diff --git a/lib/puppet/type/neutron_plugin_ml2.rb b/lib/puppet/type/neutron_plugin_ml2.rb
index 0ac513739..fd2da376f 100644
--- a/lib/puppet/type/neutron_plugin_ml2.rb
+++ b/lib/puppet/type/neutron_plugin_ml2.rb
@@ -14,6 +14,28 @@ Puppet::Type.newtype(:neutron_plugin_ml2) do
       value.capitalize! if value =~ /^(true|false)$/i
       value
     end
+
+    def is_to_s( currentvalue )
+      if resource.secret?
+        return '[old secret redacted]'
+      else
+        return currentvalue
+      end
+    end
+
+    def should_to_s( newvalue )
+      if resource.secret?
+        return '[new secret redacted]'
+      else
+        return newvalue
+      end
+    end
+  end
+
+  newparam(:secret, :boolean => true) do
+    desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
+    newvalues(:true, :false)
+    defaultto false
   end
 
   newparam(:ensure_absent_val) do
diff --git a/manifests/agents/bigswitch.pp b/manifests/agents/bigswitch.pp
new file mode 100644
index 000000000..6b98a5d28
--- /dev/null
+++ b/manifests/agents/bigswitch.pp
@@ -0,0 +1,71 @@
+# == Class: neutron::agents::bigswitch
+#
+# Installs and configures the Big Switch agent and lldp
+#
+# === Parameters
+#
+# [*package_ensure*]
+#   (optional) The state of the package
+#   Defaults to present
+#
+# [*lldp_enabled*]
+#   (optional) The state of the neutron-bsn-lldp service
+#   Defaults to true
+#
+# [*agent_enabled*]
+#   (optional) The state of the neutron-bsn-agent service
+#   Defaults to false
+#
+#
+class neutron::agents::bigswitch (
+  $package_ensure = 'present',
+  $lldp_enabled   = true,
+  $agent_enabled  = false,
+) {
+
+  if($::osfamily != 'Redhat') {
+    fail("Unsupported osfamily ${::osfamily}")
+  }
+
+  require ::neutron::plugins::ml2::bigswitch
+
+  package { 'bigswitch-lldp':
+    ensure => $package_ensure,
+    name   => $::neutron::params::bigswitch_lldp_package,
+    tag    => 'openstack',
+  }
+
+  package { 'bigswitch-agent':
+    ensure => $package_ensure,
+    name   => $::neutron::params::bigswitch_agent_package,
+    tag    => 'openstack',
+  }
+
+  if $lldp_enabled {
+    $lldp_service_ensure = 'running'
+  } else {
+    $lldp_service_ensure = 'stopped'
+  }
+
+  if $agent_enabled {
+    $agent_service_ensure = 'running'
+  } else {
+    $agent_service_ensure = 'stopped'
+  }
+
+  service { 'bigswitch-lldp':
+    ensure  => $lldp_service_ensure,
+    name    => $::neutron::params::bigswitch_lldp_service,
+    enable  => $lldp_enabled,
+    require => [Class['neutron'], Package['bigswitch-lldp']],
+    tag     => 'neutron-service',
+  }
+
+  service { 'bigswitch-agent':
+    ensure  => $agent_service_ensure,
+    name    => $::neutron::params::bigswitch_agent_service,
+    enable  => $agent_enabled,
+    require => [Class['neutron'], Package['bigswitch-agent']],
+    tag     => 'neutron-service',
+  }
+}
diff --git a/manifests/params.pp b/manifests/params.pp
index 260c16410..41f75326e 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -26,6 +26,11 @@ class neutron::params {
     $sriov_nic_agent_service = 'neutron-sriov-nic-agent'
     $sriov_nic_agent_package = 'openstack-neutron-sriov-nic-agent'
 
+    $bigswitch_lldp_package  = 'openstack-neutron-bigswitch-lldp'
+    $bigswitch_agent_package = 'openstack-neutron-bigswitch-agent'
+    $bigswitch_lldp_service  = 'neutron-bsn-lldp'
+    $bigswitch_agent_service = 'neutron-bsn-agent'
+
     $cisco_server_package                   = 'openstack-neutron-cisco'
     $cisco_config_file                      = '/etc/neutron/plugins/cisco/cisco_plugins.ini'
     # Add templated Cisco Nexus ML2 config to confdir
diff --git a/manifests/plugins/ml2/bigswitch/restproxy.pp b/manifests/plugins/ml2/bigswitch/restproxy.pp
