Static Routes (UDRs)

🎯 Lab Objective

In this hands-on lab, you will learn how to:

• Understand User Defined Routes (UDRs) and their purpose in Azure networking
• Create and configure route tables to control network traffic flow
• Troubleshoot routing issues using Azure portal tools
• Implement custom routing scenarios with network virtual appliances
• Use effective routes to diagnose routing problems
• Fix misconfigured static routes that break connectivity

Scenario: Your application VM cannot reach external resources due to a misconfigured static route pointing to an incorrect gateway IP address. You need to diagnose and fix the routing issue.

---

🏗️ Pre-Provisioned Environment

The following Azure resources have been pre-deployed with intentional misconfigurations:

Resource Overview

Resource Type	Resource Name	Configuration	Purpose
Resource Group	StaticRoute-Lab-RG	Contains all lab resources	Logical container
Virtual Network	RouteLabVNet	Address space: 10.0.0.0/16	Network foundation
App Subnet	AppSubnet	Range: 10.0.1.0/24	Application tier
Gateway Subnet	GatewaySubnet	Range: 10.0.2.0/24	Network gateway tier
App VM	AppVM	Windows Server 2019	Application server
Gateway VM	GatewayVM	Ubuntu with IP forwarding	Network virtual appliance
Route Table	AppSubnet-RouteTable	Misconfigured routes	Custom routing

Network Architecture

RouteLabVNet (10.0.0.0/16)
├── AppSubnet (10.0.1.0/24)
│   └── AppVM (Windows Server)
│       └── Route Table (❌ Incorrect next hop)
└── GatewaySubnet (10.0.2.0/24)
    └── GatewayVM (Ubuntu NVA)
        └── IP: 10.0.2.4 (Correct gateway)

Route Table Issue:
├── Route: 0.0.0.0/0 → 10.0.2.100 (❌ Wrong IP)
└── Should be: 0.0.0.0/0 → 10.0.2.4 (✅ Correct IP)

VM Details

VM	Private IP	Public IP	Operating System	Role
AppVM	10.0.1.4	Dynamic	Windows Server 2019	Application server
GatewayVM	10.0.2.4	Dynamic	Ubuntu 20.04 LTS	Network virtual appliance

---

🚀 Lab Tasks

Task 1: Verify Connectivity Issue

Step 1: Connect to Application VM

1. Navigate to StaticRoute-Lab-RG resource group
2. Click on AppVM
3. Click Connect → RDP
4. Use credentials:
   • Username: azureuser
   • Password: LabPassword123!

Step 2: Test Network Connectivity

Once connected to AppVM, open Command Prompt and run:

# Test connectivity to GatewayVM
ping 10.0.2.4

# Test internet connectivity (should fail due to routing)
ping 8.8.8.8

# Test DNS resolution
nslookup google.com

# Check local routing table
route print

Step 3: Document the Issue

Expected Behavior:

• ❌ Ping to GatewayVM (10.0.2.4) should fail or timeout
• ❌ Internet connectivity should fail
• ❌ External DNS resolution may fail
• ✅ Local subnet connectivity should work

📝 Note: Record specific error messages and response times for analysis.

---

Task 2: Inspect Route Table Configuration

Step 1: Navigate to Route Table

1. In Azure Portal, go to StaticRoute-Lab-RG
2. Click on AppSubnet-RouteTable
3. In the left menu, click Routes

Step 2: Analyze Current Routes

Examine the configured routes:

Route Name	Address Prefix	Next Hop Type	Next Hop IP	Status
Default-Route	0.0.0.0/0	Virtual Appliance	10.0.2.100	❌ Incorrect
Local-VNet	10.0.0.0/16	VNet Local	-	✅ Correct

Step 3: Identify the Problem

Issues to look for:

• Next Hop IP: Is 10.0.2.100 the correct IP?
• Actual Gateway IP: GatewayVM is at 10.0.2.4
• Route Priority: Are there conflicting routes?

Step 4: Check Route Table Association

1. Click Subnets in the left menu
2. Verify: AppSubnet is associated with this route table
3. Confirm: Route table is actively applied

---

Task 3: Use Effective Routes for Diagnosis

Step 1: View Effective Routes

1. Navigate to AppVM
2. Click Networking in the left menu
3. Click on the Network Interface name
4. Click Effective routes

Step 2: Analyze Route Evaluation

Review the effective routes table:

Source	Address Prefix	Next Hop Type	Next Hop IP	State
User	0.0.0.0/0	VirtualAppliance	10.0.2.100	Active
Default	10.0.0.0/16	VNet	-	Active

Step 3: Understand Route Precedence

Route evaluation order:

1. User-defined routes (highest priority)
2. BGP routes (dynamic routing)
3. System routes (default Azure routes)

🔍 Analysis: The user-defined route with incorrect next hop is overriding default routing.

