Route traffic in Azure Virtual WAN
This guide explains how to configure routing for your Azure Virtual WAN to control how traffic flows between your on‑premises networks, Azure resources, and the internet.
Prerequisites
- An existing Virtual WAN and one or more virtual hubs.
- Connected site-to-site or point‑to‑site VPNs, or Azure ExpressRoute circuits.
- Appropriate Azure role (Owner or Network Contributor) on the resource group.
Step‑by‑step
-
Open the Virtual WAN blade
In the Azure portal, navigate to Virtual WAN > <your‑wan> and select Configuration.
-
Configure hub routing tables
Choose a hub and click Routing > Routing tables. You can use the default hub routing table or create a custom one.
az network vhub routing-table create \ --resource-group MyResourceGroup \ --vhub-name MyHub \ --name MyRoutingTable -
Add static routes (if needed)
Static routes let you override learned routes. Specify the destination prefix and next‑hop type.
az network vhub routing-table route add \ --resource-group MyResourceGroup \ --vhub-name MyHub \ --route-table-name MyRoutingTable \ --address-prefix 10.0.0.0/16 \ --next-hop-type VirtualAppliance \ --next-hop-ip-address 10.1.1.4 -
Associate routing table with a hub
After creating the routing table, associate it with the hub or specific connection.
az network vhub update \ --resource-group MyResourceGroup \ --name MyHub \ --routing-table MyRoutingTable
Validate routing
Use Azure Network Watcher to verify the effective routes for a virtual machine or hub.
az network watcher show-next-hop \
--resource-group MyResourceGroup \
--target-resource-id /subscriptions/xxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM \
--source-ip 10.0.0.4 \
--dest-ip 8.8.8.8Best practices
- Use hub‑level routing tables for consistent policies across all connections.
- Prefer dynamic BGP routes for scalability; use static routes for exceptions.
- Monitor route changes with Azure Monitor alerts.
For more details, see Virtual WAN routing concepts.