MyIPv6VM \

–nics MyNic \

–image UbuntuLTS \

–admin-username azureuser \

–generate-ssh-keys

Public IPv6 Addresses

We can attach a Public IPv6 address to an Azure VM or an Azure Load Balancer if we need to expose them to the public internet.

Example: Create Public IPv6 Address

az network public-ip create \

–name MyIPv6PublicIP \

–resource-group MyResourceGroup \

–version IPv6 \

–sku Standard

Attach this to a load balancer or VM NIC as needed.

IPv6 with Azure Load Balancer

You can define separate frontend IP configurations for IPv4 and IPv6, enabling load-balanced access from both protocols.

Example Configuration:

az network lb create \

–resource-group MyResourceGroup \

–name MyDualStackLB \

–sku Standard \

–frontend-ip-name IPv6Frontend \

–backend-pool-name MyBackendPool \

–public-ip-address MyIPv6PublicIP

Security Considerations

Azure automatically provides basic protection via Network Security Groups (NSGs). When enabling IPv6, be mindful to:

• Define separate NSG rules for IPv6 traffic. (IPv6 rules do not apply to IPv4 and vice versa).
• Consider Application Security Groups (ASGs) for logical segmentation.
• Use Azure Firewall or third-party appliances for deep inspection of IPv6 traffic if needed.

Monitoring and Diagnostics

Azure provides various tools for monitoring IPv6 traffic:

• Network Watcher: Regional service allows Monitor VNet flow logs, NSG flow logs and connection diagnostics.
• Azure Monitor: Track metrics for Azure VM or Azure Load Baancer having IPv6 address.

IPv6 Limitations in Azure

IPv6 in Azure still has some limitations:

• Not all Azure services support IPv6 (e.g., classic networking, Azure Kubernetes Service without dual-stack).
• No support for IPv6-only networks — dual-stack is mandatory.
• Inbound NAT rules must be created separately for IPv6 addresses.

Best Practices

1. Plan Addressing Early: Choose a /56 IPv6 prefix per VNet and reserve appropriately.
2. Use NSGs and ASGs: Secure traffic for each IP version individually.
3. Test Connectivity: Use ping6, curl, and other tools to validate IPv6 functionality.
4. Audit Regularly: Use flow logs and diagnostics to maintain security and performance.
5. Automate: Use ARM templates, Bicep, or Terraform to define and manage dual-stack configurations consistently.

Conclusion

IPv6 in Azure is a critical enabler for future-proof cloud networking. As organizations scale their cloud-native and IoT deployments, embracing dual-stack architecture ensures readiness, performance, and compliance. By leveraging the powerful IPv6 capabilities in Azure Virtual Networks, Load Balancers, and public IP services, you can deliver resilient, secure, and globally accessible applications.

Whether you’re preparing for digital transformation or simply modernizing your network stack, now is the time to integrate IPv6 into your Azure strategy.

About CloudThat

Established in 2012, CloudThat is an award-winning company and the first in India to offer cloud training and consulting services for individuals and enterprises worldwide. Recently, it won Google Cloud’s New Training Partner of the Year Award for 2025, becoming the first company in the world in 2025 to hold awards from all three major cloud giants: AWS, Microsoft, and Google. CloudThat notably won consecutive AWS Training Partner of the Year (APJ) awards in 2023 and 2024 and the Microsoft Training Services Partner of the Year Award in 2024, bringing its total award count to an impressive 12 awards in the last 8 years. In addition to this, 20 trainers from CloudThat are ranked among Microsoft’s Top 100 MCTs globally for 2025, demonstrating its exceptional trainer quality on the global stage.  

As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, Google Cloud Platform Partner, and collaborator with leading organizations like HPE and Databricks, CloudThat has trained over 850,000 professionals across 600+ cloud certifications, empowering students and professionals worldwide to advance their skills and careers.