index a53ab769b..4684394f2 100644
--- a/manifests/plugins/ml2/bigswitch/restproxy.pp
+++ b/manifests/plugins/ml2/bigswitch/restproxy.pp
@@ -33,6 +33,22 @@
 # (optional) Directory where Big Switch controller certificate will be
 # stored. Defaults to '/var/lib/neutron'.
 #
+# [*auth_tenant*]
+# (optional) The tenant of the auth user
+# Defaults to service
+#
+# [*auth_password*]
+# (optional) The password to use for authentication (keystone)
+# Defaults to false.
+#
+# [*auth_user*]
+# (optional) The name of the auth user
+# Defaults to neutron
+#
+# [*auth_url*]
+# (optional) Complete public Identity API endpoint.
+# Defaults to: false
+#
 class neutron::plugins::ml2::bigswitch::restproxy (
   $servers,
   $server_auth,
@@ -42,6 +58,11 @@ class neutron::plugins::ml2::bigswitch::restproxy (
   $neutron_id           = 'neutron',
   $server_ssl           = true,
   $ssl_cert_directory   = '/var/lib/neutron',
+
+  $auth_tenant          = 'service',
+  $auth_password        = false,
+  $auth_user            = 'neutron',
+  $auth_url             = false,
 ) {
   require ::neutron::plugins::ml2::bigswitch
 
@@ -54,5 +75,10 @@ class neutron::plugins::ml2::bigswitch::restproxy (
     'restproxy/neutron_id'            : value => $neutron_id;
     'restproxy/server_ssl'            : value => $server_ssl;
     'restproxy/ssl_cert_directory'    : value => $ssl_cert_directory;
+
+    'restproxy/auth_tenant'           : value => $auth_tenant;
+    'restproxy/auth_password'         : value => $auth_password, secret => true;
+    'restproxy/auth_user'             : value => $auth_user;
+    'restproxy/auth_url'              : value => $auth_url;
   }
 }
diff --git a/spec/classes/neutron_agents_bigswitch.rb b/spec/classes/neutron_agents_bigswitch.rb
new file mode 100644
index 000000000..67318d1d4
--- /dev/null
+++ b/spec/classes/neutron_agents_bigswitch.rb
@@ -0,0 +1,114 @@
+require 'spec_helper'
+
+describe 'neutron::agents::bigswitch' do
+
+  let :pre_condition do
+    "class { 'neutron': rabbit_password => 'passw0rd' }"
+  end
+
+  let :test_facts do
+    {
+      :operatingsystem        => 'default',
+      :operatingsystemrelease => 'default',
+      :package_ensure         => 'present',
+    }
+  end
+
+  shared_examples_for 'neutron bigswitch base' do
+    it 'should have' do
+      is_expected.to contain_package('python-networking-bigswitch').with(
+        :ensure => 'present',
+        :tag    => 'openstack'
+      )
+    end
+  end
+
+  context 'neutron-bsn-agent only' do
+    let :facts do
+      @default_facts.merge(test_facts.merge({
+         :osfamily => 'RedHat',
+         :operatingsystemrelease => '7'
+      }))
+    end
+
+    let :params do
+      {
+        :lldp_enabled   => false,
+        :agent_enabled  => true
+      }
+    end
+
+    it_configures 'neutron bigswitch base'
+
+    it 'enable neutron-bsn-agent service' do
+      is_expected.to contain_service('bigswitch-agent').with(
+        :enable => params[:agent_enabled],
+        :ensure =>'running',
+        :tag    =>'neutron-service',
+      )
+    end
+
+    it 'disable neutron-bsn-lldp service' do
+      is_expected.to contain_service('bigswitch-lldp').with(
+        :enable => params[:lldp_enabled],
