Azure Classroom Series – 13/Jul/2020

Virtual network traffic routing

  • Azure automatically creates a route table (router) for each subnet within Azure network and adds system default routes to the table.
  • Azure Default route table (System routes) help you to connect any other resource in the same vnet and internet connectity Preview
  • Generally route table rules will depend on cidr notation and route table rules work on network id.
rule 1
destination => 192.168.0.0/24 next hop => <some network resoucrce>

vm with ip address 192.168.1.10/24 sending packets to 192.168.0.8 (Now will be rule be honored)

network id of destination in rule => 192.168.0.0 => 192.168.0.x

vm with ip 192.168.1.10 => 192.168.0.8 (is it matching rule ) yes so packet will be sent to configured next hop


rule 2:
destination => 10.11.0.0/16 next hop => resource a

vm with ipaddress 10.15.0.10 is sending the package to 10.11.10.15 now will rule be honored?

rules => 10.11 => 10.11.0.0 => 10.11.x.x

now since destination from vm matches n/w id this rule will be honored


rule 3:

destination => 0.0.0.0/0 next hop => internet

vm with ipaddresses 172.16.0.8 is sending packet to 35.25.20.24 
Will the rule be honored?

n/w => it allow all ip address x.x.x.x, since 35.25.20.24 will fall under all this rule will be honored

rule 4:
destination => 10.11.12.0/24 next hop => virtual network

vm with ip address 10.11.12.6 is sendinp packet to 10.11.13.5

since network id's dont match this rule will not be honored

  • Default Rules of System routing Source Address Prefixes Next Hop type Default Virtual network cidr Virtual Network Default 0.0.0.0/0 Internet Default 10.0.0.0/8 None Default 192.168.0.0/16 None Default 100.64.0.0/10 None

  • Network will look like Preview

  • Now can vm in subnet1 communicate with vm in subnet2?

    • destination for subnet => 192.168.1.6 => is it matching vnet cidr range => 192.168.0.0/16 => 192.168.x.x => so they top must rule in route table will execute and it will send packet to vnet

  • Now can vm in subnet2 communicate with google

    • rule 2 has route which speaks any ip address other vnet idress can be sent to Internet

  • System Default routes cannot be changed, but you can add your own custom rules (user defined routes) which will overrite system default routes.

Different Next Hop Types

  • Virtual Appliance: A virtual appliance is a virtual machine that runs a networking application (software) such as firewall. You can find networking appliances in Azure Marketplace Refer Here for networking market place.
  • Virtual Network Gateway: This comes into play when we want to connect Azure vnet with our on-premise networks (Express Route/VPN)
  • None: Drop the packet
  • Virtual Network: forward the packet with in azure virtual network
  • Internet: Forward pakcet to Internet.

When to use Custom Routes

  • We want to send all the packets from azure vnet through a proxy server
  • We want custom/third party firewall to be used with azure virtual network.
  • We want to implement connectivity b/w On-premise networks and Azure vnets

Questions for next sessions

  • IS it ok for Databases to be accessed over internet?
    • No, But how can i do this in azure
  • Is it ok to open all of ports of my azure vm to public internet?
    • No, But how can i do this in azure
  • What is DMZ and How to implement DMZ?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube