hello!
I try to setup custom NVA (simple router with application specific functions) for my azure VNET.
My network:
internet <->subnet 1 with NIC1(NVA) <-> subnet 2 with NIC2 (NVA) and VM
I wish to filter in NVA VM traffic to/from internet.
As far as i understand i can use UDR to route outgoing traffic from VM to internet via NVA (and also i set forwarding flag on NVA NICs).. this step work ...
But after that i have problem . my simple NVA just forward packet from one interface to another (its simple router) - > so packet from NIC2 (with src IP of VM, and dst IP of internet service) forwarded to NIC1 and send to subnet 1 with original src IP (with src IP of VM, and dst IP of internet service)... and i cant see any answer from internet service.
So I have questions:
- can i create working solution for my case (when NVA not using NAT)
- can somebody tell me why my traffic drop somewhere and i can not see anwer in VM (i understand that traffic must not go thru my NVA, but why i can not see answer?)
- has Azure roadmap any plan to support source-based routing policy (as linux have) in UDR ?