As Steve Gibson said in last "security now" podcast, almost all current network equipment is not working with IPv6 packets for now. Is that really the case ?
Edit from initial post: Hub and switches are working on level 2 and so, not concerned.
If so, do you think manufacturer (like Cisco, Netgears, 3Com and so on) will release firmware update to upgrade them to fix that issue ? Or will they tell us to buy new stuff ?
Also, by the way, as IPv6 are much bigger than IPv4 address, will upgraded network equipment performance be much slower than with IPv4 (because addresses cache will contains less IPv6 address than IPv4 ones, and cos more processing power will surely be necessary to process packet) ?
I know IPv6 is not really needed inside a LAN today (because NAT is working great) but I would have your opinions on that subject.
Any ethernet switch should be able to switch IPv6 packets without any difficulty, subject to the following caveats:
Routers, on the other hand, cannot route IPv6 unless they explicitly understand the protocol.
One thing the other answers don't mention is that I have yet to see a switch that can do the equivalent of DHCP snooping and arp inspection with IPv6.
This is a showstopper for many uses (FTTH).
As for performance, take Cisco 7600 routers as an example; Half the pps (packets per second) performance on IPv6.
(http://www.cisco.com/en/US/prod/collateral/routers/ps368/product_data_sheet0900aecd8057f3b6.html)
There is also the issue of IPv6 taking more room in the TCAM, but due to IPv6 being more aggregated (now and in the future, we hope) this won't be an issue during that platforms lifetime.
I would like to add that I disagree with your statement that "NAT is working great". No. It isn't. Adequately maybe, but there are many real problems. And you may not see them because you're so used to them.
Lots of current service provider/enterprise routers support IPv6. This is somewhat misleading though; while most equipment you buy today will support IPv6, large swathes of the Internet is built on hardware that dates from several years ago, back when IPv6 support (particularly in hardware) was not a priority. Also, IPv6 implementations in consumer routers are still in their infancy.
In terms of firmware upgrades for existing kit; lots of equipment is built with hardware designed for the efficient forwarding of IPv4 packets, with 32-bit addresses. It's not really feasible to upgrade these types of devices to be IPv6 compatible. For CPU based platforms, with no specific packet forwarding hardware, a firmware upgrade is possible. However, as you have pointed out, given the size of IPv6 addresses, older devices will most likely lack the memory/cache to perform well in an IPv6 environment. (Although with the reduced NAT requirement in IPv6, a large chunk of memory is freed up for use).
Also, have a look at this question, regarding how much IPv6 is really in use today.
In the USA, many or perhaps most of the Internet Service Providers are not commonly offering IPv6 connectivity. IPv6 access is available for purchase, but to my knowledge, the service carries a premium. In 2006, I was told that IPv6 connectivity was being widely used in some markets - I believe that China was named as an IPv6 market.
Most commercial network gear, e.g., not USA consumer products, supports IPv6 routing and dynamic routing protocols. Microsoft OS products all support IPv6, and most Linux and FreeBSD distributions have supported IPv6 for over ten years.
The IETF working group does have the experience of IPv4 to guide their engineering efforts, so it may be that IPv6 will introduce little, if any, performance degradation. The biggest complaint I have heard about IPv6 is that it, at least in the past, required that all hosts be directly reachable by all other hosts, i.e., have a public Internet address. Some security engineers thought this was a bad idea.
The Cisco Catalyst 3750 Series Switches support hardware based routing of IPv6, but Cisco currently charges for this feature to be enabled. I think I remember hearing a rumor that a later IOS release will enable it for no additional cost because a lot of people complained about it costing extra. These switches have been available for at least 6 years.
If Cisco's reputation is to be believed, they will probably focus mainly on making people buy newer stuff. They will add the option to older equipment for a price, and if enough paying customers complain, they might consider adding the feature for no additional cost if you have a service contract.
First question: "almost all switchs and routers are not working with IPv6 packets"
Depends on your definition of "working". Most products are able to do routing/switching with IPv6 you will run into problems if you turn of IPv4 as most management interfaces are IPv4 only. In short: Feature equality is not given for most devices regarding IPv6 vs. IPv4
Second: New Firmware vs. New Investements
My guess is that for the larger product series there will be firmware upgrades, but the small to mid networking equipment won't get firmware updates so that they will have feature equality in IPv6 and IPv4
As soon as you start running IPv6 and IPv4 in parallel at least your routing tables will grow on the routers (after all you need to be able to route both protocols), so it will be more demanding to your infrastructure. I don't think the average company will have to investigate, larger infrastructure may have some issues thou
The vast majority of hardware installed in Service Provider cores can forward IPv6 packets. There may be issues with the rate of forwarding or memory requirements but they will do it as long as they are configured for it and that relevant licenses / software versions are installed.
The place where the majority of equipment cannot support v6 is at the customer edge. I am not aware of any off the shelf commodity CPE (i.e. sub $100) capable of IPv6. No one is going to be able to roll IPv6 out on consumer grade broadband while they have to pay hundreds of dollars for Cisco hardware to do the job.
The main problem with IPv6 support comes from security gear and it is true that almost all firewalls do not yet support IPv6. However, you can build an IPv6 firewall using FreeBSD, OpenBSD or Linux, it's just that the commercial products don't yet support it.
Support is best in routers and servers. Client desktops are a bit behind because there are still a lot of Windows 98, MacOS 9, and similar old machines in operation.
Major network providers are doing a lot of IPv6 trials internally and most have already got customers hooked up to their trial IPv6 services, but they are not putting enough pressure on vendors across the board. What is likely to happen is that in 2011, we will run out of IPv4 addresses, and network operators will be ready with their full-blown IPv6 Internet access service. But many organizations will then discover gaps in IPv6 support that put them between a rock and a hard place because the only way to get IPv4 network access will be to take over someone else's connection. Expect large ISPs to start forcefully migrating consumers to IPv6 in order to free up IPv4 addresses to keep their enterprise customers happy.