diff --git a/api/jobs_test.go b/api/jobs_test.go
index 6c4f5f66c817..78f809bca715 100644
--- a/api/jobs_test.go
+++ b/api/jobs_test.go
@@ -356,9 +356,10 @@ func TestJobs_Canonicalize(t *testing.T) {
 								},
 								Services: []*Service{
 									{
-										Name:      "global-redis-check",
-										Tags:      []string{"global", "cache"},
-										PortLabel: "db",
+										Name:        "global-redis-check",
+										Tags:        []string{"global", "cache"},
+										PortLabel:   "db",
+										AddressMode: "auto",
 										Checks: []ServiceCheck{
 											{
 												Name:     "alive",
diff --git a/api/tasks.go b/api/tasks.go
index b6f89c04d6a9..aac90ee40709 100644
--- a/api/tasks.go
+++ b/api/tasks.go
@@ -95,17 +95,23 @@ type ServiceCheck struct {
 
 // The Service model represents a Consul service definition
 type Service struct {
-	Id        string
-	Name      string
-	Tags      []string
-	PortLabel string `mapstructure:"port"`
-	Checks    []ServiceCheck
+	Id          string
+	Name        string
+	Tags        []string
+	PortLabel   string `mapstructure:"port"`
+	AddressMode string `mapstructure:"address_mode"`
+	Checks      []ServiceCheck
 }
 
 func (s *Service) Canonicalize(t *Task, tg *TaskGroup, job *Job) {
 	if s.Name == "" {
 		s.Name = fmt.Sprintf("%s-%s-%s", *job.Name, *tg.Name, t.Name)
 	}
+
+	// Default to AddressModeAuto
+	if s.AddressMode == "" {
+		s.AddressMode = "auto"
+	}
 }
 
 // EphemeralDisk is an ephemeral disk object
diff --git a/client/consul.go b/client/consul.go
index 043a17bdb16f..5635bc362260 100644
--- a/client/consul.go
+++ b/client/consul.go
@@ -2,13 +2,14 @@ package client
 
 import (
 	"github.com/hashicorp/nomad/client/driver"
+	cstructs "github.com/hashicorp/nomad/client/structs"
 	"github.com/hashicorp/nomad/nomad/structs"
 )
 
 // ConsulServiceAPI is the interface the Nomad Client uses to register and
 // remove services and checks from Consul.
 type ConsulServiceAPI interface {
-	RegisterTask(allocID string, task *structs.Task, exec driver.ScriptExecutor) error
+	RegisterTask(allocID string, task *structs.Task, exec driver.ScriptExecutor, net *cstructs.DriverNetwork) error
 	RemoveTask(allocID string, task *structs.Task)
-	UpdateTask(allocID string, existing, newTask *structs.Task, exec driver.ScriptExecutor) error
+	UpdateTask(allocID string, existing, newTask *structs.Task, exec driver.ScriptExecutor, net *cstructs.DriverNetwork) error
 }
diff --git a/client/consul_test.go b/client/consul_test.go
index 95dacb960e8f..b8f282ebd801 100644
--- a/client/consul_test.go
+++ b/client/consul_test.go
@@ -9,6 +9,7 @@ import (
 	"testing"
 
 	"github.com/hashicorp/nomad/client/driver"
+	cstructs "github.com/hashicorp/nomad/client/structs"
 	"github.com/hashicorp/nomad/nomad/structs"
 )
 
@@ -18,9 +19,10 @@ type mockConsulOp struct {
 	allocID string
 	task    *structs.Task
 	exec    driver.ScriptExecutor
+	net     *cstructs.DriverNetwork
 }
 
-func newMockConsulOp(op, allocID string, task *structs.Task, exec driver.ScriptExecutor) mockConsulOp {
+func newMockConsulOp(op, allocID string, task *structs.Task, exec driver.ScriptExecutor, net *cstructs.DriverNetwork) mockConsulOp {
 	if op != "add" && op != "remove" && op != "update" {
 		panic(fmt.Errorf("invalid consul op: %s", op))
 	}
@@ -29,6 +31,7 @@ func newMockConsulOp(op, allocID string, task *structs.Task, exec driver.ScriptE
 		allocID: allocID,
 		task:    task,
 		exec:    exec,
+		net:     net,
 	}
 }
 
@@ -52,19 +55,19 @@ func newMockConsulServiceClient() *mockConsulServiceClient {
 	return &m
 }
 
-func (m *mockConsulServiceClient) UpdateTask(allocID string, old, new *structs.Task, exec driver.ScriptExecutor) error {
+func (m *mockConsulServiceClient) UpdateTask(allocID string, old, new *structs.Task, exec driver.ScriptExecutor, net *cstructs.DriverNetwork) error {
 	m.mu.Lock()
 	defer m.mu.Unlock()
-	m.logger.Printf("[TEST] mock_consul: UpdateTask(%q, %v, %v, %T)", allocID, old, new, exec)
-	m.ops = append(m.ops, newMockConsulOp("update", allocID, new, exec))
+	m.logger.Printf("[TEST] mock_consul: UpdateTask(%q, %v, %v, %T, %x)", allocID, old, new, exec, net.Hash())
+	m.ops = append(m.ops, newMockConsulOp("update", allocID, new, exec, net))
 	return nil
 }
 
-func (m *mockConsulServiceClient) RegisterTask(allocID string, task *structs.Task, exec driver.ScriptExecutor) error {
+func (m *mockConsulServiceClient) RegisterTask(allocID string, task *structs.Task, exec driver.ScriptExecutor, net *cstructs.DriverNetwork) error {
 	m.mu.Lock()
 	defer m.mu.Unlock()
-	m.logger.Printf("[TEST] mock_consul: RegisterTask(%q, %q, %T)", allocID, task.Name, exec)
-	m.ops = append(m.ops, newMockConsulOp("add", allocID, task, exec))
+	m.logger.Printf("[TEST] mock_consul: RegisterTask(%q, %q, %T, %x)", allocID, task.Name, exec, net.Hash())
+	m.ops = append(m.ops, newMockConsulOp("add", allocID, task, exec, net))
 	return nil
 }
 
@@ -72,5 +75,5 @@ func (m *mockConsulServiceClient) RemoveTask(allocID string, task *structs.Task)
 	m.mu.Lock()
 	defer m.mu.Unlock()
 	m.logger.Printf("[TEST] mock_consul: RemoveTask(%q, %q)", allocID, task.Name)
-	m.ops = append(m.ops, newMockConsulOp("remove", allocID, task, nil))
+	m.ops = append(m.ops, newMockConsulOp("remove", allocID, task, nil, nil))
 }
diff --git a/client/driver/docker.go b/client/driver/docker.go
index b28c1a606c89..b76a9b50db4e 100644
--- a/client/driver/docker.go
+++ b/client/driver/docker.go
@@ -471,7 +471,7 @@ func (d *DockerDriver) Prestart(ctx *ExecContext, task *structs.Task) (*Prestart
 		return nil, err
 	}
 
-	// Set state needed by Start()
+	// Set state needed by Start
 	d.driverConfig = driverConfig
 
 	// Initialize docker API clients
@@ -485,15 +485,21 @@ func (d *DockerDriver) Prestart(ctx *ExecContext, task *structs.Task) (*Prestart
 	if err != nil {
 		return nil, err
 	}
+	d.imageID = id
 
 	resp := NewPrestartResponse()
 	resp.CreatedResources.Add(dockerImageResKey, id)
-	resp.PortMap = d.driverConfig.PortMap
-	d.imageID = id
+
+	// Return the PortMap if it's set
+	if len(driverConfig.PortMap) > 0 {
+		resp.Network = &cstructs.DriverNetwork{
+			PortMap: driverConfig.PortMap,
+		}
+	}
 	return resp, nil
 }
 
-func (d *DockerDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error) {
+func (d *DockerDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, error) {
 
 	pluginLogFile := filepath.Join(ctx.TaskDir.Dir, "executor.out")
 	executorConfig := &dstructs.ExecutorConfig{
@@ -560,6 +566,15 @@ func (d *DockerDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle
 			pluginClient.Kill()
 			return nil, fmt.Errorf("Failed to start container %s: %s", container.ID, err)
 		}
+		// InspectContainer to get all of the container metadata as
+		// much of the metadata (eg networking) isn't populated until
+		// the container is started
+		if container, err = client.InspectContainer(container.ID); err != nil {
+			err = fmt.Errorf("failed to inspect started container %s: %s", container.ID, err)
+			d.logger.Printf("[ERR] driver.docker: %v", err)
+			pluginClient.Kill()
+			return nil, structs.NewRecoverableError(err, true)
+		}
 		d.logger.Printf("[INFO] driver.docker: started container %s", container.ID)
 	} else {
 		d.logger.Printf("[DEBUG] driver.docker: re-attaching to container %s with status %q",
@@ -585,7 +600,58 @@ func (d *DockerDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle
 	}
 	go h.collectStats()
 	go h.run()
-	return h, nil
+
+	// Detect container address
+	ip, autoUse := d.detectIP(container)
+
+	// Create a response with the driver handle and container network metadata
+	resp := &StartResponse{
+		Handle: h,
+		Network: &cstructs.DriverNetwork{
+			PortMap:       d.driverConfig.PortMap,
+			IP:            ip,
+			AutoAdvertise: autoUse,
+		},
+	}
+	return resp, nil
+}
+
+// detectIP of Docker container. Returns the first IP found as well as true if
+// the IP should be advertised (bridge network IPs return false). Returns an
+// empty string and false if no IP could be found.
+func (d *DockerDriver) detectIP(c *docker.Container) (string, bool) {
+	if c.NetworkSettings == nil {
+		// This should only happen if there's been a coding error (such
+		// as not calling InspetContainer after CreateContainer). Code
+		// defensively in case the Docker API changes subtly.
+		d.logger.Printf("[ERROR] driver.docker: no network settings for container %s", c.ID)
+		return "", false
+	}
+
+	ip, ipName := "", ""
+	auto := false
+	for name, net := range c.NetworkSettings.Networks {
+		if net.IPAddress == "" {
+			// Ignore networks without an IP address
+			continue
+		}
+
+		ip = net.IPAddress
+		ipName = name
+
+		// Don't auto-advertise bridge IPs
+		if name != "bridge" {
+			auto = true
+		}
+
+		break
+	}
+
+	if n := len(c.NetworkSettings.Networks); n > 1 {
+		d.logger.Printf("[WARN] driver.docker: multiple (%d) Docker networks for container %q but Nomad only supports 1: choosing %q", n, c.ID, ipName)
+	}
+
+	return ip, auto
 }
 
 func (d *DockerDriver) Cleanup(_ *ExecContext, res *CreatedResources) error {
diff --git a/client/driver/docker_test.go b/client/driver/docker_test.go
index a6cb5e4eb4ed..404b9513797e 100644
--- a/client/driver/docker_test.go
+++ b/client/driver/docker_test.go
@@ -8,6 +8,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"runtime/debug"
+	"sort"
 	"strconv"
 	"strings"
 	"testing"
@@ -108,34 +109,38 @@ func dockerSetupWithClient(t *testing.T, task *structs.Task, client *docker.Clie
 	driver := NewDockerDriver(tctx.DriverCtx)
 	copyImage(t, tctx.ExecCtx.TaskDir, "busybox.tar")
 
-	resp, err := driver.Prestart(tctx.ExecCtx, task)
+	presp, err := driver.Prestart(tctx.ExecCtx, task)
 	if err != nil {
+		driver.Cleanup(tctx.ExecCtx, presp.CreatedResources)
 		tctx.AllocDir.Destroy()
 		t.Fatalf("error in prestart: %v", err)
 	}
+	// Update the exec ctx with the driver network env vars
+	tctx.ExecCtx.TaskEnv = tctx.EnvBuilder.SetDriverNetwork(presp.Network).Build()
 
-	// At runtime this is handled by TaskRunner
-	tctx.EnvBuilder.SetPortMap(resp.PortMap)
-	tctx.ExecCtx.TaskEnv = tctx.EnvBuilder.Build()
-
-	handle, err := driver.Start(tctx.ExecCtx, task)
+	sresp, err := driver.Start(tctx.ExecCtx, task)
 	if err != nil {
+		driver.Cleanup(tctx.ExecCtx, presp.CreatedResources)
 		tctx.AllocDir.Destroy()
 		t.Fatalf("Failed to start driver: %s\nStack\n%s", err, debug.Stack())
 	}
 
-	if handle == nil {
+	if sresp.Handle == nil {
+		driver.Cleanup(tctx.ExecCtx, presp.CreatedResources)
 		tctx.AllocDir.Destroy()
 		t.Fatalf("handle is nil\nStack\n%s", debug.Stack())
 	}
 
+	// At runtime this is handled by TaskRunner
+	tctx.ExecCtx.TaskEnv = tctx.EnvBuilder.SetDriverNetwork(sresp.Network).Build()
+
 	cleanup := func() {
-		driver.Cleanup(tctx.ExecCtx, resp.CreatedResources)
-		handle.Kill()
+		driver.Cleanup(tctx.ExecCtx, presp.CreatedResources)
+		sresp.Handle.Kill()
 		tctx.AllocDir.Destroy()
 	}
 
-	return client, handle, cleanup
+	return client, sresp.Handle, cleanup
 }
 
 func newTestDockerClient(t *testing.T) *docker.Client {
@@ -204,21 +209,21 @@ func TestDockerDriver_StartOpen_Wait(t *testing.T) {
 		t.Fatalf("error in prestart: %v", err)
 	}
 
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
+	if resp.Handle == nil {
 		t.Fatalf("missing handle")
 	}
-	defer handle.Kill()
+	defer resp.Handle.Kill()
 
 	// Attempt to open
-	handle2, err := d.Open(ctx.ExecCtx, handle.ID())
+	resp2, err := d.Open(ctx.ExecCtx, resp.Handle.ID())
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle2 == nil {
+	if resp2 == nil {
 		t.Fatalf("missing handle")
 	}
 }
@@ -299,17 +304,14 @@ func TestDockerDriver_Start_LoadImage(t *testing.T) {
 	if err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
-	defer handle.Kill()
+	defer resp.Handle.Kill()
 
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -415,17 +417,14 @@ func TestDockerDriver_Start_Wait_AllocDir(t *testing.T) {
 	if err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
-	defer handle.Kill()
+	defer resp.Handle.Kill()
 
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -509,10 +508,12 @@ func TestDockerDriver_StartN(t *testing.T) {
 		if err != nil {
 			t.Fatalf("error in prestart #%d: %v", idx+1, err)
 		}
-		handles[idx], err = d.Start(ctx.ExecCtx, task)
+		resp, err := d.Start(ctx.ExecCtx, task)
 		if err != nil {
 			t.Errorf("Failed starting task #%d: %s", idx+1, err)
+			continue
 		}
+		handles[idx] = resp.Handle
 	}
 
 	t.Log("All tasks are started. Terminating...")
@@ -569,10 +570,12 @@ func TestDockerDriver_StartNVersions(t *testing.T) {
 		if err != nil {
 			t.Fatalf("error in prestart #%d: %v", idx+1, err)
 		}
-		handles[idx], err = d.Start(ctx.ExecCtx, task)
+		resp, err := d.Start(ctx.ExecCtx, task)
 		if err != nil {
 			t.Errorf("Failed starting task #%d: %s", idx+1, err)
+			continue
 		}
+		handles[idx] = resp.Handle
 	}
 
 	t.Log("All tasks are started. Terminating...")
@@ -912,11 +915,12 @@ func TestDockerDriver_PortsMapping(t *testing.T) {
 	}
 
 	expectedEnvironment := map[string]string{
-		"NOMAD_ADDR_main":      "127.0.0.1:8080",
-		"NOMAD_ADDR_REDIS":     "127.0.0.1:6379",
+		"NOMAD_PORT_main":      "8080",
+		"NOMAD_PORT_REDIS":     "6379",
 		"NOMAD_HOST_PORT_main": strconv.Itoa(docker_reserved),
 	}
 
