diff --git a/ansible/roles/elasticsearch/tasks/config-host.yml b/ansible/roles/elasticsearch/tasks/config-host.yml
index c5ab5a67b7601e1fb0472fca21f3b627d79057bd..cf9a8f9969f5c4e582493a59ef8f67c3ae6a5a53 100644
--- a/ansible/roles/elasticsearch/tasks/config-host.yml
+++ b/ansible/roles/elasticsearch/tasks/config-host.yml
@@ -1,13 +1,17 @@
 ---
 - name: Setting sysctl values
   become: true
+  vars:
+    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
   sysctl:
     name: "{{ item.name }}"
-    value: "{{ item.value }}"
-    sysctl_set: yes
+    state: "{{ should_set | ternary('present', 'absent') }}"
+    value: "{{ should_set | ternary(item.value, omit) }}"
+    sysctl_set: "{{ should_set }}"
     sysctl_file: "{{ kolla_sysctl_conf_path }}"
   with_items:
     - { name: "vm.max_map_count", value: 262144}
   when:
     - set_sysctl | bool
+    - item.value != 'KOLLA_SKIP'
     - inventory_hostname in groups['elasticsearch']
diff --git a/ansible/roles/haproxy/tasks/config-host.yml b/ansible/roles/haproxy/tasks/config-host.yml
index 68bc51595ba9163099585011c2150bacb0e73d4c..cad68d2c16dada8d2e4a074c7b7066260df5e66d 100644
--- a/ansible/roles/haproxy/tasks/config-host.yml
+++ b/ansible/roles/haproxy/tasks/config-host.yml
@@ -1,9 +1,12 @@
 ---
 - name: Setting sysctl values
+  vars:
+    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
   sysctl:
     name: "{{ item.name }}"
-    value: "{{ item.value }}"
-    sysctl_set: yes
+    state: "{{ should_set | ternary('present', 'absent') }}"
+    value: "{{ should_set | ternary(item.value, omit) }}"
+    sysctl_set: "{{ should_set }}"
     sysctl_file: "{{ kolla_sysctl_conf_path }}"
   become: true
   with_items:
@@ -12,6 +15,7 @@
     - { name: "net.unix.max_dgram_qlen", value: 128}
   when:
     - set_sysctl | bool
+    - item.value != 'KOLLA_SKIP'
 
 - name: Load and persist keepalived module
   import_role:
diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index af3fd83343c4b124aa4ff2cea8a9bf3e13865af1..f4ba2919775068a05cf6c37d5fc419453e8d9d17 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -375,6 +375,8 @@ neutron_logging_debug: "{{ openstack_logging_debug }}"
 
 openstack_neutron_auth: "{{ openstack_auth }}"
 
+# Set to KOLLA_SKIP to skip setting these (even if set already - total ignore).
+# Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file.
 neutron_l3_agent_host_rp_filter_mode: 0
 neutron_l3_agent_host_ipv4_neigh_gc_thresh1: 128
 neutron_l3_agent_host_ipv4_neigh_gc_thresh2: 28672
diff --git a/ansible/roles/neutron/tasks/config-host.yml b/ansible/roles/neutron/tasks/config-host.yml
index fde07afbbee6d0ef9c7cc589fbc48279ebab86df..7f885d6810b07dd7d30279acc1358e6c2dba4971 100644
--- a/ansible/roles/neutron/tasks/config-host.yml
+++ b/ansible/roles/neutron/tasks/config-host.yml
@@ -17,10 +17,12 @@
   become: true
   vars:
     neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}"
+    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
   sysctl:
     name: "{{ item.name }}"
-    value: "{{ item.value }}"
-    sysctl_set: yes
+    state: "{{ should_set | ternary('present', 'absent') }}"
+    value: "{{ should_set | ternary(item.value, omit) }}"
+    sysctl_set: "{{ should_set }}"
     sysctl_file: "{{ kolla_sysctl_conf_path }}"
   with_items:
     - { name: "net.ipv4.ip_forward", value: 1}
@@ -34,4 +36,5 @@
     - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"}
   when:
     - set_sysctl | bool
+    - item.value != 'KOLLA_SKIP'
     - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool)
diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml
index 387bf9cbf437e0a81335722ee64b8b2cc1e8208f..2bf2a5f48c8f59b23edcd65655cef0a92ab4649c 100644
--- a/ansible/roles/nova-cell/defaults/main.yml
+++ b/ansible/roles/nova-cell/defaults/main.yml
@@ -334,7 +334,10 @@ nova_logging_debug: "{{ openstack_logging_debug }}"
 
 openstack_nova_auth: "{{ openstack_auth }}"
 
+# Set to KOLLA_SKIP to skip setting these (even if set already - total ignore).
+# Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file.
 nova_compute_host_rp_filter_mode: 0
+
 nova_safety_upgrade: "no"
 
 nova_libvirt_port: "{{'16514' if libvirt_tls | bool  else '16509'}}"
diff --git a/ansible/roles/nova-cell/tasks/config-host.yml b/ansible/roles/nova-cell/tasks/config-host.yml
index c2a11689a56473a767e1db98d4c34321190a4c36..ca3a0a65ef926c59aa812397b697a6c906322eb4 100644
--- a/ansible/roles/nova-cell/tasks/config-host.yml
+++ b/ansible/roles/nova-cell/tasks/config-host.yml
@@ -10,10 +10,13 @@
 
 - name: Setting sysctl values
   become: true
+  vars:
+    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
   sysctl:
     name: "{{ item.name }}"
-    value: "{{ item.value }}"
-    sysctl_set: yes
+    state: "{{ should_set | ternary('present', 'absent') }}"
+    value: "{{ should_set | ternary(item.value, omit) }}"
+    sysctl_set: "{{ should_set }}"
     sysctl_file: "{{ kolla_sysctl_conf_path }}"
   with_items:
     - { name: "net.bridge.bridge-nf-call-iptables", value: 1}
@@ -22,6 +25,7 @@
     - { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
   when:
     - set_sysctl | bool
+    - item.value != 'KOLLA_SKIP'
     - inventory_hostname in groups[nova_cell_compute_group]
 
 # NOTE(yoctozepto): Part of bug #1681461 fix.
diff --git a/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml b/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4b14569420bed11eb2df87adeec2213810c07c67
--- /dev/null
+++ b/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Allows to skip and unset sysctl variables controlled by Kolla Ansible
+    plays using ``KOLLA_SKIP`` and ``KOLLA_UNSET`` values.