In this article, we’ll learn how to set up custom routing for Azure VMs deployed in the sandbox.

CloudShell 9.1 GA supports the creation of custom routes in Azure sandboxes, allowing you to force communication from any subnet(s) to go through any specific IP(s). For example, to have traffic go through a firewall or VPN connection.

To do this, you need to use a blueprint or custom setup script that will tell the Azure cloud provider resource to define the custom routing (using the resource’s CreateRouteTable hidden command).

First, open the script and add the following code:

{   "route_tables": [
        "name": "myRouteTable1"
        "subnets": ["subnetId1", "subnetId2"],
        "routes": [{
                        "name":                 "myRoute1",
                        "address_prefix":       "10.0.1.0/28" # cidr
                        "next_hop_type":        "VirtualAppliance"
                        "next_hop_address":     "10.0.1.15"
        }],
    ]
}

Next, let’s define the custom routing.

  • route_tables:
    • name: Provide a display name for the route table.
    • subnets: Specify a comma-separated list of the subnet IDs of the source VMs. This will affect all VMs that have a NIC in that subnet. Note that for VMs connected to more than one subnet, you will need to specify all connected subnets to ensure that all communication from such VMs use the custom routing.

    • routes: The route’s settings:

      • name: Provide a display name for the route.
      • address_prefix: Specify the target CIDR. Communication to an address in this CIDR will be diverted to our route.
      • next_hop_type: Specify “VirtualAppliance” as the value.
      • next_hop_address: The IP that the traffic will be directed to. For example, to connect VM 1 to VM 2 through VM 5, set VM 5 as the next_hop.

To set additional hops, duplicate the routes section and edit the next_hop_address. For example, setting the traffic to hop through 10.0.1.15 and then thrugh 10.23.1.25:

{   "route_tables": [
        "name": "myRouteTable1"
        "subnets": ["subnetId1", "subnetId2"],
        "routes": [{
                        "name":                 "myRoute1",
                        "address_prefix":       "10.0.1.0/28" # cidr
                        "next_hop_type":        "VirtualAppliance"
                        "next_hop_address":     "10.0.1.15"
        }],
        "name": "myRouteTable2"
        "subnets": ["subnetId3", "subnetId4"],
        "routes": [{
                        "name":                 "myRoute2",
                        "address_prefix":       "10.0.1.0/28" # cidr
                        "next_hop_type":        "VirtualAppliance"
                        "next_hop_address":     "10.23.1.25"
        }],
    ]
}

Add the script as a blueprint script to CloudShell and attach it to your blueprint. If this is a setup script, set the script’s Script Type to Setup to ensure that CloudShell will execute it automatically when a user reserves the blueprint. For additional information, see CloudShell help’s Configure Blueprint Orchestration.

Future sandboxes based on this blueprint will use the defined custom routing for Azure VMs in the specified IPs/subnets.