+	sort.Strings(container.Config.Env)
 	for key, val := range expectedEnvironment {
 		search := fmt.Sprintf("%s=%s", key, val)
 		if !inSlice(search, container.Config.Env) {
@@ -963,9 +967,9 @@ func TestDockerDriver_User(t *testing.T) {
 
 	// It should fail because the user "alice" does not exist on the given
 	// image.
-	handle, err := driver.Start(ctx.ExecCtx, task)
+	resp, err := driver.Start(ctx.ExecCtx, task)
 	if err == nil {
-		handle.Kill()
+		resp.Handle.Kill()
 		t.Fatalf("Should've failed")
 	}
 
@@ -1164,14 +1168,14 @@ func TestDockerDriver_VolumesDisabled(t *testing.T) {
 		if err != nil {
 			t.Fatalf("error in prestart: %v", err)
 		}
-		handle, err := driver.Start(execCtx, task)
+		resp, err := driver.Start(execCtx, task)
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
-		defer handle.Kill()
+		defer resp.Handle.Kill()
 
 		select {
-		case res := <-handle.WaitCh():
+		case res := <-resp.Handle.WaitCh():
 			if !res.Successful() {
 				t.Fatalf("unexpected err: %v", res)
 			}
@@ -1215,14 +1219,14 @@ func TestDockerDriver_VolumesEnabled(t *testing.T) {
 	if err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := driver.Start(execCtx, task)
+	resp, err := driver.Start(execCtx, task)
 	if err != nil {
 		t.Fatalf("Failed to start docker driver: %v", err)
 	}
-	defer handle.Kill()
+	defer resp.Handle.Kill()
 
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("unexpected err: %v", res)
 		}
diff --git a/client/driver/docker_unix_test.go b/client/driver/docker_unix_test.go
index ca9f5b1de21f..4d6574f0e4e6 100644
--- a/client/driver/docker_unix_test.go
+++ b/client/driver/docker_unix_test.go
@@ -66,24 +66,21 @@ done
 	if err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
-	defer handle.Kill()
+	defer resp.Handle.Kill()
 
-	waitForExist(t, handle.(*DockerHandle).client, handle.(*DockerHandle))
+	waitForExist(t, resp.Handle.(*DockerHandle).client, resp.Handle.(*DockerHandle))
 
 	time.Sleep(1 * time.Second)
-	if err := handle.Signal(syscall.SIGUSR1); err != nil {
+	if err := resp.Handle.Signal(syscall.SIGUSR1); err != nil {
 		t.Fatalf("Signal returned an error: %v", err)
 	}
 
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if res.Successful() {
 			t.Fatalf("should err: %v", res)
 		}
diff --git a/client/driver/driver.go b/client/driver/driver.go
index a04a798d22dd..5a762fb94d4f 100644
--- a/client/driver/driver.go
+++ b/client/driver/driver.go
@@ -58,9 +58,13 @@ type PrestartResponse struct {
 	// CreatedResources by the driver.
 	CreatedResources *CreatedResources
 
-	// PortMap can be set by drivers to replace ports in environment
-	// variables with driver-specific mappings.
-	PortMap map[string]int
+	// Network contains driver-specific network parameters such as the port
+	// map between the host and a container.
+	//
+	// Since the network configuration may not be fully populated by
+	// Prestart, it will only be used for creating an environment for
+	// Start. It will be overridden by the DriverNetwork returned by Start.
+	Network *cstructs.DriverNetwork
 }
 
 // NewPrestartResponse creates a new PrestartResponse with CreatedResources
@@ -183,6 +187,20 @@ func (r *CreatedResources) Hash() []byte {
 	return h.Sum(nil)
 }
 
+// StartResponse is returned by Driver.Start.
+type StartResponse struct {
+	// Handle to the driver's task executor for controlling the lifecycle
+	// of the task.
+	Handle DriverHandle
+
+	// Network contains driver-specific network parameters such as the port
+	// map between the host and a container.
+	//
+	// Network may be nil as not all drivers or configurations create
+	// networks.
+	Network *cstructs.DriverNetwork
+}
+
 // Driver is used for execution of tasks. This allows Nomad
 // to support many pluggable implementations of task drivers.
 // Examples could include LXC, Docker, Qemu, etc.
@@ -196,8 +214,11 @@ type Driver interface {
 	// CreatedResources may be non-nil even when an error occurs.
 	Prestart(*ExecContext, *structs.Task) (*PrestartResponse, error)
 
-	// Start is used to being task execution
-	Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error)
+	// Start is used to begin task execution. If error is nil,
+	// StartResponse.Handle will be the handle to the task's executor.
+	// StartResponse.Network may be nil if the task doesn't configure a
+	// network.
+	Start(ctx *ExecContext, task *structs.Task) (*StartResponse, error)
 
 	// Open is used to re-open a handle to a task
 	Open(ctx *ExecContext, handleID string) (DriverHandle, error)
@@ -208,7 +229,7 @@ type Driver interface {
 	//
 	// If Cleanup returns a recoverable error it may be retried. On retry
 	// it will be passed the same CreatedResources, so all successfully
-	// cleaned up resources should be removed.
+	// cleaned up resources should be removed or handled idempotently.
 	Cleanup(*ExecContext, *CreatedResources) error
 
 	// Drivers must validate their configuration
diff --git a/client/driver/env/env.go b/client/driver/env/env.go
index 0abc4fd35a72..481bd88535c7 100644
--- a/client/driver/env/env.go
+++ b/client/driver/env/env.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 	"sync"
 
+	cstructs "github.com/hashicorp/nomad/client/structs"
 	"github.com/hashicorp/nomad/helper"
 	hargs "github.com/hashicorp/nomad/helper/args"
 	"github.com/hashicorp/nomad/nomad/structs"
@@ -58,16 +59,21 @@ const (
 	// AddrPrefix is the prefix for passing both dynamic and static port
 	// allocations to tasks.
 	// E.g $NOMAD_ADDR_http=127.0.0.1:80
+	//
+	// The ip:port are always the host's.
 	AddrPrefix = "NOMAD_ADDR_"
 
-	// IpPrefix is the prefix for passing the IP of a port allocation to a task.
+	// IpPrefix is the prefix for passing the host IP of a port allocation
+	// to a task.
 	IpPrefix = "NOMAD_IP_"
 
 	// PortPrefix is the prefix for passing the port allocation to a task.
+	// It will be the task's port if a port map is specified. Task's should
+	// bind to this port.
 	PortPrefix = "NOMAD_PORT_"
 
-	// HostPortPrefix is the prefix for passing the host port when a portmap is
-	// specified.
+	// HostPortPrefix is the prefix for passing the host port when a port
+	// map is specified.
 	HostPortPrefix = "NOMAD_HOST_PORT_"
 
 	// MetaPrefix is the prefix for passing task meta data.
@@ -202,7 +208,6 @@ type Builder struct {
 	region           string
 	allocId          string
 	allocName        string
-	portMap          map[string]string
 	vaultToken       string
 	injectVaultToken bool
 	jobName          string
@@ -210,9 +215,13 @@ type Builder struct {
 	// otherPorts for tasks in the same alloc
 	otherPorts map[string]string
 
+	// driverNetwork is the network defined by the driver (or nil if none
+	// was defined).
+	driverNetwork *cstructs.DriverNetwork
+
 	// network resources from the task; must be lazily turned into env vars
-	// because portMaps can change after builder creation and affect
-	// network env vars.
+	// because portMaps and advertiseIP can change after builder creation
+	// and affect network env vars.
 	networks []*structs.NetworkResource
 
 	mu *sync.RWMutex
@@ -287,21 +296,8 @@ func (b *Builder) Build() *TaskEnv {
 		nodeAttrs[nodeRegionKey] = b.region
 	}
 
-	// Build the addrs for this task
-	for _, network := range b.networks {
-		for label, intVal := range network.MapLabelToValues(nil) {
-			value := strconv.Itoa(intVal)
-			envMap[fmt.Sprintf("%s%s", IpPrefix, label)] = network.IP
-			envMap[fmt.Sprintf("%s%s", HostPortPrefix, label)] = value
-			if forwardedPort, ok := b.portMap[label]; ok {
-				value = forwardedPort
-			}
-			envMap[fmt.Sprintf("%s%s", PortPrefix, label)] = value
-			ipPort := net.JoinHostPort(network.IP, value)
-			envMap[fmt.Sprintf("%s%s", AddrPrefix, label)] = ipPort
-
-		}
-	}
+	// Build the network related env vars
+	buildNetworkEnv(envMap, b.networks, b.driverNetwork)
 
 	// Build the addr of the other tasks
 	for k, v := range b.otherPorts {
@@ -455,17 +451,51 @@ func (b *Builder) SetSecretsDir(dir string) *Builder {
 	return b
 }
 
-func (b *Builder) SetPortMap(portMap map[string]int) *Builder {
-	newPortMap := make(map[string]string, len(portMap))
-	for k, v := range portMap {
-		newPortMap[k] = strconv.Itoa(v)
-	}
+// SetDriverNetwork defined by the driver.
+func (b *Builder) SetDriverNetwork(n *cstructs.DriverNetwork) *Builder {
+	ncopy := n.Copy()
 	b.mu.Lock()
-	b.portMap = newPortMap
+	b.driverNetwork = ncopy
 	b.mu.Unlock()
 	return b
 }
 
+// buildNetworkEnv env vars in the given map.
+//
+//	Auto:   NOMAD_PORT_<label>
+//	Host:   NOMAD_IP_<label>, NOMAD_ADDR_<label>, NOMAD_HOST_PORT_<label>
+//
+// Handled by setAlloc -> otherPorts:
+//
+//	Task:   NOMAD_TASK_{IP,PORT,ADDR}_<task>_<label> # Always host values
+//
+func buildNetworkEnv(envMap map[string]string, nets structs.Networks, driverNet *cstructs.DriverNetwork) {
+	for _, n := range nets {
+		for _, p := range n.ReservedPorts {
+			buildPortEnv(envMap, p, n.IP, driverNet)
+		}
+		for _, p := range n.DynamicPorts {
+			buildPortEnv(envMap, p, n.IP, driverNet)
+		}
+	}
+}
+
+func buildPortEnv(envMap map[string]string, p structs.Port, ip string, driverNet *cstructs.DriverNetwork) {
+	// Host IP, port, and address
+	portStr := strconv.Itoa(p.Value)
+	envMap[IpPrefix+p.Label] = ip
+	envMap[HostPortPrefix+p.Label] = portStr
+	envMap[AddrPrefix+p.Label] = net.JoinHostPort(ip, portStr)
+
+	// Set Port to task's value if there's a port map
+	if driverNet != nil && driverNet.PortMap[p.Label] != 0 {
+		envMap[PortPrefix+p.Label] = strconv.Itoa(driverNet.PortMap[p.Label])
+	} else {
+		// Default to host's
+		envMap[PortPrefix+p.Label] = portStr
+	}
+}
+
 // SetHostEnvvars adds the host environment variables to the tasks. The filter
 // parameter can be use to filter host environment from entering the tasks.
 func (b *Builder) SetHostEnvvars(filter []string) *Builder {
diff --git a/client/driver/env/env_test.go b/client/driver/env/env_test.go
index b65a67ec257c..7846ad4e8e03 100644
--- a/client/driver/env/env_test.go
+++ b/client/driver/env/env_test.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 	"testing"
 
+	cstructs "github.com/hashicorp/nomad/client/structs"
 	"github.com/hashicorp/nomad/nomad/mock"
 	"github.com/hashicorp/nomad/nomad/structs"
 )
@@ -164,7 +165,9 @@ func TestEnvironment_AsList(t *testing.T) {
 			DynamicPorts:  []structs.Port{{Label: "https", Value: 8080}},
 		},
 	}
-	env := NewBuilder(n, a, task, "global").SetPortMap(map[string]int{"https": 443})
+	env := NewBuilder(n, a, task, "global").SetDriverNetwork(
+		&cstructs.DriverNetwork{PortMap: map[string]int{"https": 443}},
+	)
 
 	act := env.Build().List()
 	exp := []string{
@@ -172,7 +175,7 @@ func TestEnvironment_AsList(t *testing.T) {
 		"NOMAD_ADDR_http=127.0.0.1:80",
 		"NOMAD_PORT_http=80",
 		"NOMAD_IP_http=127.0.0.1",
-		"NOMAD_ADDR_https=127.0.0.1:443",
+		"NOMAD_ADDR_https=127.0.0.1:8080",
 		"NOMAD_PORT_https=443",
 		"NOMAD_IP_https=127.0.0.1",
 		"NOMAD_HOST_PORT_http=80",
@@ -204,7 +207,7 @@ func TestEnvironment_AsList(t *testing.T) {
 	sort.Strings(act)
 	sort.Strings(exp)
 	if len(act) != len(exp) {
-		t.Fatalf("expected %d vars != %d actual, actual: %s\n\nexpected: %s\n",
+		t.Fatalf("expected %d vars != %d actual, actual:\n%s\n\nexpected:\n%s\n",
 			len(act), len(exp), strings.Join(act, "\n"), strings.Join(exp, "\n"))
 	}
 	for i := range act {
@@ -249,7 +252,8 @@ func TestEnvironment_Envvars(t *testing.T) {
 	a := mock.Alloc()
 	task := a.Job.TaskGroups[0].Tasks[0]
 	task.Env = envMap
-	act := NewBuilder(n, a, task, "global").SetPortMap(portMap).Build().All()
+	net := &cstructs.DriverNetwork{PortMap: portMap}
+	act := NewBuilder(n, a, task, "global").SetDriverNetwork(net).Build().All()
 	for k, v := range envMap {
 		actV, ok := act[k]
 		if !ok {
diff --git a/client/driver/exec.go b/client/driver/exec.go
index cf69a2228504..f882492a05ee 100644
--- a/client/driver/exec.go
+++ b/client/driver/exec.go
@@ -102,7 +102,7 @@ func (d *ExecDriver) Prestart(*ExecContext, *structs.Task) (*PrestartResponse, e
 	return nil, nil
 }
 
-func (d *ExecDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error) {
+func (d *ExecDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, error) {
 	var driverConfig ExecDriverConfig
 	if err := mapstructure.WeakDecode(task.Config, &driverConfig); err != nil {
 		return nil, err
@@ -168,7 +168,7 @@ func (d *ExecDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle,
 		taskDir:         ctx.TaskDir,
 	}
 	go h.run()
-	return h, nil
+	return &StartResponse{Handle: h}, nil
 }
 
 func (d *ExecDriver) Cleanup(*ExecContext, *CreatedResources) error { return nil }
diff --git a/client/driver/exec_test.go b/client/driver/exec_test.go
index f786d0f3bc4f..1f98cb977618 100644
--- a/client/driver/exec_test.go
+++ b/client/driver/exec_test.go
@@ -69,16 +69,13 @@ func TestExecDriver_StartOpen_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Attempt to open
-	handle2, err := d.Open(ctx.ExecCtx, handle.ID())
+	handle2, err := d.Open(ctx.ExecCtx, resp.Handle.ID())
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -86,9 +83,10 @@ func TestExecDriver_StartOpen_Wait(t *testing.T) {
 		t.Fatalf("missing handle")
 	}
 
