network wide

.gitignore

+/data
+/dnsmasq-china-list

README.md

 # nextgen-router
 
 Ansible playbook file for deploying router of next generation.
+
+## Marks in NextGen
+
+* `10XX` PPPoE next hop mark.

data/.gitkeep

+1

files/bridge-post-scripts/post-up.sh.j2

+#!/bin/bash
+
+source {{ansible_user_dir}}/nextgen-router/scripts/utility.sh
+
+export BRIDGE_NAME={{br.name}}
+{% if br.address %}
+export BRIDGE_ADDRESS={{br.address}}
+{% endif %}
+
+{% if br.mac %}
+# Change mac
+export BRIDGE_MAC={{br.mac}}
+ip link set "$BRIDGE_NAME" address "$BRIDGE_MAC"
+{% endif %}
+
+{% if br.moreAddresses %}
+# Add more addresses
+{% for address in br.moreAddresses %}
+ip addr add {{address}} dev {{br.name}}
+{% endfor %}
+{% endif %}
+
+handle_gateway() {
+  GATEWAY_ID=$1
+  GATEWAY_ADDRESS=$2
+  GATEWAY_NEXT_HOP_MARK=$[$GATEWAY_ID + 1100]
+  ip route add default via "$GATEWAY_ADDRESS" table "$GATEWAY_NEXT_HOP_MARK"
+  ip route add default via "$GATEWAY_ADDRESS" metric "$GATEWAY_NEXT_HOP_MARK"
+  ip rule add pref 300 fwmark "$GATEWAY_NEXT_HOP_MARK" lookup "$GATEWAY_NEXT_HOP_MARK"
+  eth_origin -A "$GATEWAY_ADDRESS" "$GATEWAY_ID"
+}
+
+{% if br.gateways %}
+# Gateways
+{% for gateway in br.gateways %}
+handle_gateway {{gateway.id}} {{gateway.address}}
+
+{% if gateway.id == 0 %}
+iptables-restore --noflush {{ansible_user_dir}}/iptables-gateways
+{% endif %}
+
+{% endfor %}
+{% endif %}
+
+{% if br.masq %}
+# Masquerade
+iptables -t nat -A POSTROUTING -o "$BRIDGE_NAME" -j MASQUERADE
+{% endif %}
+
+{% if br.up %}
+{{br.up}}
+{% endif %}

files/bridge-post-scripts/pre-down.sh.j2

+#!/bin/bash
+
+source {{ansible_user_dir}}/nextgen-router/scripts/utility.sh
+
+export BRIDGE_NAME={{br.name}}
+{% if br.address %}
+export BRIDGE_ADDRESS={{br.address}}
+{% endif %}
+
+{% if br.mac %}
+# Change mac
+export BRIDGE_MAC={{br.mac}}
+{% endif %}
+
+handle_gateway() {
+  GATEWAY_ID=$1
+  GATEWAY_ADDRESS=$2
+  GATEWAY_NEXT_HOP_MARK=$[$GATEWAY_ID + 1100]
+  ip rule del pref 300 fwmark "$GATEWAY_NEXT_HOP_MARK" lookup "$GATEWAY_NEXT_HOP_MARK"
+  eth_origin -D "$GATEWAY_ADDRESS" "$GATEWAY_ID"
+}
+
+{% if br.gateways %}
+# Gateways
+{% for gateway in br.gateways %}
+handle_gateway {{gateway.id}} {{gateway.address}}
+
+{% endfor %}
+{% endif %}
+
+{% if br.masq %}
+# Masquerade
+iptables -t nat -D POSTROUTING -o "$BRIDGE_NAME" -j MASQUERADE
+{% endif %}
+
+{% if br.down %}
+{{br.down}}
+{% endif %}
+
+true

files/dnsmasq/dnsmasq.conf.j2

+server=127.0.0.1#55
+no-resolv
+strict-order
+interface=lo,{% for br in bridges %},{{br.name}}{% endfor %}
+
+bind-interfaces
+port=53
+conf-dir=/etc/dnsmasq.d
+
+dhcp-no-override
+dhcp-authoritative
+enable-ra
+
+no-dhcp-interface=lo,{% for br in bridges %}{% if not br.dhcp %},{{br.name}}{% endif %}{% endfor %}
+
+{% for br in bridges %}
+{% if br.dhcp %}
+
+dhcp-range={{br.name}},{{br.start}},{{br.end}},{{br.time}}
+
+{% if br.ipv6 %}
+dhcp-range=tag:{{br.name}},::,constructor:{{br.name}},ra-names,24h
+{% endif %}
+
+{% endif %}
+{% endfor %}

