#Create User Defined Routes (UDR) in PowerShell
[AZURE.INCLUDE virtual-network-create-udr-arm-selectors-include.md]
[AZURE.INCLUDE virtual-network-create-udr-intro-include.md]
[AZURE.INCLUDE azure-arm-classic-important-include] This article covers the Resource Manager deployment model. You can also create UDRs in the classic deployment model.
[AZURE.INCLUDE virtual-network-create-udr-scenario-include.md]
The sample PowerShell commands below expect a simple environment already created based on the scenario above. If you want to run the commands as they are displayed in this document, first build the test environment by deploying this template, click Deploy to Azure, replace the default parameter values if necessary, and follow the instructions in the portal.
[AZURE.INCLUDE azure-ps-prerequisites-include.md]
To create the route table and route needed for the front end subnet based on the scenario above, follow the steps below.
-
From an Azure PowerShell prompt, run the
Switch-AzureModecmdlet to switch to Resource Manager mode, as shown below.Switch-AzureMode AzureResourceManagerExpected output:
WARNING: The Switch-AzureMode cmdlet is deprecated and will be removed in a future release.[AZURE.WARNING] The Switch-AzureMode cmdlet will be deprecated soon. When that happens, all Resource Manager cmdlets will be renamed.
-
Create a route used to send all traffic destined to the back end subnet (192.168.2.0/24) to be routed to the FW1 virtual appliance (192.168.0.4).
$route = New-AzureRouteConfig -Name RouteToBackEnd ` -AddressPrefix 192.168.2.0/24 -NextHopType VirtualAppliance ` -NextHopIpAddress 192.168.0.4 -
Create a route table named UDR-FrontEnd in the westus region that contains the route created above.
$routeTable = New-AzureRouteTable -ResourceGroupName TestRG -Location westus ` -Name UDR-FrontEnd -Route $route -
Create a variable that contains the VNet where the subnet is. In our scenario, the VNet is named TestVNet.
$vnet = Get-AzureVirtualNetwork -ResourceGroupName TestRG -Name TestVNet -
Associate the route table created above to the FrontEnd subnet.
Set-AzureVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name FrontEnd ` -AddressPrefix 192.168.1.0/24 -RouteTable $routeTableExpected output:
Name : TestVNet ResourceGroupName : TestRG Location : westus Id : /subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestRG/providers/Mic rosoft.Network/virtualNetworks/TestVNet Etag : W/"7df26c0e-652f-4754-bc4e-733fef7d5b2b" ProvisioningState : Succeeded Tags : Name Value =========== ===== displayName VNet AddressSpace : { "AddressPrefixes": [ "192.168.0.0/16" ] } DhcpOptions : { "DnsServers": null } NetworkInterfaces : null Subnets : [ ..., { "Name": "FrontEnd", "Etag": "W/\"7df26c0e-652f-4754-bc4e-733fef7d5b2b\"", "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestRG/pr oviders/Microsoft.Network/virtualNetworks/TestVNet/subnets/FrontEnd", "AddressPrefix": "192.168.1.0/24", "IpConfigurations": [ { "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestR G/providers/Microsoft.Network/networkInterfaces/NICWEB2/ipConfigurations/ipconfig1" }, { "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestR G/providers/Microsoft.Network/networkInterfaces/NICWEB1/ipConfigurations/ipconfig1" } ], "NetworkSecurityGroup": { "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestRG/ providers/Microsoft.Network/networkSecurityGroups/NSG-BackEnd" }, "RouteTable": { "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestRG/ providers/Microsoft.Network/routeTables/UDR-FrontEnd" }, "ProvisioningState": "Succeeded" }, ... ]
To create the route table and route needed for the back end subnet based on the scenario above, follow the steps below.
-
Create a route used to send all traffic destined to the front end subnet (192.168.1.0/24) to be routed to the FW1 virtual appliance (192.168.0.4).
