diff --git a/.ansible-lint b/.ansible-lint
index b7e9ff1..6f6bc1c 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,7 +1,3 @@
 ---
-mock_roles:
-  - multi-node-bridge
-  - clear-firewall
-
 skip_list:
   - fqcn
diff --git a/.zuul.yaml b/.zuul.yaml
index b0161d6..221a38b 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -27,7 +27,9 @@
       jobs:
         - ffrouting-deploy
         - tox-linters
+        - tox-molecule
     gate:
       jobs:
         - ffrouting-deploy
         - tox-linters
+        - tox-molecule
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
new file mode 100644
index 0000000..8ddd51c
--- /dev/null
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,71 @@
+---
+dependency:
+  name: galaxy
+  # options:
+  #   requirements-file: requirements.yml
+  #   role-file: requirements.yml
+driver:
+  name: docker
+platforms:
+  - name: primary
+    groups:
+      - frr
+    image: "${docker_user:-quay.io/gotmax23}/${docker_image_tag:-debian-systemd:buster}"
+    command: ${docker_command:-""}
+    privileged: true
+    pre_build_image: true
+    networks:
+      - name: frr
+      - name: noop
+    docker_networks:
+      - name: noop
+        ipam_config:
+          - subnet: 192.168.1.0/24
+  - name: secondary
+    groups:
+      - frr
+    image: "${docker_user:-quay.io/gotmax23}/${docker_image_tag:-debian-systemd:buster}"
+    command: ${docker_command:-""}
+    privileged: true
+    pre_build_image: true
+    networks:
+      - name: frr
+provisioner:
+  name: ansible
+  lint:
+    name: ansible-lint
+  inventory:
+    host_vars:
+      primary:
+        frr_staticd_routes:
+          - ip route 10.0.0.0/24 192.168.1.10
+        frr_bgpd_config:
+          - router bgp 1234
+          - "bgp router-id {{ hostvars['primary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }}"
+          - "neighbor {{ hostvars['secondary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 5678"
+          - network 192.168.1.0/24
+          - address-family ipv4 unicast
+          - "  neighbor {{ hostvars['secondary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv out"
+          - "exit-address-family"
+          - ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24
+          - ip prefix-list pl-allowed-adv seq 10 deny any
+      secondary:
+        frr_bgpd_config:
+          - router bgp 5678
+          - "bgp router-id {{ hostvars['secondary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }}"
+          - "neighbor {{ hostvars['primary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} remote-as 1234"
+          - address-family ipv4 unicast
+          - "  neighbor {{ hostvars['primary']['ansible_' ~ bridge_name | replace('-', '_')]['ipv4']['address'] }} prefix-list pl-allowed-adv in"
+          - exit-address-family
+          - ip prefix-list pl-allowed-adv seq 5 permit 192.168.1.0/24
+          - ip prefix-list pl-allowed-adv seq 10 deny any
+
+  playbooks:
+    prepare: prepare.yml
+    converge: playbook.yml
+    verify: verify.yml
+  # config_options:
+  #   defaults:
+  #     inject_facts_as_vars: false
+scenario:
+  name: default
diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml
new file mode 100644
index 0000000..0c26914
--- /dev/null
+++ b/molecule/default/playbook.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Installing frr
+  hosts: frr
+  vars:
+    bridge_name: eth0
+
+  roles:
+    - role: "{{ playbook_dir | dirname | dirname | basename }}"
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
new file mode 100644
index 0000000..bca2b2e
--- /dev/null
+++ b/molecule/default/prepare.yml
@@ -0,0 +1,20 @@
+---
+
+- name: Ensure packages are present
+  hosts: all
+  vars:
+    iproute_package_name:
+      redhat: iproute
+      debian: iproute2
+  tasks:
+    - name: Install required packages
+      package:
+        name: "{{ item }}"
+        state: present
+        update_cache: true
+      with_items:
+        - ca-certificates
+        - "{{ iproute_package_name[ansible_facts['os_family'] | lower] }}"
+
+    - name: Clear gathered facts
+      meta: clear_facts
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
new file mode 100644
index 0000000..026989e
--- /dev/null
+++ b/molecule/default/verify.yml
@@ -0,0 +1,72 @@
+---
+# Copyright 2020, VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Installing frr
+  hosts: all
+  vars:
+    bridge_name: default
+
+  tasks:
+    - name: Wait after service restart
+      pause:
+        seconds: 10
+
+    - name: Ping vlans ip address
+      shell: |
+        set -e
+        ping -c2 "{{ hostvars[inventory_hostname]['ansible_eth1']['ipv4']['address'] }}"
+      changed_when: false
+      register: _ping_vlan
+      until: _ping_vlan is success
+      retries: 5
+      delay: 10
+      when: inventory_hostname == 'primary'
+
+    - name: Check service state
+      service_facts:
+
+    - name: Fail if frr is down
+      fail:
+        msg: frr is not up
+      when: ansible_facts.services['frr'].state != 'running'
+
+    - name: Get summary
+      become: true
+      become_user: root
+      command: "vtysh -c 'show bgp summary'"
+      register: _frr_get_summary
+      changed_when: false
+
+    - name: Get routes
+      become: true
+      become_user: root
+      command: "vtysh -c 'show ip route'"
+      register: _frr_get_routes
+      changed_when: false
+
+    - name: Fail if we're missing static routes
+      fail:
+        msg: "We can't find route {{ item }}"
+      with_items: "{{ frr_staticd_routes }}"
+      when:
+        - inventory_hostname == 'primary'
+        - item.split(' ')[-1] not in _frr_get_routes.stdout
+
+    - name: Fail if we're missing bgp routes
+      fail:
+        msg: "We can't find route 192.168.1.0/24"
+      when:
+        - inventory_hostname == 'secondary'
+        - "'192.168.1.0/24' not in _frr_get_routes.stdout"
diff --git a/tox.ini b/tox.ini
index 1d49705..633ebe7 100644
--- a/tox.ini
+++ b/tox.ini
@@ -36,7 +36,15 @@ setenv =
     {[testenv]setenv}
     ANSIBLE_ROLES_PATH={envdir}
 commands =
-    bash -c 'printf -- "- name: frrouting\n  src: git+file://{toxinidir}\n" > {envdir}/test-requirements.yml'
-    ansible-galaxy install -r {envdir}/test-requirements.yml --roles-path {envdir} --force
-    ansible-lint {toxinidir}/tests/test.yml
+    ansible-galaxy role install git+file://{toxinidir} --roles-path {envdir} --force
+    ansible-lint {toxinidir}/molecule/default/playbook.yml
     yamllint {toxinidir}
+
+[testenv:molecule]
+deps =
+    {[testenv]deps}
+    docker
+    molecule
+    molecule-plugins[docker]
+commands =
+    molecule test