Taicheng's Profile

Problem

You need to route outgoing subnet traffic to Azure and/or on-premises networks and/or internet resources.

Solution

Create an Azure route table, add one or more custom routes to it, and associate the new route table with your subnets 

Steps

  1. Log in to your Azure subscription in the Owner role and create a new resource group for this recipe. See “General Workstation Setup Instructions” for details.
  2. Create an Azure VNet. Refer to “Creating an Isolated Private Network by Provisioning an Azure Virtual Network” for details.
  3. Our VNet already has two subnets. Use the following command to list the subnets within your VNet. Replace <vnet-name> with the desired VNet name:
vnetName="<vnet-name>"

az network vnet subnet list \
    --resource-group $rgName \
    --vnet-name $vnetName \
    --query "[].name"

4. Create a new route table resource using the following command. Replace <route-table-name> with your desired name:

routeTableName="<route-table-name>"

az network route-table create \
    --resource-group $rgName \
    --name $routeTableName

5. Our goal is to forward all egress (outgoing) subnet traffic to the internet. Use the --next-hop-type parameter to set the type of Azure hop the packet should be sent to. Accepted values are InternetNoneVirtualAppliance (for example an Azure Firewall service), VirtualNetworkGateway, and VnetLocal. See the Azure documentation for details. Now, use the following command to add your first custom route to the new route table. Replace <custom-route-name> with the desired name for your custom route table:

routeName="<custom-route-name>"

az network route-table route create \
    --resource-group $rgName \
    --route-table-name $routeTableName \
    --name $routeName \
    --next-hop-type Internet \
    --address-prefix 0.0.0.0/0

6. Now we need to associate this route table with our subnet. As you remember, the name of our default subnet was Subnet01:

az network vnet subnet update \
    --resource-group $rgName \
    --name Subnet01 \
    --vnet-name $vnetName \
    --route-table $routeTableName

7. From this point, all egress traffic from Subnet01 will be forwarded to the internet. This is useful when you have a resource such as an Azure VM that needs to access the internet from your subnet.

8. Run the following command to delete the resources you created in this recipe:

    az group delete --name $rgName

    Taicheng