-	handle.Kill()
+	resp.Handle.Kill()
 	handle2.Kill()
 }
+
 func TestExecDriver_Start_Wait(t *testing.T) {
 	ctestutils.ExecCompatible(t)
 	task := &structs.Task{
@@ -112,23 +110,20 @@ func TestExecDriver_Start_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Update should be a no-op
-	err = handle.Update(task)
+	err = resp.Handle.Update(task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -166,17 +161,14 @@ func TestExecDriver_Start_Wait_AllocDir(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -220,17 +212,14 @@ func TestExecDriver_Start_Kill_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	go func() {
 		time.Sleep(100 * time.Millisecond)
-		err := handle.Kill()
+		err := resp.Handle.Kill()
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
@@ -238,7 +227,7 @@ func TestExecDriver_Start_Kill_Wait(t *testing.T) {
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if res.Successful() {
 			t.Fatal("should err")
 		}
@@ -272,9 +261,9 @@ func TestExecDriverUser(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err == nil {
-		handle.Kill()
+		resp.Handle.Kill()
 		t.Fatalf("Should've failed")
 	}
 	msg := "user alice"
@@ -308,13 +297,11 @@ func TestExecDriver_HandlerExec(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
+	handle := resp.Handle
 
 	// Exec a command that should work and dump the environment
 	out, code, err := handle.Exec(context.Background(), "/bin/sh", []string{"-c", "env | grep NOMAD"})
diff --git a/client/driver/exec_unix_test.go b/client/driver/exec_unix_test.go
index e07d7badd7d4..4218c6d0986c 100644
--- a/client/driver/exec_unix_test.go
+++ b/client/driver/exec_unix_test.go
@@ -41,18 +41,15 @@ func TestExecDriver_KillUserPid_OnPluginReconnectFailure(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
-	defer handle.Kill()
+	defer resp.Handle.Kill()
 
 	id := &execId{}
-	if err := json.Unmarshal([]byte(handle.ID()), id); err != nil {
-		t.Fatalf("Failed to parse handle '%s': %v", handle.ID(), err)
+	if err := json.Unmarshal([]byte(resp.Handle.ID()), id); err != nil {
+		t.Fatalf("Failed to parse handle '%s': %v", resp.Handle.ID(), err)
 	}
 	pluginPid := id.PluginConfig.Pid
 	proc, err := os.FindProcess(pluginPid)
@@ -64,7 +61,7 @@ func TestExecDriver_KillUserPid_OnPluginReconnectFailure(t *testing.T) {
 	}
 
 	// Attempt to open
-	handle2, err := d.Open(ctx.ExecCtx, handle.ID())
+	handle2, err := d.Open(ctx.ExecCtx, resp.Handle.ID())
 	if err == nil {
 		t.Fatalf("expected error")
 	}
@@ -129,17 +126,14 @@ done
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	go func() {
 		time.Sleep(100 * time.Millisecond)
-		err := handle.Signal(syscall.SIGUSR1)
+		err := resp.Handle.Signal(syscall.SIGUSR1)
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
@@ -147,7 +141,7 @@ done
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if res.Successful() {
 			t.Fatal("should err")
 		}
diff --git a/client/driver/java.go b/client/driver/java.go
index 86a798f4c600..4bd4dd2c266a 100644
--- a/client/driver/java.go
+++ b/client/driver/java.go
@@ -202,7 +202,7 @@ func NewJavaDriverConfig(task *structs.Task, env *env.TaskEnv) (*JavaDriverConfi
 	return &driverConfig, nil
 }
 
-func (d *JavaDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error) {
+func (d *JavaDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, error) {
 	driverConfig, err := NewJavaDriverConfig(task, ctx.TaskEnv)
 	if err != nil {
 		return nil, err
@@ -296,7 +296,7 @@ func (d *JavaDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle,
 		waitCh:          make(chan *dstructs.WaitResult, 1),
 	}
 	go h.run()
-	return h, nil
+	return &StartResponse{Handle: h}, nil
 }
 
 func (d *JavaDriver) Cleanup(*ExecContext, *CreatedResources) error { return nil }
diff --git a/client/driver/java_test.go b/client/driver/java_test.go
index 75f045016326..20b2fcae9d56 100644
--- a/client/driver/java_test.go
+++ b/client/driver/java_test.go
@@ -97,16 +97,13 @@ func TestJavaDriver_StartOpen_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Attempt to open
-	handle2, err := d.Open(ctx.ExecCtx, handle.ID())
+	handle2, err := d.Open(ctx.ExecCtx, resp.Handle.ID())
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -118,7 +115,7 @@ func TestJavaDriver_StartOpen_Wait(t *testing.T) {
 
 	// There is a race condition between the handle waiting and killing. One
 	// will return an error.
-	handle.Kill()
+	resp.Handle.Kill()
 	handle2.Kill()
 }
 
@@ -152,17 +149,14 @@ func TestJavaDriver_Start_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -182,7 +176,7 @@ func TestJavaDriver_Start_Wait(t *testing.T) {
 	}
 
 	// need to kill long lived process
-	err = handle.Kill()
+	err = resp.Handle.Kill()
 	if err != nil {
 		t.Fatalf("Error: %s", err)
 	}
@@ -218,17 +212,14 @@ func TestJavaDriver_Start_Kill_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	go func() {
 		time.Sleep(100 * time.Millisecond)
-		err := handle.Kill()
+		err := resp.Handle.Kill()
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
@@ -236,7 +227,7 @@ func TestJavaDriver_Start_Kill_Wait(t *testing.T) {
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if res.Successful() {
 			t.Fatal("should err")
 		}
@@ -244,7 +235,7 @@ func TestJavaDriver_Start_Kill_Wait(t *testing.T) {
 		t.Fatalf("timeout")
 
 		// Need to kill long lived process
-		if err = handle.Kill(); err != nil {
+		if err = resp.Handle.Kill(); err != nil {
 			t.Fatalf("Error: %s", err)
 		}
 	}
@@ -280,17 +271,14 @@ func TestJavaDriver_Signal(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	go func() {
 		time.Sleep(100 * time.Millisecond)
-		err := handle.Signal(syscall.SIGHUP)
+		err := resp.Handle.Signal(syscall.SIGHUP)
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
@@ -298,7 +286,7 @@ func TestJavaDriver_Signal(t *testing.T) {
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if res.Successful() {
 			t.Fatal("should err")
 		}
@@ -306,7 +294,7 @@ func TestJavaDriver_Signal(t *testing.T) {
 		t.Fatalf("timeout")
 
 		// Need to kill long lived process
-		if err = handle.Kill(); err != nil {
+		if err = resp.Handle.Kill(); err != nil {
 			t.Fatalf("Error: %s", err)
 		}
 	}
@@ -339,9 +327,9 @@ func TestJavaDriverUser(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err == nil {
-		handle.Kill()
+		resp.Handle.Kill()
 		t.Fatalf("Should've failed")
 	}
 	msg := "user alice"
@@ -381,17 +369,14 @@ func TestJavaDriver_Start_Wait_Class(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -411,8 +396,7 @@ func TestJavaDriver_Start_Wait_Class(t *testing.T) {
 	}
 
 	// need to kill long lived process
-	err = handle.Kill()
-	if err != nil {
+	if err := resp.Handle.Kill(); err != nil {
 		t.Fatalf("Error: %s", err)
 	}
 }
diff --git a/client/driver/lxc.go b/client/driver/lxc.go
index 6485f99412c1..ccd6e6b11ecf 100644
--- a/client/driver/lxc.go
+++ b/client/driver/lxc.go
@@ -178,7 +178,7 @@ func (d *LxcDriver) Prestart(*ExecContext, *structs.Task) (*PrestartResponse, er
 }
 
 // Start starts the LXC Driver
-func (d *LxcDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error) {
+func (d *LxcDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, error) {
 	var driverConfig LxcDriverConfig
 	if err := mapstructure.WeakDecode(task.Config, &driverConfig); err != nil {
 		return nil, err
@@ -269,7 +269,7 @@ func (d *LxcDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, e
 		return nil, fmt.Errorf("unable to set cpu shares: %v", err)
 	}
 
-	handle := lxcDriverHandle{
+	h := lxcDriverHandle{
 		container:      c,
 		initPid:        c.InitPid(),
 		lxcPath:        lxcPath,
@@ -283,9 +283,9 @@ func (d *LxcDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, e
 		doneCh:         make(chan bool, 1),
 	}
 
-	go handle.run()
+	go h.run()
 
-	return &handle, nil
+	return &StartResponse{Handle: &h}, nil
 }
 
 func (d *LxcDriver) Cleanup(*ExecContext, *CreatedResources) error { return nil }
diff --git a/client/driver/lxc_test.go b/client/driver/lxc_test.go
index 3bb8dee86f6b..3ba156e204cd 100644
--- a/client/driver/lxc_test.go
+++ b/client/driver/lxc_test.go
@@ -75,15 +75,12 @@ func TestLxcDriver_Start_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	sresp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
-	lxcHandle, _ := handle.(*lxcDriverHandle)
+	lxcHandle, _ := sresp.Handle.(*lxcDriverHandle)
 
 	// Destroy the container after the test
 	defer func() {
@@ -115,12 +112,12 @@ func TestLxcDriver_Start_Wait(t *testing.T) {
 	}
 
 	// Desroy the container
-	if err := handle.Kill(); err != nil {
+	if err := sresp.Handle.Kill(); err != nil {
 		t.Fatalf("err: %v", err)
 	}
 
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-sresp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -151,23 +148,19 @@ func TestLxcDriver_Open_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	sresp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Destroy the container after the test
-	if lh, ok := handle.(*lxcDriverHandle); ok {
-		defer func() {
-			lh.container.Stop()
-			lh.container.Destroy()
-		}()
-	}
+	lh := sresp.Handle.(*lxcDriverHandle)
+	defer func() {
+		lh.container.Stop()
+		lh.container.Destroy()
+	}()
 
-	handle2, err := d.Open(ctx.ExecCtx, handle.ID())
+	handle2, err := d.Open(ctx.ExecCtx, lh.ID())
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
diff --git a/client/driver/mock_driver.go b/client/driver/mock_driver.go
index 304a031f2b4d..25493f0ddcfe 100644
--- a/client/driver/mock_driver.go
+++ b/client/driver/mock_driver.go
@@ -89,7 +89,7 @@ func (d *MockDriver) Prestart(*ExecContext, *structs.Task) (*PrestartResponse, e
 }
 
 // Start starts the mock driver
-func (m *MockDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error) {
+func (m *MockDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, error) {
 	var driverConfig MockDriverConfig
 	dec, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
 		DecodeHook:       mapstructure.StringToTimeDurationHookFunc(),
@@ -126,7 +126,7 @@ func (m *MockDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle,
 	}
 	m.logger.Printf("[DEBUG] driver.mock: starting task %q", task.Name)
 	go h.run()
-	return &h, nil
+	return &StartResponse{Handle: &h}, nil
 }
 
 // Cleanup deletes all keys except for Config.Options["cleanup_fail_on"] for
diff --git a/client/driver/qemu.go b/client/driver/qemu.go
index 118a140df6b3..b0a53b594ea5 100644
--- a/client/driver/qemu.go
+++ b/client/driver/qemu.go
@@ -40,6 +40,8 @@ const (
 type QemuDriver struct {
 	DriverContext
 	fingerprint.StaticFingerprinter
+
+	driverConfig *QemuDriverConfig
 }
 
 type QemuDriverConfig struct {
@@ -131,13 +133,7 @@ func (d *QemuDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool,
 	return true, nil
 }
 
-func (d *QemuDriver) Prestart(*ExecContext, *structs.Task) (*PrestartResponse, error) {
-	return nil, nil
-}
-
-// Run an existing Qemu image. Start() will pull down an existing, valid Qemu
-// image and save it to the Drivers Allocation Dir
-func (d *QemuDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error) {
+func (d *QemuDriver) Prestart(_ *ExecContext, task *structs.Task) (*PrestartResponse, error) {
 	var driverConfig QemuDriverConfig
 	if err := mapstructure.WeakDecode(task.Config, &driverConfig); err != nil {
 		return nil, err
@@ -147,8 +143,22 @@ func (d *QemuDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle,
 		return nil, fmt.Errorf("Only one port_map block is allowed in the qemu driver config")
 	}
 
+	d.driverConfig = &driverConfig
+
+	r := NewPrestartResponse()
+	if len(driverConfig.PortMap) == 1 {
+		r.Network = &cstructs.DriverNetwork{
+			PortMap: driverConfig.PortMap[0],
+		}
+	}
+	return r, nil
+}
+
+// Run an existing Qemu image. Start() will pull down an existing, valid Qemu
+// image and save it to the Drivers Allocation Dir
+func (d *QemuDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, error) {
 	// Get the image source
-	vmPath := driverConfig.ImagePath
+	vmPath := d.driverConfig.ImagePath
 	if vmPath == "" {
 		return nil, fmt.Errorf("image_path must be set")
 	}
@@ -157,8 +167,8 @@ func (d *QemuDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle,
 	// Parse configuration arguments
 	// Create the base arguments
 	accelerator := "tcg"
-	if driverConfig.Accelerator != "" {
-		accelerator = driverConfig.Accelerator
+	if d.driverConfig.Accelerator != "" {
+		accelerator = d.driverConfig.Accelerator
 	}
 	// TODO: Check a lower bounds, e.g. the default 128 of Qemu
 	mem := fmt.Sprintf("%dM", task.Resources.MemoryMB)
@@ -182,7 +192,7 @@ func (d *QemuDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle,
 	// passed directly to the qemu driver as command line options.
 	// For example, args = [ "-nodefconfig", "-nodefaults" ]
 	// This will allow a VM with embedded configuration to boot successfully.
-	args = append(args, driverConfig.Args...)
+	args = append(args, d.driverConfig.Args...)
 
