diff --git a/README.md b/README.md
index c2f08098f625311d736f03d170603d77a73fc983..dfba196aebcd3beead1c6ffb8c0a73b7c8fdff98 100644
--- a/README.md
+++ b/README.md
@@ -196,6 +196,15 @@ QCOW2 images can be loopback-mounted with a bit of help from nbd:
 
 More details at <http://en.wikibooks.org/wiki/QEMU/Images>
 
+## Speed
+
+The initial packer build-from-ISO phase is slow. If you have to start from
+scratch it can easily take 10-15 minutes.  Normally, packer would be used to
+make a "plain" OS image which some other tool would provision, e.g.
+[vagrant](https://www.vagrantup.com/docs/).  However, vagrant doesn't have
+support for qemu out-of-the-box (it can use libvirt with a plugin), so for
+now we are building the entire final VTP image in packer.
+
 # Provisioners
 
 [Provisioners](https://www.packer.io/docs/templates/provisioners.html) perform
@@ -207,3 +216,6 @@ a shell command run within the guest.
 For the remaining changes we prefer to use ansible: since ansible is
 idempotent, it is relatively easy to iterate development of the
 configuration without always having to rebuild the VM image from scratch.
+
+We "git clone" the ansible configuration inside the VM, so that it is easy
+to make adjustments and commit them back.
diff --git a/ansible/hosts b/ansible/hosts
new file mode 100644
index 0000000000000000000000000000000000000000..2302edae31b44da92e28582707b403fd7ad1342e
--- /dev/null
+++ b/ansible/hosts
@@ -0,0 +1 @@
+localhost ansible_connection=local
diff --git a/ansible/networking.yml b/ansible/networking.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4250bcfe98643384789513c8defcd5b1888d7e1f
--- /dev/null
+++ b/ansible/networking.yml
@@ -0,0 +1,13 @@
+# This playbook updates the networking configuration
+# (/etc/network/interfaces)
+#
+# If you have manually altered the networking configuration, this will
+# overwrite your changes! And if the configuration changes, you may need
+# to reboot your machine!
+
+---
+- hosts:
+    - localhost
+  roles:
+    - { role: update_cache, tags: update_cache }
+    - { role: networking, tags: networking }
diff --git a/ansible/roles/networking/handlers/main.yml b/ansible/roles/networking/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c4ef950e6fd96a3c00b414e313d41f6620cb065a
--- /dev/null
+++ b/ansible/roles/networking/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+# This is too dangerous. You would need to do "networking stop" with the
+# old interfaces file, then replace, then "networking start" with the new.
+#- name: restart networking
+#  service: name=networking state=restarted
+
+- name: restart networking
+  debug: msg="/etc/network/interfaces has changed, you may need to reboot"
diff --git a/ansible/roles/networking/tasks/main.yml b/ansible/roles/networking/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5e66274e19b4d9c6d4e57eed12b4d8a69babb416
--- /dev/null
+++ b/ansible/roles/networking/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: install network support packages
+  apt: pkg={{item}} state=present
+  with_items:
+    - vlan
+    - bridge-utils
+  tags: bridge
+
+- name: check bridge module is loaded
+  modprobe: name=bridge state=present
+  tags: bridge
+
+- name: install /etc/network/interfaces
+  template: src=interfaces dest=/etc/network/interfaces mode=644 backup=yes
+  notify: restart networking
+  tags: interfaces
+
+- name: create /etc/network/interfaces.d
+  file: path=/etc/network/interfaces.d state=directory mode=755
+  tags: interfaces
+
+- name: install files under /etc/network/interfaces.d/
+  template: src=interfaces.d/{{item}} dest=/etc/network/interfaces.d/{{item}} mode=644 backup=yes
+  with_items:
+    - br-wan.cfg
+  notify: restart networking
+  tags: interfaces
diff --git a/ansible/roles/networking/templates/interfaces b/ansible/roles/networking/templates/interfaces
new file mode 100644
index 0000000000000000000000000000000000000000..97589ca62822e643f59d036642cc206796becd14
--- /dev/null
+++ b/ansible/roles/networking/templates/interfaces
@@ -0,0 +1,8 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
