diff --git a/ansible/group_vars/all/controllers b/ansible/group_vars/all/controllers
index 9799eadb2..f1c98d9d9 100644
--- a/ansible/group_vars/all/controllers
+++ b/ansible/group_vars/all/controllers
@@ -110,3 +110,9 @@ controller_lvm_group_data_lv_docker_volumes_size: 75%VG
 
 # Filesystem for docker volumes LVM backing volume. ext4 allows for shrinking.
 controller_lvm_group_data_lv_docker_volumes_fs: ext4
+
+###############################################################################
+# Controller node sysctl configuration.
+
+# Dict of sysctl parameters to set.
+controller_sysctl_parameters: {}
diff --git a/ansible/group_vars/all/monitoring b/ansible/group_vars/all/monitoring
index f66c322a6..9589e552d 100644
--- a/ansible/group_vars/all/monitoring
+++ b/ansible/group_vars/all/monitoring
@@ -69,3 +69,9 @@ monitoring_lvm_groups_default: "{{ controller_lvm_groups_default }}"
 # Additional list of monitoring node volume groups. See mrlesmithjr.manage-lvm
 # role for format.
 monitoring_lvm_groups_extra: "{{ controller_lvm_groups_extra }}"
+
+###############################################################################
+# Monitoring node sysctl configuration.
+
+# Dict of sysctl parameters to set.
+monitoring_sysctl_parameters: {}
diff --git a/ansible/group_vars/all/seed b/ansible/group_vars/all/seed
index a738cfa65..12aefb778 100644
--- a/ansible/group_vars/all/seed
+++ b/ansible/group_vars/all/seed
@@ -67,3 +67,9 @@ seed_lvm_group_data_lv_docker_volumes_size: 75%VG
 