 	// Check the Resources required Networks to add port mappings. If no resources
 	// are required, we assume the VM is a purely compute job and does not require
@@ -190,13 +200,13 @@ func (d *QemuDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle,
 	// still reach out to the world, but without port mappings it is effectively
 	// firewalled
 	protocols := []string{"udp", "tcp"}
-	if len(task.Resources.Networks) > 0 && len(driverConfig.PortMap) == 1 {
+	if len(task.Resources.Networks) > 0 && len(d.driverConfig.PortMap) == 1 {
 		// Loop through the port map and construct the hostfwd string, to map
 		// reserved ports to the ports listenting in the VM
 		// Ex: hostfwd=tcp::22000-:22,hostfwd=tcp::80-:8080
 		var forwarding []string
-		taskPorts := task.Resources.Networks[0].MapLabelToValues(nil)
-		for label, guest := range driverConfig.PortMap[0] {
+		taskPorts := task.Resources.Networks[0].PortLabels()
+		for label, guest := range d.driverConfig.PortMap[0] {
 			host, ok := taskPorts[label]
 			if !ok {
 				return nil, fmt.Errorf("Unknown port label %q", label)
@@ -276,7 +286,13 @@ func (d *QemuDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle,
 		waitCh:         make(chan *dstructs.WaitResult, 1),
 	}
 	go h.run()
-	return h, nil
+	resp := &StartResponse{Handle: h}
+	if len(d.driverConfig.PortMap) == 1 {
+		resp.Network = &cstructs.DriverNetwork{
+			PortMap: d.driverConfig.PortMap[0],
+		}
+	}
+	return resp, nil
 }
 
 type qemuId struct {
diff --git a/client/driver/qemu_test.go b/client/driver/qemu_test.go
index 5a6c41104d2c..9b3f19203149 100644
--- a/client/driver/qemu_test.go
+++ b/client/driver/qemu_test.go
@@ -84,21 +84,18 @@ func TestQemuDriver_StartOpen_Wait(t *testing.T) {
 		t.Fatalf("Prestart faild: %v", err)
 	}
 
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Ensure that sending a Signal returns an error
-	if err := handle.Signal(syscall.SIGINT); err == nil {
+	if err := resp.Handle.Signal(syscall.SIGINT); err == nil {
 		t.Fatalf("Expect an error when signalling")
 	}
 
 	// Attempt to open
-	handle2, err := d.Open(ctx.ExecCtx, handle.ID())
+	handle2, err := d.Open(ctx.ExecCtx, resp.Handle.ID())
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -107,7 +104,7 @@ func TestQemuDriver_StartOpen_Wait(t *testing.T) {
 	}
 
 	// Clean up
-	if err := handle.Kill(); err != nil {
+	if err := resp.Handle.Kill(); err != nil {
 		fmt.Printf("\nError killing Qemu test: %s", err)
 	}
 }
@@ -150,9 +147,9 @@ func TestQemuDriverUser(t *testing.T) {
 		t.Fatalf("Prestart faild: %v", err)
 	}
 
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err == nil {
-		handle.Kill()
+		resp.Handle.Kill()
 		t.Fatalf("Should've failed")
 	}
 	msg := "unknown user alice"
diff --git a/client/driver/raw_exec.go b/client/driver/raw_exec.go
index 3c002d7a1c97..a2e29d6f2fb1 100644
--- a/client/driver/raw_exec.go
+++ b/client/driver/raw_exec.go
@@ -110,7 +110,7 @@ func (d *RawExecDriver) Prestart(*ExecContext, *structs.Task) (*PrestartResponse
 	return nil, nil
 }
 
-func (d *RawExecDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error) {
+func (d *RawExecDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, error) {
 	var driverConfig ExecDriverConfig
 	if err := mapstructure.WeakDecode(task.Config, &driverConfig); err != nil {
 		return nil, err
@@ -173,7 +173,7 @@ func (d *RawExecDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandl
 		taskDir:        ctx.TaskDir,
 	}
 	go h.run()
-	return h, nil
+	return &StartResponse{Handle: h}, nil
 }
 
 func (d *RawExecDriver) Cleanup(*ExecContext, *CreatedResources) error { return nil }
diff --git a/client/driver/raw_exec_test.go b/client/driver/raw_exec_test.go
index e1bd4d362617..5400527b3dab 100644
--- a/client/driver/raw_exec_test.go
+++ b/client/driver/raw_exec_test.go
@@ -81,16 +81,13 @@ func TestRawExecDriver_StartOpen_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Attempt to open
-	handle2, err := d.Open(ctx.ExecCtx, handle.ID())
+	handle2, err := d.Open(ctx.ExecCtx, resp.Handle.ID())
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -104,7 +101,7 @@ func TestRawExecDriver_StartOpen_Wait(t *testing.T) {
 	case <-time.After(time.Duration(testutil.TestMultiplier()*5) * time.Second):
 		t.Fatalf("timeout")
 	}
-	handle.Kill()
+	resp.Handle.Kill()
 	handle2.Kill()
 }
 
@@ -130,23 +127,20 @@ func TestRawExecDriver_Start_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Update should be a no-op
-	err = handle.Update(task)
+	err = resp.Handle.Update(task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -156,7 +150,7 @@ func TestRawExecDriver_Start_Wait(t *testing.T) {
 }
 
 func TestRawExecDriver_Start_Wait_AllocDir(t *testing.T) {
-	exp := []byte{'w', 'i', 'n'}
+	exp := []byte("win")
 	file := "output.txt"
 	outPath := fmt.Sprintf(`${%s}/%s`, env.AllocDir, file)
 	task := &structs.Task{
@@ -184,17 +178,14 @@ func TestRawExecDriver_Start_Wait_AllocDir(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -237,17 +228,14 @@ func TestRawExecDriver_Start_Kill_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	go func() {
 		time.Sleep(1 * time.Second)
-		err := handle.Kill()
+		err := resp.Handle.Kill()
 
 		// Can't rely on the ordering between wait and kill on travis...
 		if !testutil.IsTravis() && err != nil {
@@ -257,7 +245,7 @@ func TestRawExecDriver_Start_Kill_Wait(t *testing.T) {
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if res.Successful() {
 			t.Fatal("should err")
 		}
@@ -290,9 +278,9 @@ func TestRawExecDriverUser(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err == nil {
-		handle.Kill()
+		resp.Handle.Kill()
 		t.Fatalf("Should've failed")
 	}
 	msg := "unknown user alice"
@@ -323,16 +311,13 @@ func TestRawExecDriver_HandlerExec(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Exec a command that should work
-	out, code, err := handle.Exec(context.TODO(), "/usr/bin/stat", []string{"/tmp"})
+	out, code, err := resp.Handle.Exec(context.TODO(), "/usr/bin/stat", []string{"/tmp"})
 	if err != nil {
 		t.Fatalf("error exec'ing stat: %v", err)
 	}
@@ -344,7 +329,7 @@ func TestRawExecDriver_HandlerExec(t *testing.T) {
 	}
 
 	// Exec a command that should fail
-	out, code, err = handle.Exec(context.TODO(), "/usr/bin/stat", []string{"lkjhdsaflkjshowaisxmcvnlia"})
+	out, code, err = resp.Handle.Exec(context.TODO(), "/usr/bin/stat", []string{"lkjhdsaflkjshowaisxmcvnlia"})
 	if err != nil {
 		t.Fatalf("error exec'ing stat: %v", err)
 	}
@@ -355,7 +340,7 @@ func TestRawExecDriver_HandlerExec(t *testing.T) {
 		t.Fatalf("expected output to contain %q but found: %q", expected, out)
 	}
 
-	if err := handle.Kill(); err != nil {
+	if err := resp.Handle.Kill(); err != nil {
 		t.Fatalf("error killing exec handle: %v", err)
 	}
 }
diff --git a/client/driver/raw_exec_unix_test.go b/client/driver/raw_exec_unix_test.go
index fd4b3083a0d2..5cbe83545066 100644
--- a/client/driver/raw_exec_unix_test.go
+++ b/client/driver/raw_exec_unix_test.go
@@ -52,17 +52,14 @@ done
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("prestart err: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	go func() {
 		time.Sleep(100 * time.Millisecond)
-		err := handle.Signal(syscall.SIGUSR1)
+		err := resp.Handle.Signal(syscall.SIGUSR1)
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
@@ -70,7 +67,7 @@ done
 
 	// Task should terminate quickly
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if res.Successful() {
 			t.Fatal("should err")
 		}
diff --git a/client/driver/rkt.go b/client/driver/rkt.go
index 7ad4ad4d073e..17c05711930e 100644
--- a/client/driver/rkt.go
+++ b/client/driver/rkt.go
@@ -236,7 +236,7 @@ func (d *RktDriver) Prestart(ctx *ExecContext, task *structs.Task) (*PrestartRes
 }
 
 // Run an existing Rkt image.
-func (d *RktDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, error) {
+func (d *RktDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, error) {
 	var driverConfig RktDriverConfig
 	if err := mapstructure.WeakDecode(task.Config, &driverConfig); err != nil {
 		return nil, err
@@ -512,7 +512,8 @@ func (d *RktDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, e
 		waitCh:         make(chan *dstructs.WaitResult, 1),
 	}
 	go h.run()
-	return h, nil
+	//TODO Set Network
+	return &StartResponse{Handle: h}, nil
 }
 
 func (d *RktDriver) Cleanup(*ExecContext, *CreatedResources) error { return nil }
diff --git a/client/driver/rkt_test.go b/client/driver/rkt_test.go
index 3dae05cf8602..4128a79de57d 100644
--- a/client/driver/rkt_test.go
+++ b/client/driver/rkt_test.go
@@ -103,23 +103,21 @@ func TestRktDriver_Start_DNS(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
-	defer handle.Kill()
+	defer resp.Handle.Kill()
 
 	// Attempt to open
-	handle2, err := d.Open(ctx.ExecCtx, handle.ID())
+	handle2, err := d.Open(ctx.ExecCtx, resp.Handle.ID())
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
 	if handle2 == nil {
 		t.Fatalf("missing handle")
 	}
+	handle2.Kill()
 }
 
 func TestRktDriver_Start_Wait(t *testing.T) {
@@ -154,28 +152,25 @@ func TestRktDriver_Start_Wait(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
-	defer handle.Kill()
+	defer resp.Handle.Kill()
 
 	// Update should be a no-op
-	err = handle.Update(task)
+	err = resp.Handle.Update(task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
 
 	// Signal should be an error
-	if err = handle.Signal(syscall.SIGTERM); err == nil {
+	if err = resp.Handle.Signal(syscall.SIGTERM); err == nil {
 		t.Fatalf("err: %v", err)
 	}
 
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -215,23 +210,20 @@ func TestRktDriver_Start_Wait_Skip_Trust(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
-	defer handle.Kill()
+	defer resp.Handle.Kill()
 
 	// Update should be a no-op
-	err = handle.Update(task)
+	err = resp.Handle.Update(task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
 
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -286,17 +278,14 @@ func TestRktDriver_Start_Wait_AllocDir(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
-	defer handle.Kill()
+	defer resp.Handle.Kill()
 
 	select {
-	case res := <-handle.WaitCh():
+	case res := <-resp.Handle.WaitCh():
 		if !res.Successful() {
 			t.Fatalf("err: %v", res)
 		}
@@ -348,9 +337,9 @@ func TestRktDriverUser(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err == nil {
-		handle.Kill()
+		resp.Handle.Kill()
 		t.Fatalf("Should've failed")
 	}
 	msg := "unknown user alice"
@@ -389,9 +378,9 @@ func TestRktTrustPrefix(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err == nil {
-		handle.Kill()
+		resp.Handle.Kill()
 		t.Fatalf("Should've failed")
 	}
 	msg := "Error running rkt trust"
@@ -467,18 +456,15 @@ func TestRktDriver_PortsMapping(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	failCh := make(chan error, 1)
 	go func() {
 		time.Sleep(1 * time.Second)
-		if err := handle.Kill(); err != nil {
+		if err := resp.Handle.Kill(); err != nil {
 			failCh <- err
 		}
 	}()
@@ -486,7 +472,7 @@ func TestRktDriver_PortsMapping(t *testing.T) {
 	select {
 	case err := <-failCh:
 		t.Fatalf("failed to kill handle: %v", err)
-	case <-handle.WaitCh():
+	case <-resp.Handle.WaitCh():
 	case <-time.After(time.Duration(testutil.TestMultiplier()*15) * time.Second):
 		t.Fatalf("timeout")
 	}
@@ -523,19 +509,16 @@ func TestRktDriver_HandlerExec(t *testing.T) {
 	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
 		t.Fatalf("error in prestart: %v", err)
 	}
-	handle, err := d.Start(ctx.ExecCtx, task)
+	resp, err := d.Start(ctx.ExecCtx, task)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if handle == nil {
-		t.Fatalf("missing handle")
-	}
 
 	// Give the pod a second to start
 	time.Sleep(time.Second)
 
 	// Exec a command that should work
-	out, code, err := handle.Exec(context.TODO(), "/etcd", []string{"--version"})
+	out, code, err := resp.Handle.Exec(context.TODO(), "/etcd", []string{"--version"})
 	if err != nil {
 		t.Fatalf("error exec'ing etcd --version: %v", err)
 	}
@@ -547,7 +530,7 @@ func TestRktDriver_HandlerExec(t *testing.T) {
 	}
 
 	// Exec a command that should fail
-	out, code, err = handle.Exec(context.TODO(), "/etcd", []string{"--kaljdshf"})
+	out, code, err = resp.Handle.Exec(context.TODO(), "/etcd", []string{"--kaljdshf"})
 	if err != nil {
 		t.Fatalf("error exec'ing bad command: %v", err)
 	}
@@ -558,7 +541,7 @@ func TestRktDriver_HandlerExec(t *testing.T) {
 		t.Fatalf("expected output to contain %q but found: %q", expected, out)
 	}
 
-	if err := handle.Kill(); err != nil {
+	if err := resp.Handle.Kill(); err != nil {
 		t.Fatalf("error killing handle: %v", err)
 	}
 }
diff --git a/client/structs/structs.go b/client/structs/structs.go
index 7c63d10025dd..0673ce951e74 100644
--- a/client/structs/structs.go
+++ b/client/structs/structs.go
@@ -1,5 +1,11 @@
 package structs
 
+import (
+	"crypto/md5"
+	"io"
+	"strconv"
+)
+
 // MemoryStats holds memory usage related stats
 type MemoryStats struct {
 	RSS            uint64
@@ -124,3 +130,57 @@ func (f FSIsolation) String() string {
 		return "INVALID"
 	}
 }
+
+// DriverNetwork is the network created by driver's (eg Docker's bridge
+// network) during Prestart.
+type DriverNetwork struct {
+	// PortMap can be set by drivers to replace ports in environment
+	// variables with driver-specific mappings.
+	PortMap map[string]int
+
+	// IP is the IP address for the task created by the driver.
+	IP string
+
+	// AutoAdvertise indicates whether the driver thinks services that
+	// choose to auto-advertise-addresses should use this IP instead of the
+	// host's. eg If a Docker network plugin is used
+	AutoAdvertise bool
+}
+
+// Advertise returns true if the driver suggests using the IP set. May be
+// called on a nil Network in which case it returns false.
+func (d *DriverNetwork) Advertise() bool {
+	return d != nil && d.AutoAdvertise
+}
+
+// Copy a DriverNetwork struct. If it is nil, nil is returned.
+func (d *DriverNetwork) Copy() *DriverNetwork {
+	if d == nil {
+		return nil
+	}
+	pm := make(map[string]int, len(d.PortMap))
+	for k, v := range d.PortMap {
+		pm[k] = v
+	}
+	return &DriverNetwork{
+		PortMap:       pm,
+		IP:            d.IP,
+		AutoAdvertise: d.AutoAdvertise,
+	}
+}
+
+// Hash the contents of a DriverNetwork struct to detect changes. If it is nil,
+// an empty slice is returned.
+func (d *DriverNetwork) Hash() []byte {
+	if d == nil {
+		return []byte{}
+	}
+	h := md5.New()
+	io.WriteString(h, d.IP)
+	io.WriteString(h, strconv.FormatBool(d.AutoAdvertise))
+	for k, v := range d.PortMap {
+		io.WriteString(h, k)
+		io.WriteString(h, strconv.Itoa(v))
+	}
+	return h.Sum(nil)
+}
diff --git a/client/task_runner.go b/client/task_runner.go
index dad24a207cba..db494c94c90a 100644
--- a/client/task_runner.go
+++ b/client/task_runner.go
@@ -88,6 +88,10 @@ type TaskRunner struct {
 	// envBuilder is used to build the task's environment
 	envBuilder *env.Builder
 
+	// driverNet is the network information returned by the driver
+	driverNet     *cstructs.DriverNetwork
+	driverNetLock sync.Mutex
+
 	// updateCh is used to receive updated versions of the allocation
 	updateCh chan *structs.Allocation
 
