Why Monitoring IPv4 and IPv6 Separately Matters
Most uptime monitoring tools check a URL and report whether it responds. What they do not tell you is which protocol they used to connect. In almost every case, the answer is IPv4. This means that when your IPv6 endpoint breaks, your monitoring shows green, your SLA report says 100%, and a significant portion of your users -- the ones on mobile networks, modern ISPs, and IPv6-preferred connections -- experience downtime that nobody on your team knows about.
Separate IPv4 and IPv6 monitoring is not an advanced feature for edge cases. It is the minimum required to know your actual uptime. This article explains why the two protocols must be monitored independently, what happens when they are not, and how UptyBots makes dual-stack monitoring straightforward to configure and maintain.
IPv4 and IPv6 Are Two Different Networks
The most common misconception about dual-stack infrastructure is that if IPv4 works, IPv6 probably works too. This assumption is wrong, and it is wrong for fundamental architectural reasons.
Different DNS records
IPv4 and IPv6 addresses are published as completely separate DNS record types. The A record maps your domain to an IPv4 address like 192.0.2.45. The AAAA record maps it to an IPv6 address like 2001:db8::45. These records are managed independently, can have different TTL values, and can point to entirely different servers. One can be updated without the other. One can be deleted accidentally while the other remains intact.
# These are independent records that can fail independently example.com. 300 IN A 192.0.2.45 example.com. 300 IN AAAA 2001:db8::45
Different network paths
IPv4 and IPv6 packets travel through completely different routing infrastructure. Your hosting provider has separate BGP sessions for IPv4 and IPv6, separate peering agreements with transit providers, and sometimes separate physical network equipment. An IPv4 packet from a user in Tokyo to your server in Frankfurt follows one route; an IPv6 packet between the same two points may follow a completely different route through different intermediate networks.
This means that a routing issue, transit provider outage, or peering problem can affect one protocol while leaving the other completely unharmed. An IPv6 route leak at a transit provider can make your server unreachable over IPv6 from specific regions while IPv4 connectivity remains perfect.
Different server configuration
Web servers require explicit configuration to listen on IPv6. In Nginx, you need both listen 443 ssl; (IPv4) and listen [::]:443 ssl; (IPv6). In Apache, you need <VirtualHost *:443> rather than <VirtualHost 0.0.0.0:443>. A configuration change, server migration, or software update can easily break one listener while the other continues working.
Different firewall rules
On Linux, iptables and ip6tables are completely separate firewall systems. On cloud platforms, security groups require separate IPv4 and IPv6 CIDR rules. A firewall change that opens port 443 for 0.0.0.0/0 (all IPv4) does nothing for ::/0 (all IPv6). Teams that manage firewalls without dual-stack awareness routinely break IPv6 access while keeping IPv4 working.
Different SSL/TLS behavior
An SSL certificate is bound to a socket, not a domain. If the IPv6 socket is not configured for SSL, or if the certificate deployment did not reach the IPv6 listener, IPv6 HTTPS connections will fail with handshake errors while IPv4 HTTPS works normally. This is particularly common in CDN configurations where certificate deployment to IPv4 and IPv6 edge servers happens on different schedules.
The Problem with Single-Protocol Monitoring
A monitoring tool that checks https://example.com without specifying a protocol will use whichever IP address the monitoring server's DNS resolver returns first. On most systems, this is the IPv4 address. Even on dual-stack systems, many monitoring tools explicitly resolve only the A record for reliability reasons.
The result is that your monitoring sees one protocol and one protocol only. Here is what this means in practice:
| Actual state | What single-protocol monitoring reports | Reality for users |
|---|---|---|
| IPv4 UP, IPv6 UP | UP (100%) | Everything works for everyone |
| IPv4 UP, IPv6 DOWN | UP (100%) | Downtime for 30-50% of mobile users, invisible to you |
| IPv4 DOWN, IPv6 UP | DOWN (0%) | Most users see downtime, but IPv6 users still have access |
| IPv4 DOWN, IPv6 DOWN | DOWN (0%) | Total outage, correctly reported |
The second row is the dangerous one. Your monitoring says everything is fine. Your downtime cost is zero according to your reports. But a large and growing segment of your users is experiencing a complete outage. This is the hidden downtime that businesses miss.
