The flow of communication between Virtual Machine within VNet is possible because Azure uses a series of system routes to define how IP traffic flows. Although the use of system routes facilitates traffic automatically for your deployment, there are cases in which you want to control the routing of packets through a virtual appliance. You can do so by creating user defined routes that specify the next hop for packets flowing to a specific subnet to go to your virtual appliance instead, and enabling IP forwarding for the VM running as the virtual appliance.

  • For each subnet you can attach a routing table
  • 256 routes per subnet
  • Depending on address prefix – go to the next hop
  • Can build topologies where you can put things like virtual network appliance, your own firewalls, force certain traffic to certain places

This section will demonstrate how to create User Defined Route(UR) in Microsoft Azure.


  • Azure subscription


  1. Open the new Azure Portal. Authenticate to the portal and stay on the default page.
  2. Navigate to GitHub. Click on to view the ARM template. Click on “Deploy to Azure” button.

  3. Once you click on the template, the blade will open to the parameter screen.
  4. Edit the parameters for the resource groups and resource group location. Keep the default values for the rest of the parameter or change as required.

  5. Click OK. Select the subscription. Select or create a new resource group. Select the resource group location. Accept the legal terms and click “buy”. Click create.
  6. If the deployment goes well, it will take approx. 15 minutes to deploy. You can also view the notifications in the global menu to view the status.
  7. Once the deployment is complete, you can view the resources created. This template creates a three virtual machines, three NIC with Public IP Address, default Network Security Group, Virtual network, standard storage and Route table with name as “BasicNVA-RT“.
  8. Route tables create the routes where packet hitting front end server (demovm0) will route though middle server (demovm1) before reaching to the backend server(demovm2). Next hope type will be “Virtual appliance”.

  9. You can create additional routes rules if required as shown below.

  10. Important: to unable routing or IP forwarding on middle server or IP forwarding server, we must Install and Enable the Routing and Remote Access Service as described here.
  11. Now let us validate how UDR works. RDP to the demovm0 virtual machine using admin user/pwd credential.
  12. Open the command prompt inside the demovm0 machine, type the following command and hit enter.

    tracert <<IP Address of back end server>>

    e.g. tracert

  13. You notice that package request to the backend server (demovm2) is first reaching to the DemoVM1 (middle server or package audit server) before reaching to the back end server (demovm2).

Conclusion: One of the main reasons to create a user defined route is to forward traffic to a virtual appliance. A virtual appliance is nothing more than a VM that runs an application used to handle network traffic in some way, such as a firewall or a NAT device. This virtual appliance VM must be able to receive incoming traffic that is not addressed to itself. To allow a VM to receive traffic addressed to other destinations, you must enable IP Forwarding for the VM.


2 thoughts on “User Defined Route (UDR) in Microsoft Azure

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s