files/dnsmasq/docker-compose.yml

+version: '2.4'
+services:
+  dnsmasq:
+    restart: always
+    image: git-registry.mycard.moe/nanahira/dnsmasq
+    network_mode: host
+    cap_add:
+      - NET_ADMIN
+    volumes:
+      - './dnsmasq.conf:/etc/dnsmasq.conf:ro'
+      - './dnsmasq.d:/etc/dnsmasq.d:ro'
+      - './misc:/var/lib/misc'
+  smartdns:
+    restart: always
+    image: git-registry.mycard.moe/nanahira/docker-smartdns                                                                
+    ports:
+      - '55:53'
+      - '55:53/udp'
+    command: -f -x -c /etc/smartdns/smartdns.conf
+    volumes:
+      - ./smartdns:/etc/smartdns:ro
+      - ./smartdns-cache:/tmp/smartdns-cache

files/dnsmasq/smartdns.conf.j2

+server-name mycard-smartdns
+
+bind-tcp [::]:53
+bind [::]:53
+
+tcp-idle-time 3
+cache-size 4096
+cache-persist yes
+cache-file /tmp/smartdns-cache/cache
+prefetch-domain yes
+
+serve-expired yes
+serve-expired-ttl 0
+
+speed-check-mode tcp:80,tcp:443,ping
+rr-ttl-min 1
+rr-ttl-max 86400
+
+log-level warn
+
+{% if smartdns_disable_ipv6 %}
+force-AAAA-SOA yes
+{% else %}
+dualstack-ip-selection yes
+{% endif %}
+
+# TLS DNSes
+{% for dns in smartdns.tls_dns %}
+server-tls {{dns}} -group tls
+{% endfor %}
+
+# China DNSes
+{% for dns in smartdns.china_dns %}
+server {{dns}} -group china -exclude-default-group
+{% endfor %}
+
+# domains owned by MyCard
+{% for domain in mycard_domains %}
+nameserver /{{domain}}/china
+{% endfor %}
+
+# china list
+conf-file /etc/smartdns/china-list.conf

files/interfaces.j2

+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# Links
+
+{% for link in links %}
+## {{link.name}}
+auto {{link.name}}
+iface {{link.name}} inet manual
+iface {{link.name}} inet6 manual
+
+{% endfor %}
+
+# Bonds
+
+{% for bond in bonds %}
+## {{bond.name}}
+auto {{bond.name}}
+iface {{bond.name}} inet manual
+iface {{bond.name}} inet6 manual
+up ifconfig {{bond.name}} 0.0.0.0 up
+slaves{% for link in bond.links %} {{link}}{% endfor %}
+
+bond-mode {{bond.mode}}
+{% if bond.mode == 4 %}
+bond-miimon 100
+bond-downdelay 200
+bond-updelay 200
+bond-lacp-rate 1
+bond-xmit-hash-policy layer2+3
+{% endif %}
+
+{% endfor %}
+
+# Vlans
+
+{% for vlan in vlans %}
+## VLAN {{vlan.tag}} of {{vlan.link}}
+auto {{vlan.link}}.{{vlan.tag}}
+iface {{vlan.link}}.{{vlan.tag}} inet manual
+iface {{vlan.link}}.{{vlan.tag}} inet6 manual
+
+{% endfor %}
+
+# Bridges
+
+{% for br in bridges %}
+## {{br.name}}
+auto {{br.name}}
+allow-hotplug {{br.name}}
+iface {{br.name}} inet {{br.type}}
+{% if br.links %}
+bridge_ports{% for link in br.links %} {{link}}{% endfor %}
+
+{% endif %}
+bridge_stp on
+bridge_maxwait 3
+{% if br.type == "static" %}
+address {{br.address}}
+{% endif %}
+post-up {{ansible_user_dir}}/nextgen-router/scripts/{{br.name}}/post-up.sh
+pre-down {{ansible_user_dir}}/nextgen-router/scripts/{{br.name}}/pre-down.sh
+
+{% endfor %}
+
+# PPPs
+
+{% for ppp in ppps %}
+## ppp{{ppp.id}}
+auto ppp{{ppp.id}}
+allow-hotplug ppp{{ppp.id}}
+iface ppp{{ppp.id}} inet ppp
+pre-up {{ansible_user_dir}}/nextgen-router/scripts/ppp{{ppp.id}}/pre-up.sh
+post-down {{ansible_user_dir}}/nextgen-router/scripts/ppp{{ppp.id}}/post-down.sh
+provider ppp{{ppp.id}}
+
+{% endfor %}

