---------- Forwarded message --------- From: Rob Ert <ertr3960@xxxxxxxxx> Date: Thu, Dec 21, 2023 at 1:08 PM Subject: Re: Netfilter, IPVLAN, L3S and NAT64 To: Joshua Moore <j@xxxxxx> On Thu, Dec 21, 2023 at 12:43 PM Joshua Moore <j@xxxxxx> wrote: > > Is there a reason you cannot place a router in front of the ipvlan device and make the forwarding decision in the router. If the traffic needs to be ipvlan then send it to the ipvlan device, otherwise NAT64 etc. > > It's a dual-stack Cloud-VM with 1 IPv4 and an IPv6 /64 subnet as described in the jool mailing list link above. I have it set up with IPv6-only systemd-nspawn containerized machine instances using IPVLAN. Also, I am using WireGuard and Unbound/DNS to realize IPv6 connectivity to the containers and the wider Internet over my otherwise IPv4-only Internet connection; this setup works very well, and I am a bit reluctant to do away with IPVLAN, if it is avoidable. I would like to understand why NAT64 is not doable with IPVLAN L3S mode, if that is truly the case. I don't think it is possible to integrate a containerized router with this IPVLAN setup; I believe I would have to switch to a setup where all the containers are connected over a virtual bridge. All the best, Rob
