Azure Default Routes Explanation or what is the purpose of 100.64.0.0/10 IP range in Azure

%3CLINGO-SUB%20id%3D%22lingo-sub-93122%22%20slang%3D%22en-US%22%3EAzure%20Default%20Routes%20Explanation%20or%20what%20is%20the%20purpose%20of%20100.64.0.0%2F10%20IP%20range%20in%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-93122%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20simple%20question%20to%20Azure%20team.%20Is%20there%20any%20document%20which%20describes%20purpuse%20of%20each%20Azure%20default%20routes%3F%3C%2FP%3E%3CP%3EHow%20Azure%20uses%20%26nbsp%3B100.64.0.0%2F10%20IP%20range%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20playing%20with%20File%20Service%20and%20SAS%20tokens.%20I%20have%20created%20file%20servce%20and%20generated%20new%20SAS%20token%20with%20IP%20restriction.%20I%20restricted%20access%20to%20the%20single%20IP%2C%20which%20is%20public%20IP%20of%20the%20VM%20I%20deployed%20into%20the%20same%20subscription%20as%20this%20Files%20service.%20When%20I%20tried%20to%20access%20a%20file%20in%20this%20file%20service%20with%20provided%20URL%2C%20I%20got%20message%20access%20denied%20from%20the%20IP%20address.%20To%20my%20surprize%20the%20IP%20address%20which%20was%20listed%20in%20access%20denied%20message%20was%20not%20my%20public%20IP%20but%20%26nbsp%3B%3CSPAN%3E100.79.88.46.%20I%20fond%20that%20this%20IP%20belongs%20to%20the%20range%20of%20one%20of%20the%20Azure%20Default%20routs.%20(%7B100.64.0.0%2F10%7D%20Null%20Active%20Default%20)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20I%20go%20to%20this%20URL%20form%20VM%20in%20different%20subscription%20or%20from%20workstation%20I%20can%20see%20that%20my%20IP%20address%20is%20properly%20identified.%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-93122%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApp%20Services%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-333391%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Default%20Routes%20Explanation%20or%20what%20is%20the%20purpose%20of%20100.64.0.0%2F10%20IP%20range%20in%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-333391%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-network%2Fvirtual-networks-udr-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-network%2Fvirtual-networks-udr-overview%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc6598%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc6598%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EIt's%20a%20transition%20address%20space%20to%20handle%20multiple%20NAT%20addresses.%20Typically%20only%20used%20by%20carrier%20grade%20networks.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Visitor

I have simple question to Azure team. Is there any document which describes purpuse of each Azure default routes?

How Azure uses  100.64.0.0/10 IP range? 

 

I was playing with File Service and SAS tokens. I have created file servce and generated new SAS token with IP restriction. I restricted access to the single IP, which is public IP of the VM I deployed into the same subscription as this Files service. When I tried to access a file in this file service with provided URL, I got message access denied from the IP address. To my surprize the IP address which was listed in access denied message was not my public IP but  100.79.88.46. I fond that this IP belongs to the range of one of the Azure Default routs. ({100.64.0.0/10} Null Active Default )

If I go to this URL form VM in different subscription or from workstation I can see that my IP address is properly identified.

 

1 Reply
Highlighted