AZ-104 Microsoft Azure Administrator Exam
You're a great admin... on-prem. Now, become a great admin in the cloud and prove it by passing the Microsoft Certified: Azure Administrator Associate exam!
Practice Test
Practice Test
Configure user-defined network routes
Define and Implement Custom Routes
Understanding Custom Routes in Azure
Custom routes in Azure are a powerful tool that allows control over network traffic flow within your virtual network. By creating user-defined routes (UDRs), you can override the default system routes provided by Azure. This capability helps in optimizing traffic flow and ensures secure and efficient communication throughout your network. Azure automatically sets certain types of routes, such as system routes, which form the default paths for traffic, but these cannot be adjusted or deleted by users.
Types of Routes
Azure's routing tables consist of various route types:
- System routes are default and immutable routes set by Azure, providing basic traffic direction.
- Subnet default routes exist for communication within the same subnet.
- Routes from other virtual networks come into play when virtual network peering is established.
- BGP routes are introduced during connections to on-premises network gateways.
- Service endpoint routes get added when service endpoints are activated.
- User Defined Routes (UDRs), crafted by users, can guide traffic paths and override system defaults.
Creating User-Defined Routes
The process of creating a user-defined route involves several steps. First, you need to create a route table, which is where you'll set your custom routes. Then, this route table must be associated with one or more subnets in your virtual network. This association tells Azure where to apply the routing rules. You must also define next hop types, which specify where traffic should be directed—this could be virtual appliances, VPN gateways, or even direct routing to the internet.
Next Hop Types
The configuration of UDRs involves defining different next hop types:
- A virtual appliance refers to a virtual machine running network applications like firewalls, effectively routing traffic through security mechanisms.
- A VPN gateway is used for channeling traffic through a secure VPN connection.
- Routing to the internet involves directing traffic towards external networks outside the virtual network.
Route Selection and Security
The selection of routes in Azure follows a specific order based on the prefix's length—longest prefix match takes precedence. If multiple routes with the same prefix exist, the hierarchy of selection prioritizes:
- User-defined routes (UDR)
- BGP routes
- System routes
Security is also paramount; hence, Network Security Groups (NSGs) are vital. NSGs filter traffic flowing in and out of resources within a virtual network through specific rules that accept or reject traffic based on its properties, including protocol type, port range, and address prefixes. NSGs can be bound to either subnets or individual network interfaces.
Effective Routes
In conjunction with system routes and BGP routes, UDRs contribute to what are called "effective routes" for network interfaces within a subnet. This collection represents all active routing configurations that determine how traffic is handled. For troubleshooting and confirmation of routing setups, effective routes can be reviewed through mechanisms like the Azure Portal, PowerShell, or CLI.
Conclusion
Custom routes in Azure provide the flexibility needed to manage network traffic effectively, ensuring that it appropriately follows secure and efficient paths as required by your organizational needs. Through understanding and deploying UDRs correctly, you can enhance both the performance and security of your virtual network, opening capabilities beyond the default system configurations offered by Azure.