Azure Virtual Networks: Subnet Route Table with PowerShell

This article demonstrates how to configure a route table for a subnet within an Azure Virtual Network using Azure PowerShell. Route tables allow you to control the flow of network traffic to and from your virtual machines by defining custom routes.

Introduction

Azure Virtual Networks (VNet) provide a secure and isolated network environment for your cloud resources. Subnets divide a VNet into smaller address spaces, offering more granular control. By default, Azure routes traffic between subnets within a VNet and to the internet. However, for advanced network scenarios, such as directing traffic through a network virtual appliance (NVA) or enforcing specific routing policies, you can create and associate custom route tables with subnets.

Prerequisites

• An Azure subscription.
• Azure PowerShell installed and configured. You can download it from the official Azure PowerShell documentation.
• Logged into your Azure account using Connect-AzAccount.

Scenario

In this example, we'll create a simple virtual network with two subnets. We will then create a route table and associate it with one of the subnets. This route table will define a custom route that directs traffic destined for a specific IP address range to a hypothetical network virtual appliance (represented by a placeholder IP address in this example).

Steps

Step 1: Create a Resource Group

All Azure resources need to reside in a resource group. If you don't have one, create it first.

param(
    [string]$ResourceGroupName = "MyRouteTableRG",
    [string]$Location = "East US"
)

Write-Host "Creating resource group '$ResourceGroupName' in location '$Location'..."
New-AzResourceGroup -Name $ResourceGroupName -Location $Location
Write-Host "Resource group created."
            

Step 2: Create a Virtual Network and Subnet

Next, we'll create a virtual network and define two subnets within it. One subnet will have the custom route table associated with it, and the other will use default Azure routing.

# Define VNet and subnet details
$VnetName = "MyVnet"
$Subnet1Name = "FrontendSubnet"
$Subnet2Name = "BackendSubnet"
$VnetAddressPrefix = "10.0.0.0/16"
$Subnet1Prefix = "10.0.1.0/24"
$Subnet2Prefix = "10.0.2.0/24"

Write-Host "Creating virtual network '$VnetName' with subnets..."
$subnet1 = New-AzVirtualNetworkSubnetConfig -Name $Subnet1Name -AddressPrefix $Subnet1Prefix
$subnet2 = New-AzVirtualNetworkSubnetConfig -Name $Subnet2Name -AddressPrefix $Subnet2Prefix

New-AzVirtualNetwork -Name $VnetName -ResourceGroupName $ResourceGroupName -Location $Location -AddressPrefix $VnetAddressPrefix -Subnet $subnet1, $subnet2
Write-Host "Virtual network and subnets created."
            

Step 3: Create a Route Table

Now, we'll create an empty route table. This route table will later be associated with a subnet.

$RouteTableName = "MyCustomRouteTable"
$RouteTableLocation = $Location # Route tables must be in the same location as the resources they apply to

Write-Host "Creating route table '$RouteTableName'..."
New-AzRouteTable -Name $RouteTableName -ResourceGroupName $ResourceGroupName -Location $RouteTableLocation
Write-Host "Route table created."
            

Step 4: Add a Route to the Route Table

We'll add a custom route to our newly created route table. This route will specify that traffic destined for a particular IP range should be sent to a next hop, which could be a Network Virtual Appliance (NVA) or a virtual machine acting as a router.

$RouteName = "RouteToNVA"
$AddressPrefixRoute = "192.168.10.0/24" # The destination IP range for this route
$NextHopIpAddress = "10.0.3.4" # The IP address of the next hop (e.g., NVA)

Write-Host "Adding route '$RouteName' to route table '$RouteTableName'..."
Add-AzRouteConfig -Name $RouteName -RouteTable $(Get-AzRouteTable -Name $RouteTableName -ResourceGroupName $ResourceGroupName) -AddressPrefix $AddressPrefixRoute -NextHopIpAddress $NextHopIpAddress
Set-AzRouteTable -Name $RouteTableName -ResourceGroupName $ResourceGroupName -RouteConfig $(Get-AzRouteTable -Name $RouteTableName -ResourceGroupName $ResourceGroupName)
Write-Host "Route added."
            

Step 5: Associate Route Table with Subnet

Now, we associate our custom route table with the 'FrontendSubnet'. This tells Azure to use the routes defined in 'MyCustomRouteTable' for traffic originating from or destined for 'FrontendSubnet'.

Write-Host "Associating route table '$RouteTableName' with subnet '$Subnet1Name'..."
Set-AzVirtualNetworkSubnetConfig -Name $Subnet1Name -VirtualNetwork $(Get-AzVirtualNetwork -Name $VnetName -ResourceGroupName $ResourceGroupName) -AddressPrefix $Subnet1Prefix -RouteTableId $(Get-AzRouteTable -Name $RouteTableName -ResourceGroupName $ResourceGroupName).Id
Write-Host "Route table associated with subnet."
            

Step 6: Test the Routing

To verify the routing, you would typically deploy virtual machines into each subnet and attempt to communicate between them, or from a VM in 'FrontendSubnet' to a destination within the `192.168.10.0/24` range. The traffic should now be directed according to the custom route.

Conclusion

You have successfully created and configured a custom route table for an Azure Virtual Network subnet using Azure PowerShell. This provides you with the flexibility to control network traffic flow and integrate with network appliances as needed. By understanding and utilizing route tables, you can build more sophisticated and secure network architectures in Azure.

To clean up the resources created, you can remove the resource group:

Remove-AzResourceGroup -Name $ResourceGroupName -Force