Now I'm forced to move these things back to IPv4. My home ISP has first moved off static delegations in favor of dynamic ones via DHCPv6, and then broke IPv6 routing completely  and after a few weeks of me complaining still seemingly has no interest in fixing it. The place I work for now has no IPv6 connectivity and has no plans for it in the future. Many people I talk with don't believe that IPv6 is the future and I commonly hear that they have forcibly disabled it on their computers due to this or that random problem.
Having an "ipv6" configuration option in your software, which defaults to false, falls into the latter group. (Hello, Docker!)
It's been a steady linear increase for the past three years, now over 30%.
Interestingly, zoom in to 2020, and you'll see the effect of the coronavirus lockdown--all those home workers and people in self-isolation on IPv6 rather than on IPv4-only work networks.
With the increase in dependence upon cloud computing and containers, I believe that one of the big blockers today is the poor support for IPv6 by cloud providers and by docker and other virtualisation/container systems. Their lack of IPv6 support is what precludes wider adoption on client systems and internally in companies. Pervasive IPv6 support would be reason to use it, but right now it's a hindrance.
Of course it doesn't help that a lot of software (hello pfSense) is written around the idea that everybody will get a static /56 or similar that'll never ever change. Which is a pretty silly assumption IMHO.
At the moment I'm only asking for a /60, because that's all I need, but I strongly suspect that a /56 or even larger is easily available.
Disabling IPv6 because of some -maybe imagined- problem is akin to disabling every new tech because it might be to blame. Tech will just progress one admin funeral at a time here.
I've had very real IPv6 problems at home, which has caused me to disable it for long stretches. I turn it back on every now and then to see if life has improved though.
Most of my issues have been down to my ISP only handing out a dynamic /64 prefix. Apparently that's not how you do it and the software side doesn't seem to want to accommodate that, but that's what I got so...
Yes, this is my biggest issue with the move to dynamic prefix delegation as well. Delegated prefix change seems to be handled very badly in the stack. It basically breaks all your IPv6 connectivity until LAN hosts get to renew their DHCPv6 leases and/or SLAAC autoconfiguration. Even connectivity between hosts on the LAN will break, since their addresses will slowly change while they update.
The funny part is that I now have a static IPv4 and a dynamic IPv6 - a situation I would never imagine could happen.
For me it basically breaks all connectivity, because pfSense tells LAN clients to use the public IPv6 address for DNS. So when the prefix changes pfSense updates its public IP, but LAN clients still try to use the old address for DNS resolution.
I've tried to get pfSense to only use IPv4 for DNS address, but I've so far been unsuccessful.
There's also the issue of updating firewall rules.
When I was with my old ISP, we'd have our prefix dynamically delegated so I gave important servers ULA addresses. I then used some iptables scripts to allow traffic to my IPv6 services by looking only at the host part of the address, so if the prefix changed, the firewall rules would still be valid and allow access. That coupled with dynamic dns made it possible to still have a reasonably good network.
Since my new ISP gives us static everything, it's all so much easier. I really don't get the point of PD for IPv6. Or atleast, do PD but always assign the same prefix.
IPv6 allocation rules. They wanted to avoid the situation that happened with IPv4, so the address block are licensed for use and renewed on regular basis, so they can change. There's no such thing as fixed or static IPv6 address, it is dynamic, turtles all the way down. Hence DHCP-PD.
See also "Address space not to be considered property" (section 4.1) in the "IPv6 Address Allocation and Assignment Policy" (https://www.ripe.net/publications/docs/ripe-552#property)
This is directly contrary to what I've heard. Maybe my information is bad, or out of date, but I had thought that IPv6 addresses were meant to be static. I thought one of the selling points was that we couldn't run out of IPv6 addresses, as they were so numerous. If we're going to keep them dynamic, why even force this monstrous 128-bit number on us?
IPv6 addresses should be more static short to medium term, because you don't have to reassign. Your local pool is basically infinite, so e.g. a client logging off the WiFi doesn't mean you immediately have to recycle the address. The local part (the latter 64 bits) is enough for everything and everyone.