files/iptables-gateways/iptables-forward.sh

+#!/bin/bash
+sudo iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -p tcp -m multiport --dports $1 -j DNAT --to-destination $2
+sudo iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports $1 -j DNAT --to-destination $2
+
+cp ./ipt ./ipt.bak
+sudo iptables-save > ./ipt
+
+echo "# use iptables-restore --noflush" > ~/iptables-gateways
+echo "*nat" >> ~/iptables-gateways
+echo ":PREROUTING -" >> ~/iptables-gateways
+sudo iptables -t nat -S PREROUTING  | grep -- "-j DNAT" >> ~/iptables-gateways
+echo "COMMIT" >> ~/iptables-gateways
+
+#netfilter-persistent save 

files/iptables-gateways/iptables-gateways-interpreter.sh

+#!/bin/bash
+
+sudo "$@"
+
+if [ "$1"  == "iptables-restore" ]; then
+	echo "# use iptables-restore --noflush" > ~/iptables-gateways
+	echo "*nat" >> ~/iptables-gateways
+	echo ":PREROUTING -" >> ~/iptables-gateways
+	sudo iptables -t nat -S PREROUTING  | grep -- "-j DNAT" >> ~/iptables-gateways
+	echo "COMMIT" >> ~/iptables-gateways
+	sudo iptables-save > ~/ipt
+fi

files/ppp-macvlan-scripts/post-down.sh.j2

+#!/bin/bash
+ip link del dev pppm{{ppp.id}}

files/ppp-macvlan-scripts/pre-up.sh.j2

+#!/bin/bash
+ip link add link {{ppp.link}} dev pppm{{ppp.id}} type macvlan
+ip link set pppm{{ppp.id}} up
+{% if ppp.mac %}}
+ip link set pppm{{ppp.id}} address {{ppp.mac}}
+{% endif %}

files/ppp-post-scripts/postdown.sh.j2

+#!/bin/bash
+source {{ansible_user_dir}}/nextgen-router/scripts/utility.sh
+
+INIT_ID=$[1000 + $(echo "$PPP_IFACE" | sed "s/ppp//g")]
+
+iptables -t mangle -D FORWARD -o "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1452:1460 -j TCPMSS --set-mss 1452
+iptables -t mangle -D FORWARD -i "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1452:1460 -j TCPMSS --set-mss 1452
+ip6tables -t mangle -D FORWARD -o "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1432:1460 -j TCPMSS --set-mss 1432
+ip6tables -t mangle -D FORWARD -i "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1432:1460 -j TCPMSS --set-mss 1432
+
+iptables -t nat -o "$PPP_IFACE" -D POSTROUTING -j MASQUERADE
+
+ip rule del pref 300 fwmark $INIT_ID lookup $INIT_ID
+
+ppp_origin -D "$PPP_IFACE"

files/ppp-post-scripts/postup.sh.j2

+#!/bin/bash
+source {{ansible_user_dir}}/nextgen-router/scripts/utility.sh
+
+INIT_ID=$[1000 + $(echo "$PPP_IFACE" | sed "s/ppp//g")]
+
+iptables -t mangle -A FORWARD -o "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1452:1460 -j TCPMSS --set-mss 1452
+iptables -t mangle -A FORWARD -i "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1452:1460 -j TCPMSS --set-mss 1452
+ip6tables -t mangle -A FORWARD -o "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1432:1460 -j TCPMSS --set-mss 1432
+ip6tables -t mangle -A FORWARD -i "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1432:1460 -j TCPMSS --set-mss 1432
+
+iptables -t nat -o "$PPP_IFACE" -A POSTROUTING -j MASQUERADE
+
+ip route add default dev "$PPP_IFACE" table $INIT_ID
+ip route add default dev "$PPP_IFACE" metric $INIT_ID
+ip rule add pref 300 fwmark $INIT_ID lookup $INIT_ID
+
+ppp_origin -A "$PPP_IFACE"

