# This file describes the network interfaces available on your system
  # and how to activate them. For more information, see interfaces(5).
  
  source /etc/network/interfaces.d/*
  
  # The loopback network interface
  auto lo
  iface lo inet loopback

  # The WAN network interface
  auto eno1 eno1:0
  iface eno1 inet dhcp
  # dhcp for IP/DHCP WAN (static? for PPPOE)
  # set up static ip address to access modem web page on WAN NIC 
  iface eno1:0 inet static
    address 192.168.5.2/24
	
  # Then LAN networks are eno2 eno3 eno4 in bridged mode br1
  # on the 192.168.1.1 subnet
  auto br0
  iface br0 inet static
    bridge_ports eno2 eno3 eno4
    address 192.168.1.1/24
    dns-nameservers 192.168.1.14 192.168.1.2 9.9.9.9
    bridge_stp off  # disable Spanning Tree Protocol
    #bridge_fd 9  # forwarding delay  # use default?
    #bridge_hello 5  # use default?
    #bridge_maxage 60  # use default?

The gateway directive is not required as any traffic to 192.168.1.1 not on subnet /24 will be Netfiltered and if accepted passed to WAN
  # gateway 192.168.1.1
  
auto eno2 and iface eno2 inet manual are not required as iface inet br1 will bring up the components assigned to it.
  # iface eno2 inet manual
  # iface eno3 inet manual
  # iface eno4 inet manual
  
The use of allow-hotplug eth1 is not used as normally these interfaces should be running. The br1 interface will be used for virtual machine access and must be running to allow correct VM startup. During initial boot this will cause delays as attempts are made to find network devices, particularly any not used. These delays are necessary for reliable start-up and operation.
  # allow-hotplug eno2
  # iface eno2 inet manual
    # pre-up ifconfig $IFACE up
    # pre-down ifconfig $IFACE down

Each Ethernet hardware connection has its own defined unique MAC number, no need to define another. If Ethernet bonding were being used there maybe a need to use this stanza.
  #hwaddress ether xx:xx:xx:xx:xx:xx

The "modern" way to specify static ip address as address 192.168.1.0/24'' this automatically assigns the network, netmask and broadcast addresses.

The old fashion way was to manual assign as follows:
address 192.168.1.32
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
Perhaps this is still required in special cases?

Debian still defaults to the interface style network setup. It can be set up to use netplan. It is very importqant to remember after installing and setting up netplan to disable the interfaces setup. This can be simply done by deleting, renaming, empting or commenting out the interfaces setup file.

Ubuntu now (as of version 14.04) defaults to Predictable Network Interface Names, also see Systemd Docs. I have no problem with this. In any case, you should always check dev names and not assume names, such as “eth0”

To check available interfaces and names use: ip link, or the more verbose ip a.

Netplan references is a good reference for setting up and using Netplan.

The NIC back panel layout:

 IPMI_LAN
 DisplayPort   USB2-1    USB3-1   LAN3(eth2)   LAN4(eth3)
 HDMI          USB2-0    USB3-0   LAN1(eth0)   LAN2(eth1)   VGA

Due to difficulties with the ISP it 2 modems were attempted in bridge mode; a Netgear DM200 and Draytek Vigor130. The premium Vigor 130 was selected for final use.

It is possible to access the modem web page. The modem manual clearly states that the modem address is “http://192.168.5.1” when in bridge mode.

The network must start-up the WAN NIC to allow pppoe modem Ethernet access and also assign a IP address on this NIC for modem web page access. As the modem is using 192.168.5.1 the router would assign the next address, 192.168.5.2.

To access the router modem webpage the router firewall must also be appropriately configured.

The remaining 3 NICs are setup in bridge mode as router LAN ports. When setup in bridge mode the 3 ports effectively act as a switch with any able to access the router LAN on 192.168.1.1 .

network:
  #setup network interfaces
  version: 2
  renderer: networkd
  ethernets:
    eno1: #start for pppoe and setup modem IP access
      dhcp4: yes # yes for dhcp, no for pppoe
      dhcp6: yes # yes for dhcp, no for pppoe or not required
      addresses: 
         - [192.168.5.2/24] #Access to the modem web interface
    eno2:
      dhcp4: no
      dhcp6: no
      optional: true
    eno3:
      dhcp4: no
      dhcp6: no
      optional: true
    eno4:
      dhcp4: no
      dhcp6: no
      optional: true
  #Setup Bridge Interface
  bridges:
    br0:
      addresses:
        - 192.168.1.1/24 #IPv4
        - "2001:470:1f2c:20c::3/64" #IPv6
      interfaces: [eno2, eno3, eno4]
      nameservers:
        addresses: ["2001:470:1f2c:20c::3", 192.168.1.1, 9.9.9.9, 1.1.1.1]
      parameters:
        stp: off          # disable Spanning Tree Protocol
        forward-delay: 9  # forwarding delay
        hello-time: 2     # see netplan.io for definition
        max-age: 12       # see netplan.io for definition

