Manage Virtual Network Route Tables with Azure CLI

This article guides you through the process of creating, updating, and managing route tables for Azure Virtual Networks using the Azure Command-Line Interface (CLI).

What is a Route Table?

A route table contains a set of rules, called routes, that determine where network traffic is directed from your subnets. By default, Azure creates a system route table for each virtual network. You can create custom route tables to override the system routes and control traffic flow more granularly.

Prerequisites

An active Azure subscription.
Azure CLI installed and configured. You can install it by following these instructions.
Logged in to your Azure account using az login.

Create a Route Table

To create a route table, you need to specify a name, resource group, and location. You can also associate the route table with a specific virtual network subnet during creation or later.

az network route-table create --name MyRouteTable --resource-group MyResourceGroup --location eastus

This command creates a route table named MyRouteTable in the MyResourceGroup resource group located in the eastus region.

Add Routes to a Route Table

Routes define how traffic is forwarded. Each route has a name, an address prefix (CIDR notation), and a next hop type.

Example: Adding a default route to a Virtual Appliance

This route directs all traffic destined for 0.0.0.0/0 (all internet traffic) to a virtual appliance.

az network route-table route create --route-table-name MyRouteTable --resource-group MyResourceGroup --name RouteToVNetAppliance --address-prefix 0.0.0.0/0 --next-hop-type VirtualAppliance --next-hop-ip-address 10.0.0.4

Replace 10.0.0.4 with the private IP address of your virtual network appliance.

Common Next Hop Types:

VirtualAppliance: For traffic directed to a network virtual appliance (NVA).
VirtualNetworkGateway: For traffic directed to a VPN gateway or ExpressRoute gateway.
Internet: For traffic directed to the internet.
None: For traffic to be dropped.

Associate Route Table with a Subnet

To apply the routes defined in a route table, you need to associate it with one or more subnets within your virtual network.

az network vnet subnet update --resource-group MyResourceGroup --vnet-name MyVNet --name MySubnet --route-table MyRouteTable

This command associates the MyRouteTable with the subnet named MySubnet in the virtual network MyVNet.

View Route Table Details

You can view the details of a specific route table, including its routes and associations.

az network route-table show --name MyRouteTable --resource-group MyResourceGroup

To view the routes within a route table:

az network route-table route list --route-table-name MyRouteTable --resource-group MyResourceGroup

Update a Route

You can modify existing routes, for example, changing the next hop IP address or the address prefix.

az network route-table route update --route-table-name MyRouteTable --resource-group MyResourceGroup --name RouteToVNetAppliance --next-hop-ip-address 10.0.0.5

Delete a Route

To remove a specific route from a route table:

az network route-table route delete --route-table-name MyRouteTable --resource-group MyResourceGroup --name RouteToVNetAppliance

Delete a Route Table

Before deleting a route table, ensure it is not associated with any subnets. You can disassociate it by updating the subnet to have no route table or a different one.

az network route-table delete --name MyRouteTable --resource-group MyResourceGroup

Best Practices

Use descriptive names for your route tables and routes. Plan your routing strategy carefully to avoid network loops or unexpected traffic behavior. Regularly review your route tables to ensure they align with your network requirements.

For more detailed information on Azure CLI commands for networking, refer to the official Azure CLI documentation.