diff --git a/deployment_scripts/puppet/modules/contrail/manifests/exec_pip.pp b/deployment_scripts/puppet/modules/contrail/manifests/exec_pip.pp
deleted file mode 100644
index 8923af92d..000000000
--- a/deployment_scripts/puppet/modules/contrail/manifests/exec_pip.pp
+++ /dev/null
@@ -1,21 +0,0 @@
-#    Copyright 2015 Mirantis, Inc.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-# A helper to run pip
-define contrail::exec_pip ( $path ){
-  exec { "Install-pip-package-${name}":
-    path    => '/usr/local/bin/:/usr/bin:/bin',
-    command => "pip install --upgrade --no-deps --index-url='' ${path}/${name}.tar.gz",
-  }
-}
\ No newline at end of file
diff --git a/deployment_scripts/puppet/modules/contrail/manifests/init.pp b/deployment_scripts/puppet/modules/contrail/manifests/init.pp
index b51614ed7..f5d43cb27 100644
--- a/deployment_scripts/puppet/modules/contrail/manifests/init.pp
+++ b/deployment_scripts/puppet/modules/contrail/manifests/init.pp
@@ -46,17 +46,16 @@ $asnum = $settings['contrail_asnum']
 # Network configuration
 prepare_network_config($network_scheme)
 $ifname = get_private_ifname()
-$private_first = $settings['contrail_private_start']
-$private_last = $settings['contrail_private_end']
-# "cidr" is actually a network address with subnet, i.e. 192.168.150.0/24
-$cidr = $settings['contrail_private_cidr']
-$netmask=cidr_to_netmask($cidr) # returns i.e. "255.255.255.0"
-$netmask_short=netmask_to_cidr($netmask) # returns i.e. "/24"
-$address=get_ip_from_range($private_first,$private_last,$netmask_short,$uid,'first')
+$address=get_network_role_property('neutron/mesh', 'ipaddr')
+$cidr=get_network_role_property('neutron/mesh', 'cidr')
+$netmask=get_network_role_property('neutron/mesh', 'netmask')
+$netmask_short=netmask_to_cidr($netmask)
 
 $default_gw = hiera('management_vrouter_vip')
 $private_gw = $settings['contrail_private_gw']
+
 $contrail_mgmt_vip=get_last_ip(get_network_role_property('management', 'cidr'))
+$contrail_private_vip=get_last_ip(get_network_role_property('neutron/mesh', 'cidr'))
 
 $contrail_node_basename='contrail'
 $deployment_node="${contrail_node_basename}-1"
@@ -64,7 +63,7 @@ $deployment_node="${contrail_node_basename}-1"
 $contrail_node_num = inline_template("<%-
 rv=0
   @nodes.each do |node|
-    if node['user_node_name'] =~ /^#{@contrail_node_basename}-.*/
+    if (node['user_node_name'] =~ /^#{@contrail_node_basename}-.*/ and node['role'] == 'base-os')
     rv+=1
   end
 end
diff --git a/deployment_scripts/puppet/modules/contrail/manifests/network.pp b/deployment_scripts/puppet/modules/contrail/manifests/network.pp
index fbcf142ab..9902130cf 100644
--- a/deployment_scripts/puppet/modules/contrail/manifests/network.pp
+++ b/deployment_scripts/puppet/modules/contrail/manifests/network.pp
@@ -20,11 +20,12 @@ class contrail::network (
   $default_gw = undef
   ) {
   $br_file = $operatingsystem ? {
-      'Ubuntu' => ['/etc/network/interfaces.d/ifcfg-br-aux', '/etc/network/interfaces.d/ifcfg-br-mesh'],
-      'CentOS' => ['/etc/sysconfig/network-scripts/ifcfg-br-aux', '/etc/sysconfig/network-scripts/ifcfg-br-mesh'],
+      'Ubuntu' => '/etc/network/interfaces.d/ifcfg-br-mesh',
+      'CentOS' => '/etc/sysconfig/network-scripts/ifcfg-br-mesh',
   }
+  $gateways = split($contrail::settings['contrail_gateways'], ',')
 
-  define contrail::add_route ( $destination, $gateway ) {
+  define contrail::network::add_route ( $destination, $gateway ) {
     exec {"check_route_to_${name}":
       command => "ip route del ${name}",
       onlyif  => "ip route | grep ${name}",
@@ -36,60 +37,46 @@ class contrail::network (
     }
   }
 
