diff --git a/.changelog/22773.txt b/.changelog/22773.txt
new file mode 100644
index 000000000000..9d4df2317969
--- /dev/null
+++ b/.changelog/22773.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+connect: default upstream.local_bind_address to ::1 for IPv6 agent bind address
+```
\ No newline at end of file
diff --git a/agent/structs/connect_proxy_config.go b/agent/structs/connect_proxy_config.go
index 5c82aac82419..aadc9f01018e 100644
--- a/agent/structs/connect_proxy_config.go
+++ b/agent/structs/connect_proxy_config.go
@@ -460,7 +460,8 @@ type Upstream struct {
 	Datacenter string
 
 	// LocalBindAddress is the ip address a side-car proxy should listen on for
-	// traffic destined for this upstream service. Default if empty is 127.0.0.1.
+	// traffic destined for this upstream service. Default if empty is 127.0.0.1 for IPv4
+	// or ::1 if IPv6 agent bind address.
 	LocalBindAddress string `json:",omitempty" alias:"local_bind_address"`
 
 	// LocalBindPort is the ip address a side-car proxy should listen on for traffic
diff --git a/connect/proxy/config.go b/connect/proxy/config.go
index c72bdbfed06e..c7064a328e6c 100644
--- a/connect/proxy/config.go
+++ b/connect/proxy/config.go
@@ -5,6 +5,7 @@ package proxy
 
 import (
 	"fmt"
+	"github.com/hashicorp/consul/agent/netutil"
 	"net"
 	"strconv"
 	"time"
@@ -19,6 +20,11 @@ import (
 	"github.com/hashicorp/go-hclog"
 )
 
+const (
+	defaultIPv4LocalBindAddress = "127.0.0.1"
+	defaultIPv6LocalBindAddress = "::1"
+)
+
 // Config is the publicly configurable state for an entire proxy instance. It's
 // mostly used as the format for the local-file config mode which is mostly for
 // dev/testing. In normal use, different parts of this config are pulled from
@@ -115,7 +121,12 @@ func (uc *UpstreamConfig) applyDefaults() {
 		uc.DestinationPartition = "default"
 	}
 	if uc.LocalBindAddress == "" && uc.LocalBindSocketPath == "" {
-		uc.LocalBindAddress = "127.0.0.1"
+		dualStack, _ := netutil.IsDualStack()
+		if dualStack {
+			uc.LocalBindAddress = defaultIPv6LocalBindAddress
+		} else {
+			uc.LocalBindAddress = defaultIPv4LocalBindAddress
+		}
 	}
 }