diff --git a/README.md b/README.md
index fa4e2a5..77a08e5 100644
--- a/README.md
+++ b/README.md
@@ -131,6 +131,30 @@
 
 ## Gateway
 
+### DUID
+
+For some ISP DHCPv6 to work, we must set dhcp client duid to DUID-LLT ending with MAC address
+
+edit the beginning line of
+
+`/var/lib/dhcp/dhclient.br-wan.leases` 
+
+`/var/lib/dhcp/dhclient6.br-wan.leases`
+
+set to
+
+```properties
+default-duid "\000\001\000\001)\251\334\344\254\313Q\357\355\314";
+```
+
+### Network interfaces
+
+**Hint 1: ifup processes interfaces from top to down, and stop if one interface fails.**
+
+**So please place static interfaces on top (100% success), others that may fail (DHCP) on bottom**
+
+Hint 2: Use `accept_ra 2` to accept RA and add ipv6 default routes
+
 ```properties
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
@@ -145,33 +169,6 @@
 auto eno1
 iface eno1 inet manual
 
-# VLAN3: WAN
-auto br-wan
-iface br-wan inet static
-    bridge_ports eno1.3
-    bridge_stp off
-
-    bridge_hw ac:cb:51:ef:ed:cc
-    address 166.111.17.67
-    netmask 255.255.255.192
-    gateway 166.111.17.65
-
-    dns-nameservers 1.1.1.1
-
-# ipv6 dhcp is unstable...
-#iface br-wan inet6 dhcp
-#    dns-nameservers 2606:4700:4700::1111
-
-# use isatap for ipv6
-auto br-wan-ipv6
-iface br-wan-ipv6 inet6 static
-    address 2402:f000:1:1501:200:5efe:166.111.17.67
-    netmask 64
-    gateway fe80::200:5efe:166.111.21.1
-
-    pre-up ip tunnel add $IFACE mode isatap remote any local 166.111.17.67
-    pre-up ip tunnel prl dev $IFACE prl-default 166.111.21.1
-
 # VLAN100: LAN
 auto br-lan
 iface br-lan inet static
@@ -186,7 +183,6 @@
 iface br-lan inet6 static
     address fd99:23eb:1682::1/64
 
-# Optional
 # VLAN4: Compatibility Layer for /24 Devices
 auto br-compatdev
 iface br-compatdev inet static
@@ -205,6 +201,36 @@
     post-down iptables -t nat -D POSTROUTING -o $IFACE -j MASQUERADE
     post-down iptables -D FORWARD -i $IFACE -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 
+# VLAN3: WAN
+auto br-wan
+iface br-wan inet static
+    bridge_ports eno1.3
+    bridge_stp off
+
+    bridge_hw ac:cb:51:ef:ed:cc
+    address 166.111.17.67
+    netmask 255.255.255.192
+    gateway 166.111.17.65
+
+    dns-nameservers 1.1.1.1
+
+# WAN ipv6 dhcp (maybe) unstable...
+iface br-wan inet6 dhcp
+    accept_ra 2
+
+    dns-nameservers 2606:4700:4700::1111
+
+# Previous ISATAP v6
+
+#auto br-wan-ipv6
+#iface br-wan-ipv6 inet6 static
+#    address 2402:f000:1:1501:200:5efe:166.111.17.67
+#    netmask 64
+#    gateway fe80::200:5efe:166.111.21.1
+
+#    pre-up ip tunnel add $IFACE mode isatap remote any local 166.111.17.67
+#    pre-up ip tunnel prl dev $IFACE prl-default 166.111.21.1
+
 ```
 
 ## Webserver