← Back to glossary

IPv6 for Web Developers

networking Intermediate

Also Known As

IPv6 dual-stack IPv4 exhaustion

TL;DR

The successor to IPv4 with 128-bit addresses — effectively unlimited address space, mandatory in modern infrastructure, with some practical differences for web applications.

Explanation

IPv4 has ~4 billion addresses, exhausted. IPv6 provides 340 undecillion addresses. Format: eight groups of four hex digits (2001:0db8:85a3::8a2e:0370:7334). Key differences for web devs: IPv6 addresses in URLs need brackets (http://[::1]:8080), socket code needs AF_INET6, nginx and PHP need explicit IPv6 configuration. Dual-stack deployments support both. The PHP_EOL of IPv4-only hosting is approaching — major cloud providers require explicit IPv4 which costs extra; IPv6 is free.

Diagram

flowchart TD
    subgraph IPv4 - Exhausted
        IP4[32-bit address<br/>4.3 billion total<br/>0.0.0.0 to 255.255.255.255]
        NAT[NAT required<br/>multiple devices<br/>share one public IP]
    end
    subgraph IPv6 - Abundant
        IP6[128-bit address<br/>340 undecillion total<br/>2001:db8::1]
        NONAT[No NAT needed<br/>every device gets<br/>a public IP]
    end
    PHP[PHP server<br/>listen on both] --> DUAL["Dual-stack<br/>nginx listen 80<br/>nginx listen [::]:80"]
style IP4 fill:#f85149,color:#fff
style IP6 fill:#238636,color:#fff
style DUAL fill:#1f6feb,color:#fff

Common Misconception

✗ IPv6 is optional for modern applications — AWS now charges for IPv4 addresses; IPv6-only or dual-stack is increasingly the default and required for cost efficiency.

Why It Matters

IPv4 addresses now cost money on AWS and other clouds — IPv6 is the path to lower infrastructure costs and future-proof networking.

Common Mistakes

Hardcoding IPv4 assumptions — code that uses AF_INET exclusively breaks on IPv6-only hosts.
Not bracketing IPv6 addresses in URLs — http://::1:8080 is invalid; must be http://[::1]:8080.
Firewall rules that only block IPv4 — attackers on IPv6 bypass IPv4-only rules.
Not testing dual-stack deployments — IPv4 and IPv6 code paths can behave differently.

Code Examples

✗ Vulnerable

// IPv4-only socket — breaks on IPv6-only infrastructure:
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_bind($socket, '0.0.0.0', 8080); // IPv4 only

// IPv6 address in URL without brackets — invalid:
$url = 'http://' . $ipv6Addr . ':8080/api'; // Broken

✓ Fixed

// Dual-stack: bind to all interfaces including IPv6:
$socket = socket_create(AF_INET6, SOCK_STREAM, SOL_TCP);
socket_setopt($socket, IPPROTO_IPV6, IPV6_V6ONLY, 0); // Dual-stack
socket_bind($socket, '::', 8080);

// IPv6 in URL needs brackets:
$url = 'http://[' . $ipv6Addr . ']:8080/api'; // Correct

References

↗ https://www.rfc-editor.org/rfc/rfc2732

Tags

networking infrastructure ipv6

Added 15 Mar 2026

Edited 19 Apr 2026

Curated in Warsaw under one editorial standard. 1,444 terms, single voice. About this reference →

Rate this term

No ratings yet

🤖 AI Guestbook educational data only

| |

Last 30 days

Agents 1

No pings yesterday

Amazonbot 8 Perplexity 3 Ahrefs 2 Google 2 Majestic 1 SEMrush 1

Also referenced

DNS Resolution 25 Cloud Computing Models 25 TCP/IP Model 19

How they use it

crawler 17

Related categories

networking 496 cloud 422

⚡ DEV INTEL Tools & Severity

🟢 Low ⚙ Fix effort: Medium

⚡ Quick Fix

Add AAAA DNS records alongside A records; ensure Nginx listens on [::]:443; PHP curl handles IPv6 automatically when the OS supports it

📦 Applies To

any web cli

🔗 Prerequisites

TCP/IP Model DNS Record Types Linux Networking Tools

🔍 Detection Hints

No AAAA DNS record for IPv6-capable hosts; Nginx only listening on IPv4; cURL requests failing for IPv6-only destinations

Auto-detectable: ✗ No dig test-ipv6.com ping6

⚠ Related Problems

DNS Record Types TCP/IP Model Latency vs Bandwidth

🤖 AI Agent

Confidence: Low False Positives: High ✗ Manual fix Fix: Medium Context: File