Real-World Scenarios Where Separate Monitoring Catches Failures
These are not theoretical examples. Each represents a common operational failure that separate IPv4/IPv6 monitoring detects immediately:
Scenario 1: Firewall rule change breaks IPv6
A sysadmin updates the server firewall, adding new rules for a recently deployed application. The new iptables rules are correct. The admin forgets to update ip6tables. IPv6 traffic to the server is now blocked.
Without separate monitoring: No alert. IPv4 monitoring shows 100% uptime. Mobile users on IPv6-preferred networks cannot connect. The issue is discovered hours later through customer complaints.
With separate monitoring: The IPv6 monitor detects "connection timeout" within 1-2 minutes. An alert is sent immediately. The admin fixes the ip6tables rules before most users are affected.
Scenario 2: CDN edge drops IPv6 in a specific region
After CDN maintenance, the IPv6 services on a regional edge node fail to restart properly. IPv4 continues working. Users in that region connecting via IPv6 get timeouts.
Without separate monitoring: No alert. The CDN's own status page shows green (it monitors IPv4 health). Users in the affected region complain, but the team cannot reproduce the issue from their office.
With separate monitoring: The IPv6 monitor running from a probe in the affected region detects the failure immediately. The alert identifies both the protocol (IPv6) and the region, giving the team the information they need to contact the CDN provider with a specific, actionable report. Read more about CDN and IPv6 failure scenarios.
Scenario 3: SSL certificate not deployed to IPv6 listener
During a certificate renewal, the new certificate is installed on the IPv4 socket but the IPv6 socket still serves the old (now expired) certificate. Browsers display security warnings for IPv6 connections while IPv4 connections work normally with the new certificate.
Without separate monitoring: If the monitoring tool's SSL check connects via IPv4, it sees the valid certificate and reports no issues. IPv6 users see "Your connection is not private" and leave.
With separate monitoring: The IPv6 SSL monitor detects the expired certificate immediately and triggers an alert. The certificate is redeployed to the IPv6 listener before most users encounter the error.
Scenario 4: DNS propagation discrepancy
After a server migration, the A record is updated to point to the new server. The AAAA record is forgotten and still points to the old server, which is decommissioned.
Without separate monitoring: The monitoring tool resolves the A record, connects to the new server, and reports UP. IPv6 users resolve the AAAA record, connect to the decommissioned server, and get no response.
With separate monitoring: The IPv6 monitor fails immediately because the old server no longer responds. The alert triggers a DNS review that catches the stale AAAA record.
Scenario 5: Asymmetric performance degradation
A transit provider that carries your IPv6 traffic experiences congestion, doubling latency for IPv6 connections. IPv4 traffic routes through a different provider and is unaffected.
Without separate monitoring: Your response time graphs show low, stable latency (IPv4). You have no visibility into the IPv6 degradation that is making your site feel slow to mobile users.
With separate monitoring: The IPv6 monitor's response time graph shows a clear spike in latency. You can identify the timing, duration, and magnitude of the degradation and correlate it with transit provider status or regional connectivity data.
Who Is Affected When IPv6 Fails?
The impact of IPv6-specific downtime depends on your audience, but the affected population is larger than most teams expect:
- Mobile users in the US: T-Mobile (90%+ IPv6), Verizon Wireless (70%+), AT&T (70%+). The majority of US smartphone traffic is IPv6.
- India: Reliance Jio operates an IPv6-only mobile network serving hundreds of millions of subscribers. IPv6 failure means total loss of direct connectivity for these users.
- Europe: Deutsche Telekom, Sky UK, and other major ISPs have deployed IPv6 widely to residential and mobile customers.
- Search engine crawlers: Googlebot crawls over both IPv4 and IPv6. IPv6 failures can affect crawl quality.
- API consumers: If your API clients connect via IPv6 (common for cloud-hosted clients on modern infrastructure), an IPv6 failure breaks their integrations.
