diff --git a/README.md b/README.md
index f216be3..e82562c 100644
--- a/README.md
+++ b/README.md
@@ -6,8 +6,6 @@ The setup follows https://github.com/kelseyhightower/kubernetes-the-hard-way
 with the following exceptions:
 
 * `cri-o` is used as a container runtime, not `cri-containerd`
-* The `pod-cidr` is `10.2${i}.0.0/16`, routes are provisioned from
-  `scripts/vagrant-setup-routes.bash` automatically
 * For `crio`, an explicit `--stream-address` must be set, as the address
   of the default interface isn't routable (see e.g. [`config/worker-0-crio.service`](config/worker-0-crio.service))
 * `192.168.199.40` is the IP of the loadbalancer (haproxy) for HA controllers
@@ -27,9 +25,6 @@ To learn Kubernetes from the bottom up, it's recommended to go through
 KTHW manually. `vagrant up` gives you three controller and three worker
 nodes to do that.
 
-The `pod-cidr` is `10.2${i}.0.0/16`, for which the Vagrant nodes have
-configured routes (see `route -n`).
-
 The following KTHW parts can/should be skipped:
 
 * Everything in regard to the frontend loadbalancer
@@ -155,6 +150,23 @@ kubectl get nodes
 [...]
 ```
 
+Install overlay network so pods on different nodes can connect with each other,
+by running following command:
+
+```bash
+./scripts/setup-networking
+```
+
+Now verify that the weave pods are all up and running, using following command:
+
+```console
+$ kubectl -n kube-system get pods -l name=weave-net
+NAME              READY     STATUS    RESTARTS   AGE
+weave-net-24wdp   2/2       Running   0          8m
+weave-net-bnxl6   2/2       Running   0          8m
+weave-net-jh9nx   2/2       Running   0          8m
+```
+
 ## Using the cluster
 
 ### Setup DNS add-on
diff --git a/Vagrantfile b/Vagrantfile
index 4471f58..891dced 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -39,7 +39,6 @@ Vagrant.configure("2") do |config|
         c.vm.hostname = "worker-#{n}"
         c.vm.network "private_network", ip: "192.168.199.2#{n}"
 
-        c.vm.provision :shell, :path => "scripts/vagrant-setup-routes.bash"
         c.vm.provision :shell, :path => "scripts/vagrant-setup-hosts-file.bash"
     end
   end
@@ -47,7 +46,5 @@ Vagrant.configure("2") do |config|
   config.vm.define "traefik-0", autostart: false do |c|
       c.vm.hostname = "traefik-0"
       c.vm.network "private_network", ip: "192.168.199.30"
-
-      c.vm.provision :shell, :path => "scripts/vagrant-setup-routes.bash"
   end
 end
diff --git a/config/worker-0-10-bridge.conf b/config/worker-0-10-bridge.conf
deleted file mode 100644
index 3215cf5..0000000
--- a/config/worker-0-10-bridge.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "cniVersion": "0.3.1",
-    "name": "bridge",
-    "type": "bridge",
-    "bridge": "cnio0",
-    "isGateway": true,
-    "ipMasq": true,
-    "ipam": {
-        "type": "host-local",
-        "ranges": [
-          [{"subnet": "10.20.0.0/16"}]
-        ],
-        "routes": [{"dst": "0.0.0.0/0"}]
-    }
-}
diff --git a/config/worker-0-kubelet-config b/config/worker-0-kubelet-config
index 47db21b..30b4b52 100644
--- a/config/worker-0-kubelet-config
+++ b/config/worker-0-kubelet-config
@@ -12,7 +12,6 @@ authorization:
 clusterDomain: "cluster.local"
 clusterDNS:
 - "10.32.0.10"
-podCIDR: "10.20.0.0/16"
 runtimeRequestTimeout: "10m"
 tlsCertFile: "/var/lib/kubelet/worker-0.pem"
 tlsPrivateKeyFile: "/var/lib/kubelet/worker-0-key.pem"
diff --git a/config/worker-1-10-bridge.conf b/config/worker-1-10-bridge.conf
deleted file mode 100644
index 5878e48..0000000
--- a/config/worker-1-10-bridge.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "cniVersion": "0.3.1",
-    "name": "bridge",
-    "type": "bridge",
-    "bridge": "cnio0",
-    "isGateway": true,
-    "ipMasq": true,
-    "ipam": {
-        "type": "host-local",
-        "ranges": [
-          [{"subnet": "10.21.0.0/16"}]
-        ],
-        "routes": [{"dst": "0.0.0.0/0"}]
-    }
-}
diff --git a/config/worker-1-kubelet-config b/config/worker-1-kubelet-config
index 0591f7f..9d9d2f8 100644
--- a/config/worker-1-kubelet-config
+++ b/config/worker-1-kubelet-config
@@ -12,7 +12,6 @@ authorization:
 clusterDomain: "cluster.local"
 clusterDNS:
 - "10.32.0.10"
-podCIDR: "10.21.0.0/16"
 runtimeRequestTimeout: "10m"
 tlsCertFile: "/var/lib/kubelet/worker-1.pem"
 tlsPrivateKeyFile: "/var/lib/kubelet/worker-1-key.pem"
diff --git a/config/worker-2-10-bridge.conf b/config/worker-2-10-bridge.conf
deleted file mode 100644
index 97f75dc..0000000
