RFC
RFC 791 (IPv4)
The original IPv4 specification and the basic principles of the Internet Protocol.
IPv4 and IPv6 solve one problem: addressing and routing packets in IP networks. The difference is in scale, operational complexity and the future of the Internet: IPv4 rests on NAT and compromises, IPv6 lays a long-term foundation without address scarcity.
The essence of IPv4 and IPv6
IPv4
32-bit addressing (about 4.3 billion addresses). Basic Internet protocol, but the global address pool has been exhausted.
IPv6
128-bit addressing (virtually inexhaustible space), simplified routing and modern-first networking capabilities.
Why is the transition necessary?
NAT and complex bypass schemes in IPv4 increase operational complexity, break the end-to-end model, and reduce observability.
RFC
RFC 8200 (IPv6)
Current IPv6 specification: format, behavior and protocol requirements.
Key differences
| Aspect | IPv4 | IPv6 | What does this change in architecture? |
|---|---|---|---|
| Address size | 32 bits | 128 bit | IPv6 removes the system limitation on the number of addresses. |
| Recording format | 192.0.2.10 | 2001:db8::10 | We need updates to logs, regex, ACL and tooling for the new format. |
| NAT | Almost everywhere | Usually not required | Easier tracing, but higher requirements for the firewall and access policy. |
| Autoconfiguration | More often DHCP | SLAAC and/or DHCPv6 | Connecting devices is faster, but a careful addressing policy is needed. |
| Compatibility | Historical baseline | Not backwards compatible | In practice, dual-stack or controlled transition mechanisms are needed. |
IPv6 capabilities
- Virtually unlimited address space for growth without a complex NAT layer.
- Cleaner end-to-end connectivity for services, IoT and p2p scenarios.
- Simplifying routing policy and address planning in large networks.
- A normal foundation for long-term platform architecture.
Real problems and risks
- Incomplete readiness of legacy systems: old balancers, ACLs, monitoring, regex parsing of logs.
- Dual-stack increases the failure surface if operating practices are weak.
- Security baseline errors: open IPv6 paths when the IPv4 circuit is correctly closed.
- Some external integrations are still IPv4-only.
How to switch to IPv6 without pain
The practical path is almost always the same: not a “big bang”, but a step-by-step dual-stack rollout with measurements.
- Take inventory: DNS, CDN, WAF, LB, ingress, databases, observability, external APIs.
- Run dual-stack in a non-critical environment and measure metrics/errors separately for IPv4 and IPv6.
- Enable AAAA records in stages: first internal services, then edge and public APIs.
- Check the security policy: firewall, SG/NACL, rate limiting, DDoS protection for both stacks.
- Update runbooks and alerts: diagnostics, rollback, playbooks for IPv6 incidents.
- Only after stability, gradually increase the share of IPv6 traffic.