Azure Virtual Network Route Tables
Learn about route tables in Azure Virtual Network (VNet) and how to configure custom routes to control traffic flow.
What are Route Tables?
Route tables are a core component of Azure networking that enable you to define custom routes for traffic within your Virtual Network. By default, Azure automatically creates a system route table for each subnet. However, you can create your own user-defined route (UDR) tables to override the default routing behavior.
Key Concepts
- Route: A rule that specifies the destination prefix and the next hop for traffic matching that prefix.
- Next Hop: The next point where traffic should be sent. This can be a virtual appliance, VNet gateway, Internet, or virtual network.
- Route Table: A collection of routes that can be associated with one or more subnets.
When to Use Custom Routes
Custom routes are essential for scenarios such as:
- Forcing network traffic through a network virtual appliance (NVA): Such as firewalls or intrusion detection systems.
- Routing traffic to a VPN gateway or ExpressRoute circuit: For hybrid connectivity.
- Implementing security policies: By directing traffic to specific security services.
- Advanced traffic engineering: To optimize network performance or meet specific compliance requirements.
Creating and Managing Route Tables
You can manage route tables using the Azure portal, Azure CLI, Azure PowerShell, or ARM templates.
Azure Portal Walkthrough
- Navigate to the Azure portal.
- Search for "Route tables" and select it.
- Click "Create" to start the creation process.
- Fill in the required details: Subscription, Resource group, Region, and a Name for your route table.
- Click "Review + create" and then "Create".
Adding Routes
Once a route table is created, you can add routes to it:
- Open your route table resource in the Azure portal.
- Under "Settings", select "Routes".
- Click "Add".
- Provide a Route name, Address prefix (CIDR notation), Next hop type, and Next hop address.
Associating Route Tables with Subnets
To apply your custom routes, associate the route table with a subnet:
- Navigate to the subnet you want to configure.
- Under "Settings", select "Route table".
- Choose your custom route table from the dropdown list or select "None" to use the system route table.
- Click "Save".
Example Route Configuration
Consider a scenario where you want to send all traffic destined for the internet through a Network Virtual Appliance (NVA) deployed in your VNet. You would create a route table with a route:
Route Name: ToNVAInternet
Address Prefix: 0.0.0.0/0
Next Hop Type: Virtual Appliance
Next Hop Address: [IP Address of your NVA]
This route, when associated with a subnet, will ensure all outgoing internet traffic from that subnet is first routed to the specified NVA for inspection or processing.
Route Priorities and Propagation
Azure evaluates routes in the following order:
- User-defined routes (UDRs)
- BGP routes (from VPN Gateway or ExpressRoute)
- System routes
Routes are propagated to the route table of each subnet associated with the route table.
Important Considerations
- A route table can be associated with multiple subnets.
- A subnet can only be associated with one route table at a time (though it can derive routes from multiple sources like UDRs, BGP, and system routes).
- The
0.0.0.0/0prefix is used to match all destinations.