--- a/config/worker-2-10-bridge.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "cniVersion": "0.3.1",
-    "name": "bridge",
-    "type": "bridge",
-    "bridge": "cnio0",
-    "isGateway": true,
-    "ipMasq": true,
-    "ipam": {
-        "type": "host-local",
-        "ranges": [
-          [{"subnet": "10.22.0.0/16"}]
-        ],
-        "routes": [{"dst": "0.0.0.0/0"}]
-    }
-}
diff --git a/config/worker-2-kubelet-config b/config/worker-2-kubelet-config
index a90f9d7..5dc3a4f 100644
--- a/config/worker-2-kubelet-config
+++ b/config/worker-2-kubelet-config
@@ -12,7 +12,6 @@ authorization:
 clusterDomain: "cluster.local"
 clusterDNS:
 - "10.32.0.10"
-podCIDR: "10.22.0.0/16"
 runtimeRequestTimeout: "10m"
 tlsCertFile: "/var/lib/kubelet/worker-2.pem"
 tlsPrivateKeyFile: "/var/lib/kubelet/worker-2-key.pem"
diff --git a/scripts/generate-cni-config b/scripts/generate-cni-config
deleted file mode 100755
index be46549..0000000
--- a/scripts/generate-cni-config
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-
-set -euo pipefail
-
-readonly dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-for i in {0..2}; do
-  cat > "${dir}/../config/worker-${i}-10-bridge.conf" <<EOF
-{
-    "cniVersion": "0.3.1",
-    "name": "bridge",
-    "type": "bridge",
-    "bridge": "cnio0",
-    "isGateway": true,
-    "ipMasq": true,
-    "ipam": {
-        "type": "host-local",
-        "ranges": [
-          [{"subnet": "10.2${i}.0.0/16"}]
-        ],
-        "routes": [{"dst": "0.0.0.0/0"}]
-    }
-}
-EOF
-done
diff --git a/scripts/generate-kubelet-config-file b/scripts/generate-kubelet-config-file
index bde45e8..346ad7d 100755
--- a/scripts/generate-kubelet-config-file
+++ b/scripts/generate-kubelet-config-file
@@ -20,7 +20,6 @@ authorization:
 clusterDomain: "cluster.local"
 clusterDNS:
 - "10.32.0.10"
-podCIDR: "10.2${i}.0.0/16"
 runtimeRequestTimeout: "10m"
 tlsCertFile: "/var/lib/kubelet/worker-${i}.pem"
 tlsPrivateKeyFile: "/var/lib/kubelet/worker-${i}-key.pem"
diff --git a/scripts/setup b/scripts/setup
index 2c88ffc..b90bb9e 100755
--- a/scripts/setup
+++ b/scripts/setup
@@ -18,6 +18,7 @@ vagrant up
 ./scripts/setup-kubelet-api-cluster-role
 ./scripts/setup-worker-services
 ./scripts/configure-kubectl-on-host
+./scripts/setup-networking
 echo -e "\033[1mFinished. Cluster should be healthy and soon in state ready:\033[0m"
 kubectl get componentstatuses
 kubectl get nodes
diff --git a/scripts/setup-networking b/scripts/setup-networking
new file mode 100755
index 0000000..df8f616
--- /dev/null
+++ b/scripts/setup-networking
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# As mentioned in https://www.weave.works/docs/net/latest/kubernetes/kube-addon/#install
+kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')
diff --git a/scripts/setup-worker-services b/scripts/setup-worker-services
index 6f2abed..70949e2 100755
--- a/scripts/setup-worker-services
+++ b/scripts/setup-worker-services
@@ -33,7 +33,6 @@ cp /vagrant/tools/{conmon,pause} /usr/local/libexec/crio/
 cp /vagrant/tools/{crio.conf,seccomp.json} /etc/crio/
 cp /vagrant/tools/policy.json /etc/containers/
 
-cp "/vagrant/config/$(hostname)-10-bridge.conf" /etc/cni/net.d/10-bridge.conf
 cp /vagrant/config/99-loopback.conf /etc/cni/net.d
 cp "/vagrant/config/$(hostname)-crio.service" /etc/systemd/system/crio.service
 
diff --git a/scripts/vagrant-setup-hosts-file.bash b/scripts/vagrant-setup-hosts-file.bash
index 91f6752..d18d082 100644
--- a/scripts/vagrant-setup-hosts-file.bash
+++ b/scripts/vagrant-setup-hosts-file.bash
@@ -12,3 +12,6 @@ cat <<EOF | sudo tee -a /etc/hosts
 192.168.199.21 worker-1
 192.168.199.22 worker-2
 EOF
+
+# Make sure all the nodes do port forwarding
+sudo sysctl -w net.ipv4.ip_forward=1
diff --git a/scripts/vagrant-setup-routes.bash b/scripts/vagrant-setup-routes.bash
deleted file mode 100644
index 1ccf699..0000000
--- a/scripts/vagrant-setup-routes.bash
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-
-set -euo pipefail
-
-case "$(hostname)" in
-  worker-0)
-    route add -net 10.21.0.0/16 gw 192.168.199.21
-    route add -net 10.22.0.0/16 gw 192.168.199.22
-    ;;
-  worker-1)
-    route add -net 10.20.0.0/16 gw 192.168.199.20
-    route add -net 10.22.0.0/16 gw 192.168.199.22
-    ;;
-  worker-2)
-    route add -net 10.20.0.0/16 gw 192.168.199.20
-    route add -net 10.21.0.0/16 gw 192.168.199.21
-    ;;
-  *)
-    route add -net 10.20.0.0/16 gw 192.168.199.20
-    route add -net 10.21.0.0/16 gw 192.168.199.21
-    route add -net 10.22.0.0/16 gw 192.168.199.22
-    ;;
-esac