-  file { $br_file: ensure => absent } ->
-  # Remove interface from the bridge
-  exec {"remove_${ifname}_aux":
-    command => "brctl delif br-aux ${ifname}",
-    returns => [0,1] # Idempotent
-  } ->
-  exec {"remove_${ifname}_mesh":
-    command => "brctl delif br-mesh ${ifname}",
-    returns => [0,1] # Idempotent
-  }
-  ->
-  exec {'flush_addr_br_mesh':
-    command => 'ip addr flush dev br-mesh',
-    returns => [0,1] # Idempotent
-  }
   case $node_role {
     'base-os':{
-      $gateways = split($contrail::settings['contrail_gateways'], ',')
       class { 'l23network': use_ovs => false }
-      l23network::l3::ifconfig {$ifname:
-        interface => $ifname,
-        ipaddr    => "${address}/${netmask}",
-        require   => File[$br_file],
-      }
-      exec {'remove_default_gw':
-          command => '/sbin/ip route del default',
-          returns => [0,2] # Idempotent
-      } ->
-      exec {"add-default-route-via-${default_gw}":
-        command => "ip route add default via ${default_gw}",
-      } ->
-      contrail::add_route { $gateways:
-        destination => $gateways,
-        gateway     => $contrail::private_gw,
+      case $contrail::private_gw {
+        '': { notify { 'No gateway for private network':} }
+        default: {
+          contrail::network::add_route { $gateways:
+            destination => $gateways,
+            gateway     => $contrail::private_gw,
+          }
+        }
       }
     }
     'compute':{
-      case $operatingsystem
-      {
-          Ubuntu:
-          {
-            file {'/etc/network/interfaces.d/ifcfg-vhost0':
-              ensure  => present,
-              content => template('contrail/ubuntu-ifcfg-vhost0.erb'),
-            }
+      file { $br_file: ensure => absent } ->
+      # Remove interface from the bridge
+      exec {"remove_${ifname}_mesh":
+        command => "brctl delif br-mesh ${ifname}",
+        returns => [0,1] # Idempotent
+      } ->
+      exec {'flush_addr_br_mesh':
+        command => 'ip addr flush dev br-mesh',
+        returns => [0,1] # Idempotent
+      }
+      case $operatingsystem {
+        'Ubuntu': {
+          file {'/etc/network/interfaces.d/ifcfg-vhost0':
+            ensure  => present,
+            content => template('contrail/ubuntu-ifcfg-vhost0.erb'),
           }
-
-          CentOS:
-          {
-            file {'/etc/sysconfig/network-scripts/ifcfg-vhost0':
-              ensure  => present,
-              content => template('contrail/centos-ifcfg-vhost0.erb'),
-            }
+        }
+        'CentOS': {
+          exec {"remove_bridge_from_${ifname}_config":
+            command => "sed -i '/BRIDGE/d' /etc/sysconfig/network-scripts/ifcfg-${ifname}",
           }
+          file {'/etc/sysconfig/network-scripts/ifcfg-vhost0':
+            ensure  => present,
+            content => template('contrail/centos-ifcfg-vhost0.erb'),
+          }
+        }
       }
     }
     default: { notify { "Node role ${node_role} not supported": } }
diff --git a/deployment_scripts/puppet/modules/contrail/manifests/package.pp b/deployment_scripts/puppet/modules/contrail/manifests/package.pp
index 45f939e12..831162f80 100644
--- a/deployment_scripts/puppet/modules/contrail/manifests/package.pp
+++ b/deployment_scripts/puppet/modules/contrail/manifests/package.pp
@@ -18,13 +18,20 @@ class contrail::package (
   $pip_install = undef,
   ) {
 
+  define contrail::package::exec_pip ( $path ){
+    exec { "Install-pip-package-${name}":
+      path    => '/usr/local/bin/:/usr/bin:/bin',
+      command => "pip install --upgrade --no-deps --index-url='' ${path}/${name}.tar.gz",
+    }
+  }
+
   if ($install) {
 
     package { $install:
       ensure  => present,
     }
     if ($pip_install) {
-      exec_pip { $pip_install:
+      contrail::package::exec_pip { $pip_install:
         path    => '/opt/contrail/python_packages',
         require => Package[$install],
       }
diff --git a/deployment_scripts/puppet/modules/contrail/templates/contrail-vrouter-agent.conf.erb b/deployment_scripts/puppet/modules/contrail/templates/contrail-vrouter-agent.conf.erb
index bdc671fe3..b40b2c741 100644
--- a/deployment_scripts/puppet/modules/contrail/templates/contrail-vrouter-agent.conf.erb
+++ b/deployment_scripts/puppet/modules/contrail/templates/contrail-vrouter-agent.conf.erb
@@ -5,7 +5,7 @@ log_level=SYS_NOTICE
 log_local=1
 headless_mode=true
 [DISCOVERY]
-server=<%= scope.lookupvar('contrail::private_first') %>
+server=<%= scope.lookupvar('contrail::contrail_private_vip') %>
 max_control_nodes=2
 [DNS]
 [HYPERVISOR]
diff --git a/deployment_scripts/puppet/modules/contrail/templates/contrail-vrouter-nodemgr.conf.erb b/deployment_scripts/puppet/modules/contrail/templates/contrail-vrouter-nodemgr.conf.erb
index 996edd8ed..ed5330a4e 100644
--- a/deployment_scripts/puppet/modules/contrail/templates/contrail-vrouter-nodemgr.conf.erb
+++ b/deployment_scripts/puppet/modules/contrail/templates/contrail-vrouter-nodemgr.conf.erb
@@ -1,3 +1,3 @@
 [DISCOVERY]
-server=<%= scope.lookupvar('contrail::private_first') %>
+server=<%= scope.lookupvar('contrail::contrail_private_vip') %>
 port=5998
\ No newline at end of file
diff --git a/deployment_scripts/puppet/modules/contrail/templates/testbed.py.erb b/deployment_scripts/puppet/modules/contrail/templates/testbed.py.erb
index 62fa2dc29..8321e49c6 100644
--- a/deployment_scripts/puppet/modules/contrail/templates/testbed.py.erb
+++ b/deployment_scripts/puppet/modules/contrail/templates/testbed.py.erb
@@ -23,7 +23,7 @@ case node['role']
     role_os << 'os_ctrl_'+mgm_ip.count.to_s
   when 'base-os'
     if node['user_node_name'] =~ /^#{contrail_node_basename}-.*/
-      priv_ip << scope.function_get_ip_from_range([ scope.lookupvar('contrail::private_first'),scope.lookupvar('contrail::private_last'),scope.lookupvar('contrail::netmask_short'),node['uid'],'first'])
+      priv_ip << node['private_address']
       mgm_ip_baseos << node['internal_address']
       # Also find out a deployment node
       if node['user_node_name'] == scope.lookupvar('contrail::deployment_node')
@@ -116,7 +116,7 @@ env.openstack = {
 env.ha = {
    'internal_vip'   : '<%= os_management_vip %>',
    'external_vip'   : '<%= os_public_vip %>',
-   'contrail_internal_vip'   : '<%= scope.lookupvar('contrail::private_first') %>',
+   'contrail_internal_vip'   : '<%= scope.lookupvar('contrail::contrail_private_vip') %>',
    'contrail_external_vip'   : '<%= scope.lookupvar('contrail::contrail_mgmt_vip') %>',
 }
 
diff --git a/environment_config.yaml b/environment_config.yaml
index f454a7241..24d5793e4 100644
--- a/environment_config.yaml
+++ b/environment_config.yaml
@@ -2,8 +2,8 @@ attributes:
   # Show contrail only in supported network config
   metadata:
     restrictions:
-      - condition: "not (cluster:net_provider == 'neutron' and (networking_parameters:segmentation_type == 'vlan' or networking_parameters:segmentation_type == 'gre'))"
-        message: "Please use Neutron, the only network type supported with Contrail plugin."
+      - condition: "not (cluster:net_provider == 'neutron' and networking_parameters:segmentation_type == 'gre')"
+        message: "Please use Neutron with GRE segmentation, the only network type supported with Contrail plugin."
   contrail_asnum:
     value: '64512'
     label: 'AS Number'
@@ -13,46 +13,19 @@ attributes:
     regex:
       source: '^(?:(6553[0-5])|(655[0-2]\d)|(65[0-4]\d{2})|(6[0-4]\d{3})|([1-5]\d{4})|([1-9]\d{1,3})|([1-9]))$'
       error: "Invalid AS number"
-  contrail_private_cidr:
-    value: '10.109.3.0/24'
-    label: 'Private network CIDR'
-    description: 'CIDR for private network used in Contrail inter-node communication'
-    weight: 20
-    type: "text"
-    regex:
-      source: '^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\/(?:[1-2]\d|[8-9]))$'
-      error: "Invalid network CIDR"
-  contrail_private_start:
-    value: '10.109.3.5'
-    label: 'Private IP range start'
-    description: 'First IP address of contrail private network. NOTE: First one will be used as VIP address for controller HA'
-    weight: 30
-    type: "text"
-    regex:
-      source: '^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}$'
-      error: "Invalid IP address"
-  contrail_private_end:
-    value: '10.109.3.254'
-    label: 'Private IP range end'
-    description: 'Last IP address of contrail private network'
-    weight: 40
-    type: "text"
-    regex:
-      source: '^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}$'
-      error: "Invalid IP address"
   contrail_private_gw:
-    value: '10.109.3.1'
+    value: ''
     label: 'Gateway for Private network'
-    description: 'The IP address of gateway for contrail private network to reach BGP routers'
+    description: 'The IP address of gateway for contrail private network to reach BGP routers. Empty if not needed.'
     weight: 40
     type: "text"
     regex:
-      source: '^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}$'
+      source: '^((?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})|(?:^)$'
       error: "Invalid IP address"
   contrail_gateways:
-    value: '10.109.3.2,10.110.1.1'
+    value: '10.109.3.254,10.110.1.1'
     label: 'GW IP'
-    description: 'Comma separated IP addresses of BGP peers'
+    description: 'Comma separated IP addresses of BGP peers.'
     weight: 50
     type: "text"
     regex: