IPv6 Asset Detection

Qualys CAPS supports IPv6-based asset detection. This enhancement adds packet-level visibility and processing for IPv6 traffic, enabling more comprehensive asset discovery in network environments. This support improves asset visibility in IPv6-only and dual-stack environments.

IPv6 detection is supported for the ICMPv6 Neighbor Advertisement and SSDPv6 protocols.

How CAPS Leader is Elected

CAPS considers the following rules when selecting a CAPS Leader in IPv4-only, IPv6-only, and dual-stack environments.

• When an IPv4 address is available, it is always used for election.
• On dual-stack hosts (IPv4 + IPv6), IPv4 takes precedence over IPv6 for election purposes.
• IPv6 link-local addresses participate in the election only when IPv4 is not present.
• Other IPv6 address types (for example, global unicast or temporary addresses) do not participate in the election process.

Each network interface is evaluated independently. The election address is selected per interface, based on the addresses configured on that interface.

CAPS Leader Election on Dual-Interface Host

The following are the supported interface configurations for CAPS leader election on dual-interface hosts:

• IPv4-only on both interfaces.
• Dual Stack (IPv4 + IPv6) on both interfaces.
• IPv4-only on one interface and Dual Stack (IPv4 + IPv6) on the other interface.

Behavioral Notes

The following are the limitations for IPv6 asset detection:

• On dual-interface hosts, if either or both interfaces are configured as IPv6-only, the election process fails on the IPv6-only interface. As a result, assets from the associated IPv6 subnet may not be reported.
• The IPv6 asset exclusion may fail if you exclude only one IPv6 address for the asset, as that asset may have multiple valid IPv6 addresses.
  Workaround: To reliably exclude an IPv6 asset, use its MAC address instead of the IPv6 address.
• Do not add a link-local IPv6 address range (FE80::/10) in the CAUI configuration along with a DNS suffix.