Connecting to Azure IoT Hub using IPv6 devices

Posted by

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .



This article introduces an approach to connect IPv6 devices to Azure IoT Hub.


Azure IoT Hub

Azure IoT Hub is a crucial component in the Internet of Things (IoT) ecosystem, designed to facilitate seamless communication between IoT devices and the cloud. It plays an indispensable role in connecting, monitoring, and managing large networks of IoT devices, making it a cornerstone for businesses across various industries. Azure IoT Hub not only ensures secure and reliable device-to-cloud and cloud-to-device communication but also provides features like device provisioning, scalability, and integration with Azure services, making it a fundamental tool for harnessing the power of IoT. For more details, please follow – Azure - IoT Hub documentation


Emergence of IPv6 IoT Devices

With the rapid proliferation of IoT devices, the need for a larger address space and improved network capabilities has led to the emergence of IPv6-enabled IoT devices. IPv6 provides a vastly expanded address pool, which is essential for accommodating the growing number of devices in IoT ecosystems. As IoT continues to evolve and diversify, the adoption of IPv6 for IoT device connectivity is becoming increasingly prevalent, ensuring that devices can connect and communicate efficiently and securely in a connected world.



At this moment, some of the Azure services including Azure IoT Hub does not natively support IPv6 device connectivity or communication. However, this can be achieved by deploying an IPv6-to-IPv4 gateway that can bridge the gap between IPv6-enabled devices and Azure IoT Hub, facilitating communication and data exchange.

In the architectural flow mentioned below, our Nginx act as a proxy stream server which translates the IPv6 address to IPv4 address.


Architectural overview


Please note: The entire communication from device to IoT Hub happens over port 8883.

As shown in the above diagram, this setup involves below major Azure services:

  1. Public Azure load balancer with IPv6 frontend IP.
  2. Dual stack (IPv4 & IPv6 enabled) virtual machines as a load balancer’s backend.
  3. Nginx running as a streaming server on the virtual machines.
  4. IoT Hub enabled with private endpoints.
  5. Azure storage account enabled with private endpoints.


Resource deployment and configuration


Dual stack NIC


az network nic create \
--resource-group <resource_group> \
--name <nic_name> \
--vnet-name <vnet_name> \
--subnet <subnet_name> \
--private-ip-address-version IPv4

az network nic ip-config create \
--resource-group <resource_group> \
--name <config_name> \
--nic-name <nic_name> \
--vnet-name <vnet_name> \
--subnet <subnet_name> \
--private-ip-address-version IPv6


Dual stack network virtual machine


az vm create --name <vm_name> \
--resource-group <resource_group > \
--admin-username '<username>' \
--admin-password '<password>' \
--nics <nic_name> \
--image Ubuntu2204


Standard SKU public IPv6 IP


az network public-ip create \
--name <public_ip_name> \
--resource-group <resource_group> \
--allocation-method Static \
--sku Standard \
--version IPv6


Public Azure load balancer


az network lb create \
--resource-group <resource_group> \
--name <lb_name> \
--sku Standard \
--frontend-ip-name <fip_name> \
--public-ip-address <public_ip_name>

az network lb address-pool create \
--resource-group <resource_group> \
--lb-name <lb_name> \
--name <backend_pool_name>

az network nic ip-config address-pool add \
--resource-group <resource_group> \
--nic-name <nic_name> \
--ip-config-name <config_name> \
--lb-name <lb_name> \
--address-pool <backend_pool_name>

az network lb probe create \
--resource-group <resource_group> \
--lb-name <lb_name> \
--name <hp_name> \
--protocol Tcp --port 8883

az network lb rule create \
--resource-group <resource_group> \
--lb-name <lb_name> \
--name <rule_name> \
--protocol Tcp \
--frontend-port 8883 \
--backend-port 8883 \
--frontend-ip-name <fip_name> \
--backend-pool-name <backend_pool_name> \
--probe-name <hp_name>


For more details, please followAzure - Deploy an IPv6 dual stack application


Setting up Nginx stream server


Installing Nginx


Please note: We have used the Ubuntu, commands may be vary depending upon the OS flavour.


$ sudo apt update
$ sudo apt install nginx
$ systemctl status nginx



Configuring Nginx


Edit Nginx configuration:


$ vi /etc/nginx/nginx.conf


Paste the following block:


stream {
        log_format detailed '$time_iso8601 $remote_addr [$proxy_protocol_addr] [$server_addr:$server_port] $protocol $status $bytes_sent $bytes_received $session_time';
        access_log /var/log/nginx/access.log detailed;
        server {
                listen [::]:8883;
                proxy_pass <IoT_Hub_Host_Name>:8883;


Test the Nginx configuration:


$ nginx –t


Nginx reload for the latest configuration:


$ nginx –s reload


Verify the listening ports:


$ netstat –tulpn | grep 8883



NSG configuration


Since the communication happens via Azure load balancer which is a layer 4 load balancer, the traffic initiated by IPv6 devices is forwarded as it is to VM by load balancer keeping the session intact.

Hence, we have to allow the traffic for devices on the NSG level. For more details, please follow – Azure - Create, change, or delete a network security group


Sample NSG rule

NSG rule parameter

NSG rule value


IP Addresses

Source IP addresses/CIDR ranges

Device IPv6 Address

Source port range



IP Addresses

Destination IP addresses/CIDR ranges

Nginx VM IPv6 Address



Destination port ranges







Route device messages to Azure storage


You can also leverage message routing feature of IoT Hub to route the messages to Azure storage account. Follow the document for the same – Azure - IoT Hub message routing


Validating entire setup


  1. Setup an Azure virtual machine with Public IPv6 address.
  2. Map the custom host entry for IoT Hub hostname:
    • edit /etc/hosts
    • add custom entry as mentioned below:
      <lb_ipv6_fip> <iot_hub_hostname>
  3. Download the IoT Hub required certificates from – Azure Samples – IoT MQTT Sample - IoTHubRootCA
  4. Convert pem to crt file by using below command:
    $ openssl x509 -outform der -in IoTHubRootCA.crt.pem -out IoTHubRootCA.crt
  5. Trust the certificate:
    $ cp IoTHubRootCA.crt /usr/local/share/ca-certificates/
    $ sudo update-ca-certificates
  6. Follow the guide to generate messages using sample code - Using MQTT to connect an IoT Hub with Python
  7. Install paho-mqtt client:
    $ pip install paho-mqtt
  8. Get the sample code from the same repo – Sample code
  9. Generate SAS token for your device by using following command:
    $ az iot hub generate-sas-token -d <device_id> -n <hub_name>
  10. Modify the sample code by adding below details:
    • IoT Hub name
    • Device ID
    • SAS token
  11. Run the code i.e. python file.
  12. Observe the traffic in following ways:
    $ tail –f /var/log/nginx/access.log
    $ tcpdump port 8883
    Azure > IoT Hub > Metrics > Select metric as telemetry message sentvidya_0-1699993984895.png

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.