 # Filesystem for docker volumes LVM backing volume. ext4 allows for shrinking.
 seed_lvm_group_data_lv_docker_volumes_fs: ext4
+
+###############################################################################
+# Seed node sysctl configuration.
+
+# Dict of sysctl parameters to set.
+seed_sysctl_parameters: {}
diff --git a/ansible/group_vars/all/seed-hypervisor b/ansible/group_vars/all/seed-hypervisor
index f46840d08..bf6b86403 100644
--- a/ansible/group_vars/all/seed-hypervisor
+++ b/ansible/group_vars/all/seed-hypervisor
@@ -57,3 +57,9 @@ seed_hypervisor_libvirt_networks: >
      net_select_bridges |
      map('net_libvirt_network') |
      list }}
+
+###############################################################################
+# Seed hypervisor sysctl configuration.
+
+# Dict of sysctl parameters to set.
+seed_hypervisor_sysctl_parameters: {}
diff --git a/ansible/group_vars/controllers/sysctl b/ansible/group_vars/controllers/sysctl
new file mode 100644
index 000000000..6111d2fa6
--- /dev/null
+++ b/ansible/group_vars/controllers/sysctl
@@ -0,0 +1,3 @@
+---
+# Dict of sysctl parameters to set.
+sysctl_parameters: "{{ controller_sysctl_parameters }}"
diff --git a/ansible/group_vars/monitoring/sysctl b/ansible/group_vars/monitoring/sysctl
new file mode 100644
index 000000000..6569f6dfa
--- /dev/null
+++ b/ansible/group_vars/monitoring/sysctl
@@ -0,0 +1,3 @@
+---
+# Dict of sysctl parameters to set.
+sysctl_parameters: "{{ monitoring_sysctl_parameters }}"
diff --git a/ansible/group_vars/seed-hypervisor/sysctl b/ansible/group_vars/seed-hypervisor/sysctl
new file mode 100644
index 000000000..e8b617956
--- /dev/null
+++ b/ansible/group_vars/seed-hypervisor/sysctl
@@ -0,0 +1,3 @@
+---
+# Dict of sysctl parameters to set.
+sysctl_parameters: "{{ seed_hypervisor_sysctl_parameters }}"
diff --git a/ansible/group_vars/seed/sysctl b/ansible/group_vars/seed/sysctl
new file mode 100644
index 000000000..faf464636
--- /dev/null
+++ b/ansible/group_vars/seed/sysctl
@@ -0,0 +1,3 @@
+---
+# Dict of sysctl parameters to set.
+sysctl_parameters: "{{ seed_sysctl_parameters }}"
diff --git a/ansible/roles/sysctl/README.md b/ansible/roles/sysctl/README.md
new file mode 100644
index 000000000..b7ac43721
--- /dev/null
+++ b/ansible/roles/sysctl/README.md
@@ -0,0 +1,42 @@
+Sysctl
+======
+
+This role configures sysctl parameters.
+
+Requirements
+------------
+
+None
+
+Role Variables
+--------------
+
+`sysctl_file` is the name of a file in which to persist sysctl parameters.
+
+`sysctl_set` is whether to verify token value with the sysctl command and set
+with -w if necessary.
+
+`sysctl_parameters` is a dict of sysctl parameters to set.
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+This playbook will set the `net.ipv4.ip_forward` parameter to `1`.
+
+    ---
+    - hosts: all
+      roles:
+        - role: sysctl
+          sysctl_set: yes
+          sysctl_parameters:
+            net.ipv4.ip_forward: 1
+
+Author Information
+------------------
+
+- Mark Goddard (<mark@stackhpc.com>)
diff --git a/ansible/roles/sysctl/defaults/main.yml b/ansible/roles/sysctl/defaults/main.yml
new file mode 100644
index 000000000..13b2501be
--- /dev/null
+++ b/ansible/roles/sysctl/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+# File in which to write sysctl parameters.
+sysctl_file:
+
+# Verify token value with the sysctl command and set with -w if necessary.
+sysctl_set:
+
+# Dict of parameters to set via sysctl.
+sysctl_parameters: {}
diff --git a/ansible/roles/sysctl/tasks/main.yml b/ansible/roles/sysctl/tasks/main.yml
new file mode 100644
index 000000000..2884b2cdb
--- /dev/null
+++ b/ansible/roles/sysctl/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Ensure sysctl parameters are configured
+  sysctl:
+    name: "{{ item.key }}"
+    state: "present"
+    sysctl_file: "{{ sysctl_file or omit }}"
+    sysctl_set: "{{ sysctl_set or omit }}"
+    value: "{{ item.value }}"
+  with_dict: "{{ sysctl_parameters }}"
+  become: True
diff --git a/ansible/sysctl.yml b/ansible/sysctl.yml
new file mode 100644
index 000000000..78559a152
--- /dev/null
+++ b/ansible/sysctl.yml
@@ -0,0 +1,7 @@
+---
+- name: Ensure sysctl parameters are configured
+  hosts: seed:seed-hypervisor:overcloud
+  roles:
+    - role: sysctl
+      sysctl_file: "/etc/sysctl.d/kayobe"
+      sysctl_set: "yes"
diff --git a/doc/source/control-plane-service-placement.rst b/doc/source/control-plane-service-placement.rst
index 5170aeaa5..448ca336f 100644
--- a/doc/source/control-plane-service-placement.rst
+++ b/doc/source/control-plane-service-placement.rst
@@ -65,6 +65,7 @@ hosts in the ``monitoring`` group.
                           for format.
    ``network_interfaces`` List of names of networks to which the host is
                           connected.
+   ``sysctl_parameters``  Dict of sysctl parameters to set.
    ====================== =====================================================
 
 If configuring BIOS and RAID via ``kayobe overcloud bios raid configure``, the
@@ -182,6 +183,7 @@ providing the necessary variables for a control plane host.
    bootstrap_user: "{{ controller_bootstrap_user }}"
    lvm_groups: "{{ controller_lvm_groups }}"
    network_interfaces: "{{ controller_network_host_network_interfaces }}"
+   sysctl_parameters: "{{ controller_sysctl_parameters }}"
 
