This comes from deeper investigation an issue discovered by internal tests. When swarmkit removes containers that are members of an ingress network, they can end up removing the ingress network itself when the last container leaves. This is not intended behavior since an ingress network is supposed to stay in the swarm regardless. The issue is simple to reproduce:

• create a "fresh" (no other containers, etc) swarm of 3 nodes: 1 manager and 2 workers
• run docker network ls on the workers and observe that the ingress network is present
• start a simple service on all 3 nodes. For example: docker service create -p80:80 --name nginx --replicas 3 nginx
• now remove the service
• finally re-run docker network ls on the worker nodes.
  The ingress network will no longer be present.

This is due to logic in the method network.delete(bool) in network.go:

        if len(n.loadBalancerIP) != 0 {
                endpoints := n.Endpoints()
                if force || len(endpoints) == 1 {
                        n.deleteLoadBalancerSandbox()
                }
                //Reload the network from the store to update the epcnt.
                n, err = c.getNetworkFromStore(id)
                if err != nil {
                        return &UnknownNetworkError{name: name, id: id}
                }
        }

This comes right before the test to see if the network has no more endpoints. Since ingress networks also have loadbalancer IP addresses, they will fall into this logic which will remove the remaining endpoint from the network and delete it. This should happen for other dynamically created networks but not for ingress networks. (i.e. networks for which n.ingress == true)