Microsoft Azure Documentation

Route Tables in Azure Virtual WAN

Route tables are fundamental to how Azure Virtual WAN directs network traffic. They store routes that determine where network traffic is sent. In Virtual WAN, route tables are associated with different network constructs to control traffic flow between connected networks.

Types of Route Tables

Virtual WAN utilizes several types of route tables:

  • Default Route Table: Every Virtual Hub has a default route table. It receives routes from all connected resources (like VPN sites, ExpressRoute circuits, VNet connections, and transitive routing). It is also the route table that is advertised to all connected resources by default.
  • None Route Table: This route table is empty and does not receive any routes. It's typically used when you want to prevent a specific connection from receiving any routes.
  • Custom Route Tables: You can create custom route tables to segment routing domains. This allows for more granular control over traffic flow. For instance, you can have a custom route table for a specific set of VPN sites or VNet connections.

Route Table Associations

Route tables are associated with the following components within a Virtual Hub:

  • Connections (VNet, VPN, ExpressRoute): Each connection to the Virtual Hub can be associated with a specific route table. This determines which routes the connection learns and which routes it advertises.
  • Virtual Hub Connections: When you connect a Virtual Network to a Virtual Hub, you can specify which route table the VNet connection should be associated with.
  • Routing Configuration: You can define static routes and routing configuration that leverage these route tables.

Route Propagation and Advertisement

Routes are propagated into and advertised from route tables based on several factors:

  • Propagation: Routes learned from connected resources are propagated into the route tables. By default, all connected resources propagate routes to the default route table. You can configure specific propagation settings for custom route tables.
  • Advertisement: The Virtual Hub advertises routes to connected resources. By default, it advertises routes from the default route table to all connected resources. You can configure custom advertisements to specific route tables for specific connections.

Key Concepts and Scenarios

1. Default Routing Behavior

By default, all connected networks (VNet, VPN, ExpressRoute) learn routes from the Default Route Table and advertise their routes to it. This provides basic connectivity between all resources connected to the Virtual Hub.

2. Isolating Traffic with Custom Route Tables

If you need to isolate traffic between different sets of connected networks, you can use custom route tables. For example:

  • Create a custom route table, e.g., RT_VPN_Site_A.
  • Associate specific VPN site connections with RT_VPN_Site_A.
  • Configure these VPN site connections to only propagate routes to and advertise routes from RT_VPN_Site_A.
  • Similarly, associate a specific VNet connection with RT_VPN_Site_A.

In this scenario, the VNet will only learn routes from VPN Site A and vice-versa, effectively isolating their traffic within the Virtual WAN.

3. Transitive Routing

Virtual WAN enables transitive routing between connected networks. For example, if a VNet is connected to the Virtual Hub, and the Virtual Hub is connected to a VPN site, the VNet can communicate with the VPN site through the Virtual Hub. This is managed by the route tables within the hub.

Route Table Management

You can manage route tables through the Azure portal, Azure PowerShell, or Azure CLI.

Example: Creating a Custom Route Table (Conceptual)

Using Azure CLI:


az network vhub route-table create \
    --resource-group MyResourceGroup \
    --name MyCustomRouteTable \
    --vhub-name MyVirtualHub \
    --location eastus

Example: Associating a VNet Connection with a Route Table (Conceptual)

When creating or updating a VNet connection to a Virtual Hub, you can specify the route table association:


az network vhub connection create \
    --resource-group MyResourceGroup \
    --name MyVnetConnection \
    --vhub-name MyVirtualHub \
    --vnet MyVnetResourceId \
    --routing-configuration "{ \
        'associatedRouteTable': { \
            'id': '/subscriptions/YOUR_SUB_ID/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualHubs/MyVirtualHub/routeTables/MyCustomRouteTable' \
        }, \
        'propagatedRouteTables': { \
            'labels': ['label1', 'label2'], \
            'routeTableIds': [ \
                '/subscriptions/YOUR_SUB_ID/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualHubs/MyVirtualHub/routeTables/MyCustomRouteTable' \
            ] \
        }, \
        'staticRoutes': [] \
    }"

Note: The effective route table for a connection is determined by its association and propagation settings. Understanding these interactions is key to designing complex network topologies.

Tip: For advanced routing scenarios, consider using BGP with Virtual WAN. BGP allows for dynamic route exchange and can significantly simplify the management of large and complex networks.

Further Reading