$route = New-AzureRouteConfig -Name RouteToFrontEnd ` -AddressPrefix 192.168.1.0/24 -NextHopType VirtualAppliance ` -NextHopIpAddress 192.168.0.4 -
Create a route table named UDR-BackEnd in the uswest region that contains the route created above.
$routeTable = New-AzureRouteTable -ResourceGroupName TestRG -Location westus ` -Name UDR-BackEnd -Route $route -
Associate the route table created above to the BackEnd subnet.
Set-AzureVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name BackEnd ` -AddressPrefix 192.168.2.0/24 -RouteTable $routeTableExpected output:
Name : TestVNet ResourceGroupName : TestRG Location : westus Id : /subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestRG/providers/Mic rosoft.Network/virtualNetworks/TestVNet Etag : W/"7df26c0e-652f-4754-bc4e-733fef7d5b2b" ProvisioningState : Succeeded Tags : Name Value =========== ===== displayName VNet AddressSpace : { "AddressPrefixes": [ "192.168.0.0/16" ] } DhcpOptions : { "DnsServers": null } NetworkInterfaces : null Subnets : [ ..., { "Name": "BackEnd", "Etag": "W/\"7df26c0e-652f-4754-bc4e-733fef7d5b2b\"", "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestRG/pr oviders/Microsoft.Network/virtualNetworks/TestVNet/subnets/BackEnd", "AddressPrefix": "192.168.2.0/24", "IpConfigurations": [ { "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestR G/providers/Microsoft.Network/networkInterfaces/NICSQL2/ipConfigurations/ipconfig1" }, { "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestR G/providers/Microsoft.Network/networkInterfaces/NICSQL1/ipConfigurations/ipconfig1" } ], "NetworkSecurityGroup": { "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestRG/ providers/Microsoft.Network/networkSecurityGroups/NSG-FrontEnd" }, "RouteTable": { "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestRG/ providers/Microsoft.Network/routeTables/UDR-BackEnd" }, "ProvisioningState": "Succeeded" } ]
To enable IP forwarding in the NIC used by FW1, follow the steps below.
-
Create a variable that contains the settings for the NIC used by FW1. In our scenario, the NIC is named NICFW1.
$nicfw1 = Get-AzureNetworkInterface -ResourceGroupName TestRG -Name NICFW1 -
Enable IP forwarding, and save the NIC settings.
$nicfw1.EnableIPForwarding = 1 Set-AzureNetworkInterface -NetworkInterface $nicfw1Expected output:
Name : NICFW1 ResourceGroupName : TestRG Location : westus Id : /subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestRG/providers/ Microsoft.Network/networkInterfaces/NICFW1 Etag : W/"e0f9adc0-d8bf-4def-beab-5ed3e1305c9a" ProvisioningState : Succeeded Tags : Name Value =========== ======================= displayName NetworkInterfaces - DMZ VirtualMachine : { "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestRG/p roviders/Microsoft.Compute/virtualMachines/FW1" } IpConfigurations : [ { "Name": "ipconfig1", "Etag": "W/\"e0f9adc0-d8bf-4def-beab-5ed3e1305c9a\"", "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/TestRG /providers/Microsoft.Network/networkInterfaces/NICFW1/ipConfigurations/ipconfig1", "PrivateIpAddress": "192.168.0.4", "PrivateIpAllocationMethod": "Static", "Subnet": { "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/Test RG/providers/Microsoft.Network/virtualNetworks/TestVNet/subnets/DMZ" }, "PublicIpAddress": { "Id": "/subscriptions/628dad04-b5d1-4f10-b3a4-dc61d88cf97c/resourceGroups/Test RG/providers/Microsoft.Network/publicIPAddresses/PIPFW1" }, "LoadBalancerBackendAddressPools": [], "LoadBalancerInboundNatRules": [], "ProvisioningState": "Succeeded" } ] DnsSettings : { "DnsServers": [], "AppliedDnsServers": [], "InternalDnsNameLabel": null, "InternalFqdn": null } EnableIPForwarding : True NetworkSecurityGroup : null Primary : True