Create User-Defined Routes (UDRs) in Azure Virtual Network Manager

In this article, you learn how to deploy User-Defined Routes (UDRs) with Azure Virtual Network Manager in the Azure portal. UDRs allow you to describe your desired routing behavior, and Virtual Network Manager orchestrates UDRs to create and maintain that behavior. You deploy all the resources needed to create UDRs, including the following resources:

  • Virtual Network Manager instance

  • Two virtual networks and a network group

  • Routing configuration to create UDRs for the network group

Important

User-defined routes management with Azure Virtual Network Manager is generally available in select regions. For more information and a list of regions, see General availability.

Regions that aren't listed in the previous link are in public preview. Public previews are made available to you on the condition that you agree to the Supplemental Terms of Use for Microsoft Azure Previews. Some features might not be supported or might have constrained capabilities. This preview version is provided without a service level agreement, and it's not recommended for production workloads.

Prerequisites

  • An Azure account with an active subscription. Create an account for free.

  • You need to have the Network Contributor Role for the scope that you want to use for your virtual network manager instance.

Create a Virtual Network Manager instance

In this step, you deploy a Virtual Network Manager instance with the defined scope and access that you need.

  1. Sign in to the Azure portal.

  2. Select + Create a resource and search for Network Manager. Then select Network Manager > Create to begin setting up Virtual Network Manager.

  3. On the Basics tab, enter or select the following information, and then select Review + create.

    Setting Value
    Subscription Select the subscription where you want to deploy Virtual Network Manager.
    Resource group Select Create new and enter resource-group.
    Select Ok.
    Name Enter network-manager.
    Region Select (US) West US 2 or a region of your choosing. Virtual Network Manager can manage virtual networks in any region. The selected region is where the Virtual Network Manager instance is deployed.
    Description (Optional) Provide a description about this Virtual Network Manager instance and the task it's managing.
    Features Select User defined routing from the dropdown list.
  4. Select the Management scope tab or select Next: Management scope > to continue.

  5. On the Management scope tab, select + Add.

  6. In Add scopes, select your subscription then choose Select.

  7. Select Review + create and then select Create to deploy the Virtual Network Manager instance.

Create virtual networks and subnets

In this step, you create two virtual networks to become members of a network group.

  1. From the Home screen, select + Create a resource and search for Virtual network.

  2. Select Virtual network > Create to begin configuring a virtual network.

  3. On the Basics tab, enter or select the following information:

    Setting Value
    Subscription Select the subscription where you want to deploy this virtual network.
    Resource group Select resource-group.
    Virtual network name Enter vnet-spoke-001.
    Region Select (US) West US 2.
  4. Select Next > Next or the IP addresses tab.

  5. On the IP addresses tab, enter an IPv4 address range of 10.0.0.0 and /16.

  6. Under Subnets, select default and enter the following information in the Edit Subnet window:

    Setting Value
    Subnet purpose Leave as Default.
    Name Leave as default.
    IPv4
    IPv4 address range Select 10.0.0.0/16.
    Starting address Enter 10.0.1.0.
    Size Enter /24 (256 addresses).
  7. Select Save then Review + create > Create.

  8. Return to home and repeat the preceding steps to create another virtual network with the following information:

    Setting Value
    Subscription Select the same subscription that you selected in step 2.
    Resource group Select resource-group.
    Virtual network name Enter vnet-spoke-002.
    Region Select (US) West US 2.
    Edit subnet window
    Subnet purpose Leave as Default.
    Name Leave as default.
    IPv4
    IPv4 address range Select 10.1.0.0/16.
    Starting address Enter 10.1.1.0.
    Size Enter /24 (256 addresses).
  9. Select Save then Review + create > Create.

Create a network group with Azure Policy

In this step, you create a network group containing your virtual networks using Azure policy.

  1. From the Home page, select Resource groups and browse to the resource-group resource group, and select the vnm-1 Virtual Network Manager instance.

  2. Under Settings, select Network groups. Then select Create.

  3. On the Create a network group pane, enter the following information:

    Setting Value
    Name Enter network-group.
    Description (Optional) Provide a description about this network group.
    Member type Select Virtual network.
  4. Select Create.

  5. Select network-group and choose Create Azure Policy.

  6. In Create Azure Policy, enter or select the following information:

    Setting Value
    Policy name Enter azure-policy.
    Scope Select Select Scope and choose your subscription, if not already selected.
  7. Under Criteria, enter a conditional statement to define the network group membership. Enter or select the following information:

    Setting Value
    Parameter Select Name from the dropdown menu.
    Operator Select Contains from the dropdown menu.
    Condition Enter -spoke-.

    Screenshot of create Azure Policy window defining a conditional statement for network group membership. ```

  8. Select Preview Resources to see the resources included in the network group, and select Close.

  9. Select Save to create the policy.

Create a routing configuration and rule collection

In this step, you define the UDRs for the network group by creating a routing configuration and rule collection with routing rules.

  1. Return the vnm-1 Virtual Network Manager instance and Configurations under Settings.

  2. Select + Create or Create routing configuration.

  3. In Create a routing configuration, enter or select the following information:

    Setting Value
    Name Enter routing-configuration.
    Description (Optional) Provide a description about this routing configuration.
  4. Select Rule collections tab or Next: Rule collections >.

  5. In Rule collections, select + Add.

  6. In Add a rule collection, enter, or select the following information:

    Setting Value
    Name Enter rule-collection-1.
    Description (Optional) Provide a description about this rule collection.
    Enable BGP route propagation Leave unchecked.
    Target network groups select network-group.
  7. Under Routing rules, select + add.

  8. In Add a routing rule, enter, or select the following information:

    Setting Value
    Name Enter rr-spoke.
    Destination
    Destination type Select IP address.
    Destination IP addresses/CIDR ranges Enter 0.0.0.0/0.
    Next hop
    Next hop type Select Virtual network.
  9. Select Add and **Add to save the routing rule collection.

  10. Select Review + create and then Create to create the routing configuration.

Deploy the routing configuration

In this step, you deploy the routing configuration to create the UDRs for the network group.

  1. On the Configurations page, select the checkbox for routing-configuration and choose Deploy from the taskbar.

  2. In Deploy a configuration , select, or enter the routing-configuration

    Setting Value
    Configurations
    Include user defined routing configurations in your goal state Select checkbox.
    User defined routing configurations Select routing-configuration.
    Region
    Target regions Select (US) West US 2.
  3. Select Next and then Deploy to deploy the routing configuration.

Note

When you create and deploy a routing configuration, you need to be aware of the impact of existing routing rules. For more information, see Impacts of user-defined routes.

Next steps