Hub Spoke network configuration - "Route Missing" when routing from spoke to spoke via hub as gateway

Question

I am trying to setup a new hub-spoke network architecture for my application. I am using Azure Virtual Network Manager to configure these networks. I currently have 3 'spoke' network groups ("Shared", "Test", and "Admin"). I have the hub network set as a dedicated "Transit" network which has a VPN gateway configured. In AVNM I have all my groups set to allow inner communication as well as using the hub as a gateway.

This configuration is deployed to my 2 regions I care about (Central US where my Admin and Shared network lives, and WestUS3 where my other networks live). The only security configuration I have deployed is one to Always Allow All traffic while I have been troubleshooting. In troubleshooting, I have been focusing on a VM in my Admin network communicating with an AKS Cluster private endpoint living in one of my "Test" networks. When running a connectivity test, I am able to lookup DNS correctly, but am timing out trying to reach the destination (showing "Route Missing")

When investigating the NIC associated with my VM, I am not seeing any routes containing a range that would include 10.22.0.4, so this makes sense, but why are these routes not being created? I do not have any UDR either.

Investigating the VNets in question, I see that the peering looks to be setup correctly by AVNM.
When looking at my transit network (admin peering):

And transit network (aks network peering):

Admin network (transit network peering):

AKS Network (Transit network peering):

All settings seem to be correct to me. Any direction would be super helpful.

Thank you

Answer 1

Hi @Travis Howard

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

I'm glad you were able to resolve your issue. Regarding your specific question, we understand that you prefer not to manage route tables manually and would like Azure Virtual Network Manager to handle this for you.

Please double-check in AVNM that your shared, Test, and Admin network groups have connectivity set to connected and use hub as a gateway enabled. This ensures AVNM recognizes the desired topology. The likely issue is that your transit hub's route table is missing routes to your spoke networks.

AVNM does not automatically populate the hub route table with spoke prefixes when using hub as a gateway. You need to manually add these routes to the hub's route table. The next hop for these routes in the hub's route table should be Virtual Network Gateway.

After making changes to the hub's route table or gateway associations, redeploy or update your AVNM configuration to ensure the changes are propagated correctly.

Or else, try to create a new routing configuration. Within the routing configuration, create rule collections for each spoke network group (Shared, Test, and Admin).

 In each rule collection, add a routing rule with the following settings:

• Destination: 0.0.0.0/0 (to cover all traffic outside the spoke's address space)
• Next Hop Type: Virtual network
• Next Hop: Your hub's "Transit" virtual network

After creating the routing configuration and rules, deploy the configuration to the regions where your virtual networks are located (Central US and WestUS3). This step applies the configuration and activates the routing changes, ensuring that traffic is directed as intended. 

For your reference: https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-user-defined-route
https://learn.microsoft.com/en-us/azure/virtual-network-manager/how-to-create-hub-and-spoke

---

I hope this has been helpful!

Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered.

Thank you for helping to improve Microsoft Q&A!