Now, the first 64 bits should be used for routing, which should preferably be more hierarchical than with IPv4. The idea was that a customer/company/small ISP would get a prefix assigned that was below the hierarchy of the upstream ISP (with IPv4, that hierarchy isn't possible because there aren't enough address bits, and lots of lower-tier customers got their own subnets). So a large ISP might be assigned 2345::/16, assign 2345:6789::/32 to a smaller ISP who might assign 2345:6789:abcd::/48 to a customer (who then will do more subnetting with that). That keeps the global and local routing table small, since everyone just needs to look at the address prefix to know where to route to. If the customer now moves to another ISP, he is assigned a new prefix (e.g. 4711:f0f0:666::/48) by the new ISP and needs to renumber, meaning that all the customers addresses keep their suffix but change their prefix. Protocols like SLAAC where designed as stateless to support (among other things) quick and easy renumbering. Just announce the new prefix, wait a TTL and you are done. Clients automatically switch over to the new addresses, in an ideal world this is mostly transparent to the end user.
In the new millenium, especially after Snowden, the argument of privacy got stronger, meaning that randomised local /64 suffixes are now en vogue, as opposed to the earlier MAC-based static suffixes.
Therefore everything is more dynamic and also more static ;)
Some ISPs consider it critical, but most don't. If they have enough IPv4 addresses, given that there's no high profile IPv6 only things, and that Happy Eyeballs is fairly well implemented, only a couple people are going to notice. Also, given the success some large networks are having with deploying IPv6, there's less pressure on IPv4 resources.
Happy Eyeballs itself is a compromise --- it hides broken configurations, so people who could fix things might not notice / be told IPv6 is broken, but it also hides broken configurations so people who can't fix things don't just turn off IPv6 forever, which leads to higher use when it does work.
It is their choice to make not anyone else's. They could be right. It might not be the future. I am one of those non-believers. I would love an improved protocol but I do not see IPv6 as the right fit. I think it is no coincidence that the providers are having problems with offering it to customers. Networking is complex and error-prone enough without IPv6. It is less so with IPv6? We know what the IPv6 zealots will say. Beware of "analyses" that focus solely on benefits without considering costs.
NAT, split DNS, VPNs, RFC1918 clashes and renumbering... this stuff isn't free, and most of it is totally unnecessary when you have enough address space.
Dual-stacked eyeball ISPs see over 50% of their traffic go via native v6. If they're CGNATing then that corresponds to a substantial drop in the amount of traffic that needs to be CGNATed, and therefore also a corresponding drop in the cost of the hardware needed to do it.
a) DS Lite, with /64 prefix (no /56, no PCP), with mandatory ISP provided crapbox as the router;
b) public static IPv4, no IPv6 at all, with any router I want.
It is obvious which option I took.
To my knowledge, nothing was ever moved off IPv4. IPv6 was setup in parallel, but IPv4 was never removed.
There are patches and extensions doing MAC address based assignments, but those are only sparsely supported in network hardware and software.
For the configuration tasks that DHCP also is used for beyond address assignment, there are better alternatives like anycast, zeroconf and SLAAC extensions. The only thing that would make DHCP useful again in 2020 would be strong cryptographic authentication for devices, maybe tied in with 802.1x and MAC layer encryption.
Therefore I think android is just ahead of the curve in getting rid of DHCPv6.
Read the fine article. The reasons are mostly the same as DHCP on v4. The ability to assign a specific IP to a specific device for what ever reason: Adding reverse DNS, tracking given IP to specific device etc.
It might not be useful against hostile actors (just like ipv4 DHCP) but its perfectly fine for everyone else.
And the specific argument that "Using it might encourage nat on ipv6" is about as condescending as saying "Using your computer might encourage you to look at naughty pictures".
Android is now the ONLY operating system that doesn't support this and in many ways is harming the uptake of IPV6 because of this. Not being able to use DHCPv6 for Android reduces the chances of an organisation using DHCPv6 for everything else which reduces the pressure on vendors to fix any DUID bugs.
Things could be fixed, but since historically the DHCPv6 standard has not included those fixes and just added them later as extensions, things look rather grim for boot firmware and network equipment.
If you need a proper device identification that cannot be faked, you are out of luck in any case. Therefore my suggestion of a possible next-generation protocol that would also solve the problem of confirming device identity by proper cryptographic authentication.
Also, DUID behaviour is not buggy, your own post cites DUID stability as "SHOULD NOT change". So all the changing DUIDs are conformant. The standards were broken from the beginning and it is too late to change them now.
DUID-LL is link layer address based and if your link layer address is a burned-in MAC you can definitely just scan a barcode, generate a DUID-LL from it and look for that DUID in your DHCP traffic. Your product could use a run-time generated DUID-UUID or some other scheme that can't practically be printed on the product, but on the other hand a DHCP (v4) using product could randomize its link layer address on every boot to the same effect.
