Overview of IPv6 for Azure Load Balancer

Note

This content has been superseded by IPv6 for Azure VNet Overview. Azure recommends new IPv6 deployments use the new IPv6 for Azure Virtual Networks features.

Note

Azure Load Balancer supports two different types: Basic and Standard. This article discusses Basic Load Balancer. For more information about Standard Load Balancer, see Standard Load Balancer overview.

Basic SKU Internet-facing load balancers can be deployed with an IPv6 address. In addition to IPv4 connectivity, this enables the following capabilities:

  • Native end-to-end IPv6 connectivity between public Internet clients and Azure Virtual Machines (VMs) through the load balancer.
  • Native end-to-end IPv6 outbound connectivity between VMs and public Internet IPv6-enabled clients.

The following picture illustrates the IPv6 functionality for Azure Load Balancer.

Azure Load Balancer with IPv6

Once deployed, an IPv4 or IPv6-enabled Internet client can communicate with the public IPv4 or IPv6 addresses (or hostnames) of the Azure Internet-facing Load Balancer. The load balancer routes the IPv6 packets to the private IPv6 addresses of the VMs using network address translation (NAT). The IPv6 Internet client can't communicate directly with the IPv6 address of the VMs.

Features

Native IPv6 support for VMs deployed via Azure Resource Manager provides:

  1. Load-balanced IPv6 services for IPv6 clients on the Internet
  2. Native IPv6 and IPv4 endpoints on VMs ("dual stacked")
  3. Inbound and outbound-initiated native IPv6 connections
  4. Supported protocols such as TCP, UDP, and HTTP(S) enable a full range of service architectures

Benefits

This functionality enables the following key benefits:

  • Meet government regulations requiring that new applications be accessible to IPv6-only clients
  • Enable mobile and Internet of things (IOT) developers to use dual-stacked (IPv4+IPv6) Azure Virtual Machines to address the growing mobile & IOT markets

Details and limitations

Details

  • The Azure DNS service contains both IPv4 A and IPv6 AAAA name records and responds with both records for the load balancer. The client chooses which address (IPv4 or IPv6) to communicate with.
  • When a VM initiates a connection to a public Internet IPv6-connected device, the VM's source IPv6 address is network address translated (NAT) to the public IPv6 address of the load balancer.
  • VMs running the Linux operating system must be configured to receive an IPv6 IP address via DHCP. Many of the Linux images in the Azure Gallery are already configured to support IPv6 without modification. For more information, see Configuring DHCPv6 for Linux VMs
  • If you choose to use a health probe with your load balancer, create an IPv4 probe and use it with both the IPv4 and IPv6 endpoints. If the service on your VM goes down, both the IPv4 and IPv6 endpoints are taken out of rotation.

Limitations

  • You can't add IPv6 load balancing rules in the Azure portal. The rules can only be created through the template, CLI, PowerShell.
  • A single IPv6 address can be assigned to a single network interface in each VM.
  • You can't configure the reverse DNS lookup for your public IPv6 addresses.
  • The VMs with the IPv6 addresses can't be members of an Azure Cloud Service. They can be connected to an Azure Virtual Network (VNet) and communicate with each other over their IPv4 addresses.
  • Private IPv6 addresses can be deployed on individual VMs in a resource group but can't be deployed into a resource group via Scale Sets.
  • Azure VMs can't connect over IPv6 to other VMs, other Azure services, or on-premises devices. They can only communicate with the Azure load balancer over IPv6. However, they can communicate with these other resources using IPv4.
  • Network Security Group (NSG) protection for IPv4 is supported in dual-stack (IPv4+IPv6) deployments. NSGs don't apply to the IPv6 endpoints.
  • The IPv6 endpoint on the VM isn't exposed directly to the internet. It is behind a load balancer. Only the ports specified in the load balancer rules are accessible over IPv6.
  • Changing the loadDistributionMethod parameter for IPv6 is currently not supported.
  • IPv6 for Basic Load Balancer is locked to a Dynamic SKU. IPv6 for a Standard Load Balancer is locked to a Static SKU.
  • NAT64 (translation of IPv6 to IPv4) isn't supported.
  • Attaching a secondary NIC that refers to an IPv6 subnet to a backend pool is not supported for Basic Load Balancer.

Next steps

Learn how to deploy a load balancer with IPv6.