Lec - 04 - Azure Route


Implement virtual network traffic routing


 

Azure automatically creates a route table for each subnet within an Azure virtual network and adds system default routes to the table.

We can override some of Azure's system routes with custom routes, and add additional custom routes to route tables.

 Azure routes outbound traffic from a subnet based on the routes in a subnet's route table.

 

System routes or Default routes

A default route is a pre-configured route that determines how traffic is directed when no other specific route matches the destination address.

Key characteristics of default routes in Azure:

  • Automatically created: Azure creates default routes for every subnet within a virtual network.
  • System-defined: You cannot directly modify or delete them.
  • Address prefix 0.0.0.0/0: This means they apply to any destination address that doesn't fall within a more specific route.
  • Next hop type:
    • Internet: Routes traffic to the internet through the Azure network infrastructure.
    • Virtual network gateway: Routes traffic to on-premises networks or virtual networks in other regions through a virtual network gateway (VPN or ExpressRoute).

 

·       Virtual network: Routes traffic between address ranges within the address space of a virtual network. Azure creates a route with an address prefix that corresponds to each address range defined within the address space of a virtual network. Azure automatically routes traffic between subnets using the routes created for each address range.

Custom routes

To control the way network traffic is routed more precisely, you can override the default routes that Azure creates by using your own user-defined routes (UDR). This technique can be useful when you want to ensure that traffic between two subnets passes through a firewall appliance, or if you want to ensure that no traffic from a VNet could be routed to the internet.

User-defined routes

 

You can create custom, or user-defined(static), routes in Azure to override Azure's default system routes, or to add additional routes to a subnet's route table.

In Azure, each subnet can have zero or one associated route table. When you create a route table and associate it to a subnet, the routes within it are combined with, or override, the default routes Azure adds to a subnet.

You can specify the following next hop types when creating a user-defined route:

 

Virtual appliance: A virtual appliance is a virtual machine that typically runs a network application, such as a firewall.

 

Virtual network gateway: Specify when you want traffic destined for specific address prefixes routed to a virtual network gateway. The virtual network gateway must be created with type VPN.

None: Specify when you want to drop traffic to an address prefix, rather than forwarding the traffic to a destination.

Virtual network: Specify when you want to override the default routing within a virtual network.

Internet: Specify when you want to explicitly route traffic destined to an address prefix to the Internet, or if you want traffic destined for Azure services with public IP addresses kept within the Azure backbone network.

 

To enable IP forwarding within the operating system, enter the following command in PowerShell from the firewall VM:

Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name IpEnableRouter -Value 1

 

https://drive.google.com/drive/u/1/folders/1y7BFqJC_pnVGgHRueFQ-YaJBnqaTJ01R

Comments

Post a Comment

Popular posts from this blog

Script

# Change time to IST Set-TimeZone -Name “India Standard Time”  # Enable firewall to ping server each other :-   New-NetFirewallRule -DisplayName "Allow ICMPv4-In" -Protocol ICMPv4   # PowerShell command to install ISS # install IIS server role   Install-WindowsFeature -name Web-Server -IncludeManagementTools   # remove default htm file   remove-item   C:\inetpub\wwwroot\iisstart.htm   # Add a new htm file that displays server name   Add-Content -Path "C:\inetpub\wwwroot\iisstart.htm" -Value $("Hello World from " + $env:computername)     # Powershell command to install google chrome   $LocalTempDir = $env:TEMP; $ChromeInstaller = "ChromeInstaller.exe"; (new-object     System.Net.WebClient).DownloadFile('http://dl.google.com/chrome/install/375.126/chrome_installer.exe', "$LocalTempDir\$ChromeInstaller"); & "$LocalTempDir\$ChromeInstaller" /silent /install; $Process2Monitor = ...
Read more

Landing Zone

What is Azure landing zone   An Azure Landing Zone is a set of best practices and guidelines provided by Microsoft to help organizations establish a well-structured and standardized foundation for deploying workloads and applications in the Microsoft Azure cloud environment. It is essentially a framework that assists organizations in setting up their Azure environment with a focus on key areas such as security, governance, compliance, and operational efficiency. Here are the main aspects and objectives of an Azure Landing Zone: 1. ** Security **: Implementing robust security measures to protect data and resources in Azure, including network security, identity and access management, and compliance with security standards. 2. ** Governance **: Defining and enforcing policies and standards for resource provisioning, naming conventions, and compliance requirements. This ensures that Azure resources are created and managed consistently across the organization. 3. ** Networking **: ...
Read more

Migration

  Prepare a machine for the replication appliance The Migration and modernization tool uses a replication appliance to replicate machines to Azure. The replication appliance runs the following components. Configuration server : The configuration server coordinates communications between on-premises and Azure, and manages data replication. Process server : The process server acts as a replication gateway. It receives replication data; optimizes it with caching, compression, and encryption, and sends it to a cache storage account in Azure. Run a test migration When delta replication begins, you can run a test migration for the VMs, before running a full migration to Azure. We highly recommend that you do this at least once for each machine, before you migrate it. Running a test migration checks that migration will work as expected, without impacting the on-premises machines, which remain operational, and continue replicating. Test migration simulates the migration by creating an Azur...
Read more