diff --git a/config.yaml b/config.yaml
index bd32b392..78246182 100644
--- a/config.yaml
+++ b/config.yaml
@@ -191,7 +191,15 @@ options:
       Enable metadata on an isolated network (no router ports).
   sysctl:
     type: string
-    default:
+    default: |
+      { net.ipv4.neigh.default.gc_thresh1 : 128,
+        net.ipv4.neigh.default.gc_thresh2 : 28672,
+        net.ipv4.neigh.default.gc_thresh3 : 32768,
+        net.ipv6.neigh.default.gc_thresh1 : 128,
+        net.ipv6.neigh.default.gc_thresh2 : 28672,
+        net.ipv6.neigh.default.gc_thresh3 : 32768,
+        net.nf_conntrack_max : 1000000,
+        net.netfilter.nf_conntrack_max : 1000000 }
     description: |
       YAML-formatted associative array of sysctl key/value pairs to be set
       persistently e.g. '{ kernel.pid_max : 4194303 }'.
diff --git a/hooks/neutron_hooks.py b/hooks/neutron_hooks.py
index ec507269..8d29ea4d 100755
--- a/hooks/neutron_hooks.py
+++ b/hooks/neutron_hooks.py
@@ -122,9 +122,10 @@ def config_changed():
 
     update_nrpe_config()
 
-    sysctl_dict = config('sysctl')
-    if sysctl_dict:
-        create_sysctl(sysctl_dict, '/etc/sysctl.d/50-quantum-gateway.conf')
+    sysctl_settings = config('sysctl')
+    if sysctl_settings:
+        create_sysctl(sysctl_settings,
+                      '/etc/sysctl.d/50-quantum-gateway.conf')
 
     if config('vendor-data'):
         write_vendordata(config('vendor-data'))
diff --git a/unit_tests/test_neutron_hooks.py b/unit_tests/test_neutron_hooks.py
index 69dcc1e3..1a43033f 100644
--- a/unit_tests/test_neutron_hooks.py
+++ b/unit_tests/test_neutron_hooks.py
@@ -120,7 +120,10 @@ class TestQuantumHooks(CharmTestCase):
 
         def mock_relids(rel):
             return ['relid']
-        self.test_config.set('sysctl', '{ kernel.max_pid: "1337"}')
+        self.test_config.set(
+            'sysctl',
+            '{foo : bar}'
+        )
         self.openstack_upgrade_available.return_value = True
         self.valid_plugin.return_value = True
         self.relation_ids.side_effect = mock_relids
@@ -131,8 +134,9 @@ class TestQuantumHooks(CharmTestCase):
         self.assertTrue(self.configure_ovs.called)
         self.assertTrue(_amqp_joined.called)
         self.assertTrue(_amqp_nova_joined.called)
-        self.assertTrue(self.create_sysctl.called)
-        self.configure_apparmor.assert_called_with()
+        self.create_sysctl.assert_called_with(
+            '{foo : bar}',
+            '/etc/sysctl.d/50-quantum-gateway.conf')
 
     def test_config_changed_upgrade(self):
         self.disable_nova_metadata.return_value = False