IPv6 Explained: Definition, How It Works and Why It Matters

IPv6 is the successor to IPv4, standardised to fix an urgent problem: the internet ran out of fresh IPv4 addresses. Where IPv4 tops out at roughly 4.3 billion addresses, IPv6's 128-bit space is large enough to assign billions of addresses to every grain of sand on Earth. Beyond scale, the protocol redesigns core networking mechanics - address assignment, neighbor resolution, and packet header structure - to reduce complexity for modern workloads.

IANA exhausted its global free pool of IPv4 addresses on February 3, 2011, and every Regional Internet Registry has since exhausted its own free pool. RIPE NCC made its final allocation on November 25, 2019. The economics now bite hard: AWS began charging $0.005 per public IPv4 address per hour - roughly $3.60 per month - from February 1, 2024, citing a 300% rise in IPv4 acquisition costs over five years (AWS).

An IPv6 address looks like 2001:0db8:85a3:0000:0000:8a2e:0370:7334. Eight groups of four hexadecimal digits, separated by colons. Leading zeros within a group can be dropped, and one consecutive run of all-zero groups collapses to ::, making addresses shorter to write in practice.

How Does IPv6 Work?

IPv6 follows the same packet-routing model as IPv4 - source sends, routers forward, destination receives - but several internal mechanisms differ. Those differences separate a sysadmin who can troubleshoot an IPv6 deployment from one who avoids it entirely.

Address structure. The 128-bit address splits at the 64-bit boundary. The first 64 bits carry the network prefix; the last 64 bits identify the specific interface on that network.

Three address types replace IPv4's four:

• Unicast - one source to one destination, covering everyday traffic.
• Multicast - one source to a defined group, replacing IPv4 broadcast entirely.
• Anycast - packets reach the topologically nearest member of a group sharing one address, useful for CDN edge routing and load balancing.

Stateless Address Autoconfiguration (SLAAC). A device listens for router advertisements, takes the announced network prefix, appends its own interface identifier, and builds a valid global address with no DHCP server involved. This cuts provisioning overhead in large or dynamic environments. However, the Canadian Centre for Cyber Security (ITSM.80.003) warns that SLAAC can allow threat actors to track IPv6 endpoints, and recommends disabling it or enabling privacy extensions for external communications.

Fixed Header and NDP

Fixed 40-byte header. IPv4 headers vary from 20 to 60 bytes because optional fields sit inside the base header. IPv6 moves optional data into separate extension headers and keeps the core header at a fixed 40 bytes (RFC 8200), making hardware forwarding faster and more predictable.

Neighbor Discovery Protocol (NDP). NDP replaces ARP entirely. Using ICMPv6 messages, it handles address resolution, router discovery, and duplicate address detection - with optional cryptographic authentication that ARP never offered. When we audited dual-stack configurations on enterprise edge routers, SLAAC logs were the most common forensic gap: NDP activity was rarely captured in SIEM pipelines configured only for ARP events.

IPv6 vs IPv4: Key Differences

The table below covers the differences that matter most in day-to-day operations.

A practical implication: because only the source host fragments IPv6 packets, routers along the path carry less state and process traffic faster.

Where Is IPv6 Actually Used?

IPv6 is active infrastructure today, not a future project. Global adoption reached approximately 43% in early 2025, based on IPv6 traffic to Google's services, with France at 80%, Germany at 75%, and India at 74% (DNS Made Easy). Peak usage in 2024 hit 47.36%, and Cisco's 2025 analysis put the US at 53% by end of that year. The Internet Society reports that the number of countries with 50%+ IPv6 deployment grew from 13 in mid-2024 to 21 by mid-2025.

• ISP and mobile networks - carriers assign unique global addresses to every subscriber device, removing the performance cost of carrier-grade NAT.
• Enterprise networks - organisations with large IoT footprints gain end-to-end addressability without NAT-induced complexity. The IPv6 market was sized at 41.4 billion units in 2024 and is projected to reach 127.6 billion units by 2030 at a 20.7% CAGR, driven largely by IoT (GlobeNewswire).
• Cloud platforms - AWS, Google Cloud, and Azure use IPv6 internally and default to it for new services, enabling direct resource-to-resource connectivity.
• Content Delivery Networks - CDN operators use anycast IPv6 so routing protocols direct users to the nearest edge node without DNS workarounds.

What Are the Advantages and Limitations of IPv6?

Advantages:

• The address space removes exhaustion risk for any foreseeable planning horizon.
• SLAAC cuts provisioning overhead in dynamic environments with no central DHCP dependency.
• Mandatory IPSec support, required by RFC 8200, sets a baseline for network-layer authentication and encryption.
• The fixed header format reduces router processing overhead versus variable IPv4 headers.
• Native multicast lowers bandwidth consumption for streaming and group communications.
• Better mobility support lets devices maintain connectivity when moving between networks.

Limitations:

• Dual-stack transition periods add configuration complexity and require testing both protocol paths. See our network transition and dual-stack planning guide for a practical starting point on mixed-protocol environments.
• Engineers must learn new addressing syntax, prefix planning conventions, and NDP troubleshooting.
• Some legacy applications need updates before they handle IPv6 socket calls correctly.
• Security monitoring tools often have incomplete IPv6 support. NIST SP 800-119 warns that IPv6 can be enabled on a host by an attacker to bypass security controls that are not IPv6-aware, and that IPv6 traffic can be encapsulated inside IPv4 packets using readily available tools to reach malicious hosts.
• IPv6-only and IPv4-only hosts cannot communicate directly without a translation mechanism.

How Should You Deploy IPv6?

A few principles that experienced network teams apply consistently:

1. Plan a hierarchical prefix allocation before enabling IPv6. Use /48 per site and /64 per subnet. Document it before touching a single router config.
2. Run dual-stack (IPv4 and IPv6 simultaneously) during the transition rather than a hard cutover.
3. Audit security tools early. Gaps in IPv6 inspection create blind spots that do not exist on the IPv4 path - a risk NIST SP 800-119 flags explicitly.
4. Test application compatibility explicitly. Do not assume software that works over IPv4 handles IPv6 socket calls correctly.
5. Use DHCPv6 where you need centralised address logging, since SLAAC alone provides no server-side lease log for forensic investigations.
6. If you manage Windows endpoints, deploying trusted root certificates via Intune becomes more important as IPv6 removes NAT inspection points that previously caught bad traffic.
7. Review firewall rules on both stacks. Attackers targeting network infrastructure - such as the AryStinger botnet that hijacked 4,300 D-Link routers as proxy nodes - often probe for IPv6 rules that were never written because admins assumed only IPv4 was active.