Understanding Azure Routing Architecture – Part 2

Posted on May 20, 2024

The diagram presents a high-level overview of an Azure Routing Architecture. This architecture facilitates secure communication between on-premises networks and Azure Virtual Networks (VNets). Below is a detailed explanation of each component and their interactions:

Components:

  1. On-Premises Network:
    • Internal Network: The internal network within an organization, comprising various network resources such as servers, workstations, and other networked devices.
    • On-Prem Router: A router located on-premises that handles routing within the internal network and directs traffic to external destinations, including Azure.
  2. VPN Gateway:
    • A VPN Gateway establishes a secure, encrypted tunnel between the on-premises network and the Azure VNet. It ensures data integrity and confidentiality during transit over the public internet.
  3. Azure VNet:
    • Azure Router: An Azure Router manages the routing of network traffic within the Azure VNet. It directs incoming traffic from the VPN Gateway to the appropriate subnet within the VNet.
    • Subnets: Azure VNets are segmented into subnets (e.g., Subnet 1 and Subnet 2). Each subnet can host different Azure resources such as virtual machines, databases, and applications.
  4. Effective Routes:
    • Effective Routes represent the routing table within the Azure VNet. It combines user-defined routes, system routes, and BGP routes (if applicable) to determine the optimal path for network traffic within the VNet.

Data Flow:

  1. On-Premises to Azure:
    • Traffic originates from the internal network and is routed through the On-Prem Router.
    • The On-Prem Router forwards the traffic to the VPN Gateway.
    • The VPN Gateway encrypts the traffic and establishes a secure tunnel to the Azure VNet.
  2. Within Azure:
    • The encrypted traffic arrives at the Azure Router within the Azure VNet.
    • The Azure Router evaluates the destination and routes the traffic to the appropriate subnet (Subnet 1 or Subnet 2).
    • The Effective Routes table determines the best path for the traffic based on predefined routing rules and configurations.
  3. Subnet Communication:
    • Traffic within the Azure VNet can move between subnets as directed by the Azure Router.
    • The Effective Routes ensure efficient and secure communication between resources located in different subnets.

Security and Efficiency:

  • VPN Gateway Encryption: Ensures that data transmitted between the on-premises network and Azure VNet is encrypted and secure.
  • Azure Router Management: Centralizes routing decisions within the Azure VNet, improving network efficiency and management.
  • Effective Routes Optimization: Combines various routing rules to provide the most efficient path for network traffic, reducing latency and enhancing performance.

This architecture ensures a robust, secure, and efficient connection between on-premises infrastructure and Azure services, enabling seamless integration and management of resources across hybrid environments.