Use the ipv6_is_in_range function to check whether an IPv6 address falls within a specified IPv6 CIDR range. This is useful when you need to classify, filter, or segment network traffic by address range—such as identifying requests from internal subnets, geo-localized regional blocks, or known malicious networks.

You can use this function when analyzing HTTP logs, trace telemetry, or security events where IPv6 addresses are present, and you want to restrict attention to or exclude certain address ranges.

#For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

| eval inRange=if(cidrmatch("2001:db8::/32", src_ip), "yes", "no")

['sample-http-logs']
| extend inRange = ipv6_is_in_range(src_ip, '2001:db8::/32')

-- Using a hypothetical UDF
SELECT ipv6_in_range(ip_address, '2001:db8::/32') AS in_range FROM logs;

['sample-http-logs']
| extend inRange = ipv6_is_in_range(src_ip, '2001:db8::/32')

#Usage

#Syntax

ipv6_is_in_range(ipv6: string, cidr_range: string)

#Parameters

#Returns

A bool value:

• true if the IPv6 address is within the specified CIDR range.
• false otherwise.

#Example

Use this function to isolate internal service calls originating from a designated IPv6 block.

Query

['otel-demo-traces']
| extend inRange = ipv6_is_in_range('fd00::a1b2', 'fd00::/8')
| project _time, span_id, ['service.name'], duration, inRange

Run in Playground

Output

#List of related functions

• ipv4_is_in_range: Checks whether an IPv4 address is within a specified CIDR range. Use this function when working with IPv4 instead of IPv6.
• ipv6_compare: Compares two IPv6 addresses. Use when you want to sort or test address equality or ordering.
• ipv6_is_match: Checks whether an IPv6 address matches a pattern. Use for wildcard or partial-match filtering rather than range checking.