diff --git a/magnum/templates/swarm/fragments/network-config-service.sh b/magnum/templates/swarm/fragments/network-config-service.sh
new file mode 100644
index 0000000000..74eeeec11f
--- /dev/null
+++ b/magnum/templates/swarm/fragments/network-config-service.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+. /etc/sysconfig/heat-params
+
+if [ "$NETWORK_DRIVER" != "flannel" ]; then
+    exit 0
+fi
+
+FLANNELD_CONFIG=/etc/sysconfig/flanneld
+FLANNEL_CONFIG_BIN=/usr/local/bin/flannel-config
+FLANNEL_CONFIG_SERVICE=/etc/systemd/system/flannel-config.service
+FLANNEL_JSON=/etc/sysconfig/flannel-network.json
+
+sed -i '
+/^FLANNEL_ETCD=/ s|=.*|="http://'"$SWARM_MASTER_IP"':2379"|
+' $FLANNELD_CONFIG
+
+. $FLANNELD_CONFIG
+
+echo "creating $FLANNEL_CONFIG_BIN"
+cat > $FLANNEL_CONFIG_BIN <<EOF
+#!/bin/sh
+
+if ! [ -f "$FLANNEL_JSON" ]; then
+    echo "ERROR: missing network configuration file" >&2
+    exit 1
+fi
+
+if ! [ "$FLANNEL_ETCD" ] && [ "$FLANNEL_ETCD_KEY" ]; then
+    echo "ERROR: missing required configuration" >&2
+    exit 1
+fi
+
+echo "creating flanneld config in etcd"
+while ! curl -sf -L $FLANNEL_ETCD/v2/keys${FLANNEL_ETCD_KEY}/config \
+  -X PUT --data-urlencode value@${FLANNEL_JSON}; do
+    echo "waiting for etcd"
+    sleep 1
+done
+EOF
+
+cat > $FLANNEL_CONFIG_SERVICE <<EOF
+[Unit]
+After=etcd.service
+Requires=etcd.service
+
+[Service]
+Type=oneshot
+EnvironmentFile=/etc/sysconfig/flanneld
+ExecStart=$FLANNEL_CONFIG_BIN
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+chown root:root $FLANNEL_CONFIG_BIN
+chmod 0755 $FLANNEL_CONFIG_BIN
+
+chown root:root $FLANNEL_CONFIG_SERVICE
+chmod 0644 $FLANNEL_CONFIG_SERVICE
+
+systemctl enable flannel-config
+systemctl start --no-block flannel-config
diff --git a/magnum/templates/swarm/fragments/network-service.sh b/magnum/templates/swarm/fragments/network-service.sh
new file mode 100644
index 0000000000..df996ada4a
--- /dev/null
+++ b/magnum/templates/swarm/fragments/network-service.sh
@@ -0,0 +1,82 @@
+#!/bin/sh
+
+. /etc/sysconfig/heat-params
+
+if [ "$NETWORK_DRIVER" != "flannel" ]; then
+    exit 0
+fi
+
+FLANNELD_CONFIG=/etc/sysconfig/flanneld
+FLANNEL_DOCKER_BRIDGE_BIN=/usr/local/bin/flannel-docker-bridge
+FLANNEL_DOCKER_BRIDGE_SERVICE=/etc/systemd/system/flannel-docker-bridge.service
+DOCKER_FLANNEL_CONF=/etc/systemd/system/docker.service.d/flannel.conf
+FLANNEL_DOCKER_BRIDGE_CONF=/etc/systemd/system/flanneld.service.d/flannel-docker-bridge.conf
+
+mkdir -p /etc/systemd/system/docker.service.d
+mkdir -p /etc/systemd/system/flanneld.service.d
+
+sed -i '
+/^FLANNEL_ETCD=/ s|=.*|="http://'"$SWARM_MASTER_IP"':2379"|
+' $FLANNELD_CONFIG
+
+cat >> $FLANNEL_DOCKER_BRIDGE_BIN <<EOF
+#!/bin/sh
+
+if ! [ "\$FLANNEL_SUBNET" ] && [ "\$FLANNEL_MTU" ] ; then
+    echo "ERROR: missing required environment variables." >&2
+    exit 1
+fi
+
+mkdir -p /run/flannel/
+cat > /run/flannel/docker <<EOF
+DOCKER_NETWORK_OPTIONS="--bip=\$FLANNEL_SUBNET --mtu=\$FLANNEL_MTU"
+EOF
+
