As we can see in the User data section in the fleet setup, there will be a line of the script that installs the network plugin for us. It is the WeaveWorks network plugin. The WeaveWorks network plugin uses the information from the docker info command to list the IP addresses of all the Swarm managers. The plugin then uses these IP addresses to bootstrap the network mesh.

We use WeaveWorks network plugin 2.1.3. This is the most stable version of it at the time of writing. It is also recommended upgrading to the next minor versions of this plugin, if available.

To install the network plugin, we use the docker plugin install command:

$ docker plugin install --grant-all-permissions weaveworks/net-plugin:2.1.3
2.1.3: Pulling from weaveworks/net-plugin
82e7025f1f50: Download complete 
Digest: sha256:84e5ff14b54bfb9798a995ddd38956d5c34ddaa4e48f6c0089f6c0e86f1ecfea
Status: Downloaded newer image for weaveworks/net-plugin:2.1.3
Installed plugin weaveworks/net-plugin:2.1.3

We use --grant-all-permissions just to automate the installation step. Without this parameter, we must manually grant the permissions required by each plugin.

We could check to see whether the network plugin is installed correctly using the following command:

$ docker plugin ls
ID            NAME                         DESCRIPTION                  ENABLED
f85f0fca2af9  weaveworks/net-plugin:2.1.3  Weave Net plugin for Docker  true

The ENABLED status of the plugin will be true, meaning that it is currently active. To check the status of the WeaveWork plugin and its network mesh, the plain text status could be CURLed from localhost:6782/status. The following status information was obtained from a worker node. We can check the number of connections between peers, or a number of peers, for example, from that URL:

$ curl localhost:6782/status
        Version: 2.1.3

        Service: router
       Protocol: weave 1..2
           Name: e6:cc:59:df:57:72(ip-172-31-11-209)
     Encryption: disabled
  PeerDiscovery: enabled
        Targets: 3
    Connections: 5 (5 established)
          Peers: 6 (with 30 established connections)
 TrustedSubnets: none

        Service: ipam
         Status: idle
          Range: 10.32.0.0/12
  DefaultSubnet: 10.32.0.0/12

        Service: plugin (v2)

The previous example shows us having six peers with five connections each. The IP range and the default subnet are important information for us to use when we create Docker networks. The IP range is 10.32.0.0/12, so if we create a network with subnet 10.32.0.0/24, it will be valid, while 10.0.0.0/24 will be invalid, for example.

The following figure illustrates our WeaveWorks network topology. Each node has five connections to another five nodes, as shown by solid lines from an mg node pointing to others. To make the diagram comprehensible, it shows only an mg node and another wk node connecting their five lines to the rest of the peers in the cluster:

For advanced troubleshooting, we could check the plugin's running process, weaver:

$ ps aux | grep weaver
root   4097   0.0 3.4 418660 34968 ? Ssl 06:15 0:06 /home/weave/weaver --port=6783 --datapath=datapath --host-root=/host --proc-path=/host/proc --http-addr=127.0.0.1:6784 --status-addr=0.0.0.0:6782 --no-dns --ipalloc-range=10.32.0.0/12 --nickname ip-172-31-11-209 --log-level=debug --db-prefix=/host/var/lib/weave/weave --plugin-v2 --plugin-mesh-socket= --docker-api= 172.31.4.52 172.31.1.223 172.31.0.153

As you can see from grepping the output of ps, the final parts of the command are the list of Swarm manager IP addresses. If it looks like this, our networking layer is good to go. But if you do not see the list of manager IP addresses here, remove the plugin and start over again.