files/pppoe-provider.j2

+noipdefault
+hide-password
+noauth
+persist
+plugin rp-pppoe.so pppm{{ppp.id}}
+user "{{ppp.username}}"
+ifname ppp{{ppp.id}}
++ipv6

files/utility.sh

+restore_mark() {
+  OPTION=$1
+  MARK=$2
+  iptables -t mangle "$OPTION" PREROUTING -m connmark --mark "$MARK" -j CONNMARK --restore-mark
+  iptables -t mangle "$OPTION" OUTPUT -m connmark --mark "$MARK" -j CONNMARK --restore-mark
+}
+
+ppp_origin() {
+  OPTION=$1
+  INTERFACE=$2
+  MARK=$[1000 + $(echo "$INTERFACE" | sed "s/ppp//g")]
+  iptables -t mangle "$OPTION" PREROUTING ! -p ospf -i "$INTERFACE" -j CONNMARK --set-xmark "$MARK"
+  restore_mark "$OPTION" "$MARK"
+}
+
+eth_origin() {
+  OPTION=$1
+  GATEWAY_ADDRESS=$2
+  GATEWAY_ID=$3
+  ping "$GATEWAY_ADDRESS" -c 1
+  NEIGH_LINE=$(ip neigh show "$GATEWAY_ADDRESS")
+  DEV=$(echo $NEIGH_LINE | awk '{print $3}')
+  MAC=$(echo $NEIGH_LINE | awk '{print $5}')
+  MARK=$[1100 + $GATEWAY_ID]
+  iptables -t mangle "$OPTION" PREROUTING ! -p ospf -i "$DEV" -m mac --mac-source "$MAC" -j CONNMARK --set-xmark "$MARK"
+  restore_mark "$OPTION" "$MARK"
+}

install.yaml

@@ -10,7 +10,7 @@
     tasks:
       - name: apt
         apt:
-          name: bridge-utils,ifenslave,vlan,pppoe,iproute2,iptables
+          name: net-tools,bridge-utils,ifenslave,vlan,pppoe,iproute2,iptables
           update_cache: true
       - name: pve things
         apt:
@@ -26,11 +26,15 @@
             {% for module in kernel_modules %}
             {{module}}
             {% endfor %}
+          dest: /etc/modules-load.d/mycard-router-nextgen.conf
         notify: load_modules
-      - name: pull dnsmasq image first
+      - name: pull some images first
         docker_image:
-          name: git-registry.mycard.moe/nanahira/dnsmasq
+          name: '{{item}}'
           source: pull
+        with_items:
+          - git-registry.mycard.moe/nanahira/docker-smartdns
+          - git-registry.mycard.moe/nanahira/dnsmasq
     handlers:
       - name: load_modules
         shell: 'modprobe {{item}}'

interface-tasks/bridge.yaml

+- name: directory
+  file:
+    path: '{{ansible_user_dir}}/nextgen-router/scripts/{{br.name}}'
+    state: directory
+- name: post-up script
+  template:
+    src: ./files/bridge-post-scripts/post-up.sh.j2
+    dest: '{{ansible_user_dir}}/nextgen-router/scripts/{{br.name}}/post-up.sh'
+    mode: 0755
+- name: pre-down script
+  template:
+    src: ./files/bridge-post-scripts/pre-down.sh.j2
+    dest: '{{ansible_user_dir}}/nextgen-router/scripts/{{br.name}}/pre-down.sh'
+    mode: 0755