+chown root:root $FLANNEL_DOCKER_BRIDGE_BIN
+chmod 0755 $FLANNEL_DOCKER_BRIDGE_BIN
+
+cat >> $FLANNEL_DOCKER_BRIDGE_SERVICE <<EOF
+[Unit]
+After=flanneld.service
+Before=docker.service
+Requires=flanneld.service
+
+[Service]
+Type=oneshot
+EnvironmentFile=/run/flannel/subnet.env
+ExecStart=/usr/local/bin/flannel-docker-bridge
+
+[Install]
+WantedBy=docker.service
+EOF
+
+chown root:root $FLANNEL_DOCKER_BRIDGE_SERVICE
+chmod 0644 $FLANNEL_DOCKER_BRIDGE_SERVICE
+
+cat >> $DOCKER_FLANNEL_CONF <<EOF
+[Unit]
+Requires=flannel-docker-bridge.service
+After=flannel-docker-bridge.service
+
+[Service]
+EnvironmentFile=/run/flannel/docker
+EOF
+
+chown root:root $DOCKER_FLANNEL_CONF
+chmod 0644 $DOCKER_FLANNEL_CONF
+
+cat >> $FLANNEL_DOCKER_BRIDGE_CONF <<EOF
+[Unit]
+Requires=flannel-docker-bridge.service
+Before=flannel-docker-bridge.service
+
+[Install]
+Also=flannel-docker-bridge.service
+EOF
+
+chown root:root $FLANNEL_DOCKER_BRIDGE_CONF
+chmod 0644 $FLANNEL_DOCKER_BRIDGE_CONF
+
+echo "activating service flanneld"
+systemctl enable flanneld
+systemctl --no-block start flanneld
diff --git a/magnum/templates/swarm/fragments/write-heat-params.yaml b/magnum/templates/swarm/fragments/write-heat-params.yaml
index 0b72861cba..044addfe8c 100644
--- a/magnum/templates/swarm/fragments/write-heat-params.yaml
+++ b/magnum/templates/swarm/fragments/write-heat-params.yaml
@@ -16,3 +16,7 @@ write_files:
       USER_TOKEN="$USER_TOKEN"
       MAGNUM_URL="$MAGNUM_URL"
       TLS_DISABLED="$TLS_DISABLED"
+      NETWORK_DRIVER="$NETWORK_DRIVER"
+      FLANNEL_NETWORK_CIDR="$FLANNEL_NETWORK_CIDR"
+      FLANNEL_NETWORK_SUBNETLEN="$FLANNEL_NETWORK_SUBNETLEN"
+      FLANNEL_USE_VXLAN="$FLANNEL_USE_VXLAN"
diff --git a/magnum/templates/swarm/fragments/write-network-config.sh b/magnum/templates/swarm/fragments/write-network-config.sh
new file mode 100644
index 0000000000..e6e2d0cb72
--- /dev/null
+++ b/magnum/templates/swarm/fragments/write-network-config.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+. /etc/sysconfig/heat-params
+
+if [ "$NETWORK_DRIVER" != "flannel" ]; then
+    exit 0
+fi
+
+FLANNEL_JSON=/etc/sysconfig/flannel-network.json
+FLANNEL_NETWORK_CIDR="$FLANNEL_NETWORK_CIDR"
+FLANNEL_NETWORK_SUBNETLEN="$FLANNEL_NETWORK_SUBNETLEN"
+FLANNEL_USE_VXLAN="$FLANNEL_USE_VXLAN"
+
+if [ "$FLANNEL_USE_VXLAN" == "true" ]; then
+    use_vxlan=1
+fi
+
+# Generate a flannel configuration that we will
+# store into etcd using curl.
+cat > $FLANNEL_JSON <<EOF
+{
+  "Network": "$FLANNEL_NETWORK_CIDR",
+  "Subnetlen": $FLANNEL_NETWORK_SUBNETLEN
+EOF
+
+if [ "$use_vxlan" = 1 ]; then
+cat >> $FLANNEL_JSON <<EOF
+  ,
+  "Backend": {
+    "Type": "vxlan"
+  }
+EOF
+fi
+
+cat >> $FLANNEL_JSON <<EOF
+}
+EOF
diff --git a/magnum/templates/swarm/swarm.yaml b/magnum/templates/swarm/swarm.yaml
index f52d1ada81..c144b23b7a 100644
--- a/magnum/templates/swarm/swarm.yaml
+++ b/magnum/templates/swarm/swarm.yaml
@@ -92,6 +92,30 @@ parameters:
     description: whether or not to enable TLS
     default: False
 
