UDR (User Defined Routes) on Azure

blog - UDR (User Defined Routes) on MS Azure

Last updated on June 15th, 2021

This will be a longer post on how to configure the Routing Table and Custom Routes called UDRs (User Defined Routes) in Azure. I will try to explain how it works and show how it can be easily configured on a specific example.

At first I assume we have a network with three subnets A, B and C. There is one server running on each subnet. The networks created are completely isolated from each other, so the servers cannot communicate.

We can use peering and configure it for each network, then the servers will be able to communicate with each other freely.

  • Network A <=> Network B
  • Network B <=> Network C
  • Network A <=> Network C

But what if we wanted the traffic from network A to network C to go only through network B and not directly?

Then we can only configure peering between networks A and B and B and C. We do not peering between networks A and C. Instead, we create a routing table and UDR.

  • Network A <=> Network B
  • Network B <=> Network C

Virtual network:

We start by creating a virtual network and 3 subnets. Log in to portal.azure.com and click ‘create virtual network’, choose a name for the network and a region. On the next tab, select the IP Address and range for the subnets to be created.

Azure Virtual network - creating a virtual network
Azure Virtual network - creating a virtual network - IP address

Peering needs to be created between networks A and B and B and C. If you want to know more about peering, please see my other article https://lepczynski.it/en/azure_en/the-cheapest-secure-virtual-network-connection-on-azure-peering/

Virtual machine:

Now we create one virtual machine in each subnet. Make sure that the virtual machines are in the same location as the network. I didn’t create public IP addresses. I recommend that you turn on the “Boot diagnostics” option, so that you can later run “Serial console” in the browser.

Create VM on Azure
Create VM on Azure - Networking

Route tables:

At this point, we are ready to create the routing table and custom UDRs (User Defined Routes). Search for “Route Tables” and click on “Add”. We provide a name, select a resource group and a region where our routing table should be created.

search route table on Azure
Create route table on Azure
Create route table on Azure

Once we have created the routing table, we can add our routes by clicking on ‘Routes’ and ‘Add’. I added one route, because traffic from network A to C is to go through the VM-B virtual machine in network B. Traffic in the other direction will not be supported. If we want the traffic to the other side to be also served, we add another route.

Route on route table ( Azure )
Add route to route table on Azure

Once the route has been added, it should be associated with a specific network. In my case, this is network A because I want all traffic from network A to network C to be routed through VM in B.

route table on Azure
associate subnet

For traffic to take place, IP forwarding must be enabled on the VM-B network card. The easiest way to do this is by searching for our VM by clicking on ‘Networking’ and our web interface. In the newly opened tab, select ‘IP configurations’ and with the ‘IP forwarding’ option, click on enabled.

AZure - VM networking
enable ip forward on Azure

You just need to log in to the virtual machine and enable IP forwarding on it. To do this, search for our VM-B virtual machine, select ‘serial Console’, log in and enter the following commands:

# checks if IP forwarding is enabled
sysctl net.ipv4.ip_forward

# enables IP forwarding
sysctl -w net.ipv4.ip_forward=1
# in order for the changes to be saved permanently, edit the /etc/sysctl.conf file and add to it: 
net.ipv4.ip_forward = 1
Serial console (Azure)
ip forward in console

Test:

This is the end, now we can log into the VM-A virtual machine and see if we are connected to the VM-C machine in network C. At first I checked the pings if the machine was responding, and then ran the tracerout command to see where the path to each machine is .

ping command
tracerout command

For more information on peering itself, see another article.

Leave a Reply

Your email address will not be published. Required fields are marked *