+        :ensure =>'stopped',
+        :tag    =>'neutron-service',
+      )
+    end
+
+  end
+
+  context 'neutron-bsn-lldp only' do
+    let :facts do
+      @default_facts.merge(test_facts.merge({
+         :osfamily => 'RedHat',
+         :operatingsystemrelease => '7'
+      }))
+    end
+
+    let :params do
+      {
+        :lldp_enabled  => true,
+        :agent_enabled => false
+      }
+    end
+
+    it_configures 'neutron bigswitch base'
+
+    it 'disable neutron-bsn-agent service' do
+      is_expected.to contain_service('bigswitch-agent').with(
+        :enable => params[:agent_enabled],
+        :ensure =>'stopped',
+        :tag    =>'neutron-service',
+      )
+    end
+
+    it 'enable neutron-bsn-lldp service' do
+      is_expected.to contain_service('bigswitch-lldp').with(
+        :enable => params[:lldp_enabled],
+        :ensure =>'running',
+        :tag    =>'neutron-service',
+      )
+    end
+
+  end
+
+  context 'on Debian platforms' do
+    let :facts do
+      @default_facts.merge(test_facts.merge({
+         :osfamily => 'Debian'
+      }))
+    end
+
+    let :params do
+      {
+        :lldp_enabled  => false,
+        :agent_enabled => false
+      }
+    end
+
+    it { is_expected.to raise_error(Puppet::Error, /Unsupported osfamily Debian/) }
+
+  end
+
+end
diff --git a/spec/classes/neutron_plugins_ml2_bigswitch_restproxy_spec.rb b/spec/classes/neutron_plugins_ml2_bigswitch_restproxy_spec.rb
index cce07f738..9d0ad3678 100644
--- a/spec/classes/neutron_plugins_ml2_bigswitch_restproxy_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_bigswitch_restproxy_spec.rb
@@ -44,6 +44,11 @@ describe 'neutron::plugins::ml2::bigswitch::restproxy' do
       is_expected.to contain_neutron_plugin_ml2('restproxy/neutron_id').with_value('neutron')
       is_expected.to contain_neutron_plugin_ml2('restproxy/server_ssl').with_value(true)
       is_expected.to contain_neutron_plugin_ml2('restproxy/ssl_cert_directory').with_value('/var/lib/neutron')
+
+      is_expected.to contain_neutron_plugin_ml2('restproxy/auth_tenant').with_value('service')
+      is_expected.to contain_neutron_plugin_ml2('restproxy/auth_password').with_value(false)
+      is_expected.to contain_neutron_plugin_ml2('restproxy/auth_user').with_value('neutron')
+      is_expected.to contain_neutron_plugin_ml2('restproxy/auth_url').with_value(false)
     end
 
     context 'with custom params' do
@@ -63,6 +68,11 @@ describe 'neutron::plugins::ml2::bigswitch::restproxy' do
         is_expected.to contain_neutron_plugin_ml2('restproxy/neutron_id').with_value('openstack')
         is_expected.to contain_neutron_plugin_ml2('restproxy/server_ssl').with_value(false)
         is_expected.to contain_neutron_plugin_ml2('restproxy/ssl_cert_directory').with_value('/var/lib/bigswitch')
+
+        is_expected.to contain_neutron_plugin_ml2('restproxy/auth_tenant').with_value('service')
+        is_expected.to contain_neutron_plugin_ml2('restproxy/auth_password').with_value(false)
+        is_expected.to contain_neutron_plugin_ml2('restproxy/auth_user').with_value('neutron')
+        is_expected.to contain_neutron_plugin_ml2('restproxy/auth_url').with_value(false)
       end
     end