+  network_driver:
+    type: string
+    description: network driver to use for instantiating container networks
+    default: None
+
+  flannel_network_cidr:
+    type: string
+    description: network range for flannel overlay network
+    default: 10.100.0.0/16
+
+  flannel_network_subnetlen:
+    type: string
+    description: size of subnet assigned to each master
+    default: 24
+
+  flannel_use_vxlan:
+    type: string
+    description: >
+      if true use the vxlan backend, otherwise use the default
+      udp backend
+    default: "false"
+    constraints:
+      - allowed_values: ["true", "false"]
+
 resources:
 
   cloud_init_wait_handle:
@@ -209,6 +233,28 @@ resources:
             "$USER_TOKEN": {get_param: user_token}
             "$MAGNUM_URL": {get_param: magnum_url}
             "$TLS_DISABLED": {get_param: tls_disabled}
+            "$NETWORK_DRIVER": {get_param: network_driver}
+            "$FLANNEL_NETWORK_CIDR": {get_param: flannel_network_cidr}
+            "$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
+            "$FLANNEL_USE_VXLAN": {get_param: flannel_use_vxlan}
+
+  write_network_config:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/write-network-config.sh}
+
+  network_config_service:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/network-config-service.sh}
+
+  network_service:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/network-service.sh}
 
   configure_swarm:
     type: "OS::Heat::SoftwareConfig"
@@ -334,6 +380,9 @@ resources:
         - config: {get_resource: remove_docker_key}
         - config: {get_resource: write_heat_params}
         - config: {get_resource: make_cert}
+        - config: {get_resource: write_network_config}
+        - config: {get_resource: network_config_service}
+        - config: {get_resource: network_service}
         - config: {get_resource: configure_docker_storage}
         - config: {get_resource: write_swarm_agent_failure_service}
         - config: {get_resource: write_swarm_manager_failure_service}
@@ -415,6 +464,7 @@ resources:
           user_token: {get_param: user_token}
           magnum_url: {get_param: magnum_url}
           tls_disabled: {get_param: tls_disabled}
+          network_driver: {get_param: network_driver}
 
   ######################################################################
   #
diff --git a/magnum/templates/swarm/swarmnode.yaml b/magnum/templates/swarm/swarmnode.yaml
index 98ad55c58d..6f195f4d36 100644
--- a/magnum/templates/swarm/swarmnode.yaml
+++ b/magnum/templates/swarm/swarmnode.yaml
@@ -40,6 +40,11 @@ parameters:
     type: string
     description: Subnet from which to allocate fixed addresses.
 
+  network_driver:
+    type: string
+    description: network driver to use for instantiating container networks
+    default: None
+
   discovery_url:
     type: string
     description: url provided for node discovery
@@ -143,6 +148,7 @@ resources:
             "$USER_TOKEN": {get_param: user_token}
             "$MAGNUM_URL": {get_param: magnum_url}
             "$TLS_DISABLED": {get_param: tls_disabled}
+            "$NETWORK_DRIVER": {get_param: network_driver}
 
   configure_swarm:
     type: "OS::Heat::SoftwareConfig"
@@ -180,6 +186,12 @@ resources:
       group: ungrouped
       config: {get_file: fragments/write-docker-socket.yaml}
 
+  network_service:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/network-service.sh}
+
   write_swarm_agent_failure_service:
     type: "OS::Heat::SoftwareConfig"
     properties:
@@ -242,6 +254,7 @@ resources:
         - config: {get_resource: remove_docker_key}
         - config: {get_resource: write_heat_params}
         - config: {get_resource: make_cert}
+        - config: {get_resource: network_service}
         - config: {get_resource: configure_docker_storage}
         - config: {get_resource: write_swarm_agent_failure_service}
         - config: {get_resource: write_swarm_agent_service}