interface-tasks/pppoe.yaml

+- name: pppoe provider
+  become: true
+  template:
+    src: ./files/pppoe-provider.j2
+    dest: /etc/ppp/peers/ppp{{ppp.id}}
+- name: directory
+  file:
+    path: '{{ansible_user_dir}}/nextgen-router/scripts/ppp{{ppp.id}}'
+    state: directory
+- name: pre-up script
+  template:
+    src: ./files/ppp-macvlan-scripts/pre-up.sh.j2
+    dest: '{{ansible_user_dir}}/nextgen-router/scripts/ppp{{ppp.id}}/pre-up.sh'
+    mode: 0755
+- name: post-down script
+  template:
+    src: ./files/ppp-macvlan-scripts/post-down.sh.j2
+    dest: '{{ansible_user_dir}}/nextgen-router/scripts/ppp{{ppp.id}}/post-down.sh'
+    mode: 0755

network.yaml

+---
+  - hosts: router_nextgen
+    remote_user: root
+    tasks:
+      - name: directory
+        file:
+          name: '{{ansible_user_dir}}/nextgen-router/scripts'
+          state: directory
+          recurse: true
+      - name: utility lib for post scripts
+        copy:
+          src: ./files/utility.sh
+          dest: '{{ansible_user_dir}}/nextgen-router/scripts/utility.sh'
+          mode: 0755
+      - name: create /etc/ethers
+        become: true
+        file:
+          name: /etc/ethers
+          state: touch
+      - name: clean some rubbish packages
+        become: true
+        apt:
+          name: nplan,netplan.io,resolvconf
+          state: absent
+      - name: disable systemd-resolved
+        become: true
+        systemd:
+          name: systemd-resolved
+          state: stopped
+          enabled: false
+          masked: true
+        when: ansible_distribution == 'Ubuntu'
+      - name: set resolv.conf
+        become: true
+        copy:
+          content: |
+            nameserver 127.0.0.1
+
+          dest: /etc/resolv.conf
+      - name: iptables-gateways blank
+        file:
+          name: '{{ansible_user_dir}}/iptables-gateways'
+          state: touch
+      - name: iptables-gateways stuff
+        copy:
+          src: ./files/iptables-gateways/{{item}}
+          dest: '{{ansible_user_dir}}/{{item}}'
+          mode: 0755
+        with_items: 
+          - iptables-forward.sh
+          - iptables-gateways-interpreter.sh
+      - name: interfaces
+        become: true
+        template:
+          src: ./files/interfaces.j2
+          dest: /etc/network/interfaces
+      - name: bridge config
+        include_tasks: ./interface-tasks/bridge.yaml
+        vars:
+          br: '{{item}}'
+        with_items: '{{bridges}}'
+      - name: dhclient.conf
+        become: true
+        blockinfile:
+          path: /etc/dhcp/dhclient.conf
+          block: |
+            {% for br in bridges %}
+            {% if br.type == "dhcp" %}
+            interface "{{br.name}}" {
+              request subnet-mask, broadcast-address;
+            }
+            {% endif %}
+            {% endfor %}
+      - name: pppoe password
+        become: true
+        blockinfile:
+          path: /etc/ppp/pap-secrets
+          block: |
+            "{{item.username}}" * "{{item.password}}"
+        with_items: '{{pppoeUsers}}'
+      - name: pppoe password
+        become: true
+        blockinfile:
+          path: /etc/ppp/chap-secrets
+          block: |
+            "{item.username}}" * "{{item.password}}"
+        with_items: '{{pppoeUsers}}'
+      - name: pppoe post scripts
+        become: true
+        template:
+          src: ./files/ppp-post-scripts/post{{item}}.sh.j2
+          dest: /etc/ppp/ip-{{item}}.d/0pppoe-init
+          mode: 0755
+        with_items:
+          - up
+          - down
+      - name: pppoe peer config
+        include_tasks: ./interface-tasks/pppoe.yaml
+        vars:
+          ppp: '{{item}}'
+        with_items: '{{ppps}}'

prepare.sh

+#!/bin/bash
+cd dnsmasq-china-list
+git fetch origin master
+git reset --hard FETCH_HEAD
+make smartdns
+cd ..
+rm -rf ./data/china-list.conf
+sed 's/114.114.114.114/china/g' ./dnsmasq-china-list/*.smartdns.conf >> ./data/china-list.conf
+grep -P '^bogus-nxdomain=.+$' dnsmasq-china-list/bogus-nxdomain.china.conf | sed 's/=/ /g' >> ./data/china-list.conf

