Use the ipv6_is_in_range function to check whether an IPv6 address falls within a specified IPv6 CIDR range. This is useful when you need to classify, filter, or segment network traffic by address range—such as identifying requests from internal subnets, geo-localized regional blocks, or known malicious networks.

You can use this function when analyzing HTTP logs, trace telemetry, or security events where IPv6 addresses are present, and you want to restrict attention to or exclude certain address ranges.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

ipv6_is_in_range(ipv6: string, cidr_range: string)

Parameters

NameTypeDescription
ipv6stringThe IPv6 address to check.
cidr_rangestringThe IPv6 CIDR block (e.g. '2001:db8::/32').

Returns

A bool value:

  • true if the IPv6 address is within the specified CIDR range.
  • false otherwise.

Example

Use this function to isolate internal service calls originating from a designated IPv6 block.

Query

['otel-demo-traces']
| extend inRange = ipv6_is_in_range('fd00::a1b2', 'fd00::/8')
| project _time, span_id, ['service.name'], duration, inRange

Run in Playground

Output

_timespan_id[‘service.name’]durationinRange
2025-06-28T11:20:00Zspan-124frontend00:00:02.4true
2025-06-28T11:21:03Zspan-209cartservice00:00:01.1true
  • ipv4_is_in_range: Checks whether an IPv4 address is within a specified CIDR range. Use this function when working with IPv4 instead of IPv6.
  • ipv6_compare: Compares two IPv6 addresses. Use when you want to sort or test address equality or ordering.
  • ipv6_is_match: Checks whether an IPv6 address matches a pattern. Use for wildcard or partial-match filtering rather than range checking.