As for random hardware and software products on the network: It would be nice for criteria like "proper IPv6 support" to be blockers, but they aren't for lack of choice. Almost no product out there has anything resembling proper IPv6 support. Just try some fresh deployment of anything in a IPv6-only network, I dare you :)
There are a few things that have a problem (mostly games, for some reason), but not many. Though I could imagine "enterprise-grade" software, which often seems to be worse than open-source software, having similar problems.
Note personally I also use SLAAC on my network.
- DNS search paths can be set with RFC8106 RA options
- Changing DNS servers can be done the same way via RA options or via Anycast addresses
- tracking IP-host-assignments are better done with 802.1x, MAC filters and ARPwatch/NDwatch (One might use DHCP snooping, but that is usually broken with DHCPv6, also in this case, the security is in the snooping and blocking part, not the DHCP part). Everything else is really easy to fake and therefore useless.
- WLC options are only relevant in the control network of your WIFI which shouldn't really be shared with any android device
- VoIP phones should be a separate ESSID/VLAN/network because of QoS and security anyways. Also, most VoIP equipment doesn't properly handle IPv6 anyways, Let alone IPv6-only.
The only arguments left are: hostname registration and "everybody else is doing DHCPv6". Those are not bad arguments, but maybe don't justify the added support complexity for the android devs.
> Whether the UUID is per host, hardware, boot or phase of the moon or just random is essentially random
Should we fault the protocol for its implementations failing to satisfy what I think are very clear MUSTs and SHOULDs in RFC3315? A DUID is used by anything that wants to be uniquely identified as a DHCP client or server. The basis of the assignment must not matter to either the server or client and the value should be treated as opaque. It should not change over time if at all possible. It could be based on a MAC address (as DUID-LL or DUID-LLT) but it shouldn't matter to anyone consuming the DUID, because they MUST NOT be interpreted and only ever be compared for equality. A unique DUID should simply be considered as a unique client.
I don't know what about these requirements is so fundamentally hard that "DHCPv6 is broken" because of it. Plain DHCP essentially has the same limitation in that there is no guarantee that a client will consistently use the same link layer address.
You don't need to interpret a DUID. You can take a MAC address and generate a DUID-LL from it according to RFC 3315, then look for that in the DHCP traffic without ever interpreting DUIDs by simple equality comparison, while simultaneously scanning the DHCP (v4) traffic for the MAC you derived the DUID from.
And if the thing you're looking for is not using DUID-LL, you're just as screwed as if your IPv4 product is randomizing its MAC address.
Also, there is still the problem of forcing devices into DUID-LL mode which is neither the default nor common. This requires manual configuration which is very bad for any large-scale use case.
Yes it is. Nowhere in this process do I need to take an existing DUID and treat it as anything other than an arbitrary sequence of bytes to be compared to another arbitrary sequence of bytes.
> Also, there is still the problem of forcing devices into DUID-LL mode which is neither the default nor common.
So maybe your use-case simply isn't common, perhaps because there are numerous ways to solve it that don't involve relying on ideal behavior in both DHCP v4 and v6 servers and clients. Take RFC 6939 for example, or just plain hostname based name assignments.
Then of course, so is printing a barcode sticker representing the MAC address of the box you're installing. The basis for any solution that is going to let you install hundreds of hosts comfortably is the manufacturer going out of their way to support that, regardless of whether you're using plain DHCP or DHCPv6.
Also, DHCPv4 still uses MAC addresses, if one uses dual stack as opposed to v6-only, one might want to correlate the v4- and v6-address given to a device.
With DHCPv4 I can rely on the mac address being used and forwarded in a DHCPv4 request and I can rely on the MAC address sticker to be present and accurate. And while it is possible for an operating system to randomise MAC addresses, it is uncommon enough. Most OSes also won't randomise MACs if the network "looks enterprisey" (e.g. uses WPA2-Enterprise) to them.
DHCPv6 dropped the ball right at the start and is now unable to pick it up again. The reality of DHCPv6 implementations has developed into a thicket of opaqueness and uselessnes, which cannot be unravelled I fear.
That is not a property of the DHCP (v4) protocol. My argument isn't that the situation is messy; it's that DHCPv6 is not broken. The only extent to which anything you've said has supported that conclusion is that yes, it's as broken as plain DHCP.
The use case you describe (consistent addressing based on MAC and simple correlation of IPv4 and IPv6 addresses) can be solved in numerous ways, for example using MAC derived name assignment or multicast DNS. It's solved in my home network, why isn't it in your enterprise network? Why make yourself dependent on what's printed on the box?
