In this video, Sharon will explain Azure system routes and then how user-defined routes can be used to allow you to take control of traffic routes in Azure.
- [Instructor] Azure uses system routes to manage the flow of traffic within your environment. But there may be times when you want to control that flow of traffic yourself. To do so, we can use User-Defined Routes and IP Forwarding. Have you ever noticed in Azure that traffic can pass freely between VMs without you having to configure anything? This is because of the system route. There are a number of system routes within Azure and let's take a look at them. In our first example, you'll notice that we can pass traffic between our VMs within the same subnet.
There is also a system route that will allow traffic to flow between subnets. And one that allows traffic to flow out to the Internet. And another system route to pass traffic between virtual networks that are configured with a VPN gateway. And if your virtual networks happen to be in the same region, you can use peering instead of a VPN gateway. And again, a default system route will conveniently pass traffic back and forth for you. And finally, there is a system route that passes traffic from our Azure virtual network to the On-Premise environment when the VPN gateway has been configured.
But before we start discussing user-defined routes, you need to be aware of the order that the routes are processed in. User-defined routes are processed first. This will be the routes that we create. And we'll explore that in a little bit more depth in a moment. Your BGP routes will be processed second and these require force tunneling. And finally, those system routes that we've just gone through will be processed last. The two reasons why you'd want to use a user-defined route would be if you install virtual appliance into your infrastructure.
You'll see here we have our system route which will pass traffic between Subnet 1 and Subnet 2. But what if you want to put in a virtual appliance to filter that traffic first? You would add in your virtual appliance, and this must be in a subnet, and apply your user-defined route to it. And remember, the rules of processing. This UDR, or User-Defined Route will be processed first. Your traffic will go out from Subnet 1 through your Virtual Appliance and then into Subnet 2. And you'll also need a user-defined route if you'd like to force traffic through your On-Premise network out to the Internet.
Remember one of the default system routes was to forward all traffic from our virtual network out to the Internet? If we would like it to go to our On-Premise environment first, then we need to put a UDR in, or User-Defined Route, and then force the traffic through to the Internet. Now before you start going, "Oh this is fantastic, "I'm going to create all these UDRs.", there are some things you need to know about. Your virtual appliance must not be in the same subnet where the traffic originates. To control traffic to the other destinations, that virtual appliance must be able to forward the traffic and this is done by enabling IP forwarding.
Please keep in mind, this is an Azure setting, not an operating system setting. So please, do not configure IP forwarding on that virtual appliance. You must create a separate appliance subnet and you can only have one route table per subnet. And it will affect all the virtual machines within that subnet. But you can have a single route table assigned to multiple subnets. There's a maximum of 256 routes per subnet. If you're using ExpressRoute, you'll need to use force tunneling via BGP, not User-Defined Routes.
All a UDR is, or User-Defined Route, is a table with your configured routes in it. To configure these routes, you'll need to include a route name, the address prefix, which is your destination. The next hop type. This can be a virtual network, virtual network gateway, the Internet, a virtual appliance, or it may be nothing. And a next hop address, if it is required. The key things to remember about User-Defined Routes is they will be processed first and system routes will be processed last.
And a UDR is used for you to control the flow of traffic instead of the default system routes in Azure.
- Designing virtual machines
- Selecting appropriate VM SKUs
- Designing template deployment
- Deploying ARM templates via PowerShell and CLI
- Designing for availability
- Designing Azure Virtual Networks
- Azure VPN and ExpressRoute architecture and design