Azure Classroom Series – 13/Jul/2020

Virtual network traffic routing

  • Azure automatically creates a route table (router) for each subnet within Azure network and adds system default routes to the table.
  • Azure Default route table (System routes) help you to connect any other resource in the same vnet and internet connectity Preview
  • Generally route table rules will depend on cidr notation and route table rules work on network id.
rule 1
destination => 192.168.0.0/24 next hop => <some network resoucrce>

vm with ip address 192.168.1.10/24 sending packets to 192.168.0.8 (Now will be rule be honored)

network id of destination in rule => 192.168.0.0 => 192.168.0.x

vm with ip 192.168.1.10 => 192.168.0.8 (is it matching rule ) yes so packet will be sent to configured next hop


rule 2:
destination => 10.11.0.0/16 next hop => resource a

vm with ipaddress 10.15.0.10 is sending the package to 10.11.10.15 now will rule be honored?

rules => 10.11 => 10.11.0.0 => 10.11.x.x

now since destination from vm matches n/w id this rule will be honored


rule 3:

destination => 0.0.0.0/0 next hop => internet

vm with ipaddresses 172.16.0.8 is sending packet to 35.25.20.24 
Will the rule be honored?

n/w => it allow all ip address x.x.x.x, since 35.25.20.24 will fall under all this rule will be honored

rule 4:
destination => 10.11.12.0/24 next hop => virtual network

vm with ip address 10.11.12.6 is sendinp packet to 10.11.13.5

since network id's dont match this rule will not be honored

  • Default Rules of System routing Source Address Prefixes Next Hop type Default Virtual network cidr Virtual Network Default 0.0.0.0/0 Internet Default 10.0.0.0/8 None Default 192.168.0.0/16 None Default 100.64.0.0/10 None

  • Network will look like Preview

  • Now can vm in subnet1 communicate with vm in subnet2?

    • destination for subnet => 192.168.1.6 => is it matching vnet cidr range => 192.168.0.0/16 => 192.168.x.x => so they top must rule in route table will execute and it will send packet to vnet

  • Now can vm in subnet2 communicate with google

    • rule 2 has route which speaks any ip address other vnet idress can be sent to Internet

  • System Default routes cannot be changed, but you can add your own custom rules (user defined routes) which will overrite system default routes.

Different Next Hop Types

  • Virtual Appliance: A virtual appliance is a virtual machine that runs a networking application (software) such as firewall. You can find networking appliances in Azure Marketplace Refer Here for networking market place.
  • Virtual Network Gateway: This comes into play when we want to connect Azure vnet with our on-premise networks (Express Route/VPN)
  • None: Drop the packet
  • Virtual Network: forward the packet with in azure virtual network
  • Internet: Forward pakcet to Internet.

When to use Custom Routes

  • We want to send all the packets from azure vnet through a proxy server
  • We want custom/third party firewall to be used with azure virtual network.
  • We want to implement connectivity b/w On-premise networks and Azure vnets

Questions for next sessions

  • IS it ok for Databases to be accessed over internet?
    • No, But how can i do this in azure
  • Is it ok to open all of ports of my azure vm to public internet?
    • No, But how can i do this in azure
  • What is DMZ and How to implement DMZ?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin