Hi Barany Mok,

Thanks for your question on the Microsoft Q&A portal !.

It sounds like you're working with a virtual WAN setup and you're looking to link a virtual hub to one of the user-defined routing (UDR) tables in your vNET_A. Here's how you can approach this.

In a Virtual WAN (vWAN) architecture, when a virtual network connection is established between a vHub and a vNET (e.g., vNET_A), the routing behavior is managed centrally by the vHub router. However, User-Defined Routes (UDRs) within vNET_A are applied at the subnet level, not directly to the peering itself.

Why the UDR Link Seems Unclear

• The effective route in the vHub shows the next hop as the virtual connection to vNET_A, but it doesn’t reflect which subnet or UDR table is being used.
• That’s because UDRs are enforced within the vNET, not in the vHub. The vHub simply forwards traffic to the vNET, and the subnet’s UDR table takes over from there.

How to Link Peering to a Specific UDR

To ensure traffic from the vHub follows a specific UDR in vNET_A:

1. Assign the desired UDR table to the target subnet in vNET_A.
2. Ensure that the VM or resource in that subnet is the intended recipient of traffic.
3. The vHub will route traffic to vNET_A, and the subnet’s UDR will determine the next hop (e.g., a virtual router VM).

BGP Peering Between vHub and VM (Virtual Router)

To establish BGP peering between the vHub and a VM (acting as a virtual router) in vNET_A:

Requirements you need to have.

• The VM must support BGP and be configured with a different ASN than the vHub.
• The virtual network connection to vNET_A must be:
  • Associated with the default route table
    • Propagating to the default route table (custom route tables are not supported for BGP peering at this time)

Please find the below Steps:

1. Deploy the VM (NVA or router) in the subnet with the correct UDR.
2. Configure BGP on the VM with a unique ASN.
3. Ensure the VM’s IP is reachable from the vHub.
4. Set up BGP peering in the vHub configuration, pointing to the VM’s IP.

Note: BGP peering is only supported with IPs assigned to VM interfaces—not loopbacks.

If you need more information about BGP Peering please go through with this link - About BGP peering with a virtual hub - Azure Virtual WAN | Microsoft Learn

Thanks,

Pranitha

Hello @Barany Mok ,

Thank you for reaching out to the support team.

My understanding of the Scenario

• You have a Virtual WAN (vWAN) hub connected to vNET_A.
• vNET_A has three subnets, each with its own User-Defined Route (UDR) table.
• The hub-to-VNet connection shows as fully synchronized, and the effective routes in the hub list vNET_A’s subnets with the next hop as the virtual connection.
• You want to:
  1. Link the hub connection to a specific UDR in vNET_A.
     1. Establish BGP peering between the hub and a VM acting as a virtual router in one of those subnets.

Key Clarification

• UDRs in vNET_A do not influence the vWAN hub. They only apply to traffic inside vNET_A (e.g., from a subnet to an NVA or Internet). The hub uses its own Route Tables for traffic control.

How to Control Routing in vWAN

If you want to influence routing at the hub level:

1. Create a custom Route Table in the vWAN hub.
2. Associate the hub-to-vNET_A connection with that Route Table.
3. Propagate routes from other connections as needed.

Portal Steps:

• Go to Virtual WAN → Hubs → [Your Hub] → Route Tables.
• Create or select a custom Route Table.
• Under Associations, add the vNET_A connection.

CLI Example:

Shell

Create a custom hub route table

az network vhub route-table create \

--resource-group MyRG \

--vhub-name MyHub \

--name custom-rt

Associate vNET_A connection to the custom route table

az network vhub route-table connection create \

--resource-group MyRG \

--vhub-name MyHub \

--route-table-name custom-rt \

--name assoc-vnetA \

--vnet-connection-id /subscriptions/.../virtualNetworkConnections/vnetA-conn

BGP Peering with a VM (Virtual Router)

• Deploy your VM (NVA) in a subnet of vNET_A.
• Configure BGP on the VM with a unique ASN.
• In the vWAN hub:
  • Navigate to BGP Peers.
    • Add the VM’s IP and ASN.
• The hub will establish BGP sessions with the VM, allowing dynamic route exchange.

Important:

• BGP peering works only with the Default hub Route Table for now.
• Ensure the hub-to-VNet connection for the NVA’s VNet is associated with Default.

Summary

• You cannot link a hub connection to a spoke UDR; UDRs remain local to the spoke.
• Use hub Route Tables for centralized control.
• For dynamic routing, configure BGP peering between the hub and your VM. Understanding the Scenario
  • You have a Virtual WAN (vWAN) hub connected to vNET_A.
    • vNET_A has three subnets, each with its own User-Defined Route (UDR) table.
      • The hub-to-VNet connection shows as fully synchronized, and the effective routes in the hub list vNET_A’s subnets with the next hop as the virtual connection.
        • You want to:

          1. Link the hub connection to a specific UDR in vNET_A.
          
                1. Establish **BGP peering** between the hub and a VM acting as a virtual router in one of those subnets.
          

  Key Clarification
  • UDRs in vNET_A do not influence the vWAN hub.
    They only apply to traffic inside vNET_A (e.g., from a subnet to an NVA or Internet).
    The hub uses its own Route Tables for traffic control.
  How to Control Routing in vWAN If you want to influence routing at the hub level:
  1. Create a custom Route Table in the vWAN hub.
     1. Associate the hub-to-vNET_A connection with that Route Table.
        1. Propagate routes from other connections as needed.
  Portal Steps:
  • Go to Virtual WAN → Hubs → [Your Hub] → Route Tables.
    • Create or select a custom Route Table.
      • Under Associations, add the vNET_A connection.
  CLI Example: Shell # Create a custom hub route table az network vhub route-table create \ --resource-group MyRG \ --vhub-name MyHub \ --name custom-rt # Associate vNET_A connection to the custom route table az network vhub route-table connection create \ --resource-group MyRG \ --vhub-name MyHub \ --route-table-name custom-rt \ --name assoc-vnetA \ --vnet-connection-id /subscriptions/.../virtualNetworkConnections/vnetA-conn BGP Peering with a VM (Virtual Router)
  • Deploy your VM (NVA) in a subnet of vNET_A.
    • Configure BGP on the VM with a unique ASN.
      • In the vWAN hub:

        - Navigate to **BGP Peers**.
        
              - Add the VM’s IP and ASN.
        
                 - The hub will establish BGP sessions with the VM, allowing dynamic route exchange.
        

  Important:
  • BGP peering works only with the Default hub Route Table for now.
    • Ensure the hub-to-VNet connection for the NVA’s VNet is associated with Default.
  Summary
  • You cannot link a hub connection to a spoke UDR; UDRs remain local to the spoke.
  • Use hub Route Tables for centralized control.
  • For dynamic routing, configure BGP peering between the hub and your VM.
  I hope this helps, please accept the answer if it is helpful or let me know for any follow-up questions.