Propagating custom route table to the Default Route table is not covered

[maurojasmsft]

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform (and AzureRM Provider) Version

• Terraform Core version: [fill in]
• AzureRM Provider version: [fill in] Terraform v1.8.0 on windows_386
• provider registry.terraform.io/hashicorp/azurerm v3.113.0

Affected Resource(s)/Data Source(s)

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,

resource "azurerm_virtual_hub_connection" "eus2_vnet_connection_red2spoke" {
  name                      = "eus2_vnet_connection_red2spoke"
  virtual_hub_id            = azurerm_virtual_hub.eus-vhub.id
  remote_virtual_network_id = azurerm_virtual_network.redspoke2_vnet.id
  routing {
   associated_route_table_id = azurerm_virtual_hub_route_table.RT_NVA_Firewall.id   
   }
}

resource "azurerm_virtual_hub_route_table" "RT_NVA_Firewall" {
  name           = "RT_NVA_Firewall"
  virtual_hub_id = azurerm_virtual_hub.eus-vhub.id
  labels         = []

  route {
  name              = "red-spokes"
  destinations_type = "CIDR"
  destinations      = ["10.83.0.0/16"]
  next_hop          = azurerm_firewall.customer.id
}

  route {
  name              = "to-blue-spokes"
  destinations_type = "CIDR"
  destinations      = ["10.70.0.0/16"]
  next_hop          = azurerm_firewall.customer.id
}

  route {
  name              = "to-branch"
  destinations_type = "CIDR"
  destinations      = ["10.214.0.0/16"]
  next_hop          = azurerm_firewall.customer.id
}
}

# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Description / Feedback

A common practice in vWAN is to propagate a custom route table to the default route table. Every Virtual Hub has a default route table where branches connect. The TF documentation has no guidance on how to accomplish this. There is no azurerm_virtual_hub.eus-vhub.default_route_table_id. Also, creating a Route table "default" could bring unknown behaviors.

This would be a good place to do so

routing {
   associated_route_table_id = azurerm_virtual_hub_route_table.RT_NVA_Firewall.id   
   propagated_route_table {
     ###This would be where you would propagate to Default Route table, or none.
   }
   }
 }

References

[neil-yechenwei]

Thanks for raising this issue. Seems this feature has been supported by TF. See more details from https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub_connection#propagated_route_table.

[maurojasmsft]

It is indeed, but it doesn't tell you how to propagate to the default route table, which is an object that exists by default