Home / Blogs

IPv6 Security Myth #8: It Supports IPv6

Most of our IPv6 Security Myths are general notions, often passed on unwittingly between colleagues, friends, conference attendees, and others. Today’s myth is one that most often comes specifically from your vendors or suppliers. Whether it’s a hardware manufacturer, software developer, or Internet Service Provider (ISP), this myth is all about trust, but verify.

Myth: It Supports IPv6
Reality: It Probably Doesn’t

I am not saying that no products or services support IPv6. What I am saying is that a simple check-box in an RFx isn’t enough. If a sales person tells you “it supports IPv6” without any further details or collateral—you probably need to dig deeper.

Many products and services do in fact support IPv6 today. More companies add IPv6 support to their products every day. The catch, especially from a security standpoint, is what that word “support” really means. Sometimes “IPv6 support” means that a device can be configured with an IPv6 address. Sometimes it means the service passes IPv6 packets. Sometimes it just means the application won’t puke all over itself when deployed in an IPv6 enabled environment.

What you need “IPv6 support” to mean is full feature parity with your existing (likely IPv4) products and services. You also need that IPv6 support to provide the foundation for future changes and improvements as well, of course. What that means is that you must bust this myth yourself every time it pops up.

How can you avoid falling for the “it supports IPv6” myth? Start with detailed requirements. What is it that you need this product or service to do? RIPE-554, “Requirements for IPv6 in ICT Equipment” includes a section specific to “network security equipment” that I highly recommend as a starting place when crafting such a requirements list. Once you find a product or service that meets your needs on paper, lab testing and limited launches (pilot programs / first office installs) will help ensure that you aren’t bitten by this myth. Seeking independent verification is sometimes warranted as well, for an example check out this list of tested home routers published by the University of New Hampshire (UNH) InterOperability Lab (IOL).

The bottom line for this myth is simple: Treat IPv6 like you would any other new technology being deployed on your network. Ensure that all new equipment meets your specific needs, and remember to trust but verify when it comes to IPv6 support.

By Chris Grundemann, Creative|Technologist

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix


Sponsored byVerisign

Brand Protection

Sponsored byCSC