Google reports that over 45% of global connections to its services use IPv6. In the US, the figure exceeds 50%. Ignoring IPv6 monitoring is comparable to ignoring half your users.
What Separate Monitoring Gives You
Running independent IPv4 and IPv6 monitors provides several specific capabilities that a single monitor cannot:
1. Accurate uptime measurement
True uptime is the minimum of your IPv4 and IPv6 uptime percentages. If IPv4 is at 99.99% but IPv6 is at 99.5%, your real uptime is 99.5% for the portion of users on IPv6. Separate monitors give you both numbers so you can report honestly and prioritize fixes.
2. Faster incident detection
An IPv6-specific failure is detected within your check interval (typically 1-5 minutes) rather than waiting for user complaints (which can take hours, especially across timezones).
3. Protocol-specific alerting
When your alert says "IPv6 HTTP monitor DOWN - Connection timeout," your team immediately knows to investigate the IPv6 firewall, IPv6 listener, or AAAA record rather than spending time testing IPv4 connectivity that works fine.
4. Performance comparison
Comparing IPv4 and IPv6 response times over time reveals routing differences, CDN behavior discrepancies, and performance regressions that would be invisible in a single-protocol graph.
5. SLA compliance
If you publish an SLA to customers, that SLA covers all users, not just IPv4 users. Separate monitoring lets you measure and report actual availability across both protocols, protecting your credibility.
How to Set Up Dual-Stack Monitoring in UptyBots
Creating separate IPv4 and IPv6 monitors in UptyBots is straightforward:
- Create an IPv4 monitor: Add a new monitor for your target URL. Under Network Type, select IPv4. Configure your check interval, monitoring regions, and alert channels. Save.
- Create an IPv6 monitor: Duplicate the IPv4 monitor (or create a new one). Change the Network Type to IPv6. Keep all other settings identical so the two monitors are directly comparable. Save.
- Name them clearly: Use names like "example.com - HTTP IPv4" and "example.com - HTTP IPv6" so alerts immediately identify the affected protocol.
- Enable alerts on both: Configure email, Telegram, or webhook notifications on both monitors so you are alerted regardless of which protocol fails.
For a complete walkthrough with screenshots and advanced configuration options, see our step-by-step guide to setting up dual-stack uptime checks.
What to Monitor Beyond HTTP
HTTP checks are the most common, but comprehensive dual-stack monitoring should include additional check types depending on your infrastructure:
| Check type | What it catches on IPv6 | When to use |
|---|---|---|
| HTTP/HTTPS | Web server not listening on IPv6, wrong content, incorrect status codes | Every website and API |
| Ping (ICMP) | Firewall blocking ICMPv6, network unreachability, routing failures | Infrastructure and server monitoring |
| Port (TCP) | Specific ports not open on IPv6, service not bound to IPv6 socket | Non-HTTP services (mail, database, custom TCP) |
| SSL | Different certificate on IPv6, expired cert, chain issues | Any HTTPS endpoint |
For each check type, create separate IPv4 and IPv6 monitors to ensure complete coverage. The cost of adding a second monitor is minimal compared to the cost of an undetected IPv6 outage. Estimate the potential impact with our Downtime Cost Calculator.
The Bottom Line
IPv4 and IPv6 are independent systems that fail independently. Monitoring one does not protect you from failures in the other. As IPv6 carries an increasingly large share of internet traffic, undetected IPv6 outages represent an increasingly large gap between your reported uptime and your actual availability.
Separate monitoring closes this gap. It is not complex to set up, it does not require specialized knowledge, and it gives you visibility into a class of failures that no amount of IPv4 monitoring can detect. If you have not set up separate IPv6 monitors yet, do it today. Your IPv6 users -- who may account for 30-50% of your traffic and growing -- are counting on it.
For related reading: learn about the most common IPv6 connectivity issues, how to diagnose IPv6 failures with command-line tools, or explore the deeper question of IPv4 vs IPv6 monitoring.
See setup tutorials or get started with UptyBots monitoring today.