What is User-Defined Routes (UDR) in Azure

User-Defined Routes (UDRs) in Azure allow you to create custom routing rules that override or complement the default system routes in a virtual network (VNet).

These routes provide granular control over the flow of network traffic between Azure resources, on-premises networks, and external destinations.

Key Features of User-Defined Routes:

1. Customizable Traffic Control

You can specify routes to direct traffic through specific network paths, such as network virtual appliances (NVAs), firewalls, or gateways.

2. Overrides System Routes

UDRs take precedence over Azure's default system routes when applied to a subnet.

3. Subnet-Level Configuration

UDRs are associated with a route table, which is then linked to specific subnets in the VNet. Each subnet can have only one route table associated with it.

4. Specificity Matters

UDRs are evaluated based on the most specific prefix match (e.g., a /24 route overrides a /16 route for overlapping addresses).

Components of a User-Defined Route:

1. Address Prefix

Specifies the destination IP range (in CIDR format) for the traffic the route will handle.

2. Next Hop Type

Defines where the traffic should be forwarded. Supported types include:

• Virtual Appliance: Directs traffic to a network virtual appliance (e.g., a firewall or load balancer).

• Virtual Network Gateway: Sends traffic to a VPN or ExpressRoute gateway for on-premises connectivity.

• Internet: Routes traffic to the internet.

• None: Blocks traffic matching the route.

3. Next Hop Address

The IP address of the next hop (e.g., the private IP of an NVA).

Common Use Cases:

1. Traffic Inspection

Route traffic through an NVA or firewall for monitoring and filtering.

2. Hub-and-Spoke Topology

Centralize traffic management by routing traffic from spoke VNets through a hub VNet.

3. On-Premises Connectivity

Direct traffic destined for on-premises networks through an ExpressRoute or VPN gateway.

4. Custom Internet Routing

Route specific traffic to the internet through a custom egress point, such as a secure web gateway.

5. Isolating Traffic

Use the "None" next hop to block certain traffic patterns within the VNet.

Example of a UDR:

Let’s assume you want all traffic from Subnet A (10.0.1.0/24) destined for 192.168.0.0/16 to pass through an NVA at 10.0.2.4:

• Destination: 192.168.0.0/16

• Next Hop Type: Virtual Appliance

• Next Hop Address: 10.0.2.4

Limitations and Considerations:

• Subnet Association: A route table can only be associated with one or more subnets in the same VNet.

• Priority: The longest prefix match determines which route applies.

• Next Hop Restrictions: Ensure that the next hop type is compatible with the traffic flow and network setup.

Summary

User-Defined Routes are a powerful tool for controlling traffic flows and enforcing security and compliance in Azure network architectures.