diff --git a/docker/services/ironic-neutron-agent.yaml b/docker/services/ironic-neutron-agent.yaml
new file mode 100644
index 0000000000..98a024d05c
--- /dev/null
+++ b/docker/services/ironic-neutron-agent.yaml
@@ -0,0 +1,122 @@
+heat_template_version: queens
+
+description: >
+  OpenStack ironic-neutron-agent service
+
+parameters:
+  DockerIronicNeutronAgentImage:
+    description: The container image to use for the ironic-neutron-agent
+    type: string
+  DockerNeutronConfigImage:
+    description: The container image to use for the neutron config_volume
+    type: string
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  IronicNeutronAgentBase:
+    type: ../../puppet/services/ironic-neutron-agent.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceData: {get_param: ServiceData}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+  NeutronLogging:
+    type: OS::TripleO::Services::Logging::NeutronCommon
+    properties:
+      NeutronServiceName: ironic-neutron-agent
+
+outputs:
+  role_data:
+    description: Role data for ironic-neutron-agent service
+    value:
+      service_name: {get_attr: [IronicNeutronAgentBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - get_attr: [IronicNeutronAgentBase, role_data, config_settings]
+          - get_attr: [NeutronLogging, config_settings]
+      puppet_config:
+        config_volume: neutron
+        puppet_tags: neutron_config,ironic_neutron_agent_config
+        step_config:
+          get_attr: [IronicNeutronAgentBase, role_data, step_config]
+        config_image: {get_param: DockerNeutronConfigImage}
+      kolla_config:
+        /var/lib/kolla/config_files/ironic_neutron_agent.json:
+          command: /usr/bin/ironic-neutron-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ironic_neutron_agent.ini --config-dir /etc/neutron/conf.d/common
+          config_files:
+            - source: "/var/lib/kolla/config_files/src/*"
+              dest: "/"
+              merge: true
+              preserve_properties: true
+          permissions:
+            - path: /var/log/neutron
+              owner: neutron:neutron
+              recurse: true
+      docker_config:
+        step_4:
+          ironic_neutron_agent:
+            start_order: 80
+            image: {get_param: DockerIronicNeutronAgentImage}
+            net: host
+            pid: host
+            privileged: true
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                - {get_attr: [NeutronLogging, volumes]}
+                -
+                  - /var/lib/kolla/config_files/ironic_neutron_agent.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
+      upgrade_tasks:
+        - name: Check if ironic-neutron-agent is deployed
+          command: systemctl is-enabled --quiet ironic-neutron-agent
+          tags: common
+          ignore_errors: True
+          register: ironic_neutron_agent_enabled
+        - name: "PreUpgrade step0,validation: Check service ironic-neutron-agent is running"
+          command: systemctl is-active --quiet ironic-neutron-agent
+          when:
+            - step|int == 0
+            - ironic_neutron_agent_enabled.rc == 0
+          tags: validation
+        - name: Stop and disable ironic-neutron-agent service
+          when:
+            - step|int == 2
+            - ironic_neutron_agent_enabled.rc == 0
+          service: name=ironic-neutron-agent state=stopped enabled=no
diff --git a/environments/services-baremetal/ironic.yaml b/environments/services-baremetal/ironic.yaml
index b81b02698a..074127b31d 100644
--- a/environments/services-baremetal/ironic.yaml
+++ b/environments/services-baremetal/ironic.yaml
@@ -2,5 +2,7 @@ resource_registry:
   OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml
   OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml
   OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml
+  # Uncomment this line to enable the ironic-neutron-agent - Required for routed provider networks
+  # OS::TripleO::Services::IronicNeutronAgent: ../../puppet/services/ironic-neutron-agent.yaml
 parameter_defaults:
   NovaSchedulerDiscoverHostsInCellsInterval: 15
diff --git a/environments/services-docker/ironic.yaml b/environments/services-docker/ironic.yaml
index e927ecb32f..776a1d7d38 100644
--- a/environments/services-docker/ironic.yaml
+++ b/environments/services-docker/ironic.yaml
@@ -3,3 +3,5 @@ resource_registry:
   OS::TripleO::Services::IronicConductor: ../../docker/services/ironic-conductor.yaml
   OS::TripleO::Services::IronicPxe: ../../docker/services/ironic-pxe.yaml
   OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
+  # Uncomment this line to enable the ironic-neutron-agent - Required for routed provider networks
+  # OS::TripleO::Services::IronicNeutronAgent: ../../docker/services/ironic-neutron-agent.yaml
diff --git a/environments/services/ironic.yaml b/environments/services/ironic.yaml
index e927ecb32f..776a1d7d38 100644
--- a/environments/services/ironic.yaml
+++ b/environments/services/ironic.yaml
@@ -3,3 +3,5 @@ resource_registry:
   OS::TripleO::Services::IronicConductor: ../../docker/services/ironic-conductor.yaml
   OS::TripleO::Services::IronicPxe: ../../docker/services/ironic-pxe.yaml
   OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
+  # Uncomment this line to enable the ironic-neutron-agent - Required for routed provider networks
+  # OS::TripleO::Services::IronicNeutronAgent: ../../docker/services/ironic-neutron-agent.yaml
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 586a8dc23a..63d37b1c62 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -302,6 +302,7 @@ resource_registry:
   OS::TripleO::Services::IronicConductor: OS::Heat::None
   OS::TripleO::Services::IronicInspector: OS::Heat::None
   OS::TripleO::Services::IronicPxe: OS::Heat::None
+  OS::TripleO::Services::IronicNeutronAgent: OS::Heat::None
   OS::TripleO::Services::NovaIronic: OS::Heat::None
   OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml
   OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml
diff --git a/puppet/services/ironic-neutron-agent.yaml b/puppet/services/ironic-neutron-agent.yaml
new file mode 100644
index 0000000000..01cf40a0f9
--- /dev/null
+++ b/puppet/services/ironic-neutron-agent.yaml
@@ -0,0 +1,87 @@
+heat_template_version: queens
+
+description: >
+  OpenStack ironic-neutron-agent configured with Puppet
+
+parameters:
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  IronicPassword:
+    description: The password for the Ironic service and db account, used by the Ironic services
+    type: string
+    hidden: true
+  KeystoneRegion:
+    type: string
+    default: 'regionOne'
+    description: Keystone region for endpoint
+
+resources:
+
+  NeutronBase:
+    type: ./neutron-base.yaml
+    properties:
+      ServiceData: {get_param: ServiceData}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the ironic-neutron-agent service.
+    value:
+      service_name: ironic_neutron_agent
+      config_settings:
+        map_merge:
+          - get_attr: [NeutronBase, role_data, config_settings]
+          - neutron::agents::ml2::networking_baremetal::user: 'ironic'
+          - neutron::agents::ml2::networking_baremetal::password: {get_param: IronicPassword}
+          - neutron::agents::ml2::networking_baremetal::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
+          - neutron::agents::ml2::networking_baremetal::project_name: 'service'
+          - neutron::agents::ml2::networking_baremetal::user_domain_name: 'Default'
+          - neutron::agents::ml2::networking_baremetal::project_domain_name: 'Default'
+          - neutron::agents::ml2::networking_baremetal::region_name: {get_param: KeystoneRegion}
+      step_config: |
+        include tripleo::profile::base::neutron::agents::networking_baremetal
+      upgrade_tasks:
+        - name: Check if ironic-neutron-agent is deployed
+          command: systemctl is-enabled ironic-neutron-agent
+          tags: common
+          ignore_errors: True
+          register: ironic_neutron_agent_enabled
+        - name: "PreUpgrade step0,validation: Check service ironic-neutron-agent is running"
+          shell: /usr/bin/systemctl show 'ironic-neutron-agent' --property ActiveState | grep '\bactive\b'
+          when:
+            - step|int == 0
+            - ironic_neutron_agent_enabled.rc == 0
+          tags: validation
+        - name: Stop ironic-neutron-agent service
+          when:
+            - step|int == 1
+            - ironic_neutron_agent_enabled.rc == 0
+          service: name=ironic-neutron-agent state=stopped
diff --git a/releasenotes/notes/ironic-networking-baremetal-29d9ad465565bb87.yaml b/releasenotes/notes/ironic-networking-baremetal-29d9ad465565bb87.yaml
new file mode 100644
index 0000000000..2604ad6f90
--- /dev/null
+++ b/releasenotes/notes/ironic-networking-baremetal-29d9ad465565bb87.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - Adds support for Ironic Networking Baremetal. Networking Baremetal
+    is used to integrate the Bare Metal service with the Networking service.