diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index cdaef9b76..714747427 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -409,7 +409,8 @@ provider, the Nodepool image types are also defined (see
     Specify custom Neutron networks that get attached to each
     node. Specify the ``name`` of the network (a string) and if the
     network routes to the Internet, set the boolean ``public`` to
-    true.
+    true. If the network should be the target of floating IP NAT, set
+    ``nat_destination`` to true.
 
   ``ipv6-preferred``
     If it is set to True, nodepool will try to find ipv6 in public net first
diff --git a/nodepool/cmd/config_validator.py b/nodepool/cmd/config_validator.py
index bc987b427..f92cf2801 100644
--- a/nodepool/cmd/config_validator.py
+++ b/nodepool/cmd/config_validator.py
@@ -51,6 +51,7 @@ class ConfigValidator:
         network = {
             'name': v.Required(str),
             'public': bool,
+            'nat_destination': bool,
         }
 
         providers = {
diff --git a/nodepool/config.py b/nodepool/config.py
index 29938a41f..4873ccbe1 100644
--- a/nodepool/config.py
+++ b/nodepool/config.py
@@ -25,7 +25,6 @@ class Provider(ConfigValue):
             other.api_timeout != self.api_timeout or
             other.boot_timeout != self.boot_timeout or
             other.launch_timeout != self.launch_timeout or
-            other.use_neutron != self.use_neutron or
             other.networks != self.networks or
             other.ipv6_preferred != self.ipv6_preferred or
             other.azs != self.azs):
@@ -150,7 +149,6 @@ def loadConfig(config_path):
         p.api_timeout = provider.get('api-timeout')
         p.boot_timeout = provider.get('boot-timeout', 60)
         p.launch_timeout = provider.get('launch-timeout', 3600)
-        p.use_neutron = bool(provider.get('networks', ()))
         p.networks = []
         for network in provider.get('networks', []):
             n = Network()
@@ -165,6 +163,7 @@ def loadConfig(config_path):
                 n.name = network.get('name')
                 n.id = None
             n.public = network.get('public', False)
+            n.nat_destination = network.get('nat_destination', False)
         p.ipv6_preferred = provider.get('ipv6-preferred')
         p.azs = provider.get('availability-zones')
         p.template_hostname = provider.get(
@@ -313,6 +312,22 @@ def _cloudKwargsFromProvider(provider):
     if 'service-name' in provider:
         cloud_kwargs['compute-service-name'] = provider['service-name']
 
+    if 'networks' in provider:
+        networks = []
+        for network in provider.get('networks', []):
+            if 'net-id' in network:
+                name_or_id = network['net-id']
+            elif 'net-label' in network:
+                name_or_id = network['net-label']
+            else:
+                name_or_id = network.get('name')
+            external = network.get('public', False)
+            nat_destination = network.get('nat_destination', False)
+            networks.append(dict(
+                name=name_or_id, routes_externally=external,
+                nat_destination=nat_destination))
+        cloud_kwargs['networks'] = networks
+
     auth_kwargs = {}
     for auth_key in (
             'username', 'password', 'auth-url', 'project-id', 'project-name'):
diff --git a/nodepool/provider_manager.py b/nodepool/provider_manager.py
index aa1caea79..62c6818ca 100644
--- a/nodepool/provider_manager.py
+++ b/nodepool/provider_manager.py
@@ -176,18 +176,17 @@ class ProviderManager(TaskManager):
             create_args['key_name'] = key_name
         if az:
             create_args['availability_zone'] = az
-        if self.provider.use_neutron:
-            nics = []
-            for network in self.provider.networks:
-                if network.id:
-                    nics.append({'net-id': network.id})
-                elif network.name:
-                    net_id = self.findNetwork(network.name)['id']
-                    nics.append({'net-id': net_id})
-                else:
-                    raise Exception("Invalid 'networks' configuration.")
-            if nics:
-                create_args['nics'] = nics
+        nics = []
+        for network in self.provider.networks:
+            if network.id:
+                nics.append({'net-id': network.id})
+            elif network.name:
+                net_id = self.findNetwork(network.name)['id']
+                nics.append({'net-id': net_id})
+            else:
+                raise Exception("Invalid 'networks' configuration.")
+        if nics:
+            create_args['nics'] = nics
         # Put provider.name and image_name in as groups so that ansible
         # inventory can auto-create groups for us based on each of those
         # qualities
diff --git a/requirements.txt b/requirements.txt
index 4be3d4cb0..9cdc3143d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,7 +14,7 @@ PyMySQL
 PrettyTable>=0.6,<0.8
 # shade has a looser requirement on six than nodepool, so install six first
 six>=1.7.0
-os-client-config>=1.2.0
+os-client-config>=1.17.0
 shade>=1.6.2
 diskimage-builder
 voluptuous