diff --git a/puppet-manifests/centos/puppet-manifests.spec b/puppet-manifests/centos/puppet-manifests.spec
index 3f083950eb..2f141ce3eb 100644
--- a/puppet-manifests/centos/puppet-manifests.spec
+++ b/puppet-manifests/centos/puppet-manifests.spec
@@ -40,6 +40,7 @@ Requires: puppet-murano
 Requires: puppet-magnum
 Requires: puppet-ironic
 Requires: puppet-panko
+Requires: puppet-memcached
 
 # Puppetlabs puppet modules
 Requires: puppet-concat
diff --git a/puppet-manifests/src/hieradata/controller.yaml b/puppet-manifests/src/hieradata/controller.yaml
index bf7ad9c2a1..520c3f7480 100644
--- a/puppet-manifests/src/hieradata/controller.yaml
+++ b/puppet-manifests/src/hieradata/controller.yaml
@@ -115,6 +115,12 @@ haproxy::defaults_options:
   maxconn: '8000'
 
 
+# memcached
+# disable UDP listener to prevent DOS attack
+platform::memcached::params::udp_port: 0
+platform::memcached::params::max_connections: 8192
+platform::memcached::params::max_memory: 782
+
 # ceph
 ceph::public_addr: '127.0.0.1:5001'
 
diff --git a/puppet-manifests/src/manifests/controller.pp b/puppet-manifests/src/manifests/controller.pp
index 789f7d9ce4..bea9de6587 100644
--- a/puppet-manifests/src/manifests/controller.pp
+++ b/puppet-manifests/src/manifests/controller.pp
@@ -43,6 +43,8 @@ include ::platform::sysinv::conductor
 include ::platform::mtce
 include ::platform::mtce::agent
 
+include ::platform::memcached
+
 include ::platform::nfv
 include ::platform::nfv::api
 
diff --git a/puppet-manifests/src/modules/platform/manifests/memcached.pp b/puppet-manifests/src/modules/platform/manifests/memcached.pp
new file mode 100644
index 0000000000..0d8900dfc4
--- /dev/null
+++ b/puppet-manifests/src/modules/platform/manifests/memcached.pp
@@ -0,0 +1,49 @@
+class platform::memcached::params(
+ $package_ensure = 'present',
+ $logfile = '/var/log/memcached.log',
+ # set CACHESIZE in /etc/sysconfig/memcached
+ $max_memory = false,
+ $tcp_port = 11211,
+ $udp_port = 11211,
+ # set MAXCONN in /etc/sysconfig/memcached
+ $max_connections = 8192,
+ $service_restart = true,
+) {
+  include ::platform::params
+  $controller_0_hostname = $::platform::params::controller_0_hostname
+  $controller_1_hostname = $::platform::params::controller_1_hostname
+  $system_mode           = $::platform::params::system_mode
+
+  if $system_mode == 'simplex' {
+    $listen_ip = $::platform::network::mgmt::params::controller0_address
+  } else {
+    case $::hostname {
+      $controller_0_hostname: {
+        $listen_ip = $::platform::network::mgmt::params::controller0_address
+      }
+      $controller_1_hostname: {
+        $listen_ip = $::platform::network::mgmt::params::controller1_address
+      }
+    }
+  }
+}
+
+
+class platform::memcached
+  inherits ::platform::memcached::params {
+
+  class { '::memcached':
+    package_ensure  => $package_ensure,
+    logfile         => $logfile,
+    listen_ip       => $listen_ip,
+    tcp_port        => $tcp_port,
+    udp_port        => $udp_port,
+    max_connections => $max_connections,
+    max_memory      => $max_memory,
+    service_restart => $service_restart,
+  } ->
+
+  exec { 'systemctl enable memcached.service':
+    command => "/usr/bin/systemctl enable memcached.service",
+  }
+}