2.3. VNet Connectivity and Routing
How does a packet in Spoke-A reach a VM in Spoke-B through your hub firewall? Connecting VNets and controlling traffic flow is where networking gets interesting—and where many exam questions live.
đź’ˇ First Principle: Azure routes traffic automatically, but those automatic routes may not match your requirements. User-defined routes (UDRs) let you override defaults, but you must understand what you're overriding.
What breaks without proper routing: Traffic takes unintended paths. Firewalls get bypassed. Hub-spoke architectures don't transit correctly. VPN tunnels can't reach spoke VNets.
Think of routing like highway systems. Azure provides default roads (system routes), but sometimes you need to redirect traffic through checkpoints (firewalls) or alternate routes (UDRs). Unlike real highways, you can't see Azure's default routes without checking—so many misconfigurations stem from assuming instead of verifying.
