Network Routes – Virtual Networking
Network routes or route tables have existed in traditional networks for an exceptionally long time. The routes that are part of the route table decide how to direct a packet to the destination or, in other words, determine which is the next hop the resource should communicate to in order to reach the final destination. In Azure, we are using the same concept to direct network traffic between virtual machines, the Internet, and the on-premises infrastructure.
There are two types of network routes in Azure: system routes and user-defined routes (UDR). Packets are always evaluated against these rules to route them to the destination. If there are no matching rules, then the packet is dropped. Let’s learn about the types of network routes.
System Routes
Whenever we create a VM, the VM will be able to communicate with the Internet without setting up any routes. In AWS, we need to create different gateways like NAT Gateway or Internet Gateway to facilitate the connection from a VM to the Internet. However, in Azure this is enabled by default with the help of system routes.
The traffic between virtual machines, the Internet, and the on-premises infrastructure are routed using the system routes. Scenarios where system routes are used for packet routing include the following:
- When you deploy multiple VMs to the same subnet, the communication between these VMs is done using system routes.
- The communication between VMs in different subnets in the same virtual network.
- Access to the Internet from VMs.
- ExpressRoute and site-to-site connections via VPN gateway.
For example, if you have a virtual network named vnet-01 that has two subnets, frontend-subnet and database-subnet, you will have a web server deployed to frontend-subnet and a database deployed to database-subnet. The server in frontend-subnet will be able to communicate with the database in database-subnet without setting up any rules or gateways. This communication is facilitated by the system routes. Also, the servers will be able to talk to the Internet to download the system updates or to check the Internet time without setting up any gateways. This communication is also achieved by using system routes. One thing to note here is the communication from the Internet to the servers is always blocked using the network security groups.
The system routes are stored in a routing table and with the help of these routes the traffic can be routed with the virtual networks, the Internet, and the on-premises infrastructure. Users can always override these rules and stop any of the communications that come as part of the system route. Let’s understand how users can override these and come up with custom routes.