@@ -167,6 +171,7 @@ type taskRunnerState struct {
 	TaskDirBuilt       bool
 	PayloadRendered    bool
 	CreatedResources   *driver.CreatedResources
+	DriverNetwork      *cstructs.DriverNetwork
 }
 
 func (s *taskRunnerState) Hash() []byte {
@@ -178,6 +183,7 @@ func (s *taskRunnerState) Hash() []byte {
 	io.WriteString(h, fmt.Sprintf("%v", s.TaskDirBuilt))
 	io.WriteString(h, fmt.Sprintf("%v", s.PayloadRendered))
 	h.Write(s.CreatedResources.Hash())
+	h.Write(s.DriverNetwork.Hash())
 
 	return h.Sum(nil)
 }
@@ -312,6 +318,7 @@ func (r *TaskRunner) RestoreState() (string, error) {
 	r.taskDirBuilt = snap.TaskDirBuilt
 	r.payloadRendered = snap.PayloadRendered
 	r.setCreatedResources(snap.CreatedResources)
+	r.driverNet = snap.DriverNetwork
 
 	if r.task.Vault != nil {
 		// Read the token from the secret directory
@@ -337,6 +344,10 @@ func (r *TaskRunner) RestoreState() (string, error) {
 			return "", err
 		}
 
+		// Add the restored network driver to the environment
+		r.envBuilder.SetDriverNetwork(r.driverNet)
+
+		// Open a connection to the driver handle
 		ctx := driver.NewExecContext(r.taskDir, r.envBuilder.Build())
 		handle, err := d.Open(ctx, snap.HandleID)
 
@@ -351,7 +362,7 @@ func (r *TaskRunner) RestoreState() (string, error) {
 			restartReason = pre06ScriptCheckReason
 		}
 
-		if err := r.registerServices(d, handle); err != nil {
+		if err := r.registerServices(d, handle, r.driverNet); err != nil {
 			// Don't hard fail here as there's a chance this task
 			// registered with Consul properly when it initial
 			// started.
@@ -421,6 +432,10 @@ func (r *TaskRunner) SaveState() error {
 	}
 	r.handleLock.Unlock()
 
+	r.driverNetLock.Lock()
+	snap.DriverNetwork = r.driverNet.Copy()
+	r.driverNetLock.Unlock()
+
 	// If nothing has changed avoid the write
 	h := snap.Hash()
 	if bytes.Equal(h, r.persistedHash) {
@@ -1303,18 +1318,16 @@ func (r *TaskRunner) startTask() error {
 
 	// Run prestart
 	ctx := driver.NewExecContext(r.taskDir, r.envBuilder.Build())
-	resp, err := drv.Prestart(ctx, r.task)
+	presp, err := drv.Prestart(ctx, r.task)
 
 	// Merge newly created resources into previously created resources
-	if resp != nil {
+	if presp != nil {
 		r.createdResourcesLock.Lock()
-		r.createdResources.Merge(resp.CreatedResources)
+		r.createdResources.Merge(presp.CreatedResources)
 		r.createdResourcesLock.Unlock()
 
-		// Update environment with PortMap if it was returned
-		if len(resp.PortMap) > 0 {
-			r.envBuilder.SetPortMap(resp.PortMap)
-		}
+		// Set any network configuration returned by the driver
+		r.envBuilder.SetDriverNetwork(presp.Network)
 	}
 
 	if err != nil {
@@ -1328,7 +1341,7 @@ func (r *TaskRunner) startTask() error {
 	ctx = driver.NewExecContext(r.taskDir, r.envBuilder.Build())
 
 	// Start the job
-	handle, err := drv.Start(ctx, r.task)
+	sresp, err := drv.Start(ctx, r.task)
 	if err != nil {
 		wrapped := fmt.Sprintf("failed to start task %q for alloc %q: %v",
 			r.task.Name, r.alloc.ID, err)
@@ -1337,13 +1350,16 @@ func (r *TaskRunner) startTask() error {
 
 	}
 
-	if err := r.registerServices(drv, handle); err != nil {
+	// Update environment with the network defined by the driver's Start method.
+	r.envBuilder.SetDriverNetwork(sresp.Network)
+
+	if err := r.registerServices(drv, sresp.Handle, sresp.Network); err != nil {
 		// All IO is done asynchronously, so errors from registering
 		// services are hard failures.
 		r.logger.Printf("[ERR] client: failed to register services and checks for task %q alloc %q: %v", r.task.Name, r.alloc.ID, err)
 
 		// Kill the started task
-		if destroyed, err := r.handleDestroy(handle); !destroyed {
+		if destroyed, err := r.handleDestroy(sresp.Handle); !destroyed {
 			r.logger.Printf("[ERR] client: failed to kill task %q alloc %q. Resources may be leaked: %v",
 				r.task.Name, r.alloc.ID, err)
 		}
@@ -1351,21 +1367,26 @@ func (r *TaskRunner) startTask() error {
 	}
 
 	r.handleLock.Lock()
-	r.handle = handle
+	r.handle = sresp.Handle
 	r.handleLock.Unlock()
 
+	// Need to persist the driver network between restarts
+	r.driverNetLock.Lock()
+	r.driverNet = sresp.Network
+	r.driverNetLock.Unlock()
+
 	return nil
 }
 
 // registerServices and checks with Consul.
-func (r *TaskRunner) registerServices(d driver.Driver, h driver.ScriptExecutor) error {
+func (r *TaskRunner) registerServices(d driver.Driver, h driver.DriverHandle, n *cstructs.DriverNetwork) error {
 	var exec driver.ScriptExecutor
 	if d.Abilities().Exec {
 		// Allow set the script executor if the driver supports it
 		exec = h
 	}
 	interpolateServices(r.envBuilder.Build(), r.task)
-	return r.consul.RegisterTask(r.alloc.ID, r.task, exec)
+	return r.consul.RegisterTask(r.alloc.ID, r.task, exec, n)
 }
 
 // interpolateServices interpolates tags in a service and checks with values from the
@@ -1503,7 +1524,7 @@ func (r *TaskRunner) handleUpdate(update *structs.Allocation) error {
 	// Merge in the task resources
 	updatedTask.Resources = update.TaskResources[updatedTask.Name]
 
-	// Update the task's environment
+	// Update the task's environment for interpolating in services/checks
 	r.envBuilder.UpdateTask(update, updatedTask)
 
 	var mErr multierror.Error
@@ -1547,7 +1568,10 @@ func (r *TaskRunner) updateServices(d driver.Driver, h driver.ScriptExecutor, ol
 		exec = h
 	}
 	interpolateServices(r.envBuilder.Build(), new)
-	return r.consul.UpdateTask(r.alloc.ID, old, new, exec)
+	r.driverNetLock.Lock()
+	net := r.driverNet.Copy()
+	r.driverNetLock.Unlock()
+	return r.consul.UpdateTask(r.alloc.ID, old, new, exec, net)
 }
 
 // handleDestroy kills the task handle. In the case that killing fails,
diff --git a/command/agent/consul/client.go b/command/agent/consul/client.go
index 38f331f207f3..b5c1e4c201cc 100644
--- a/command/agent/consul/client.go
+++ b/command/agent/consul/client.go
@@ -13,6 +13,7 @@ import (
 	metrics "github.com/armon/go-metrics"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/nomad/client/driver"
+	cstructs "github.com/hashicorp/nomad/client/structs"
 	"github.com/hashicorp/nomad/nomad/structs"
 )
 
@@ -272,7 +273,10 @@ func (c *ServiceClient) sync() error {
 	// Add Nomad services missing from Consul
 	for id, locals := range c.services {
 		if remotes, ok := consulServices[id]; ok {
-			if locals.Port == remotes.Port {
+			// Make sure Port and Address are stable since
+			// PortLabel and AddressMode aren't included in the
+			// service ID.
+			if locals.Port == remotes.Port && locals.Address == remotes.Address {
 				// Already exists in Consul; skip
 				continue
 			}
@@ -294,7 +298,7 @@ func (c *ServiceClient) sync() error {
 			continue
 		}
 		if !isNomadService(check.ServiceID) {
-			// Not managed by Nomad, skip
+			// Service not managed by Nomad, skip
 			continue
 		}
 		// Unknown Nomad managed check; kill
@@ -369,7 +373,7 @@ func (c *ServiceClient) RegisterAgent(role string, services []*structs.Service)
 		ops.regServices = append(ops.regServices, serviceReg)
 
 		for _, check := range service.Checks {
-			checkID := createCheckID(id, check)
+			checkID := makeCheckID(id, check)
 			if check.Type == structs.ServiceCheckScript {
 				return fmt.Errorf("service %q contains invalid check: agent checks do not support scripts", service.Name)
 			}
@@ -420,21 +424,42 @@ func (c *ServiceClient) RegisterAgent(role string, services []*structs.Service)
 // serviceRegs creates service registrations, check registrations, and script
 // checks from a service.
 func (c *ServiceClient) serviceRegs(ops *operations, allocID string, service *structs.Service,
-	exec driver.ScriptExecutor, task *structs.Task) error {
+	task *structs.Task, exec driver.ScriptExecutor, net *cstructs.DriverNetwork) error {
 
 	id := makeTaskServiceID(allocID, task.Name, service)
-	host, port := task.FindHostAndPortFor(service.PortLabel)
+	addrMode := service.AddressMode
+	if addrMode == structs.AddressModeAuto {
+		if net.Advertise() {
+			addrMode = structs.AddressModeDriver
+		} else {
+			// No driver network or shouldn't default to driver's network
+			addrMode = structs.AddressModeHost
+		}
+	}
+	ip, port := task.Resources.Networks.Port(service.PortLabel)
+	if addrMode == structs.AddressModeDriver {
+		if net == nil {
+			return fmt.Errorf("service %s cannot use driver's IP because driver didn't set one", service.Name)
+		}
+		ip = net.IP
+		port = net.PortMap[service.PortLabel]
+	}
 	serviceReg := &api.AgentServiceRegistration{
 		ID:      id,
 		Name:    service.Name,
 		Tags:    make([]string, len(service.Tags)),
-		Address: host,
+		Address: ip,
 		Port:    port,
 	}
 	// copy isn't strictly necessary but can avoid bugs especially
 	// with tests that may reuse Tasks
 	copy(serviceReg.Tags, service.Tags)
 	ops.regServices = append(ops.regServices, serviceReg)
+	return c.checkRegs(ops, allocID, id, service, task, exec, net)
+}
+
+func (c *ServiceClient) checkRegs(ops *operations, allocID, serviceID string, service *structs.Service,
+	task *structs.Task, exec driver.ScriptExecutor, net *cstructs.DriverNetwork) error {
 
 	for _, check := range service.Checks {
 		if check.TLSSkipVerify && !c.skipVerifySupport {
@@ -442,7 +467,7 @@ func (c *ServiceClient) serviceRegs(ops *operations, allocID string, service *st
 				check.Name, task.Name, allocID)
 			continue
 		}
-		checkID := createCheckID(id, check)
+		checkID := makeCheckID(serviceID, check)
 		if check.Type == structs.ServiceCheckScript {
 			if exec == nil {
 				return fmt.Errorf("driver doesn't support script checks")
@@ -452,11 +477,14 @@ func (c *ServiceClient) serviceRegs(ops *operations, allocID string, service *st
 
 		}
 
-		host, port := serviceReg.Address, serviceReg.Port
-		if check.PortLabel != "" {
-			host, port = task.FindHostAndPortFor(check.PortLabel)
+		// Checks should always use the host ip:port
+		portLabel := check.PortLabel
+		if portLabel == "" {
+			// Default to the service's port label
+			portLabel = service.PortLabel
 		}
-		checkReg, err := createCheckReg(id, checkID, check, host, port)
+		ip, port := task.Resources.Networks.Port(portLabel)
+		checkReg, err := createCheckReg(serviceID, checkID, check, ip, port)
 		if err != nil {
 			return fmt.Errorf("failed to add check %q: %v", check.Name, err)
 		}
@@ -468,11 +496,14 @@ func (c *ServiceClient) serviceRegs(ops *operations, allocID string, service *st
 // RegisterTask with Consul. Adds all sevice entries and checks to Consul. If
 // exec is nil and a script check exists an error is returned.
 //
+// If the service IP is set it used as the address in the service registration.
+// Checks will always use the IP from the Task struct (host's IP).
+//
 // Actual communication with Consul is done asynchrously (see Run).
-func (c *ServiceClient) RegisterTask(allocID string, task *structs.Task, exec driver.ScriptExecutor) error {
+func (c *ServiceClient) RegisterTask(allocID string, task *structs.Task, exec driver.ScriptExecutor, net *cstructs.DriverNetwork) error {
 	ops := &operations{}
 	for _, service := range task.Services {
-		if err := c.serviceRegs(ops, allocID, service, exec, task); err != nil {
+		if err := c.serviceRegs(ops, allocID, service, task, exec, net); err != nil {
 			return err
 		}
 	}
@@ -482,7 +513,9 @@ func (c *ServiceClient) RegisterTask(allocID string, task *structs.Task, exec dr
 
 // UpdateTask in Consul. Does not alter the service if only checks have
 // changed.
-func (c *ServiceClient) UpdateTask(allocID string, existing, newTask *structs.Task, exec driver.ScriptExecutor) error {
+//
+// DriverNetwork must not change between invocations for the same allocation.
+func (c *ServiceClient) UpdateTask(allocID string, existing, newTask *structs.Task, exec driver.ScriptExecutor, net *cstructs.DriverNetwork) error {
 	ops := &operations{}
 
 	existingIDs := make(map[string]*structs.Service, len(existing.Services))
@@ -502,12 +535,15 @@ func (c *ServiceClient) UpdateTask(allocID string, existing, newTask *structs.Ta
 			// Existing sevice entry removed
 			ops.deregServices = append(ops.deregServices, existingID)
 			for _, check := range existingSvc.Checks {
-				ops.deregChecks = append(ops.deregChecks, createCheckID(existingID, check))
+				ops.deregChecks = append(ops.deregChecks, makeCheckID(existingID, check))
 			}
 			continue
 		}
 
-		if newSvc.PortLabel == existingSvc.PortLabel {
+		// PortLabel and AddressMode aren't included in the ID, so we
+		// have to compare manually.
+		serviceUnchanged := newSvc.PortLabel == existingSvc.PortLabel && newSvc.AddressMode == existingSvc.AddressMode
+		if serviceUnchanged {
 			// Service exists and hasn't changed, don't add it later
 			delete(newIDs, existingID)
 		}
@@ -515,15 +551,21 @@ func (c *ServiceClient) UpdateTask(allocID string, existing, newTask *structs.Ta
 		// Check to see what checks were updated
 		existingChecks := make(map[string]struct{}, len(existingSvc.Checks))
 		for _, check := range existingSvc.Checks {
-			existingChecks[createCheckID(existingID, check)] = struct{}{}
+			existingChecks[makeCheckID(existingID, check)] = struct{}{}
 		}
 
 		// Register new checks
 		for _, check := range newSvc.Checks {
-			checkID := createCheckID(existingID, check)
+			checkID := makeCheckID(existingID, check)
 			if _, exists := existingChecks[checkID]; exists {
 				// Check exists, so don't remove it
 				delete(existingChecks, checkID)
+			} else if serviceUnchanged {
+				// New check on an unchanged service; add them now
+				err := c.checkRegs(ops, allocID, existingID, newSvc, newTask, exec, net)
+				if err != nil {
+					return err
+				}
 			}
 		}
 
@@ -535,7 +577,7 @@ func (c *ServiceClient) UpdateTask(allocID string, existing, newTask *structs.Ta
 