  #Setup Tunnel Interfaces
  tunnels:
    he-ipv6:             # Hurricane Electric IPv6  tunnel
      mode: sit
      remote: 216.218.142.50
      local: 207.7.254.238
      addresses:
         - "2001:470:1f2c:10d::2/64"
      gateway6: "2001:470:1f2c:10d::1"

• sudo netplan –debug apply To apply any changes to the network configuration.
• sudo netplan –debug generate To generate backend specific configuration files.
• sudo netplan try To try a new neplan configuration with automatic roll back.

As this setup is for a router the gateway stanza must not be set “#gateway4: 192.168.1.1”. The router is the gateway.

As the ipv6 tunnel uses the first to numerical ipv6/64 addresses; x:x:x:x::1 also the tunnel assigned gateway and x:x:x:x::2 the next simple ipv6 global static x:x:x:x::3 was used to identify the router.

As this router has a DNS server the “nameserver:” stanza can be set to this routers address e.g.: “addresses: [192.168.1.1]”

The use of the stanza “optional: true” on the LAN bridged NICs means during startup the system does not need to wait for these NICs to come up, potentially saving some boot time. The WAN NIC is required, so the optional sanza is not used here.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

#Using netplan.io, see /etc/netplan

#source /etc/network/interfaces.d/*

# The loopback network interface
#auto lo
#iface lo inet loopback

# The primary network interface
#allow-hotplug eno2
#iface eno2 inet dhcp

I set up the router network tunnel 6in4 to HEipv6. I could IPv6 ping WAN from the router, but could not so ping WAN from elsewhere on the local area network (lan).
The main tunnel connection is set up in the main network configuration file(s).
My routing table had 2001:470:1f2c:10d::/64 dev he-ipv6 proto kernel metric 256 pref medium, I found that removing this from the routing table allowed remote lan access to function: The one off command to do this: sudo ip r del 2001:470:1f2c:10d::/64 dev he-ipv6.
I looked for ways to adjust the netplan configuration, either to stop this line from being added, or increase its metric, but to no avail. So I created the following systemd service to perform this function on start-up after the network was up.“

[Unit]
Description=Remove route to he-ipv6
Wants=network.target
After=network-online.target

[Service]
Type=oneshot
ExecStart=:/bin/bash -c "ip r del 2001:470:1f2c:10d::/64 dev he-ipv6"

[Install]
WantedBy=multi.user.target default.target 

# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}

network:
    version: 2
    renderer: networkd
    ethernets:
      # eno1 is always reservered for WAN only
      eno2:
        dhcp4: no
        dhcp6: no
        optional: true
      eno3:
        dhcp4: no
        dhcp6: no
        optional: true
      eno4:
        dhcp4: no
        dhcp6: no
        optional: true
    #Setup Bridge Interface
    bridges:
      br0:
        dhcp4: no
        dhcp6: no
        addresses: [192.168.1.6/24]
        interfaces: [eno2, eno3, eno4]
        gateway4: 192.168.1.1
        nameservers:
          addresses: [192.168.1.1]
        parameters:
          stp: off
          forward-delay: 9s
          hello-time: 2s
          max-age: 12s

#systemctl disable bind9
#systemctl disable isc-dhcp-server
#systemctl disable nftables
#systemctl disable pppoe
#mv /etc/netplan/50-cloud-init.yaml.old /etc/netplan/50-cloud-init.yaml
#mv /etc/netplan/network.yaml /etc/netplan/network.yaml.old
ln -sf /etc/nftables.conf.orig /etc/nftables.conf
#ln -sf /etc/nftables.conf.router /etc/nftables.conf
ln -sf /etc/network/interfaces.orig /etc/network/interfaces
#ln -sf /etc/network/interfaces.router /etc/network/interfaces

#systemctl enable bind9
#systemctl enable isc-dhcp-server
#systemctl enable nftables
#systemctl enable pppoe
#mv /etc/netplan/50-cloud-init.yaml  /etc/netplan/50-cloud-init.yaml.old
#mv /etc/netplan/network.yaml.old  /etc/netplan/network.yaml
#mv /etc/netplan/50-cloud-init.yaml.old /etc/netplan/50-cloud-init.yaml
#mv /etc/netplan/network.yaml /etc/netplan/network.yaml.old
#ln -sf /etc/nftables.conf.orig /etc/nftables.conf
ln -sf /etc/nftables.conf.router /etc/nftables.conf
#ln -sf /etc/network/interfaces.orig /etc/network/interfaces
ln -sf /etc/network/interfaces.router /etc/network/interfaces