DUID-LL in DHCPv6 usually doesn't work, except with special configuration, for which I have to boot, configure the PXE firmware (if it is even configurable) and the OS (which isn't even installed yet). This doesn't fly in an enterprise network, where I don't want to unpack, boot and manually configure each and every device. Ideally, I never open the box, scan some printed-on barcodes and pass it on to the future user of the new device. After unpacking and cabling, installation and setup is automatic. This is totally different from home networks, where manual configuration is acceptable and usually easier.
So again, this happens when you're using products in an enterprise network that don't "fly in an enterprise network". Instead of addressing these products directly for what is obviously a flaw in their implementation that concerns you, you say that this is DHCPv6 at fault. If PXE and your OS don't offer defaults that would make them fly in an enterprise network, they're to blame.
> This is totally different from home networks, where manual configuration is acceptable and usually easier.
Regardless, when a host connects to my home network and starts talking DHCP, v6 or v4, it gets a name assignment corresponding to its hostname. Thanks the RFC 6939 option this could just as easily be based on the MAC address. Whether manual configuration would have been acceptable in my home network case is completely irrelevant to the point.
There is a cycle in many enterprises where someone asks "could we implement IPv6?". Then things like these come up, everybody looks at discussions like ours where there are pie-in-the-sky arguments about "you could just pick the right software/hardware" and "you could change it like that".
The conclusion will inevitably be: IPv6 isn't there yet, because it's too much work for little benefit. Too many changes in existing processes, too much risk. Then the IPv6 topic is dead again, maybe for two or three years until someone asks again. This has been going on for almost 20 years now. If you have ever been wondering why enterprises usually don't do IPv6, there is your reason. The braindamage that is DHCPv6 along with the false claims of "if you want 'enterprise' and 'managed networks' you need DHCPv6" is a large part of it.
I have no idea how things would get any better, however, DHCPv6 is recognizably a dead end.
So you call people out for their shoddy products until the SHOULDs are practically adopted as MUSTs. Is there a legitimate reason for some network appliance with any form of persistent storage that you can write to once or more to use different DUIDs through its lifetime? Nope. If it does it's badly implemented. Do burn-in, just like you do with MAC and print the DUID on the box, just like you do with MAC. How you achieve that is no concern of the DHCPv6 protocol, just as how the MAC address is derived or whether it's printed on the box is no concern of the DHCP (v4) protocol.
Perhaps one can say that there is a lack of standardization in the area of human friendly physical machine to address mapping. DHCPv6 and DHCP (v4) are not those standards. Instead we have the ad-hoc practice of printing MAC address stickers which could just as easily be the ad-hoc practice of printing DUID stickers if not for an apparent complete lack of imagination on the implementers' part.
> The conclusion will inevitably be: IPv6 isn't there yet, because it's too much work for little benefit. Too many changes in existing processes, too much risk.
Of course if there is little benefit to you, replacing your existing infrastructure and processes is going to be a high relative cost. This is true of any new technology, especially for an enterprise where existing infrastructure and processes were not exactly conjured in a day.
Even the operating systems, with persistent storage in the form of harddisks get this wrong: a DUID is reassigned on every reinstall, at least. MAC addresses are convenient since they are basically global serial numbers in the form of ROM, fuses or similar. Only later were MAC addresses generated on the device by a RNG. There is just no hope for the DUID situation to ever get better, meaning DHCPv6 will never get useful.
> Of course if there is little benefit to you, replacing your existing infrastructure and processes is going to be a high relative cost. This is true of any new technology
No, it isn't. There are technologies that are designed to be easy to migrate to newer versions. Usually one doesn't notice those, because of the lack of problems. E.g. going from Ethernet to WiFi is relatively simple because of the intentional huge similarities. Upgrading a HTTP server from 1.0 to 1.1 to 2 doesn't change a lot in your processes, although there are huge differences especially from 1.1 to 2. TLS 1.3 looks completely different from 1.2 on a protocol level, but it was designed with upgrades in mind. To an admin or end user, it is practically the same.
Other technologies, e.g. POP3 vs. IMAP or cloud-based vs. physical computing can easily run side-by-side.
IPv6 is lacking in both methods of migration. You can't transparently upgrade (which would be hard to accomplish because of the different addresses). And you can't run it side-by-side easily, because of problems like the lacking DHCPv4/DHCPv6 correspondence. I would argue that IPv6 would be much more of a success if designers had not purposefully ignored that.
