
close
close
In this article, I’ll explain how you can customize network routing for Azure virtual machines on, from, and to a virtual network.
In a fairly normal deployment of virtual machines, Azure uses a number of system routes to direct network traffic between virtual machines, on-premises networks, and the Internet. The following situations are managed by these system routes:
Every subnet in a virtual network is associated with a rout table that enables the above flow of data. This table can be comprised of three system route rules:
A lot of deployments will never require routing customization, but there are scenarios where you might want to adjust the default flow of traffic. The below image depicts a simple design where a virtual network has two subnets. One of these subnets is the “fronted,” where web services will run in virtual machines. The second subnet is the “backend,” where more sensitive application and data services will run in virtual machines.
Those who have deployed or secured multi-tier web services before will realize that there is no added security with the below design. By default, all traffic can flow from the web servers in the frontend to the application and data services in the backend via the default local vNet system rule; there is no filtering.
Default system rules with a multi-tier web application in Azure (Image Credit: Microsoft)
A user defined route forces traffic through an Azure virtual appliance (Image Credit: Microsoft)
User defined routes forcing traffic via the on-premises network (Image Credit: Microsoft)
Sponsored Content
Centralize, Manage and Secure Remote Connections
Centralized remote connection technologies, remote machine data, password management and access control on a platform that is secure, scalable and refreshingly simple to use.
Learn More
You can create a route table and associate it with a subnet in a virtual network. You can then create user defined routes based on three criteria:
Note that a route tabling can be associated with multiple virtual networks, but a virtual network can be associated with only one route table.
Once you add a route table to a subnet, routing is based on a combination of system routes and user defined routes. If you add ExpressRoute to the mix, then BGP routes will also be propagated to Azure. The following order is used to prioritise routes if more than one route is found for traffic:
Azure makes routing pretty simple. Now if only Azure could end the decades old Cross-Atlantic debate on the correct pronunciations of route and routing (rowt and rowting in USA, and root and rooting in Europe).
More in Microsoft Azure
Build 2022: Microsoft's Intelligent Data Platform Combines Data and Analytics
May 25, 2022 | Rabia Noureen
Microsoft Revises Restrictive Cloud Licensing Policies to Avoid EU Antitrust Probe
May 19, 2022 | Rabia Noureen
Microsoft's Azure AD Conditional Access Service Can Now Require Reauthentication
May 13, 2022 | Rabia Noureen
Microsoft Addresses Cross-Tenant Database Vulnerability in Azure PostgreSQL
Apr 29, 2022 | Rabia Noureen
Microsoft Simplifies IT Monitoring with New Azure Managed Grafana Service
Apr 19, 2022 | Rabia Noureen
Most popular on petri