 	// Any remaining services should just be enqueued directly
 	for _, newSvc := range newIDs {
-		err := c.serviceRegs(ops, allocID, newSvc, exec, newTask)
+		err := c.serviceRegs(ops, allocID, newSvc, newTask, exec, net)
 		if err != nil {
 			return err
 		}
@@ -556,7 +598,7 @@ func (c *ServiceClient) RemoveTask(allocID string, task *structs.Task) {
 		ops.deregServices = append(ops.deregServices, id)
 
 		for _, check := range service.Checks {
-			ops.deregChecks = append(ops.deregChecks, createCheckID(id, check))
+			ops.deregChecks = append(ops.deregChecks, makeCheckID(id, check))
 		}
 	}
 
@@ -653,8 +695,8 @@ func makeTaskServiceID(allocID, taskName string, service *structs.Service) strin
 	return strings.Join(parts, "-")
 }
 
-// createCheckID creates a unique ID for a check.
-func createCheckID(serviceID string, check *structs.ServiceCheck) string {
+// makeCheckID creates a unique ID for a check.
+func makeCheckID(serviceID string, check *structs.ServiceCheck) string {
 	return check.Hash(serviceID)
 }
 
diff --git a/command/agent/consul/unit_test.go b/command/agent/consul/unit_test.go
index 94e00a9498c4..ceec772b5d49 100644
--- a/command/agent/consul/unit_test.go
+++ b/command/agent/consul/unit_test.go
@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/consul/api"
+	cstructs "github.com/hashicorp/nomad/client/structs"
 	"github.com/hashicorp/nomad/nomad/structs"
 )
 
@@ -169,6 +170,10 @@ func (c *fakeConsul) CheckRegister(check *api.AgentCheckRegistration) error {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	c.checks[check.ID] = check
+
+	// Be nice and make checks reachable-by-service
+	scheck := check.AgentServiceCheck
+	c.services[check.ServiceID].Checks = append(c.services[check.ServiceID].Checks, &scheck)
 	return nil
 }
 
@@ -210,7 +215,7 @@ func (c *fakeConsul) UpdateTTL(id string, output string, status string) error {
 func TestConsul_ChangeTags(t *testing.T) {
 	ctx := setupFake()
 
-	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, nil); err != nil {
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, nil, nil); err != nil {
 		t.Fatalf("unexpected error registering task: %v", err)
 	}
 
@@ -236,7 +241,7 @@ func TestConsul_ChangeTags(t *testing.T) {
 	origTask := ctx.Task
 	ctx.Task = testTask()
 	ctx.Task.Services[0].Tags[0] = "newtag"
-	if err := ctx.ServiceClient.UpdateTask("allocid", origTask, ctx.Task, nil); err != nil {
+	if err := ctx.ServiceClient.UpdateTask("allocid", origTask, ctx.Task, nil, nil); err != nil {
 		t.Fatalf("unexpected error registering task: %v", err)
 	}
 	if err := ctx.syncOnce(); err != nil {
@@ -290,7 +295,7 @@ func TestConsul_ChangePorts(t *testing.T) {
 		},
 	}
 
-	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx); err != nil {
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx, nil); err != nil {
 		t.Fatalf("unexpected error registering task: %v", err)
 	}
 
@@ -375,10 +380,10 @@ func TestConsul_ChangePorts(t *testing.T) {
 			Path:     "/",
 			Interval: time.Second,
 			Timeout:  time.Second,
-			// Removed PortLabel
+			// Removed PortLabel; should default to service's (y)
 		},
 	}
-	if err := ctx.ServiceClient.UpdateTask("allocid", origTask, ctx.Task, ctx); err != nil {
+	if err := ctx.ServiceClient.UpdateTask("allocid", origTask, ctx.Task, ctx, nil); err != nil {
 		t.Fatalf("unexpected error registering task: %v", err)
 	}
 	if err := ctx.syncOnce(); err != nil {
@@ -442,11 +447,111 @@ func TestConsul_ChangePorts(t *testing.T) {
 	}
 }
 
+// TestConsul_ChangeChecks asserts that updating only the checks on a service
+// properly syncs with Consul.
+func TestConsul_ChangeChecks(t *testing.T) {
+	ctx := setupFake()
+	ctx.Task.Services[0].Checks = []*structs.ServiceCheck{
+		{
+			Name:      "c1",
+			Type:      "tcp",
+			Interval:  time.Second,
+			Timeout:   time.Second,
+			PortLabel: "x",
+		},
+	}
+
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx, nil); err != nil {
+		t.Fatalf("unexpected error registering task: %v", err)
+	}
+
+	if err := ctx.syncOnce(); err != nil {
+		t.Fatalf("unexpected error syncing task: %v", err)
+	}
+
+	if n := len(ctx.FakeConsul.services); n != 1 {
+		t.Fatalf("expected 1 service but found %d:\n%#v", n, ctx.FakeConsul.services)
+	}
+
+	origServiceKey := ""
+	for k, v := range ctx.FakeConsul.services {
+		origServiceKey = k
+		if v.Name != ctx.Task.Services[0].Name {
+			t.Errorf("expected Name=%q != %q", ctx.Task.Services[0].Name, v.Name)
+		}
+		if v.Port != xPort {
+			t.Errorf("expected Port x=%v but found: %v", xPort, v.Port)
+		}
+	}
+
+	if n := len(ctx.FakeConsul.checks); n != 1 {
+		t.Fatalf("expected 1 check but found %d:\n%#v", n, ctx.FakeConsul.checks)
+	}
+	for _, v := range ctx.FakeConsul.checks {
+		if v.Name != "c1" {
+			t.Fatalf("expected check c1 but found %q", v.Name)
+		}
+	}
+
+	// Now add a check
+	origTask := ctx.Task.Copy()
+	ctx.Task.Services[0].Checks = []*structs.ServiceCheck{
+		{
+			Name:      "c1",
+			Type:      "tcp",
+			Interval:  time.Second,
+			Timeout:   time.Second,
+			PortLabel: "x",
+		},
+		{
+			Name:      "c2",
+			Type:      "http",
+			Path:      "/",
+			Interval:  time.Second,
+			Timeout:   time.Second,
+			PortLabel: "x",
+		},
+	}
+	if err := ctx.ServiceClient.UpdateTask("allocid", origTask, ctx.Task, ctx, nil); err != nil {
+		t.Fatalf("unexpected error registering task: %v", err)
+	}
+	if err := ctx.syncOnce(); err != nil {
+		t.Fatalf("unexpected error syncing task: %v", err)
+	}
+
+	if n := len(ctx.FakeConsul.services); n != 1 {
+		t.Fatalf("expected 1 service but found %d:\n%#v", n, ctx.FakeConsul.services)
+	}
+
+	if _, ok := ctx.FakeConsul.services[origServiceKey]; !ok {
+		t.Errorf("unexpected key change; was: %q -- but found %#v", origServiceKey, ctx.FakeConsul.services)
+	}
+
+	if n := len(ctx.FakeConsul.checks); n != 2 {
+		t.Fatalf("expected 2 check but found %d:\n%#v", n, ctx.FakeConsul.checks)
+	}
+
+	for k, v := range ctx.FakeConsul.checks {
+		switch v.Name {
+		case "c1":
+			if expected := fmt.Sprintf(":%d", xPort); v.TCP != expected {
+				t.Errorf("expected Port x=%v but found: %v", expected, v.TCP)
+			}
+		case "c2":
+			if expected := fmt.Sprintf("http://:%d/", xPort); v.HTTP != expected {
+				t.Errorf("expected Port x=%v but found: %v", expected, v.HTTP)
+			}
+		default:
+			t.Errorf("Unkown check: %q", k)
+		}
+	}
+}
+
 // TestConsul_RegServices tests basic service registration.
 func TestConsul_RegServices(t *testing.T) {
 	ctx := setupFake()
 
-	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, nil); err != nil {
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, nil, nil); err != nil {
 		t.Fatalf("unexpected error registering task: %v", err)
 	}
 
@@ -472,7 +577,7 @@ func TestConsul_RegServices(t *testing.T) {
 	// Make a change which will register a new service
 	ctx.Task.Services[0].Name = "taskname-service2"
 	ctx.Task.Services[0].Tags[0] = "tag3"
-	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, nil); err != nil {
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, nil, nil); err != nil {
 		t.Fatalf("unpexpected error registering task: %v", err)
 	}
 
@@ -546,7 +651,7 @@ func TestConsul_ShutdownOK(t *testing.T) {
 	go ctx.ServiceClient.Run()
 
 	// Register a task and agent
-	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx); err != nil {
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx, nil); err != nil {
 		t.Fatalf("unexpected error registering task: %v", err)
 	}
 
@@ -619,7 +724,7 @@ func TestConsul_ShutdownSlow(t *testing.T) {
 	go ctx.ServiceClient.Run()
 
 	// Register a task and agent
-	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx); err != nil {
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx, nil); err != nil {
 		t.Fatalf("unexpected error registering task: %v", err)
 	}
 
@@ -690,7 +795,7 @@ func TestConsul_ShutdownBlocked(t *testing.T) {
 	go ctx.ServiceClient.Run()
 
 	// Register a task and agent
-	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx); err != nil {
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx, nil); err != nil {
 		t.Fatalf("unexpected error registering task: %v", err)
 	}
 
@@ -747,7 +852,7 @@ func TestConsul_NoTLSSkipVerifySupport(t *testing.T) {
 		},
 	}
 
-	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, nil); err != nil {
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, nil, nil); err != nil {
 		t.Fatalf("unexpected error registering task: %v", err)
 	}
 
@@ -787,7 +892,7 @@ func TestConsul_CancelScript(t *testing.T) {
 		},
 	}
 
-	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx); err != nil {
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx, nil); err != nil {
 		t.Fatalf("unexpected error registering task: %v", err)
 	}
 
@@ -824,7 +929,7 @@ func TestConsul_CancelScript(t *testing.T) {
 		},
 	}
 
-	if err := ctx.ServiceClient.UpdateTask("allocid", origTask, ctx.Task, ctx); err != nil {
+	if err := ctx.ServiceClient.UpdateTask("allocid", origTask, ctx.Task, ctx, nil); err != nil {
 		t.Fatalf("unexpected error registering task: %v", err)
 	}
 
@@ -854,3 +959,275 @@ func TestConsul_CancelScript(t *testing.T) {
 		scriptHandle.cancel()
 	}
 }
+
+// TestConsul_DriverNetwork_AutoUse asserts that if a driver network has
+// auto-use set then services should advertise it unless explicitly set to
+// host. Checks should always use host.
+func TestConsul_DriverNetwork_AutoUse(t *testing.T) {
+	ctx := setupFake()
+
+	ctx.Task.Services = []*structs.Service{
+		{
+			Name:        "auto-advertise-x",
+			PortLabel:   "x",
+			AddressMode: structs.AddressModeAuto,
+			Checks: []*structs.ServiceCheck{
+				{
+					Name:     "default-check-x",
+					Type:     "tcp",
+					Interval: time.Second,
+					Timeout:  time.Second,
+				},
+				{
+					Name:      "weird-y-check",
+					Type:      "http",
+					Interval:  time.Second,
+					Timeout:   time.Second,
+					PortLabel: "y",
+				},
+			},
+		},
+		{
+			Name:        "driver-advertise-y",
+			PortLabel:   "y",
+			AddressMode: structs.AddressModeDriver,
+			Checks: []*structs.ServiceCheck{
+				{
+					Name:     "default-check-y",
+					Type:     "tcp",
+					Interval: time.Second,
+					Timeout:  time.Second,
+				},
+			},
+		},
+		{
+			Name:        "host-advertise-y",
+			PortLabel:   "y",
+			AddressMode: structs.AddressModeHost,
+		},
+	}
+
+	net := &cstructs.DriverNetwork{
+		PortMap: map[string]int{
+			"x": 8888,
+			"y": 9999,
+		},
+		IP:            "172.18.0.2",
+		AutoAdvertise: true,
+	}
+
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx, net); err != nil {
+		t.Fatalf("unexpected error registering task: %v", err)
+	}
+
+	if err := ctx.syncOnce(); err != nil {
+		t.Fatalf("unexpected error syncing task: %v", err)
+	}
+
+	if n := len(ctx.FakeConsul.services); n != 3 {
+		t.Fatalf("expected 2 services but found: %d", n)
+	}
+
+	for _, v := range ctx.FakeConsul.services {
+		switch v.Name {
+		case ctx.Task.Services[0].Name: // x
+			// Since DriverNetwork.AutoAdvertise=true, driver ports should be used
+			if v.Port != net.PortMap["x"] {
+				t.Errorf("expected service %s's port to be %d but found %d",
+					v.Name, net.PortMap["x"], v.Port)
+			}
+			// The order of checks in Consul is not guaranteed to
+			// be the same as their order in the Task definition,
+			// so check in a loop
+			if expected := 2; len(v.Checks) != expected {
+				t.Errorf("expected %d checks but found %d", expected, len(v.Checks))
+			}
+			for _, c := range v.Checks {
+				// No name on AgentServiceChecks, use type
+				switch {
+				case c.TCP != "":
+					// Checks should always use host port though
+					if c.TCP != ":1234" { // xPort
+						t.Errorf("exepcted service %s check 1's port to be %d but found %q",
+							v.Name, xPort, c.TCP)
+					}
+				case c.HTTP != "":
+					if c.HTTP != "http://:1235" { // yPort
+						t.Errorf("exepcted service %s check 2's port to be %d but found %q",
+							v.Name, yPort, c.HTTP)
+					}
+				default:
+					t.Errorf("unexpected check %#v on service %q", c, v.Name)
+				}
+			}
+		case ctx.Task.Services[1].Name: // y
+			// Service should be container ip:port
+			if v.Address != net.IP {
+				t.Errorf("expected service %s's address to be %s but found %s",
+					v.Name, net.IP, v.Address)
+			}
+			if v.Port != net.PortMap["y"] {
+				t.Errorf("expected service %s's port to be %d but found %d",
+					v.Name, net.PortMap["x"], v.Port)
+			}
+			// Check should be host ip:port
+			if v.Checks[0].TCP != ":1235" { // yPort
+				t.Errorf("expected service %s check's port to be %d but found %s",
+					v.Name, yPort, v.Checks[0].TCP)
+			}
+		case ctx.Task.Services[2].Name: // y + host mode
+			if v.Port != yPort {
+				t.Errorf("expected service %s's port to be %d but found %d",
+					v.Name, yPort, v.Port)
+			}
+		default:
+			t.Errorf("unexpected service name: %q", v.Name)
+		}
+	}
+}
+
+// TestConsul_DriverNetwork_NoAutoUse asserts that if a driver network doesn't
+// set auto-use only services which request the driver's network should
+// advertise it.
+func TestConsul_DriverNetwork_NoAutoUse(t *testing.T) {
+	ctx := setupFake()
+
+	ctx.Task.Services = []*structs.Service{
+		{
+			Name:        "auto-advertise-x",
+			PortLabel:   "x",
+			AddressMode: structs.AddressModeAuto,
+		},
+		{
+			Name:        "driver-advertise-y",
+			PortLabel:   "y",
+			AddressMode: structs.AddressModeDriver,
+		},
+		{
+			Name:        "host-advertise-y",
+			PortLabel:   "y",
+			AddressMode: structs.AddressModeHost,
+		},
+	}
+
+	net := &cstructs.DriverNetwork{
+		PortMap: map[string]int{
+			"x": 8888,
+			"y": 9999,
+		},
+		IP:            "172.18.0.2",
+		AutoAdvertise: false,
+	}
+
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx, net); err != nil {
+		t.Fatalf("unexpected error registering task: %v", err)
+	}
+
+	if err := ctx.syncOnce(); err != nil {
+		t.Fatalf("unexpected error syncing task: %v", err)
+	}
+
+	if n := len(ctx.FakeConsul.services); n != 3 {
+		t.Fatalf("expected 3 services but found: %d", n)
+	}
+
+	for _, v := range ctx.FakeConsul.services {
+		switch v.Name {
+		case ctx.Task.Services[0].Name: // x + auto
+			// Since DriverNetwork.AutoAdvertise=false, host ports should be used
+			if v.Port != xPort {
+				t.Errorf("expected service %s's port to be %d but found %d",
+					v.Name, xPort, v.Port)
+			}
+		case ctx.Task.Services[1].Name: // y + driver mode
+			// Service should be container ip:port
+			if v.Address != net.IP {
+				t.Errorf("expected service %s's address to be %s but found %s",
+					v.Name, net.IP, v.Address)
+			}
+			if v.Port != net.PortMap["y"] {
+				t.Errorf("expected service %s's port to be %d but found %d",
+					v.Name, net.PortMap["x"], v.Port)
+			}
+		case ctx.Task.Services[2].Name: // y + host mode
+			if v.Port != yPort {
+				t.Errorf("expected service %s's port to be %d but found %d",
+					v.Name, yPort, v.Port)
+			}
+		default:
+			t.Errorf("unexpected service name: %q", v.Name)
+		}
+	}
+}
+
+// TestConsul_DriverNetwork_Change asserts that if a driver network is
+// specified and a service updates its use its properly updated in Consul.
+func TestConsul_DriverNetwork_Change(t *testing.T) {
+	ctx := setupFake()
+
+	ctx.Task.Services = []*structs.Service{
+		{
+			Name:        "service-foo",
+			PortLabel:   "x",
+			AddressMode: structs.AddressModeAuto,
+		},
+	}
+
+	net := &cstructs.DriverNetwork{
+		PortMap: map[string]int{
+			"x": 8888,
+			"y": 9999,
+		},
+		IP:            "172.18.0.2",
+		AutoAdvertise: false,
+	}
+
+	syncAndAssertPort := func(port int) {
+		if err := ctx.syncOnce(); err != nil {
+			t.Fatalf("unexpected error syncing task: %v", err)
+		}
+
+		if n := len(ctx.FakeConsul.services); n != 1 {
+			t.Fatalf("expected 1 service but found: %d", n)
+		}
+
+		for _, v := range ctx.FakeConsul.services {
+			switch v.Name {
+			case ctx.Task.Services[0].Name:
+				if v.Port != port {
+					t.Errorf("expected service %s's port to be %d but found %d",
+						v.Name, port, v.Port)
+				}
+			default:
+				t.Errorf("unexpected service name: %q", v.Name)
+			}
+		}
+	}
+
+	// Initial service should advertise host port x
+	if err := ctx.ServiceClient.RegisterTask("allocid", ctx.Task, ctx, net); err != nil {
+		t.Fatalf("unexpected error registering task: %v", err)
+	}
+
+	syncAndAssertPort(xPort)
+
+	// UpdateTask to use Host (shouldn't change anything)
+	orig := ctx.Task.Copy()
+	ctx.Task.Services[0].AddressMode = structs.AddressModeHost
+
+	if err := ctx.ServiceClient.UpdateTask("allocid", orig, ctx.Task, ctx, net); err != nil {
+		t.Fatalf("unexpected error updating task: %v", err)
+	}
+
+	syncAndAssertPort(xPort)
+
+	// UpdateTask to use Driver (*should* change IP and port)
+	orig = ctx.Task.Copy()
+	ctx.Task.Services[0].AddressMode = structs.AddressModeDriver
+
+	if err := ctx.ServiceClient.UpdateTask("allocid", orig, ctx.Task, ctx, net); err != nil {
+		t.Fatalf("unexpected error updating task: %v", err)
+	}
+
+	syncAndAssertPort(net.PortMap["x"])
+}
diff --git a/command/agent/job_endpoint.go b/command/agent/job_endpoint.go
index 874f3d7a1e35..7c975d617bd8 100644
--- a/command/agent/job_endpoint.go
+++ b/command/agent/job_endpoint.go
@@ -579,9 +579,10 @@ func ApiTaskToStructsTask(apiTask *api.Task, structsTask *structs.Task) {
 		structsTask.Services = make([]*structs.Service, l)
 		for i, service := range apiTask.Services {
 			structsTask.Services[i] = &structs.Service{
-				Name:      service.Name,
-				PortLabel: service.PortLabel,
-				Tags:      service.Tags,
+				Name:        service.Name,
+				PortLabel:   service.PortLabel,
+				Tags:        service.Tags,
+				AddressMode: service.AddressMode,
 			}
 