As for v6 autoconf not working exactly the same as DHCPv4 does, it's not like they purposely ignored it. Remember that DHCPv4 was being standardized at about the same time IPv6 was, and it wasn't really ubiquitous until a good half a decade afterwards. The RFC for router advertisements in v4 was published two years before even DHCP was, and there were various other ways of doing autoconf. It's not reasonable to expect them to have known that DHCP would win.
Any care to substantiate, why they are weak?
I'm going to substantiate, why their argument is strong:
1) With DHCPv6, the network operator can force your device to obtain only single IP address. With SLAAC, you can invent your own, any amount you want, it just has to be within the same subnet; the /64, smallest subnet, is pretty huge.
2) For tethering with IPv6, you need multiple IP addresses. You cannot do NAT as you do with IPv4.
Therefore, with IPv6, telcos could disable the tethering function of the phones / charge extras, just by suitably configuring their network. It is obvious, that the major supplier of mobile OS won't allow doing that. Hence, no DHCPv6.
I definitely don't want to see NAT with IPv6, but what makes it impossible?
In the end, since OVH even after being asked for years offer no option for /64s on VPSes, I moved to Hetzner, where a VPS gets it's own /64, so only I am responsible for my mail server's reputation.
One of the reasons was that Hetzner assigns ipv6 addresses in /64 blocks.
Rent an ipv6 enabled vps: get a /64.
Rent an additional "floating ip": get a /64.
The "nat is evil" objection was a moral high horse in the IETF around the time that Android adopted this policy. They may have a point but its largely irrelevant in the real world.
That being said these arguments are very narrow focused anyways and that's the real reason they are weak - phones connect to more than just the telco provider which is what the article covers.
So if your network admin does that, surely they have good reason, they basically want to stop you using 464xlat. Any good network admin should allow a device to ask for as many IPv6 addresses as it needs. Or is there a reason why that is not possible?
I think IPv6 is quite complicated, people don't fully understand it (it's not the same as IPv4 with a bigger address space) which means lots of conversations like this where it seems easy to just implement IPv6 but the nuances of the protocol mean it isn't. There is also lots of code that is broken because of this same lack of understanding meaning more workarounds to get everything to work.
Business. You can extract more money from customers (we are talking telcos there, not your local network).
IPv6 is in some aspects simpler, as it removes warts that IPv4 has. Many issues with deployment are not because IPv6 is complicated, but different.
Most carriers count tethering traffic from packets received with a TTL decremented by 1, whether or not you NAT it is irrelevent. This was the case for ipv4 and looks to be the case for ipv6 thanks to this very recent commit: https://github.com/aosp-mirror/platform_frameworks_base/comm...
This is incorrect. You can run SLAAC (with or without RDNSS) and stateless DHCPv6 on the same subnet.
Even more, running DHCPv6 correctly actually requires sending RAs with the O or M bit set, so you're almost doing SLAAC anyway (setting M disables SLAAC, O does not.)
Sensible (= stateless) DHCPv6 is an addition to SLAAC/RDNSS to allow pushing additional config. It is not a replacement.
If you’re worried about novice users getting stuck make defaults but don’t break things.
It sounds like DHCPv6 means giving up most of the benefits of IPv6. In which case better to migrate right than migrate twice.
Because it’s what you supposed to do by design?
Here’s a good thread on the IETF IPv6 working group mailing list about it:
It looks like the setup they want will be pretty crap for home users if that got implemented by ISPs.
You won't be able to tether if ISPs / Mobile networks decide to use the DHCP to give you a single IP.
This stance of Google's benefits consumers. Howv many consumers are there of mobile phones and broadband are there in the world compared to workers in a corporate LAN?
I feel like the question that needs to be asked sometimes is:
Will this enterprise feature negatively affect normal home users.
Imagine your mobile phone network gave you 1 IPv6 address rather than a subnet.
That is bad. But Google standing firm on not implementing the ability to do so, has meant that they gotta implement prefix delegation.
How many corporate networks are there?
How many people use laptops and are outside their home and want to use their mobile network?
And no, not every one. Store the ones routed thru you. That's all you need. Look them up and keep a cache.
All upstream routers needs to know about your node. So every time someone somewhere in the world connects a new device a message gets sent up to the core routers of the internet? And the core routers needs to keep track of routing tables in the size of billions and be able to look entries up in nano seconds.
