In a public cloud environment, users create a vnet and add a number of network segments that are fully connected.
If you want to add some functional devices to your vnet, such as firewalls, IPS, load-balancing devices, and so on, you need to configure your custom routing.
is an application scenario for UDR:
All traffic to the protected network needs to pass through the intermediate firewalls, IPs and other devices.
A simple scenario set up in this article is two network segments, Subnet-1 and Subnet-2. There is a device VM1 has two network cards, bridging two network segments. The other two devices VM2 and VM3 each in a network segment. Such as:
If you do not set udr,10.1.1.5 access to 10.1.2.5, the traffic passes through 10.1.1.1->10.1.2.1 and does not pass through the VM1 device.
Set a UDR for each network segment:
- In Subnet-1 definition UDR: Traffic to 10.1.2.0/24 is sent to 10.1.1.4
- In Subnet-2 definition UDR: Traffic to 10.1.1.0/24 is sent to 10.1.2.4
Once these two routes are defined, the traffic that is accessed between the two network segments is VM1.
The specific configuration is as follows:
1. Create a VM.
The creation of VM2 and VM3 is the normal way to create, and on the portal page, it is not described here.
The creation of VM1 needs to take into account the dual network card, set the static intranet address, etc., need to create through PowerShell, its command is:
New-azurevmconfig-name hwudr01-instancesize large-imagename $vmimage. ImageName | Add-azureprovisioningconfig-linux-linuxuser Hengwei-password Password | Set-azuresubnet-subnetnames Subnet-1 | Set-azurestaticvnetip-ipaddress 10.1.1.4 | Add-azurenetworkinterfaceconfig-name nic2-subnetname Subnet-2-staticvnetipaddress 10.1.2.4-ipforwarding Enabled | New-azurevm-servicename hwudr01-location "China North"-vnetname HWUDR
2. Create UDR
A. Creating a routing table
New-azureroutetable-name hwudrvlan01-location "China North"-label Hwudrvlan01
New-azureroutetable-name hwudrvlan02-location "China North"-label hwudrvlan02
B. Setting up a route
Get-azureroutetable-name Hwudrvlan01 | Set-azureroute-routename Hwudrvlan01-addressprefix 10.1.1.0/24-nexthoptype virtualappliance-nexthopipaddress 10.1.2.4
Get-azureroutetable-name Hwudrvlan02 | Set-azureroute-routename Hwudrvlan02-addressprefix 10.1.2.0/24-nexthoptype virtualappliance-nexthopipaddress 10.1.1.4
C. Associating a routing table on a network segment
Set-azuresubnetroutetable-virtualnetworkname hwudr-subnetname Subnet-1-routetablename hwudrvlan02
Set-azuresubnetroutetable-virtualnetworkname hwudr-subnetname Subnet-2-routetablename hwudrvlan01
D. Enable IP Forwarding
Only if the IP forwarding mode is turned on, the configured virtual machine can transmit packets, otherwise it can only accept the destination address as its own IP packet.
The command that opens is as follows:
Get-azurevm-name Hwudr01-servicename Hwudr01 | Set-azureipforwarding-enable
Configuration work is complete. At this point in the 10.1.1.5 ping 10.1.2.5, while grasping the packet on the VM1, you can see that the ICMP bidirectional packets have been VM1.
Azure user-defined routing (user Defined route)