Open in app

Sign in

Write

Sign in

Az104 — Azure Routing

Setumo Raphela
2 min readDec 22, 2020

--

· Network traffic in Azure is automatically routed across Azure subnets, virtual networks, and on-premises networks.

· This routing is controlled by system routes, which are assigned by default to each subnet in a virtual network.

· With these system routes, any Azure virtual machine that is deployed to a virtual network can communicate with all other Azure virtual machines in subnets in that network.

· You can’t create or delete system routes

· Every subnet has the following default system routes

· Within Azure, there are additional system routes.

· Azure will create these routes if the following capabilities are enabled:

  • Virtual network peering
  • Service chaining
  • Virtual network gateway
  • Virtual network service endpoint

· System routes might make it easy for you to quickly get your environment up and running.

· But there are many scenarios in which you’ll want to more closely control the traffic flow within your network.

· For example, you might want to route traffic through an NVA or through a firewall from partners and others.

· This control is possible with custom routes.

· You have two options for implementing custom routes: create a user-defined route or use Border Gateway Protocol (BGP) to exchange routes between Azure and on-premises networks.

  • If multiple routes are available in a route table, Azure uses the route with the longest prefix match
  • For example, if a message is sent to the IP address 10.0.0.2, but two routes are available with the 10.0.0.0/16 and 10.0.0.0/24 prefixes, Azure selects the route with the 10.0.0.0/24 prefix because it’s more specific.

· A network virtual appliance (NVA) is a virtual appliance that consists of various layers like:

  • a firewall
  • a WAN optimizer
  • application-delivery controllers
  • routers
  • load balancers
  • IDS/IPS
  • proxies
  • Network virtual appliances or NVAs are virtual machines that control the flow of network traffic by controlling routing.
  • You can deploy NVAs chosen from providers in Azure Marketplace.
  • Such providers include Check Point, Barracuda, Sophos, WatchGuard, and SonicWall.
  • Enable IP forwarding for the NVA to work
Az104
Azure
Microsoft
Cloud Computing

--

--

Setumo Raphela
Setumo Raphela

Written by Setumo Raphela

76 Followers
79 Following

Entrepreneur | Data Scientist | AI | Jet Skier | Author |Oracle

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams