Blog Post

Azure Networking Blog
3 MIN READ

Announcing the general availability of Route-Maps for Azure virtual WAN.

Christopher-Fields's avatar
Christopher-Fields
Icon for Microsoft rankMicrosoft
Apr 15, 2025

We are excited to announce the general availability of Route-Maps for Azure virtual WAN.

Route-maps is a feature that gives you the ability to control route advertisements and routing for Virtual WAN virtual hubs. Route-maps lets you have more control of the routing that enters and leaves Azure Virtual WAN site-to-site (S2S) VPN connections, User VPN point-to-site (P2S) connections, ExpressRoute connections, and virtual network (VNet) connections.

Why use Route-maps?

  • Route-maps can be used to summarize routes when you have on-premises networks connected to Virtual WAN via ExpressRoute or VPN and are limited by the number of routes that can be advertised from/to virtual hub.
  • You can use Route-maps to control routes entering and leaving your Virtual WAN deployment among on-premises and virtual-networks.
  • You can control routing decisions in your Virtual WAN deployment by modifying a BGP attribute such as AS-PATH to make a route more, or less preferable. This is helpful when there are destination prefixes reachable via multiple paths and customers want to use AS-PATH to control best path selection.
  • You can easily tag routes using the BGP community attribute in order to manage routes.

What is a Route-map?

A Route-map is an ordered sequence of one or more rules that are applied to routes received or sent by the virtual hub. Each Route-map rule comprises of 3 sections: 

1. Match conditions

Route-maps allows you to match routes using Route-prefix, BGP community and AS-Path. These are the set of conditions that a processed route must meet in order to be considered as a match for the rule. Below are the supported match conditions. 

PropertyCriterionValue (example)Interpretation
Route-prefixequals10.1.0.0/16,10.2.0.0/16,10.3.0.0/16,10.4.0.0/16Matches these 4 routes only. Specific prefixes under these routes won't be matched.
Route-prefixcontains10.1.0.0/16,10.2.0.0/16, 192.168.16.0/24, 192.168.17.0/24Matches all the specified routes and all prefixes underneath. (Example 10.2.1.0/24 is underneath 10.2.0.0/16)
Communityequals65001:100,65001:200Community property of the route must have both the communities. Order isn't relevant.
Communitycontains65001:100,65001:200Community property of the route can have one or more of the specified communities.
AS-Pathequals65001,65002,65003AS-PATH of the routes must have ASNs listed in the specified order.
AS-Pathcontains65001,65002,65003AS-PATH in the routes can contain one or more of the ASNs listed. Order isn't relevant.

2. Actions to be performed

Route-Maps allows you to Drop or Modify routes. Below are the supported actions.

PropertyActionValueInterpretation
Route-prefixDrop10.3.0.0/8,10.4.0.0/8The routes specified in the rule are dropped.
Route-prefixReplace10.0.0.0/8,192.168.0.0/16Replace all the matched routes with the routes specified in the rule.
As-PathAdd64580,64581Prepend AS-PATH with the list of ASNs specified in the rule. These ASNs are applied in the same order for the matched routes.
As-PathReplace65004,65005AS-PATH will be set to this list in the same order, for every matched route. See key considerations for reserved AS numbers.
As-PathReplaceNo value specifiedRemove all ASNs in the AS-PATH in the matched routes.
CommunityAdd64580:300,64581:300Add all the listed communities to all the matched routes community attribute.
CommunityReplace64580:300,64581:300Replace community attribute for all the matched routes with the list provided.
CommunityReplaceNo value specifiedRemove community attribute from all the matched routes.
CommunityRemove65001:100,65001:200

Remove any of the listed communities that are present in the matched routes’ Community attribute.

 

3. Apply to a Connection

You can apply route-maps on each connection for the inbound, outbound, or both inbound and outbound directions.

Where can I find Route-maps?

Route-Maps can be found in the routing section of your virtual WAN hub.

 

 

 

 

 

 

 

 

 

 

 

 

How do I troubleshoot Route-maps?

The Route-Map Dashboard lets you views the routes for a connection. You can view the routes before or after a Route-Map is applied. 

 

Demo

 

Updated Apr 15, 2025
Version 1.0
azure networking
virtual wan

2 Comments

Sort By
  • TBohunek's avatar
    TBohunek
    Copper Contributor
    Apr 24, 2025

    Hi Chris! The feature itself is cool. I don't have vWAN myself, but I have questions to the implementation. :)

    1) Criterions: "10.10.6.0/24 contains 10.0.0.0/16". Wouldn't "contained in" be more logical? Similarly "a equals a b c" better would be "one of"?

    2) View applied-to: can I see what routemaps are applied to a connection, and which connections a routemap is applied to? I don't see that in the GUI, only count of connections per map.

    3a) In the Show summarized route, can you sort and filter? Doesn't look to be.
    3b) Debug: IMHO would be great to indicate which routes are native and which are result of a map, which upon click could show the original routes modified/replaced by that map.

    I feel like those would be features I'd want to have if I had a vWAN (I will, one day).