tasks/sysctl.yaml

+- name: swappiness
+  become: true
+  sysctl:
+    name: vm.swappiness
+    value: 1
+    sysctl_set: true
+- name: net.ipv4.ip_forward
+  become: true
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: 1
+    sysctl_set: true
+- name: fs.inotify.max_user_watches
+  become: true
+  sysctl:
+    name: fs.inotify.max_user_watches
+    value: 524288
+    sysctl_set: true
+- name: net.ipv4.conf.all.rp_filter
+  become: true
+  sysctl:
+    name: net.ipv4.conf.all.rp_filter
+    value: 0
+    sysctl_set: true
+- name: net.ipv4.conf.default.rp_filter
+  become: true
+  sysctl:
+    name: net.ipv4.conf.default.rp_filter
+    value: 0
+    sysctl_set: true
+- name: net.ipv6.conf.all.forwarding
+  become: true
+  sysctl:
+    name: net.ipv6.conf.all.forwarding
+    value: 1
+    sysctl_set: true
+- name: net.ipv6.conf.all.use_tempaddr
+  become: true
+  sysctl:
+    name: net.ipv6.conf.all.use_tempaddr
+    value: 0
+    sysctl_set: true
+- name: net.ipv6.conf.default.use_tempaddr
+  become: true
+  sysctl:
+    name: net.ipv6.conf.default.use_tempaddr
+    value: 0
+    sysctl_set: true
+- name: accept ra
+  become: true
+  sysctl:
+    name: net.ipv6.conf.{{item.name}}.accept_ra
+    value: 2
+    sysctl_set: true
+  with_items: '{{bridges}}'
+  when: item.ipv6
+- name: TCP BBR
+  become: true
+  sysctl:
+    name: net.core.default_qdisc
+    value: fq
+    sysctl_set: true
+  when: ansible_kernel.startswith("5.") or ansible_kernel.startswith("4.9.") or (ansible_kernel.startswith("4.1") and not ansible_kernel.startswith("4.1."))
+- name: TCP BBR
+  become: true
+  sysctl:
+    name: net.ipv4.tcp_congestion_control
+    value: bbr
+    sysctl_set: true
+  when: ansible_kernel.startswith("5.") or ansible_kernel.startswith("4.9.") or (ansible_kernel.startswith("4.1") and not ansible_kernel.startswith("4.1."))

variables.yaml

-ubuntu_mirror: http://archive.ubuntu.com
+vars:
+  ansible_ssh_user: root
+  pppoeUsers:
+    - username: user
+      password: pass
+  links:
+    - name: eno1
+  bonds:
+    - name: bond0
+      links:
+        - eno1
+      mode: 4
+  vlans:
+    - link: bond0
+      tag: 2
+    - link: bond0
+      tag: 3
+    - link: bond0
+      tag: 41
+    - link: bond0
+      tag: 46
+  bridges:
+    - name: brlan # 名称
+      links:
+        - bond0 # 上行链路
+      type: static # dhcp还是static，manual理论上也可以
+      address: 10.0.0.1/24 # 首选地址
+      moreAddresses:
+        - 10.0.0.2/24 # 备选地址
+      gateways: null # 网关，看下面
+      masq: false # 是否MASQ
+      up: echo "up" # 启动脚本和关闭脚本
+      down: echo "down"
+      mac: null # 自定义mac地址，否则bridge随机，注意dhcp会以原始mac请求dhcp，因此不建议dhcp模式使用
+      ipv6: true # DHCPv6落脚点，只能有1个LAN获得
+      dhcp: # 是否开启dhcp，不是的话直接没有这一栏
+        start: 10.0.0.100
+        end: 10.0.0.240
+        time: 48h
+    - name: brwan
+      links:
+        - bond0.2
+      type: dhcp
+      address: null
+      moreAddresses: null
+      masq: true
+      gateways: # 网关定义，DHCP关闭自动获取网关，需要手写地址。
+        - id: 0 # 网关ID，关乎mark和table
+          address: 10.198.21.1 # 网关地址
+      up: null
+      down: null
+      mac: null
+      ipv6: false
+      dhcp: null
+  ppps:
+    - id: 0 # ppp id
+      link: bond0.41 # 上行链路
+      username: user # 拨号用户名，密码在上面的pppoeUsers给出
+      mac: null # 给ISP看的mac地址，null为随机