Enable IPv6 with DualStack networking

Note: During Early Access releases, Splunk products may have limitations on customer access, features, maturity, and regional availability. For additional information on Early Access please contact your Splunk representative.

Splunk now offers support for version 6 of the Internet Protocol (IPv6) as part of an Early Access release. This is provided as IPv6 DualStack networking with IPv6 fallback to IPv4 addresses. This helps you create a smooth transition between protocols, as you can use both IPv4 and IPv6 protocol addresses in the same configuration, and continue to update the IPv4 addresses to IPv6 addresses as needed.

There are no additional charges for using IPv6 addresses with DualStack networking.

IPv6 is the latest version of the Internet Protocol, which networking devices use for secure internet communication. Moving to IPv6 improves security capabilities and features to support the anticipated growth of the Internet.

Supported products and environments

You can now use Internet Protocol version 6 (IPv6) or version 4 (IPv4) in the Splunk Platform as follows:

• Supported networking environments:
  • DualStack networking configuration of IPv6 with fallback to IPv4
  • Ingress and egress traffic
• Supported platforms
  • Splunk Enterprise
  • Splunk Cloud Platform
• Supported cloud environments
  • AWS Commercial
  • AWS FedRAMP Moderate and High
• Supported networking components
  • Universal Forwarders
  • Heavy Forwarders
  • HTTP Event Collector (HEC)
  • Splunk-to-Splunk Protocol (S2S)
• Premium Add-ons
  • Splunk IT Service Intelligence (ITSI)
  • Enterprise Security (ES)

Start using IPv6 with DualStack netowrking

To enable IPv6 addresses with Splunk Early Access, reach out to your Splunk Solutions engineer and request IPv6 with DualStack networking. Your Splunk Solutions engineer will convert the stack from IPv4 to a DualStack netowrking configuration that supports both IPv4 and IPv6. Going forward, you can use both IPv4 and IPv6 addresses as desired. Your Splunk Solutions engineer will also provide you with a set of IPv6 addresses and will support you through the process of transitioning to IPv6.

Best practices

While you do not need to change your environment configuration to use IPv6 addresses, keep the following system best practices in mind when you implement IPv6 with DualStack networking across your platform:

• Use the Splunk-provided set of IPv6 addresses to review and adjust your system's firewall rules to allow IPv6.
• If you have a custom configuration, review the IP settings for your universal forwarders. To enable a forwarder to send data to another Splunk Enterprise instance over IPv6, edit outputs.conf and update the server = parameter with an IPv6 address formatted as [host]:port, for example, server = [2002:4721:93f0::e956]:9997. The outputs.conf stanzas [tcpout], [tcpout-server], [syslog] accept IPv6 addresses.
• If your system uses an HTTP Event Collector (HEC) endpoint, note that the HEC network load balancer is converted to DualStack networking and has the same DNS name.
• Amazon does not support IPv6 for Firehose but they do support AWS private link. For best results, double-check your implementation with your Splunk Solutions engineer.
• For managing IPv6 for any networking customizations or third party products for your on premise configuration, reach out to your Splunk Solutions engineer.