And yes, every time new traffic appears at a 'core' router, entering it into a cache would be another great algorithm. But they do that now, so no patents for us.
I love it when somebody 'objects' to a plan, then proceeds to describe the solution succinctly.
How does that new traffic appear in the core router? I has to appear in every core router, otherwise hosts connected to a a core router which didn't receive that traffic recently wouldn't know how to route to your host. So the answer would be flooding, which is extremely wasteful of bandwidth and processing power. Also, it's a cache, which means it expires, so you have to flood the host announcements constantly (and even if it doesn't expire, you have core routers going down and being replaced). Once you think over all the details on how to fix these issues, what you end up with is basically a routing algorithm, like BGP or others, only replacing the "network" by a single host.
And once you arrive at a routing algorithm, consider that routing algorithms have a long history, and have already received a lot of research. That naive "flooding" algorithm is basically RIP, one of the oldest routing algorithms; there are good reasons why most people don't use RIP anymore.
Traffic appears at core routers because it already gets send there by peripheral routers as a gateway. Sharing routing information between peer routers is not unsolvable nor likely onerous.
Strawman solutions (flood constantly) are being deliberately dense. I suspect because, folks are so very comfortable with what they know, and so very unwilling to extend themselves. How we got IPV6 in the first place. Which isn't working either.
If by "sharing routing information between peer routers" you mean that, when a router learn of a new host, it shares that information with its peer routers, which then share that information with their peer routers, that is flooding. Without flooding, the traffic would not appear at every core router, which means most routers would not know of your host.
> I suspect because, folks are so very comfortable with what they know, and so very unwilling to extend themselves.
I once seriously considered how to make an Internet-scale non-hierarchical routing protocol, where the host identifier was a cryptographic hash of its cryptographic public key. The reverse path is easy; once A has successfully sent a packet to B, all routers in the middle know how to get from B to A. The forward path (from A to B) is the hard one. Every router knowing every host is non-viable; consider, for instance, what happens when my phone roams from the WiFi to the LTE and back (which happens many times per day) - if every router had to know of that change, for every roaming phone in the world, it would be enough to overwhelm all the links between them, not to mention their CPUs. I came to the conclusion that the amount of propagation of the route updates must be limited for it to be viable, so having every router know of every host is not possible. Either the routing information must be summarized somehow (which is what the hierarchical routing used with IPv4 and IPv6 does), or some other way which does not involve the routers (for instance, path routing, like MPLS) must be used.
That is, I'm not rejecting your idea because I "feel comfortable" with hierarchical routing, I'm rejecting your idea because I've already given it (or something like it) serious consideration, and found it harder than what I had initially thought.
Glad to see you've thought of the issues. Now lets brainstorm solutions.
A DNS-style authority with the answer to the routers' questions perhaps. Updated by the leaf router with some route coloring info for a new leaf node perhaps. Inquired upon cache miss by core routers? Aged out for frequent updating (roaming, unique ID per connect, and other short-lived routes).
This is an example of what the IPV6 folks suffered from. They could only see the issues of previous implementations, and took an incremental step along those solution axes. Instead of considering future trends (cheaper memory/processing power) and "skating toward the puck". Instead they followed the puck, and ended up well behind.
Also, for routing an address hierarchy is nice because of the O(log n) properties the address tree gives you. UUIDs do not do that, but subnets do. For the endpoints and smaller routers near the edges it is even more advantageous, those only need to know a few local prefixes, the rest goes to the next gateway. With UUIDs, every devices needs to learn all the addresses behind it, quite an impossible task, even if the lookup were fast and small enough for its cache.
The idea that its 'impossible' is 20 year old thinking. That's my whole point. We've wandered into a disappointing, underpowered solution that's not gaining traction. While real future-proof solutions exist right in front of us.
Even if you are right about the endpoints (which only need to know all devices in their specific subtree), as soon as you get to a part of the network where there is no longer just a limited tree below a given router hierarchically, you need a global view of all addresses. This view has to be current, correct and total. That is impossible to achieve, even if the lookup itself would work (which it won't, a conservative estimate of 4 billion active internet devices take up 64GB just for their addresses, not even including routes and metrics). You just cannot search those 64GB fast enough for each packet you are passing through your links (remember, even saturating 10GE in software is hard, and routers do have a lot of those ports in 40 or 100GE...).
What do you do when there's no active route? If a router receives a packet from 192.0.2.1 to 198.51.100.2, but the router has never received a packet from 198.51.100.2, how does it know to which of its neighbors it should send the packet?