Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Control Routing Behavior #43

Open
abokov opened this issue Jul 2, 2021 · 0 comments
Open

Control Routing Behavior #43

abokov opened this issue Jul 2, 2021 · 0 comments
Labels
sdaa-linked
Milestone
Security Domain

Comments

@abokov
Copy link
Owner

abokov commented Jul 2, 2021

When you put a virtual machine on a virtual network, the VM can connect to any other VM on the same virtual network, even if the other VMs are on different subnets. This is possible because a collection of system routes enabled by default allows this type of communication. These default routes allow VMs on the same virtual network to initiate connections with each other, and with the internet (for outbound communications to the internet only).

Best Practices

  • Tune the default routing table entries in your virtual network. Although the default system routes are useful for many deployment scenarios, there are times when you want to customize the routing configuration for your deployments. You can configure the next-hop address to reach specific destinations.
  • Ensure that your services are not allowed to initiate a connection to devices on the Internet by enabling Forced tunneling, all connections to the internet are forced through your on-premises gateway. You can configure forced tunneling by taking advantage of UDRs (user defined routes).
@abokov abokov added this to the Security Domain milestone Jul 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
sdaa-linked
Projects
None yet
Milestone
Security Domain
Development

No branches or pull requests
1 participant
@abokov