IPv6 Compliance
OMB M-21-07
PacketViper fully supports IPv6 across capture, analysis, enforcement, and reporting — meeting OMB M-21-07 requirements for security tools operating in IPv6-enabled federal environments.
Executive Summary
PacketViper fully supports IPv6 across its capture, analysis, enforcement, and reporting capabilities. The platform operates in dual-stack and IPv6-only environments, providing feature parity between IPv4 and IPv6 for traffic monitoring, malicious traffic blocking, event logging, geographic attribution, and compliance reporting.
This document addresses PacketViper’s alignment with OMB Memorandum M-21-07, “Completing the Transition to Internet Protocol Version 6 (IPv6),” and the associated federal requirements for security tools operating in IPv6-enabled environments.
OMB M-21-07 — What It Requires of Security Tools
OMB M-21-07 (November 19, 2020) directs all federal agencies to transition to IPv6 as the standard network protocol, with the strategic intent of operating IPv6-only — not merely dual-stack. The memo explicitly names security tools as systems that must be IPv6-capable:
“Agencies shall ensure that all systems that support network operations or enterprise security services (e.g., firewalls and intrusion detection/protection systems, security incident and event management systems, access control and policy enforcement systems, threat intelligence and reputation systems) are IPv6-capable and can operate in IPv6-only environments.”
The mandate establishes milestones progressing from 20% IPv6-only assets (FY 2023) through 80% IPv6-only (FY 2025), and flows down to vendors and subcontractors through the USGv6 Profile (NIST SP 500-267B) and FAR Part 11.002(g).
Bottom line: Security products sold to federal agencies must monitor, block, log, and enforce against IPv6 traffic with the same capability they provide for IPv4. Dual-stack-only is a transitional state — IPv6-only operation is the required end state.
PacketViper IPv6 Capabilities
1. Traffic Monitoring — Full IPv6 Visibility
PacketViper’s capture engine processes IPv6 traffic natively at the kernel level. The platform’s high-performance log pipeline parses IPv6 packet headers — including extension headers, ICMPv6, and encapsulated protocols — and delivers enriched event data to the analytics engine in real time.
Capabilities:
- Native IPv6 packet capture across all deployment modes (inline, bridge, mirror/SPAN)
- Full header parsing: source/destination IPv6 addresses, next-header protocol identification, ICMPv6 type/code classification
- Dual-stack operation: IPv4 and IPv6 traffic processed simultaneously with no performance degradation
- IPv6 traffic displayed natively across all dashboards, real-time traffic views, and investigation tools
- Connection tracking for IPv6 flows with full session state (NEW, ESTABLISHED, RELATED)
- All management interfaces accessible over IPv6 (dual-stack listener bindings)
2. Malicious Traffic Blocking — Full IPv6 Enforcement
PacketViper enforces security policy against IPv6 traffic using the same sensor, rule, and response framework that protects IPv4 environments. Policy rules, blacklists, geographic restrictions, and automated responses apply to IPv6 addresses and prefixes.
Capabilities:
- Sensor-based detection and automated response for IPv6 traffic — same trigger/response model as IPv4
- IPv6 address and prefix-based blocking (manual rules, blacklists, automated enforcement)
- Geographic attribution and enforcement for IPv6 addresses — country-level context applied to IPv6 traffic for geographic policy enforcement
- Automated Moving Target Defense (AMTD) strategies operate across both IPv4 and IPv6 address spaces
- Deception responders bindable to IPv6 addresses — decoys present on both protocol stacks
- Rate-limiting and threshold-based enforcement applied to IPv6 flows
- ICMPv6-aware filtering — selective enforcement that preserves required IPv6 neighbor discovery and router advertisement functions while blocking malicious ICMPv6
3. Event Logging — Full IPv6 Analytics Pipeline
PacketViper’s analytics engine stores IPv6 addresses natively, preserving full 128-bit address fidelity across the entire data lifecycle — from capture through storage, query, reporting, and export.
Capabilities:
- Native IPv6 address storage in the analytics engine — not string-converted or truncated
- Full query and filter support for IPv6 addresses across all reporting interfaces
- IPv6 events included in all standard and custom reports: traffic summaries, country reports, blocked traffic, sensor activity, compliance dashboards
- SIEM export (syslog, CEF) includes full IPv6 address fields
- Historical IPv6 event data queryable with the same performance characteristics as IPv4 (sub-second query response at scale)
- DNS intelligence captures both A (IPv4) and AAAA (IPv6) records for complete resolution visibility
- Federation telemetry transmits IPv6 event data across multi-node deployments
4. IPv6-Only Operation
PacketViper is designed to operate in environments where IPv4 is not present. The management plane, enforcement plane, and analytics pipeline function without IPv4 dependencies.
