What is Dual Stack?

Understanding Dual Stack

Dual Stack is a networking configuration in which a device or network runs both IPv4 and IPv6 protocol stacks simultaneously, letting it communicate over either protocol. It is the primary IETF-recommended strategy for transitioning to IPv6 (RFC 4213), maintaining backward compatibility with IPv4 hosts while enabling native IPv6 connectivity.

A dual-stack host is assigned both an IPv4 address and an IPv6 address and maintains separate protocol stacks that share the application layer. When connecting to a destination, the resolver typically queries DNS for both A (IPv4) and AAAA (IPv6) records; the host then selects an address per RFC 6724 address-selection rules, and many clients use Happy Eyeballs (RFC 8305) to race both and pick the fastest responder. Routers, switches, and firewalls in a dual-stack network must be configured and secured for both protocol families.

Dual stack matters for security because it effectively doubles the attack surface. Each interface now has two reachable address families, and IPv6 is frequently enabled by default yet left unmonitored. Firewall rules, ACLs, intrusion detection, and logging written only for IPv4 silently fail to cover IPv6 traffic, creating blind spots attackers exploit to bypass controls or exfiltrate data. Consistent, parallel policy across both stacks is essential.

For example, an enterprise upgrading its data center deploys dual stack so legacy IPv4-only applications keep working while new services reach IPv6-only clients on mobile carrier networks. During a review, the security team realizes the perimeter firewall blocked inbound IPv4 SSH but never had an equivalent IPv6 rule, leaving a server reachable over its global IPv6 address. They add matching IPv6 ACLs and enable IPv6 logging, closing the gap.