|What is Azure Routing Table?|
|Azure Route Types|
|* Default System Routes|
|* Optional System Routes|
|* Custom Routes/ User Defined Routes|
What is Azure Routing Table?
Whenever you create a virtual network in Azure, a default subnet gets added to the VNET. You could add more user defined subnets as per need to your VNET. Once you create a subnet in an Azure VNET, Azure route table gets created for each subnet. Azure automatically populates each of this route-table with the system defined routes. These route tables are actually used for IP route lookups within the subnet to forward the traffic.
Azure Route Types
So basically, we have the following two types of routes in the Azure Subnet Routing Table:
- System Routes: There are some default system routes which appear in every routing table.
- Optional System Routes: But there are some optional system routes as well which appear in the subnet routing table only when a specific service is switched on.
- Custom Routes/ User Defined Routes
Default System Routes:
These are the routes which are automatically populated by Azure in a subnet routing table. One cannot delete these routes from the routing table but these can be overridden with user defined routes.
Following are the default system routes that Azure creates for each subnet :
Each route in the routing table has an address-prefix and an associated next-hop for that prefix. The traffic routing is done based on the destination. When traffic leaving a subnet is sent to an IP address within the address prefix of a route, the route that contains the prefix is the route Azure uses.
The routing table functions similar to traditional routing tables on networking devices with exceptions that next-hop type isn’t an IP anymore. Since Azure networking is software defined, we have different next-hop types used in the Azure networking world.
Azure Next-Hop Types
Following are the different next-hop types in Azure routing table:
- Virtual Network: Azure routes traffic between the subnets of a VNET by default. So, a system route gets created for each subnet prefix within a VNET on every other subnet with next-hop type listed as Virtual Network.
- Internet: This is used to route the traffic from a subnet to the internet. Azure routes traffic for any address not specified by an address range within a virtual network to the Internet, unless the destination address is for an Azure service.
- None: Traffic to the next-hop type None is dropped by default. Azure automatically creates default routes for the following address prefixes:
- 192.168.0.0/16: Reserved for private use in RFC 1918.
- 100.64.0.0/10: Reserved in RFC 6598.
If any of the RFC1918 address range is used within a virtual-network, Azure automatically changes the next-hop type from None to virtual-network.
Optional System Routes:
Some optional system routes may also be added to the subnet depending if a particular Azure service is enabled. These routes may be added to a specific subnet or to all subnets depending on the type of service enabled.
An example of optional system route table is as below:
- VNET Peering: A route gets added for each address range specified in VNET in the routing table of peered VNETs.
- Virtual Network Gateway: If you receive some BGP routes from on-prem, those routes will be marked as learned in Azure with next-hop as Virtual Network Gateway.
- Virtual Network Service Endpoint: Service endpoint is an Azure service that provides private access to another Azure service i.e., Azure Storage, Azure SQL from a particular VNET subnet. Azure adds the public IP addresses for certain services to the route table when you enable a service endpoint to the service.
Custom Routes/ User Defined Routes:
Though you cannot delete the default system routes in the subnet routing table, you can always override these by creating User Defined routes.
We can have following next-hop types for the user defined routes:
- Virtual appliance: When you use a Network Virtual Appliance VM i.e., a firewall in a VNET and want VNET traffic to be routed via the firewall instance. You can create a UDR and define next-hop type as Virtual Appliance & next-hop IP is the private IP used on the VM.
- Virtual network gateway: Specify this for prefixes for which next-hop will be Virtual Network Gateway.
- None: Specify if for prefixes for which you want to drop the packets.
- Virtual network: Specify when you want to override the default routing within a virtual network.
- Internet: Specify when you want to explicitly route traffic destined to an address prefix to the Internet, or if you want traffic destined for Azure services with public IP addresses kept within the Azure backbone network.