This proof of concept uses ipvlan
feature of Linux to split up main
network interface into two in order to use one in a separate namespace
with jool-siit
performing CLAT translation.
This way, enabling CLAT is least intrusive to the default network namespace - no need to enable forwarding or touch firewall rules.
UPDATE 2024-02-01: Rewritten to use L2 ipvlan. This allows multicast and therefore
NDP to work in the ipvlan
interface so the setup is even simpler and there is no need
to enable proxy NDP in the main namespace. Also the IPv4 PtP link is set up more
efficiently using /32 addresses and explicit peer definition.
This gist is inspired by a similar gist by Thomas Schäfer.