Use puppet to make changes to ip route and sysctl

The sysctl side was covered in this post: Set sysctl.conf parameters with Puppet.

Puppet's example for networking also leverages Augeas.

Edit: You're on CentOS, so remember that you need to make these routes persistent... Is the safer approach to make the change in a file, verify, then restart the network interface? This assumes /etc/sysconfig/network-scripts/route-ethX use since you're using via syntax. The ip route command seems to be your goal since you want to change the initial congestion window (initcwnd). I would seriously separate that into another option because setting the default gateway by itself should be handled by the OS network scripts/kickstart/build process.

Now for a totally different solution:

I like Puppet for some things. Network configs and sysctl values are not among them. With EL6 systems, you have the ability to use the tuned-adm framework to make these system changes on the fly in an easy and consistent manner. The servers I manage sometimes need 30+ sysctl and sysfs changes before going into production. I used to manage that manually, then with Puppet... but with EL6, I create a tuned profile with all of the requisite tweaks and scripts, manage the profiles and their distribution with Puppet, and control the tuned daemon with Puppet.

Given that, just move your ip script and sysctl values in a custom profile and go from there. Much cleaner.

If you are obtaining your internet address using DHCP (which is suggested by your question), then you can use /etc/dhcp/dhclient-exit-hooks to run shell commands after dhclient configures your interface. You'll have access to a number of variables provided by dhclient, including $router. You can use this to run:

ip route change default via $router dev $interface initcwnd 12 

You would install this script with a normal Puppet file resource:

file { '/etc/dhcp/dhclient-exit-hooks':
owner => root,
group => root,
mode => 0755,
source => 'puppet:///.../dhclient-exit-hooks',
}

And the file contents would probably look something like:

#!/bin/sh

if [ "$interface" = eth0 ]; then
  ip route change default via ${new_routers%% *} dev $interface initcwnd 12 
fi

If you're not using DHCP, you can do something similar. The normal ifup script runs /sbin/ifup-local after configuring the interface, and you could use this to run the ip command. In this case, you could get the address of the default gateway simply by sourcing in the interface configuration in /etc/sysconfig/network-scripts/ifcfg-eth0 (and your Puppet file resource would install /sbin/ifup-local).

Going off of larsks answer, if you have static ip addresses, place this in /sbin/ifup-local

#!/bin/sh

GATEWAY=`ip route| awk '/^def/{print $3}'`
DEFGWDEV=`ip route| awk '/^def/{print $5}'`

if [ "$1" = $DEFGWDEV ]; then
  ip route change default via $GATEWAY dev $DEFGWDEV initcwnd 12
fi