diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index d010bcebe..d7108a4ad 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -72,3 +72,5 @@ calico_datastore: "etcd"
 typha_enabled: false
 # Number of typha replicas
 typha_replicas: 1
+
+calico_feature_control: {}
diff --git a/roles/network_plugin/calico/templates/cni-calico.conflist.j2 b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
index f9c50e133..cfee547d7 100644
--- a/roles/network_plugin/calico/templates/cni-calico.conflist.j2
+++ b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
@@ -28,6 +28,15 @@
         "subnet": "usePodCidr"
       },
 {% endif %}
+{% if (calico_feature_control is defined) and (calico_feature_control|length > 0) %}
+      "feature_control": {
+        {% for fc in calico_feature_control -%}
+        {% set fcval = calico_feature_control[fc] -%}
+          "{{ fc }}": {{ (fcval | string | lower) if (fcval == true or fcval == false) else "\"" + fcval + "\"" }}{{ "," if not loop.last else "" }}
+        {% endfor -%}
+      {{- "" }}
+      },
+{% endif %}
 {% if enable_network_policy %}
       "policy": {
         "type": "k8s"