diff --git a/ansible/roles/networking/templates/interfaces.d/br-wan.cfg b/ansible/roles/networking/templates/interfaces.d/br-wan.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..4c3660f8a75ac1217ad5d2dab49847bb5d247b7a
--- /dev/null
+++ b/ansible/roles/networking/templates/interfaces.d/br-wan.cfg
@@ -0,0 +1,12 @@
+# The external network interface
+auto {{ansible_default_ipv4.interface}}
+iface {{ansible_default_ipv4.interface}} inet manual
+
+auto br-wan
+iface br-wan inet dhcp
+bridge_ports    {{ansible_default_ipv4.interface}}
+bridge_stp      off
+bridge_fd       0
+bridge_maxwait  0
+
+#iface br-wan inet6 auto|dhcp
diff --git a/ansible/roles/update_cache/handlers/main.yml b/ansible/roles/update_cache/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ab06267df302eae439501e6dc0d978e8bf7e9256
--- /dev/null
+++ b/ansible/roles/update_cache/handlers/main.yml
@@ -0,0 +1,4 @@
+# Trigger to refresh cache when a new PPA has been added
+---
+- name: apt update cache
+  apt: update_cache=yes
diff --git a/ansible/roles/update_cache/tasks/main.yml b/ansible/roles/update_cache/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..33151672456894d34363654c124a6d77e2c48a35
--- /dev/null
+++ b/ansible/roles/update_cache/tasks/main.yml
@@ -0,0 +1 @@
+- apt: update_cache=yes cache_valid_time=3600
diff --git a/preseed.cfg b/preseed.cfg
index 43038e3eb64036eb8e77cb83fafcf1b162db82cd..e9969182c7334150478bdc918163c052ddf9187e 100644
--- a/preseed.cfg
+++ b/preseed.cfg
@@ -61,7 +61,7 @@ d-i passwd/root-password password nsrc
 d-i passwd/root-password-again password nsrc
 d-i passwd/make-user boolean false
 d-i user-setup/allow-password-weak boolean true
-d-i pkgsel/include string python ntp zfsutils-linux lxd bridge-utils
+d-i pkgsel/include string ntp
 d-i pkgsel/install-language-support boolean false
 d-i pkgsel/update-policy select none
 d-i pkgsel/upgrade select full-upgrade
diff --git a/run.sh b/run.sh
new file mode 100755
index 0000000000000000000000000000000000000000..ffad248198df2b1dc108e8eb577cf0ca7ef2718a
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+#export PACKER_LOG=1
+./packer build -only=qemu -var headless=true vtp.json
diff --git a/vtp.json b/vtp.json
index 32aa5f017d9ecebf5d1a2a43e5289dfb45363b58..c6d99dcb782803054aded9a63e093287570dec1b 100644
--- a/vtp.json
+++ b/vtp.json
@@ -12,13 +12,13 @@
       "format": "qcow2",
       "accelerator": "kvm",
       "qemuargs": [
-        [ "-m", "512M" ]
+        [ "-m", "1024M" ]
       ],
       "net_device": "virtio-net",
       "disk_interface": "virtio",
       "vm_name": "vtp.qcow2",
       "skip_compaction": false,
-      "disk_compression": false,
+      "disk_compression": true,
       "floppy_files": [ "preseed.cfg" ],
       "boot_command": [
         "<enter><wait><f6><esc><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
@@ -60,8 +60,27 @@
     {
       "type": "shell",
       "inline": [
+        "apt-get install -y software-properties-common python python-pip libssl-dev libffi-dev zfsutils-linux lxd criu sshpass git wget",
+        "# LXD/ZFS setup",
         "lxd init --auto --storage-backend=zfs --storage-pool=lxd --storage-create-device=/dev/vda1",
-        "lxc info  # to create certificate"
+        "zfs set dedup=on lxd",
+        "lxc info  # to create certificate",
+        "lxc config set images.auto_update_interval 0",
+        "lxc config set images.auto_update_cached false",
+        "# Ansible setup: we need v2.1+ to have the lxd connection plugin",
+        "pip install git+https://github.com/ansible/ansible.git@v2.1.0.0-0.4.rc4",
+        "git clone https://git.nsrc.org/open/vtp.git",
+        "cd vtp",
+        "git remote add ssh git@git.nsrc.org:open/vtp.git  # helpful for git push",
+        "cd ansible",
+        "# Under-development lxd_container plugin: https://github.com/ansible/ansible-modules-extras/pull/2208",
+        "mkdir action_plugins",
+        "wget -P action_plugins https://raw.githubusercontent.com/hnakamur/ansible-modules-extras/lxd_container_using_lxc_command/cloud/lxd/lxd_container.py",
+        "# Ansible run",
+        "ansible-playbook -i hosts networking.yml",
+        "# Finishing up",
+        "zfs set dedup=off lxd",
+        "apt-get -y clean"
       ]
     }
   ]