The Advanced IPv6-related protocols include Mobile IPv6 and IPsec.

The Security Architecture for the Internet Protocol, or IPsec, works by building secure tunnels at the IP layer through which the higher layer protocols pass without modification. In fact, applications need not even be aware of IPsec at all. IPsec for IPv4 and IPv6 are fairly similar, and for the most part, there is a single set of standards that cover both. The main difference is the almost universal presence of NAT in IPv4 (which hampers IPsec and requires complex workarounds) and total absence of it in IPv6.

IPsec provides three forms of security:

• Privacy (keeping others from being able to view the content of your transmissions), accomplished using the Encapsulating Security Payload (ESP) feature;
• Authentication (knowing for sure who the packets came from), accomplished with the Authentication Header (AH) feature;
• Message integrity (knowing any changes have been made to the data field or certain header fields such as the source and destination addresses), also accomplished with the Authentication Header (AH) feature.

The AH and ESP features are mutually independent. Administrators can choose to use neither, either or both, depending on your requirements. If only authentication and message integrity are required, only the AH feature is needed. If only privacy is required, the ESP provides it. If both are required, both AH and ESP can be used as there is no conflict between them.

Mobile IPv6 refers to technologies used to enable mobile devices to maintain connections on an IPv6 network. When mobile nodes change location, they may also have arbitrarily change how they access the network (for example, changing wireless access points or even passing through different wireless providers). Such changes would normally break existing connections requiring repeated retransmission of packets. Mobile IPv6 resolves this issue by using a specific “home” address assigned, for example, to a host or router that is always online using a DSL connection. The home address is consistently associated to the mobile node through which it is always reachable. When the mobile node changes network access, it automatically identifies and authenticates itself to the home device and re-establishes ongoing communications with other nodes.