diff --git a/systemvm/patches/debian/config/var/chef/cookbooks/csip/providers/device.rb b/systemvm/patches/debian/config/var/chef/cookbooks/csip/providers/device.rb
index 2ae0048929d..9afbb088fde 100755
--- a/systemvm/patches/debian/config/var/chef/cookbooks/csip/providers/device.rb
+++ b/systemvm/patches/debian/config/var/chef/cookbooks/csip/providers/device.rb
@@ -81,7 +81,8 @@ def unPlumbDevice
     if ! execute("ip addr del dev #{current_resource.device} #{current_resource.cidrs}")
          Chef::Log.error "#{ @new_resource.device } failed to delete ip on interface"
          return false
-     end
+    end
+    execute("ip route del table Table_#{current_resource.device}")
     return true
 end
 
diff --git a/systemvm/patches/debian/config/var/chef/cookbooks/csip/providers/route.rb b/systemvm/patches/debian/config/var/chef/cookbooks/csip/providers/route.rb
index c2c4aaa6f42..3e629e8c4b2 100644
--- a/systemvm/patches/debian/config/var/chef/cookbooks/csip/providers/route.rb
+++ b/systemvm/patches/debian/config/var/chef/cookbooks/csip/providers/route.rb
@@ -83,6 +83,7 @@ def typeDevExists
 end
 
 def typeDefaultExists
+    puts "ip route show table #{@current_resource.table} dev #{@current_resource.dev} via #{@current_resource.ip}\n"
     executeReturn("ip route show table #{@current_resource.table} dev #{@current_resource.dev} via #{@current_resource.ip}").each do |line|
        next if ! line.include? "default"
        return true
diff --git a/systemvm/patches/debian/config/var/chef/cookbooks/csip/providers/rule.rb b/systemvm/patches/debian/config/var/chef/cookbooks/csip/providers/rule.rb
new file mode 100644
index 00000000000..063307fa1c0
--- /dev/null
+++ b/systemvm/patches/debian/config/var/chef/cookbooks/csip/providers/rule.rb
@@ -0,0 +1,71 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# This provider manipulates ip rule sets
+# eg.
+# ip rule add fwmark 1 table Table_eth1
+#
+action :create do
+  if @current_resource.exists
+    Chef::Log.info "#{ @new_resource.dev } already exists - nothing to do."
+  else
+    converge_by("Creating rule for #{ @new_resource }") do
+      createRule
+    end
+  end
+end
+
+action :delete do
+
+end
+
+def load_current_resource
+  @current_resource = Chef::Resource::CsipRule.new(@new_resource.name)
+  @current_resource.exists = false
+  @current_resource.dev(@new_resource.dev)
+  @current_resource.type(@new_resource.type)
+  @current_resource.mask(@new_resource.mask)
+  @current_resource.ip(@new_resource.ip)
+  @current_resource.network(calculateNetwork(@new_resource.ip,@new_resource.mask))
+  @current_resource.cidrm(calculateCIDRMask(@new_resource.mask))
+  if rule_exists?
+     @current_resource.exists = true
+  end
+end
+
+def rule_exists?
+    # from 172.16.0.0/16 lookup
+    # from all fwmark 0x1 lookup Table_eth1
+    str = ""
+    if @current_resource.type == "lookup"
+       str = "from #{@current_resource.network}/#{@current_resource.cidrm} lookup"
+    end
+    tableNo = @currentResource.dev[3,1].hex
+    if @current_resource.type == "fwmark"
+       str = "from all fwmark #{tableNo} lookup Table_#{current_resource}.dev"
+    end
+    executeReturn("ip rule show").each do |line|
+       next if ! line.include? str
+       return true
+    end
+    return false
+end
+
+def createRule
+    #execute(" echo #{@current_resource.dev[3,1]} #{@current_resource.table} >> /etc/iproute2/rt_tables")
+    return true
+end
diff --git a/systemvm/patches/debian/config/var/chef/cookbooks/csip/resources/rule.rb b/systemvm/patches/debian/config/var/chef/cookbooks/csip/resources/rule.rb
new file mode 100644
index 00000000000..d42d5419709
--- /dev/null
+++ b/systemvm/patches/debian/config/var/chef/cookbooks/csip/resources/rule.rb
@@ -0,0 +1,32 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# This provider manipulates ip rule sets
+# eg.
+# ip rule add fwmark 1 table Table_eth1
+#
+actions :create, :delete
+default_action(:create)
+
+# dev default
+attribute(:dev)
+attribute(:type)
+attribute(:ip)
+attribute(:mask)
+attribute(:network)
+
+attr_accessor :exists