Routing in Azure can be as simple as navigating a well-marked road or as complex as finding your way through a maze. In this blog post, we'll embark on a journey through the intricacies of Azure routing, exploring how it works and how you can troubleshoot common issues.
Azure networking operates on the backbone of software-defined technology, specifically VXLAN. Imagine it like this: when your virtual machine (VM) sends a packet to another VM, Azure's fabric takes charge as it traverses through the virtual NIC. This principle extends across all Azure services supporting virtual networks. Essentially, it's like a memory copy from one source NIC to another destination NIC, with an Azure backbone providing the physical infrastructure beneath. While you can't modify the underlying infrastructure, you can influence the routing within the platform by adding hops.
When you create a Virtual Network (VNet) in Azure, it typically consists of one or more subnets.
Each subnet comes with default system routes. Let's simplify things: a routing table dictates
where a packet for an IP prefix should go next, known as the next hop. For example,
`10.0.0.0/24` directs packets to `192.168.0.2` as the first stop on the journey to the
destination.
Azure automatically generates a system route table when you create a VNet. Essentially, it's
straightforward, with two critical entries: one for the VNet prefix, directing traffic within
the VNet, and another for `0.0.0.0/0`, which routes traffic to the internet. Regardless of any
configuration within your VM, packets are routed based on these entries.
Peering two VNets involves several steps, including extending the network plumbing between them and adjusting security rules. Additionally, a new system route for peering is created. This setup enables VMs in one VNet to communicate directly with those in another, as if they're in the same network.
Creating a VNet gateway introduces another layer of routing. When you establish a gateway and a load network connection, a new set of system routes is created for the gateway. This includes adding local address spaces as destinations routed via the gateway. Consequently, traffic to and from on-premises networks is directed through the gateway, even across peered connections.
Border Gateway Protocol (BGP) plays a crucial role in Azure routing. BGP routes are shared via peering and originate from various sources like Azure ExpressRoute Circuits, VPNs, Azure route servers, and Azure Virtual WAN. These routes are labeled as BGP in the routing table, with the virtual network gateway serving as the next hop. Routes learned via BGP take precedence over other routes, including system routes. This means that if BGP announces a route, it will be favored over a similar route in the system route table.
In Azure routing, the overarching principle is that the larger prefix wins, and BGP prefixes take precedence over system routes. However, there's one last crucial rule: for every route from IP1 to IP2, there must be a corresponding reverse route from IP2 to IP1 using the same path. While it's relatively easy to create a User Defined Route (UDR) for one-way traffic, configuring the reverse path can be trickier. For instance, creating a rule to route traffic to a firewall via peering requires careful consideration to ensure the return traffic follows the same path.
Now that we've covered the basics, how do you troubleshoot routing issues in Azure? One essential tool is the Effective Routes feature, accessible by opening a NIC in the subnet. This tool allows you to visualize the routing decisions made by Azure and identify any discrepancies.
In conclusion, understanding Azure routing involves grasping the interplay between system routes, user-defined routes, and BGP routes. By mastering these concepts and adhering to Azure's routing rules, you can navigate the digital highways of Azure with confidence.
For more detailed information and troubleshooting tips, check out Azure's public documentation on troubleshooting Azure routing: https://docs.microsoft.com/en-us/azure/architecture/topics/network-routing-troubleshooting .