IPv4 addresses are running out — regional registries are allocating their last blocks and prices for IPv4 addresses on the secondary market are rising. IPv6 with 128-bit addresses provides a virtually unlimited address space and is already the present, not the future. Most major providers and cloud platforms fully support IPv6. Migration is not a one-time switch but a gradual process where both versions coexist.
Basics¶
2001:db8:85a3::8a2e:370:7334 # 128 bits, hexadecimal notation
::1/128 # loopback (equivalent of 127.0.0.1)
fe80::/10 # link-local (automatic configuration)
2000::/3 # global unicast (public addresses)
IPv6 addresses are 128-bit compared to 32-bit IPv4. Shortened notation replaces groups of zeros with a double colon (::). Each interface gets a link-local address automatically (fe80::), while global addresses are assigned by the router via SLAAC or DHCPv6. NAT practically does not exist in IPv6 — every device has a public address and security is ensured by the firewall.
Dual-Stack¶
# Nginx
server { listen 80; listen [::]:80; }
# DNS
example.com A 93.184.216.34
example.com AAAA 2606:2800:220:1:248:1893:25c8:1946
Dual-stack is the recommended migration strategy — the server listens on both IPv4 and IPv6 simultaneously. Clients with IPv6 connectivity automatically prefer IPv6 (Happy Eyeballs algorithm). Gradually add AAAA records alongside existing A records.
Linux¶
ip -6 addr show # show IPv6 addresses
ping6 google.com # test IPv6 connectivity
curl -6 https://google.com # force IPv6
ip -6 route show # IPv6 routing table
Security¶
With IPv6, NAT as a security layer disappears. Every device is directly addressable from the internet, making a firewall on the IPv6 interface critically important. Verify that your firewall rules cover IPv6 traffic as well — a common mistake is protecting only IPv4.
Dual-Stack Is the Way¶
IPv4 + IPv6 simultaneously is a safe migration strategy. Add AAAA records gradually, test connectivity, and monitor traffic on both protocols.