 Here we are using the controller-specific values for some of these variables,
 but they could equally be different.
diff --git a/etc/kayobe/controllers.yml b/etc/kayobe/controllers.yml
index a1d0e12a1..7e2cd9b39 100644
--- a/etc/kayobe/controllers.yml
+++ b/etc/kayobe/controllers.yml
@@ -86,6 +86,12 @@
 # Filesystem for docker volumes LVM backing volume. ext4 allows for shrinking.
 #controller_lvm_group_data_lv_docker_volumes_fs:
 
+###############################################################################
+# Controller node sysctl configuration.
+
+# Dict of sysctl parameters to set.
+#controller_sysctl_parameters:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
diff --git a/etc/kayobe/monitoring.yml b/etc/kayobe/monitoring.yml
index 300c4a714..0cba7baf3 100644
--- a/etc/kayobe/monitoring.yml
+++ b/etc/kayobe/monitoring.yml
@@ -63,6 +63,12 @@
 # role for format.
 #monitoring_lvm_groups_extra:
 
+###############################################################################
+# Monitoring node sysctl configuration.
+
+# Dict of sysctl parameters to set.
+#monitoring_sysctl_parameters:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
diff --git a/etc/kayobe/seed-hypervisor.yml b/etc/kayobe/seed-hypervisor.yml
index 33c1c530c..ad57215d6 100644
--- a/etc/kayobe/seed-hypervisor.yml
+++ b/etc/kayobe/seed-hypervisor.yml
@@ -44,6 +44,12 @@
 # List of libvirt networks for the seed hypervisor.
 #seed_hypervisor_libvirt_networks:
 
+###############################################################################
+# Seed hypervisor sysctl configuration.
+
+# Dict of sysctl parameters to set.
+#seed_hypervisor_sysctl_parameters:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml
index eda888a6d..492405786 100644
--- a/etc/kayobe/seed.yml
+++ b/etc/kayobe/seed.yml
@@ -51,6 +51,12 @@
 # Filesystem for docker volumes LVM backing volume. ext4 allows for shrinking.
 #seed_lvm_group_data_lv_docker_volumes_fs:
 
+###############################################################################
+# Seed node sysctl configuration.
+
+# Dict of sysctl parameters to set.
+#seed_sysctl_parameters:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py
index f75ea5b98..6181e6187 100644
--- a/kayobe/cli/commands.py
+++ b/kayobe/cli/commands.py
@@ -226,8 +226,8 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
     def take_action(self, parsed_args):
         self.app.LOG.debug("Configuring seed hypervisor host OS")
         playbooks = _build_playbook_list(
-            "ip-allocation", "ssh-known-host", "dev-tools", "network", "ntp",
-            "seed-hypervisor-libvirt-host")
+            "ip-allocation", "ssh-known-host", "dev-tools", "network",
+            "sysctl", "ntp", "seed-hypervisor-libvirt-host")
         self.run_kayobe_playbooks(parsed_args, playbooks,
                                   limit="seed-hypervisor")
 
@@ -285,8 +285,8 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
         if parsed_args.wipe_disks:
             playbooks += _build_playbook_list("wipe-disks")
         playbooks += _build_playbook_list(
-            "dev-tools", "disable-selinux", "network", "ip-routing", "snat",
-            "disable-glean", "ntp", "lvm")
+            "dev-tools", "disable-selinux", "network", "sysctl", "ip-routing",
+            "snat", "disable-glean", "ntp", "lvm")
         self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed")
         playbooks = _build_playbook_list("kolla-ansible")
         self.run_kayobe_playbooks(parsed_args, playbooks, tags="config")
@@ -465,8 +465,8 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
         if parsed_args.wipe_disks:
             playbooks += _build_playbook_list("wipe-disks")
         playbooks += _build_playbook_list(
-            "dev-tools", "disable-selinux", "network", "disable-glean", "ntp",
-            "lvm")
+            "dev-tools", "disable-selinux", "network", "sysctl",
+            "disable-glean", "ntp", "lvm")
         self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud")
         playbooks = _build_playbook_list("kolla-ansible")
         self.run_kayobe_playbooks(parsed_args, playbooks, tags="config")