Capabilities:
- Management UI accessible over IPv6-only networks (HTTPS on port 47881)
- SSH management over IPv6 (port 47822)
- Sensor enforcement and packet processing operate on IPv6-only forwarding paths
- No IPv4 dependency for core platform operation — configuration, monitoring, and enforcement function in pure IPv6 environments
- Bridge-mode deployment passes IPv6 traffic transparently with enforcement applied at the bridge layer
Deployment Architecture for IPv6 Environments
PacketViper deploys in the same topologies for IPv6 as for IPv4:
| Deployment Mode | IPv6 Support | Description |
| Inline (Bridge) | Full | Transparent bridge between network segments — inspects, logs, and enforces on all IPv6 traffic traversing the bridge |
| Mirror / SPAN | Full | Receives copied IPv6 traffic from switch SPAN ports — monitors, logs, and alerts without inline enforcement |
| Hybrid | Full | Inline on perimeter interfaces with mirror on internal segments — comprehensive IPv6 visibility |
| Air-Gapped | Full | Self-contained analytics and enforcement with no external dependencies — operates IPv6-only without cloud or external connectivity |
Compliance Alignment
PacketViper’s IPv6 capabilities map directly to the security requirements referenced in and around OMB M-21-07:
| Requirement Source | Requirement | PacketViper Capability |
| OMB M-21-07 | Security tools must be IPv6-capable and operate in IPv6-only environments | Full IPv6 capture, enforcement, logging, and management — no IPv4 dependency |
| NIST SP 800-119 | Security tools must inspect IPv6 extension headers | Extension header parsing in the capture pipeline with protocol identification |
| NIST SP 800-119 | Detect and control IPv6-in-IPv4 tunneling (6in4, Teredo, ISATAP) | Protocol-aware inspection identifies encapsulated IPv6 traffic |
| NIST SP 800-119 | Selective ICMPv6 filtering (preserve NDP, block malicious) | ICMPv6-aware enforcement preserves neighbor discovery while blocking abuse |
| USGv6 Profile (SP 500-267B) | Network protection devices must filter based on IPv6 addresses | Full IPv6 address/prefix-based policy enforcement |
| NIST SP 800-53 SC-7 | Boundary protection | Inline bridge enforcement on IPv6 traffic at network boundaries |
| NIST SP 800-53 SI-4 | Information system monitoring | Real-time IPv6 traffic monitoring, dashboards, and alerting |
| NIST SP 800-53 AU-3 | Audit content — source/destination addresses | IPv6 addresses captured and stored with full fidelity in all audit records |
| FISMA CIO Metrics | Report IPv6-enabled status of security tools | PacketViper reports as fully IPv6-enabled |
Frequently Asked Questions
Q: Does PacketViper require any special configuration to process IPv6 traffic?
A: No. IPv6 capture and logging are enabled by default. IPv6 traffic flowing through a PacketViper appliance — whether inline or mirrored — is automatically captured, analyzed, and stored. Policy enforcement against IPv6 addresses uses the same sensor and rule configuration interface as IPv4.
Q: Can PacketViper enforce geographic restrictions on IPv6 traffic?
A: Yes. PacketViper’s geographic intelligence engine resolves IPv6 addresses to country-level attribution, enabling the same geographic policy enforcement available for IPv4 — including country-level blocking, alerting, and traffic context classification.
Q: Does PacketViper support IPv6 in OT/ICS environments?
A: Yes. PacketViper’s agentless deployment model (transparent bridge, no agents on endpoints) applies equally to IPv6 OT environments. The platform monitors and protects IPv6-enabled industrial devices without modifying PLC firmware, installing agents, or disrupting production control systems. Virtual Agent protection extends to IPv6-addressed OT assets.
Q: Can I run PacketViper on a network that is entirely IPv6 with no IPv4?
A: Yes. PacketViper’s management interfaces, enforcement engine, and analytics pipeline operate without IPv4 dependencies. The platform can be deployed, configured, and operated in pure IPv6 environments.
Q: Does PacketViper’s federation support IPv6?
A: Yes. Federation communication between PacketViper nodes operates over IPv6-capable transport. Multi-site deployments with IPv6 WAN connectivity function with full telemetry aggregation, policy distribution, and centralized management.
Q: How does PacketViper handle dual-stack environments during IPv6 transition?
A: PacketViper processes IPv4 and IPv6 traffic simultaneously with unified policy enforcement, logging, and analytics. Both protocol stacks are visible in the same dashboards and reports — operators do not need separate tools or views for each protocol version.
Version and Availability
| Detail | Value |
| Product | PacketViper Unified Cyber Defense Platform |
| Version | 6.0 |
| IPv6 Development Status | Complete |
| General Availability | March 24, 2026 |
| Deployment Model | On-premises appliance (hardware or virtual) |
IPv6 capabilities have been in active development and testing over the past several weeks and are included in the PacketViper 6.0 release. All IPv6 features described in this document are production-ready as of the GA release date.
Contact
For technical questions regarding PacketViper’s IPv6 capabilities or OMB M-21-07 compliance alignment, contact:
PacketViper
Email: support@packetviper.com
Web: www.packetviper.com
This document is provided for informational purposes to support customer compliance evaluation. PacketViper capabilities described herein reflect the PacketViper 6.0 platform as released on or before March 24, 2026.
See PacketViper IPv6 enforcement in action
Book a demo to see how PacketViper handles IPv6 traffic inline — capture, enforce, and report with full parity.