 			if l := len(service.Checks); l != 0 {
diff --git a/command/agent/job_endpoint_test.go b/command/agent/job_endpoint_test.go
index 0ae9e8348555..75b8103d79a3 100644
--- a/command/agent/job_endpoint_test.go
+++ b/command/agent/job_endpoint_test.go
@@ -1122,9 +1122,10 @@ func TestJobs_ApiJobToStructsJob(t *testing.T) {
 						},
 						Services: []*structs.Service{
 							&structs.Service{
-								Name:      "serviceA",
-								Tags:      []string{"1", "2"},
-								PortLabel: "foo",
+								Name:        "serviceA",
+								Tags:        []string{"1", "2"},
+								PortLabel:   "foo",
+								AddressMode: "auto",
 								Checks: []*structs.ServiceCheck{
 									&structs.ServiceCheck{
 										Name:          "bar",
diff --git a/demo/vagrant/Vagrantfile b/demo/vagrant/Vagrantfile
index 89cc115d253c..d13bf4bd6fe4 100644
--- a/demo/vagrant/Vagrantfile
+++ b/demo/vagrant/Vagrantfile
@@ -12,7 +12,7 @@ echo Fetching Nomad...
 cd /tmp/
 curl -sSL https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip -o nomad.zip
 
-echo Installing Nomad...
+echo "Installing Nomad..."
 unzip nomad.zip
 sudo chmod +x nomad
 sudo mv nomad /usr/bin/nomad
@@ -21,16 +21,38 @@ sudo mkdir -p /etc/nomad.d
 sudo chmod a+w /etc/nomad.d
 
 # Set hostname's IP to made advertisement Just Work
-sudo sed -i -e "s/.*nomad.*/$(ip route get 1 | awk '{print $NF;exit}') nomad/" /etc/hosts
+#sudo sed -i -e "s/.*nomad.*/$(ip route get 1 | awk '{print $NF;exit}') nomad/" /etc/hosts
+
+echo "Install Docker..."
+if [[ -f /etc/apt/sources.list.d/docker.list ]]; then
+    echo "Docker repository already installed; Skipping"
+else
+    echo deb https://apt.dockerproject.org/repo ubuntu-`lsb_release -c | awk '{print $2}'` main | sudo tee /etc/apt/sources.list.d/docker.list
+    sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
+    sudo apt-get update
+fi
+sudo DEBIAN_FRONTEND=noninteractive apt-get install -y docker-engine
+
+# Restart docker to make sure we get the latest version of the daemon if there is an upgrade
+sudo service docker restart
+
+# Make sure we can actually use docker as the vagrant user
+sudo usermod -aG docker vagrant
+
+echo "Installing Consul..."
+cd /opt/nomad
+bash scripts/install_consul.sh
 
 SCRIPT
 
 Vagrant.configure(2) do |config|
-  config.vm.box = "ubuntu/xenial64" # 16.04 LTS
+  config.vm.box = "bento/ubuntu-16.04" # 16.04 LTS
   config.vm.hostname = "nomad"
   config.vm.provision "shell", inline: $script, privileged: false
   config.vm.provision "docker" # Just install it
 
+  config.vm.synced_folder '../..', '/opt/nomad'
+
   # Increase memory for Parallels Desktop
   config.vm.provider "parallels" do |p, o|
     p.memory = "1024"
diff --git a/jobspec/parse.go b/jobspec/parse.go
index f58d8f799212..02f1dcbf1f9f 100644
--- a/jobspec/parse.go
+++ b/jobspec/parse.go
@@ -905,6 +905,7 @@ func parseServices(jobName string, taskGroupName string, task *api.Task, service
 			"tags",
 			"port",
 			"check",
+			"address_mode",
 		}
 		if err := checkHCLKeys(o.Val, valid); err != nil {
 			return multierror.Prefix(err, fmt.Sprintf("service (%d) ->", idx))
diff --git a/nomad/structs/diff_test.go b/nomad/structs/diff_test.go
index c7c8d86d931b..4ba261de3de0 100644
--- a/nomad/structs/diff_test.go
+++ b/nomad/structs/diff_test.go
@@ -3119,8 +3119,9 @@ func TestTaskDiff(t *testing.T) {
 			New: &Task{
 				Services: []*Service{
 					{
-						Name:      "foo",
-						PortLabel: "bar",
+						Name:        "foo",
+						PortLabel:   "bar",
+						AddressMode: "driver",
 					},
 				},
 			},
@@ -3131,6 +3132,11 @@ func TestTaskDiff(t *testing.T) {
 						Type: DiffTypeEdited,
 						Name: "Service",
 						Fields: []*FieldDiff{
+							{
+								Type: DiffTypeAdded,
+								Name: "AddressMode",
+								New:  "driver",
+							},
 							{
 								Type: DiffTypeNone,
 								Name: "Name",
@@ -3410,6 +3416,12 @@ func TestTaskDiff(t *testing.T) {
 						Type: DiffTypeEdited,
 						Name: "Service",
 						Fields: []*FieldDiff{
+							{
+								Type: DiffTypeNone,
+								Name: "AddressMode",
+								Old:  "",
+								New:  "",
+							},
 							{
 								Type: DiffTypeNone,
 								Name: "Name",
diff --git a/nomad/structs/structs.go b/nomad/structs/structs.go
index 515ab5d4cf13..daa461fb4bee 100644
--- a/nomad/structs/structs.go
+++ b/nomad/structs/structs.go
@@ -890,6 +890,26 @@ type NodeListStub struct {
 	ModifyIndex       uint64
 }
 
+// Networks defined for a task on the Resources struct.
+type Networks []*NetworkResource
+
+// Port assignment and IP for the given label or empty values.
+func (ns Networks) Port(label string) (string, int) {
+	for _, n := range ns {
+		for _, p := range n.ReservedPorts {
+			if p.Label == label {
+				return n.IP, p.Value
+			}
+		}
+		for _, p := range n.DynamicPorts {
+			if p.Label == label {
+				return n.IP, p.Value
+			}
+		}
+	}
+	return "", 0
+}
+
 // Resources is used to define the resources available
 // on a client
 type Resources struct {
@@ -897,7 +917,7 @@ type Resources struct {
 	MemoryMB int
 	DiskMB   int
 	IOPS     int
-	Networks []*NetworkResource
+	Networks Networks
 }
 
 const (
@@ -1054,10 +1074,10 @@ type Port struct {
 type NetworkResource struct {
 	Device        string // Name of the device
 	CIDR          string // CIDR block of addresses
-	IP            string // IP address
+	IP            string // Host IP address
 	MBits         int    // Throughput
-	ReservedPorts []Port // Reserved ports
-	DynamicPorts  []Port // Dynamically assigned ports
+	ReservedPorts []Port // Host Reserved ports
+	DynamicPorts  []Port // Host Dynamically assigned ports
 }
 
 func (n *NetworkResource) Canonicalize() {
@@ -1113,15 +1133,15 @@ func (n *NetworkResource) GoString() string {
 	return fmt.Sprintf("*%#v", *n)
 }
 
-func (n *NetworkResource) MapLabelToValues(port_map map[string]int) map[string]int {
-	labelValues := make(map[string]int)
-	ports := append(n.ReservedPorts, n.DynamicPorts...)
-	for _, port := range ports {
-		if mapping, ok := port_map[port.Label]; ok {
-			labelValues[port.Label] = mapping
-		} else {
-			labelValues[port.Label] = port.Value
-		}
+// PortLabels returns a map of port labels to their assigned host ports.
+func (n *NetworkResource) PortLabels() map[string]int {
+	num := len(n.ReservedPorts) + len(n.DynamicPorts)
+	labelValues := make(map[string]int, num)
+	for _, port := range n.ReservedPorts {
+		labelValues[port.Label] = port.Value
+	}
+	for _, port := range n.DynamicPorts {
+		labelValues[port.Label] = port.Value
 	}
 	return labelValues
 }
@@ -2430,6 +2450,12 @@ func (sc *ServiceCheck) Hash(serviceID string) string {
 	return fmt.Sprintf("%x", h.Sum(nil))
 }
 
+const (
+	AddressModeAuto   = "auto"
+	AddressModeHost   = "host"
+	AddressModeDriver = "driver"
+)
+
 // Service represents a Consul service definition in Nomad
 type Service struct {
 	// Name of the service registered with Consul. Consul defaults the
@@ -2441,8 +2467,13 @@ type Service struct {
 	// To specify the port number using the host's Consul Advertise
 	// address, specify an empty host in the PortLabel (e.g. `:port`).
 	PortLabel string
-	Tags      []string        // List of tags for the service
-	Checks    []*ServiceCheck // List of checks associated with the service
+
+	// AddressMode specifies whether or not to use the host ip:port for
+	// this service.
+	AddressMode string
+
+	Tags   []string        // List of tags for the service
+	Checks []*ServiceCheck // List of checks associated with the service
 }
 
 func (s *Service) Copy() *Service {
@@ -2503,6 +2534,13 @@ func (s *Service) Validate() error {
 		mErr.Errors = append(mErr.Errors, fmt.Errorf("service name must be valid per RFC 1123 and can contain only alphanumeric characters or dashes: %q", s.Name))
 	}
 
+	switch s.AddressMode {
+	case "", AddressModeAuto, AddressModeHost, AddressModeDriver:
+		// OK
+	default:
+		mErr.Errors = append(mErr.Errors, fmt.Errorf("service address_mode must be %q, %q, or %q; not %q", AddressModeAuto, AddressModeHost, AddressModeDriver, s.AddressMode))
+	}
+
 	for _, c := range s.Checks {
 		if s.PortLabel == "" && c.RequiresPort() {
 			mErr.Errors = append(mErr.Errors, fmt.Errorf("check %s invalid: check requires a port but the service %+q has no port", c.Name, s.Name))
@@ -2537,6 +2575,7 @@ func (s *Service) Hash() string {
 	io.WriteString(h, s.Name)
 	io.WriteString(h, strings.Join(s.Tags, ""))
 	io.WriteString(h, s.PortLabel)
+	io.WriteString(h, s.AddressMode)
 	return fmt.Sprintf("%x", h.Sum(nil))
 }
 
@@ -2720,15 +2759,6 @@ func (t *Task) GoString() string {
 	return fmt.Sprintf("*%#v", *t)
 }
 
