Azure Partner Community: User Defined Routing

Welcome to part 3 of this month’s Azure Partner Community blog series.

image by Jonathan Gardner
US Partner Technology Strategist for Microsoft Azure

In this month’s Azure Partner Community blog series, we are discussing Azure Networking. Read Part 1, about Networking features and services, and Part 2, about Azure ExpressRoute.

One of the new features of Azure Networking is user defined routing. Just as the name suggests, user defined routing provides administrators a way to define how network traffic is handled in their virtual network. In today’s post, explain user defined routing, what it means for partners, and how to get started.

Before the addition of user defined routing in Azure, networks talked to each other through system routes. Illustrated below, these system routes allowed for the control of flow between subnets and the formation of traditional network routing scenarios, such as:

  • From within the same subnet
  • From a subnet to another within a VNet
  • From VMs to the Internet
  • From a VNet to another VNet through a VPN gateway
  • From a VNet to your on-premises network through a VPN gateway


These network configurations are fine for most routing needs but there are times when routing needs to be controlled differently, like routing through a virtual appliance, for example. These may be deployed from the Azure Marketplace or created by administrators, and can host a variety of tools like IPS, firewalls, or reporting.

In this case, user defined routing would be used and change our network diagram to look like the illustration below. In this scenario, traffic between the frontend and backend goes through an appliance and traffic between the frontend subnet and the internet goes through another. This traffic shaping is defined by administrators, so the System Route still exists so a route could be created for just a specific traffic type.


Another real-world use case for user defined routing is forced tunneling through a hybrid environment. Suppose an organization has a business requirement that all traffic be pushed through their data center, but they need to scale their environment beyond its current capacity. They are able to use Azure with user defined routing to deploy a three-tier cloud service and route all traffic to the service through their data center. This configuration is shown in the illustration below.


What’s in it for partners

While user defined routing may seem like a basic network function, I see a bigger opportunity for partners, especially those looking at managed services. If your managed service includes the management of security in an environment, closely controlling the way traffic moves through the network and monitoring that traffic is very important. Appliances like Alert Logic Threat Manager and Citrix NetScaler are available in the Azure Marketplace for rapid deployment into a virtual network. These tools, and the management of them, present you with the opportunity to add value for your customers. 


  • A good primer for user defined routing is on the User Defined Routes and IP Forwarding documentation page.
  • Managing routes for user defined routing is handled through PowerShell and the AzureRouteTable command. You’ll find a walkthrough of setting up and managing routes here.
  • Watch this video from Ignite 2015 for more information (also embedded below)

Virtual Networking and Security in Microsoft Azure

image     image

Skip to main content