Sign in Subscribe
azure

Azure UDR Tips: Overcoming 0.0.0.0/0 Limitations to Redirect Default Traffic to On-Premise Gateway

Half of the difficulties in Azure Networking come from UDR setting

Phil Huang

3 min read
Azure UDR Tips: Overcoming 0.0.0.0/0 Limitations to Redirect Default Traffic to On-Premise Gateway
Photo by Phil Huang @ Kaohsiung, Taiwan

In Azure, the default route (0.0.0.0/0) for Azure VMs is directed to the Internet by default. See Azure Virtual network traffic routing - 0.0.0.0/0 prefix

When a subnet is created, Azure creates a default route to the 0.0.0.0/0 address prefix, with the Internet next hop type. If you don't override this route, Azure routes all traffic destined to IP addresses not included in the address prefix of any other route to the internet.
Network Interface Card - Effected Routes

If I want to change the default route (0.0.0.0/0) to the on-premise gateway instead of default outbound access / Azure Firewall / NVA. how should I do it?

Set up UDR for Spoke VNet

Most of the demand for this typically arises within the Spoke VNet, so we need to create an Azure Route Table (a.k.a UDR) specifically for the Spoke VNet.

Create an new Azure Route Table
  1. Add new default route and set next hope type - Virtual Network Gateway
Name Address prefix Next hop type Next hop IP address
default-route 0.0.0.0/0 Virtual Network Gateway -
  1. Associate subnets with this type of need
  2. Propagate gateway routes: Yes or No are acceptable, because 0.0.0.0/0 includes 10.255.0.0/16. Here we use the default value Yes

Adjust Local Network Gateway

The configuration below routes any traffic destined for the 10.255.0.0/16 network through the Local Network Gateway (lng-tf-onprem). Since we now need to cover the entire 0.0.0.0/0 address space, this setting must be adjusted accordingly.

Before

Due to "The prefix must be between 1 and 32", 0 cannnot be entered

Issue: The prefix must be between 1 and 32

So Replace the original address space with 0.0.0.0/1 and 128.0.0/1 to represent 0.0.0.0/0

0.0.0.0/0 = 0.0.0.0/1 + 128.0.0.0/1
After

Connectivity Result

Use curl ifconfig.me to verify the external IP

[BONUS] Adjust specific destination routes instead of 0.0.0.0/0

If I only want 8.8.8.8/32 to go through on-premise gateway while keeping other routes unchanged, what should I do?

Set up specific UDR for Spoke VNet

Propagate gateway routes: Yes . You need to receive gateway routes from Virtual Network Gateway, otherwise packets will not reach the on-premise gateway.

Append specific route into Local Network Gateway

Append 8.8.8.8/32 into address spaces in local network gateway

Connectivity Result

mtr
ping