-func (t *Task) FindHostAndPortFor(portLabel string) (string, int) {
-	for _, network := range t.Resources.Networks {
-		if p, ok := network.MapLabelToValues(nil)[portLabel]; ok {
-			return network.IP, p
-		}
-	}
-	return "", 0
-}
-
 // Validate is used to sanity check a task
 func (t *Task) Validate(ephemeralDisk *EphemeralDisk) error {
 	var mErr multierror.Error
@@ -2873,7 +2903,7 @@ func validateServices(t *Task) error {
 	portLabels := make(map[string]struct{})
 	if t.Resources != nil {
 		for _, network := range t.Resources.Networks {
-			ports := network.MapLabelToValues(nil)
+			ports := network.PortLabels()
 			for portLabel, _ := range ports {
 				portLabels[portLabel] = struct{}{}
 			}
@@ -2889,6 +2919,8 @@ func validateServices(t *Task) error {
 			mErr.Errors = append(mErr.Errors, err)
 		}
 	}
+
+	// Ensure address mode is valid
 	return mErr.ErrorOrNil()
 }
 
diff --git a/scripts/example_weave.bash b/scripts/example_weave.bash
new file mode 100755
index 000000000000..ba190f73fddc
--- /dev/null
+++ b/scripts/example_weave.bash
@@ -0,0 +1,103 @@
+#!/bin/bash
+if [[ "$USER" != "vagrant" ]]; then
+    echo "WARNING: This script is intended to be run from Nomad's Vagrant"
+    read -rsp $'Press any key to continue anyway...\n' -n1 key
+fi
+
+set -e
+
+if [[ ! -a /usr/local/bin/weave ]]; then
+    echo "Installing weave..."
+    sudo curl -L git.io/weave -o /usr/local/bin/weave
+    sudo chmod a+x /usr/local/bin/weave
+fi
+weave launch || echo "weave running"
+eval $(weave env)
+
+if curl -s localhost:8500 > /dev/null; then
+    echo "Consul running"
+else
+    echo "Running Consul dev agent..."
+    consul agent -dev > consul.out &
+fi
+
+if curl -s localhost:4646 > /dev/null; then
+    echo "Nomad running"
+else
+    echo "Running Nomad dev agent..."
+    nomad agent -dev > nomad.out &
+fi
+
+sleep 5
+
+echo "Running Redis with Weave in Nomad..."
+cat > redis-weave.nomad <<EOF
+job "weave-example" {
+  datacenters = ["dc1"]
+  type = "service"
+
+  group "cache" {
+    count = 1
+
+    task "redis" {
+      driver = "docker"
+      config {
+        image = "redis:3.2"
+        port_map {
+          db = 6379
+        }
+
+        # Use Weave overlay network
+        network_mode = "weave"
+      }
+
+      resources {
+        cpu    = 500 # 500 MHz
+        memory = 256 # 256MB
+        network {
+          mbits = 10
+          port "db" {}
+        }
+      }
+
+      # By default services will advertise the weave address
+      service {
+        name = "redis"
+        tags = ["redis", "weave-addr"]
+        port = "db"
+
+        # Since checks are done by Consul on the host system, they default to
+        # the host IP:Port.
+        check {
+          name     = "host-alive"
+          type     = "tcp"
+          interval = "10s"
+          timeout  = "2s"
+        }
+
+        # Script checks are run from inside the container, so you can use
+        # environment vars to get the container ip:port.
+        check {
+          name     = "container-script"
+          type     = "script"
+          command  = "/usr/local/bin/redis-cli"
+          args     = ["-p", "\${NOMAD_PORT_db}", "QUIT"]
+          interval = "10s"
+          timeout  = "2s"
+        }
+      }
+
+      # Setting address_mode = "host" will create a service entry with the
+      # host's address.
+      service {
+        name = "host-redis"
+        tags = ["redis", "host-addr"]
+        port = "db"
+        address_mode = "host"
+      }
+    }
+  }
+}
+EOF
+
+nomad run redis-weave.nomad
diff --git a/scripts/install_consul.sh b/scripts/install_consul.sh
index 964347ed04aa..9589c965c104 100755
--- a/scripts/install_consul.sh
+++ b/scripts/install_consul.sh
@@ -2,7 +2,7 @@
 
 set -e
 
-CONSUL_VERSION="0.7.3"
+CONSUL_VERSION="0.8.4"
 CURDIR=`pwd`
 
 if [[ $(which consul >/dev/null && consul version | head -n 1 | cut -d ' ' -f 2) == "v$CONSUL_VERSION" ]]; then
diff --git a/website/source/docs/drivers/docker.html.md b/website/source/docs/drivers/docker.html.md
index 893f7fbf74d8..e60576a19d79 100644
--- a/website/source/docs/drivers/docker.html.md
+++ b/website/source/docs/drivers/docker.html.md
@@ -355,7 +355,7 @@ container.
 
 These ports will be identified via environment variables. For example:
 
-```
+```hcl
 port "http" {}
 ```
 
@@ -401,6 +401,16 @@ Note that by default this only works with `bridged` networking mode. It may
 also work with custom networking plugins which implement the same API for
 expose and port forwarding.
 
+### Advertising Container IPs
+
+*New in Nomad 0.6.*
+
+When using network plugins like `weave` that assign containers a routable IP
+address, that address will automatically be used in any `service`
+advertisements for the task. You may override what address is advertised by
+using the `address_mode` parameter on a `service`. See
+[service](/docs/job-specification/service.html) for details.
+
 ### Networking Protocols
 
 The Docker driver configures ports on both the `tcp` and `udp` protocols.
diff --git a/website/source/docs/job-specification/service.html.md b/website/source/docs/job-specification/service.html.md
index f213ae357429..748dd66c1f16 100644
--- a/website/source/docs/job-specification/service.html.md
+++ b/website/source/docs/job-specification/service.html.md
@@ -93,6 +93,14 @@ does not automatically enable service discovery.
   this service. If this is not supplied, no tags will be assigned to the service
   when it is registered.
 
+- `address_mode` `(string: "auto")` - Specifies what address (host or
+  driver-specific) this service should advertise. `host` indicates the host IP
+  and port. `driver` advertises the IP used in the driver (eg Docker's internal
+  IP) and uses the ports specifid in the port map. The default is `auto` which
+  behaves the same as `host` unless the driver determines its IP should be used.
+  This setting was added in Nomad 0.6 and only supported by the Docker driver.
+  It will advertise the container IP if a network plugin is used (eg weave).
+
 ### `check` Parameters
 
 - `args` `(array<string>: [])` - Specifies additional arguments to the
@@ -131,7 +139,7 @@ does not automatically enable service discovery.
   stanza. If a port value was declared on the `service`, this will inherit from
   that value if not supplied. If supplied, this value takes precedence over the
   `service.port` value. This is useful for services which operate on multiple
-  ports.
+  ports. Checks will *always use the host IP and ports*.
 
 - `protocol` `(string: "http")` - Specifies the protocol for the http-based
   health checks. Valid options are `http` and `https`.
diff --git a/website/source/docs/runtime/_envvars.html.md.erb b/website/source/docs/runtime/_envvars.html.md.erb
new file mode 100644
index 000000000000..f8267fa7f985
--- /dev/null
+++ b/website/source/docs/runtime/_envvars.html.md.erb
@@ -0,0 +1,105 @@
+<table class="table table-bordered table-striped">
+  <tr>
+    <th>Variable</th>
+    <th>Description</th>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_ALLOC_DIR</tt></td>
+    <td>
+	    The path to the shared <tt>alloc/</tt> directory. See
+	    [here](/docs/runtime/environment.html#task-directories) for more
+	    information.
+    </td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_TASK_DIR</tt></td>
+    <td>
+	    The path to the task <tt>local/</tt> directory. See
+	    [here](/docs/runtime/environment.html#task-directories) for more
+	    information.
+    </td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_SECRETS_DIR</tt></td>
+    <td>
+	    Path to the task's secrets directory.  See
+	    [here](/docs/runtime/environment.html#task-directories) for more
+	    information.
+    </td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_MEMORY_LIMIT</tt></td>
+    <td>Memory limit in MB for the task</td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_CPU_LIMIT</tt></td>
+    <td>CPU limit in MHz for the task</td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_ALLOC_ID</tt></td>
+    <td>Allocation ID of the task</td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_ALLOC_NAME</tt></td>
+    <td>Allocation name of the task</td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_ALLOC_INDEX</tt></td>
+    <td>Allocation index; useful to distinguish instances of task groups. From 0 to (count - 1).</td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_TASK_NAME</tt></td>
+    <td>Task's name</td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_JOB_NAME</tt></td>
+    <td>Job's name</td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_DC</tt></td>
+    <td>Datacenter in which the allocation is running</td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_REGION</tt></td>
+    <td>Region in which the allocation is running</td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_META_&lt;key&gt;</tt></td>
+    <td>The metadata value given by <tt>key</tt> on the task's metadata</td>
+  </tr>
+  <tr>
+    <td><tt>VAULT_TOKEN</tt></td>
+    <td>The task's Vault token. See [Vault Integration](/docs/vault-integration/index.html) for more details</td>
+  </tr>
+  <tr><th colspan="2">Network-related Variables</th></tr>
+  <tr>
+    <td><tt>NOMAD_IP_&lt;label&gt;</tt></td>
+    <td>
+      Host IP for the given port <tt>label</tt>. See
+      [here](/docs/job-specification/network.html) for more information.
+    </td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_PORT_&lt;label&gt;</tt></td>
+    <td>
+      Port for the given port <tt>label</tt>. Driver-specified port when a port
+      map is used, otherwise the host's static or dynamic port allocation.
+      Services should bind to this port. See
+      [here](/docs/job-specification/network.html) for more information.
+    </td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_ADDR_&lt;label&gt;</tt></td>
+    <td>
+      Host <tt>IP:Port</tt> pair for the given port <tt>label</tt>.
+    </td>
+  </tr>
+  <tr>
+    <td><tt>NOMAD_HOST_PORT_&lt;label&gt;</tt></td>
+    <td>
+      Port on the host for the port <tt>label</tt>. See
+      [here](/docs/job-specification/network.html#mapped_ports) for more
+      information.
+    </td>
+  </tr>
+</table>
diff --git a/website/source/docs/runtime/environment.html.md b/website/source/docs/runtime/environment.html.md.erb
similarity index 65%
rename from website/source/docs/runtime/environment.html.md
rename to website/source/docs/runtime/environment.html.md.erb
index 3e0c03293c50..3a0fbde08396 100644
--- a/website/source/docs/runtime/environment.html.md
+++ b/website/source/docs/runtime/environment.html.md.erb
@@ -15,96 +15,7 @@ environment variables.
 
 ## Summary
 
-<table class="table table-bordered table-striped">
-  <tr>
-    <th>Variable</th>
-    <th>Description</th>
-  </tr>
-  <tr>
-    <td>`NOMAD_ALLOC_DIR`</td>
-    <td>Path to the shared alloc directory</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_TASK_DIR`</td>
-    <td>Path to the local task directory</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_SECRETS_DIR`</td>
-    <td>Path to the task's secrets directory</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_MEMORY_LIMIT`</td>
-    <td>The task's memory limit in MB</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_CPU_LIMIT`</td>
-    <td>The task's CPU limit in MHz</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_ALLOC_ID`</td>
-    <td>The allocation ID of the task</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_ALLOC_NAME`</td>
-    <td>The allocation name of the task</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_ALLOC_INDEX`</td>
-    <td>The allocation index; useful to distinguish instances of task groups</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_TASK_NAME`</td>
-    <td>The task's name</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_JOB_NAME`</td>
-    <td>The job's name</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_DC`</td>
-    <td>The datacenter in which the allocation is running</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_REGION`</td>
-    <td>The region in which the allocation is running</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_IP_<label>`</td>
-    <td>The IP of the port with the given label</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_PORT_<label>`</td>
-    <td>The port value with the given label</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_ADDR_<label>`</td>
-    <td>The IP:Port pair of the port with the given label</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_ADDR_<task>_<label>`</td>
-    <td>The allocated address, given as IP:Port for the given label of other tasks in the same group</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_PORT_<task>_<label>`</td>
-    <td>The allocated port for the given label of other tasks in the same group</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_IP_<task>_<label>`</td>
-    <td>The allocated IP address for the given label of other tasks in the same group</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_HOST_PORT_<label>`</td>
-    <td>The host port for the given label if the port is port mapped</td>
-  </tr>
-  <tr>
-    <td>`NOMAD_META_<key>`</td>
-    <td>The metadata of the task</td>
-  </tr>
-  <tr>
-    <td>`VAULT_TOKEN`</td>
-    <td>The task's Vault token. See [Vault Integration](/docs/vault-integration/index.html) for more details</td>
-  </tr>
-</table>
+<%= partial "envvars.html.md" %>
 
 ~> Port labels and task names will have any non-alphanumeric or underscore
 characters in their names replaced by underscores `_` when they're used in
diff --git a/website/source/docs/runtime/interpolation.html.md b/website/source/docs/runtime/interpolation.html.md.erb
similarity index 69%
rename from website/source/docs/runtime/interpolation.html.md
rename to website/source/docs/runtime/interpolation.html.md.erb
index b23917967aa3..b5f9cb6b81b0 100644
--- a/website/source/docs/runtime/interpolation.html.md
+++ b/website/source/docs/runtime/interpolation.html.md.erb
@@ -192,73 +192,7 @@ The following are runtime environment variables that describe the environment
 the task is running in. These are only defined once the task has been placed on
 a particular node and as such can not be used in constraints.
 
-<table class="table table-bordered table-striped">
-  <tr>
-    <th>Variable</th>
-    <th>Description</th>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_ALLOC_DIR}</tt></td>
-    <td>The path to the shared <tt>alloc/</tt> directory. See [here](/docs/runtime/environment.html#task-directories) for more information.</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_TASK_DIR}</tt></td>
-    <td>The path to the task <tt>local/</tt> directory. See [here](/docs/runtime/environment.html#task-directories) for more information.</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_MEMORY_LIMIT}</tt></td>
-    <td>The memory limit in MBytes for the task</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_CPU_LIMIT}</tt></td>
-    <td>The CPU limit in MHz for the task</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_ALLOC_ID}</tt></td>
-    <td>The allocation ID of the task</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_ALLOC_NAME}</tt></td>
-    <td>The allocation name of the task</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_ALLOC_INDEX}</tt></td>
-    <td>The allocation index; useful to distinguish instances of task groups. From 0 to (count - 1).</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_TASK_NAME}</tt></td>
-    <td>The task's name</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_JOB_NAME}</tt></td>
-    <td>The job's name</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_IP_&lt;label&gt;}</tt></td>
-    <td>The IP for the given port <tt>label</tt>. See
-    [here](/docs/job-specification/network.html) for more information.</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_PORT_&lt;label&gt;}</tt></td>
-    <td>The port for the port <tt>label</tt>. See [here](/docs/job-specification/network.html) for more information.</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_ADDR_&lt;label&gt;}</tt></td>
-    <td>The <tt>ip:port</tt> pair for the given port <tt>label</tt>. See
-    [here](/docs/job-specification/network.html) for more information.</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_HOST_PORT_&lt;label&gt;}</tt></td>
-    <td>The port on the host if port forwarding is being used for the port
-    <tt>label</tt>. See [here](/docs/job-specification/network.html#mapped_ports) for more
-    information.</td>
-  </tr>
-  <tr>
-    <td><tt>${NOMAD_META_&lt;key&gt;}</tt></td>
-    <td>The metadata value given by <tt>key</tt> on the task's metadata</td>
-  </tr>
-  <tr>
-    <td><tt>${"env_key"}</tt></td>
-    <td>Interpret an environment variable with key <tt>env_key</tt> set on the task.</td>
-  </tr>
-</table>
+Environment variables should be enclosed in brackets `${...}` for
+interpolation.
+
+<%= partial "envvars.html.md" %>