In a network monitoring system, the source and destination Internet Address of network traffic forms the basic key for most data viewing and indexing. This presents particular problems in the transition from IPv4 to IPv6.
When an IPv4 network monitor is enhanced to support IPv6, the indexing of all data must now cope with the larger address space. Further, the introduction of IPv6 into the network does not remove the need to monitor IPv4. Essentially, the monitor goes from being a single protocol to a multi-protocol monitoring device.
Even so, IPv4 and IPv6 are functionally equivalent in the network, and we would hope that the monitor would embody this fact. For example, a security attack in HTTPv4 exercises the identical client software in HTTPv6. What is needed is a security monitor that ensures that a policy to detect one Internet Protocol detects the other, without the need for user intervention or reprogramming of policy.