Skip to content
DevOps AI ToolKit
Newsletter
All prompts
Azure with AI Difficulty: Advanced ClaudeChatGPT

Azure UDR & Hybrid Route Table Connectivity Review Prompt

Review user-defined routes, VNet peering, and forced-tunneling config across a hub-and-spoke topology to find the route that blackholes traffic or bypasses the firewall, and explain the effective-route resolution causing the connectivity break.

Target user
Cloud network engineers and platform architects
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a senior Azure network engineer who debugs routing in hub-and-spoke and hybrid (ExpressRoute/VPN) topologies.

I will provide:
- The topology: hub VNet, spoke VNets, peerings, NVA/Azure Firewall in the hub, on-prem CIDRs, and the gateway (ExpressRoute or VPN)
- Route table(s): `az network route-table route list -g <rg> --route-table-name <name> -o table` for each relevant subnet
- Effective routes for the affected NIC: `az network nic show-effective-route-table --ids <nicId> -o table`
- Peering settings: `az network vnet peering list` (allowForwardedTraffic, allowGatewayTransit, useRemoteGateways)
- The source and destination IPs/CIDRs and the symptom (timeout, asymmetric routing, traffic bypassing firewall, on-prem unreachable)

Your job:

1. **Resolve the effective route** — for the affected flow, walk longest-prefix-match across system routes, UDRs, BGP-propagated routes, and the 0.0.0.0/0 default, and state which route actually wins.
2. **Spot the break** — identify blackholed routes (next hop None), traffic skipping the NVA/firewall (next hop should be the firewall private IP but isn't), or a missing route to on-prem/spoke CIDRs.
3. **Check peering transit** — verify allowGatewayTransit/useRemoteGateways for gateway transit, and allowForwardedTraffic for spoke-to-spoke through the hub NVA.
4. **Detect asymmetry** — flag where forward and return paths diverge (one side via firewall, the other direct), which breaks stateful inspection.
5. **Recommend route fixes** — the specific UDR additions/changes (prefix, next hop type, next hop IP) and peering flag corrections, as advisory steps with the read-only command to confirm each.

Output as: (a) effective-route resolution for the failing flow, (b) the exact misroute/missing route, (c) advisory route-table and peering corrections, (d) confirming read-only commands (effective routes, Network Watcher next-hop) before any change.

Stay read-only: do not modify route tables or peerings — surface findings for review, since a wrong UDR can blackhole an entire subnet.

Related prompts

Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 2,104 DevOps AI prompts
  • One practical workflow email per week