---

Task 4: Fix the Route Configuration

Step 1: Get Correct Gateway IP

1. Navigate to GatewayVM
2. Click Networking
3. Copy the Private IP address: 10.0.2.4

Step 2: Update Route Table

1. Go back to AppSubnet-RouteTable
2. Click Routes
3. Click on the Default-Route (or problematic route)
4. Edit the route:

Setting	Current Value	Correct Value
Route name	Default-Route	Default-Route
Address prefix	0.0.0.0/0	0.0.0.0/0
Next hop type	Virtual appliance	Virtual appliance
Next hop address	10.0.2.100	10.0.2.4

5. Click Save

Step 3: Verify Route Update

1. Refresh the Routes page
2. Confirm: Next hop IP now shows 10.0.2.4
3. Status: Route should show as Active

⏱️ Propagation Time: Route changes typically take 1-2 minutes to propagate.

---

Task 5: Validate the Fix

Step 1: Test Connectivity from AppVM

Return to AppVM and test connectivity:

# Wait for route propagation
timeout /t 60

# Test connectivity to GatewayVM
ping 10.0.2.4

# Test internet connectivity
ping 8.8.8.8

# Test DNS resolution
nslookup google.com

# Verify routing table
route print

Step 2: Expected Results After Fix

Post-fix behavior:

• ✅ Ping to GatewayVM (10.0.2.4) should succeed
• ✅ Internet connectivity should work (if GatewayVM allows forwarding)
• ✅ DNS resolution should function

Step 3: Verify Effective Routes

1. Go back to AppVM → Networking → Network Interface
2. Click Effective routes
3. Confirm: Default route now shows correct next hop 10.0.2.4

---

Task 6: Advanced Route Testing

Step 1: Test Route Tracing

From AppVM, use advanced diagnostics:

# Trace route to internet
tracert 8.8.8.8

# Test specific port connectivity
telnet 8.8.8.8 53

# Check ARP table
arp -a

Step 2: Test from Gateway VM

1. Connect to GatewayVM via SSH:

ssh azureuser@[GatewayVM-Public-IP]
# Password: LabPassword123!

2. Verify IP forwarding and routing:

# Check IP forwarding status
cat /proc/sys/net/ipv4/ip_forward

# View routing table
ip route show

# Monitor traffic (optional)
sudo tcpdump -i any icmp

Step 3: Create Additional Routes (Optional)

1. In AppSubnet-RouteTable, click + Add
2. Create a more specific route:

Setting	Value	Purpose
Route name	Specific-Route	Test route precedence
Address prefix	8.8.8.0/24	Google DNS subnet
Next hop type	Internet	Direct internet access

3. Test: Compare routing behavior for different destinations

---

🔧 Troubleshooting Guide

Common UDR Issues and Solutions

Issue	Symptoms	Diagnosis	Solution
Wrong next hop IP	Traffic not reaching destination	Check effective routes	Update route with correct IP
Route not propagated	Changes not taking effect	Wait 1-2 minutes	Refresh and verify
Conflicting routes	Unpredictable routing	Review route precedence	Adjust route priorities
NVA not forwarding	Traffic reaches NVA but stops	Check IP forwarding	Enable forwarding on NVA
Route table not associated	Custom routes ignored	Check subnet association	Associate route table

Route Troubleshooting Commands

Windows (AppVM):

# View local routing table
route print

# Trace network path
tracert [destination]

# Test connectivity
ping [destination]
telnet [destination] [port]

Linux (GatewayVM):

# View routing table
ip route show

# Check IP forwarding
cat /proc/sys/net/ipv4/ip_forward

# Monitor traffic
sudo tcpdump -i any host [ip]

---

🧪 Additional Experiments

Try these optional exercises to deepen your understanding:

1. Multiple Route Tables: Create different route tables for different subnets
2. Route Priorities: Test overlapping routes with different specificity
3. BGP Routes: Implement BGP routing with VPN Gateway
4. Service Chaining: Chain multiple network virtual appliances
5. Forced Tunneling: Route all traffic through on-premises gateway

---

🎓 Key Takeaways

After completing this lab, you should understand:

• User Defined Routes (UDRs) override Azure’s default routing behavior
• Route tables control traffic flow at the subnet level
• Next hop types determine where traffic is forwarded
• Effective routes show the actual routing configuration applied to NICs
• Route precedence follows: User-defined → BGP → System routes
• IP forwarding must be enabled on network virtual appliances
• Troubleshooting routes requires systematic analysis of configuration and traffic flow

---

📊 Route Types and Next Hops

Next Hop Types

Type	Description	Use Case
Virtual Network Gateway	VPN/ExpressRoute gateway	Hybrid connectivity
Virtual Appliance	Custom NVA	Firewall, load balancer
Internet	Direct internet access	Public services
VNet Local	Within virtual network	Inter-subnet communication
None	Drop traffic	Security isolation

Route Precedence

1. User-defined routes (0-65,535 priority)
2. BGP routes (dynamic)
3. System routes (default Azure routing)

---

📚 Additional Resources

• User Defined Routes Overview
• Route Tables and Routes
• Network Virtual Appliances
• Troubleshooting Routes