How to implement System Routes (SRs) and User-defined Routes (UDRs) in Azure

To implement System Routes and User-Defined Routes (UDRs) in Azure, follow these steps:

System Routes Implementation

System routes are automatically created by Azure. No manual setup is required for basic routing. They manage connectivity within a Virtual Network (VNet), between VNets, and to external networks.

Verifying System Routes

1. Navigate to the Azure Portal

• Go to your Virtual Network resource.

2. Check Effective Routes

• Open the Network Interface of a VM in your VNet.

• Navigate to Effective routes to view the system routes applied.

If you need to modify system route behavior, proceed with User-Defined Routes to override or add to the existing routes.

2. User-Defined Routes Implementation

Step 1: Create a Route Table

1. Go to the Azure Portal

• Search for and select Route tables.

2. Create a Route Table

• Click + Create.

• Enter:

  • Name: Choose a name for your route table.

  • Region: Ensure it matches the region of the VNet where it will be used.

  • Leave Virtual network gateway route propagation enabled unless you want to disable route propagation from gateways.

• Click Review + Create → Create.

Step 2: Add Routes to the Route Table

1. After creating the route table, open it in the Azure portal.

2. Go to Routes and click + Add.

3. Fill in the details:

   • Route name: Provide a descriptive name.

   • Address prefix: Enter the destination IP range (e.g., 192.168.1.0/24).

   • Next hop type:

     • Virtual appliance: For traffic sent to a network virtual appliance (provide its private IP).

     • Virtual network gateway: For on-premises destinations through a VPN or ExpressRoute.

     • Internet: For internet-bound traffic.

     • None: To block specific traffic.

   • Next hop address: Enter the required IP address (if applicable).

4. Click OK to save the route.

Step 3: Associate the Route Table with a Subnet

1. Open the created route table in the Azure portal.

2. Go to Subnets and click + Associate.

3. Select:

   • Virtual Network: Choose the VNet where the subnet resides.

   • Subnet: Select the specific subnet to associate with the route table.

4. Click OK.

Step 4: Test the Routes

1. Deploy virtual machines (VMs) in the associated subnet.

2. Use tools like tracert (Windows) or traceroute (Linux) to verify the route traffic takes.

3. View Effective Routes for the network interface of the VM to ensure UDRs are applied correctly.

Tips and Best Practices

Specificity

Use the most specific prefix (e.g., 10.0.1.0/24 over 10.0.0.0/16) to ensure correct route selection.

NVA Reliability

If using an NVA, ensure it is highly available to avoid a single point of failure.

Testing

Test UDRs in a non-production environment before applying them widely.

Monitoring

Use Network Watcher tools like IP Flow Verify and Connection Troubleshoot for debugging.

Summary

By combining system routes and UDRs, you can achieve customized and efficient network traffic flow in Azure.