ExpressRoute CrossConnnections API 开发和集成ExpressRoute CrossConnnections API development and integration

ExpressRoute 合作伙伴可以通过 ExpressRoute 合作伙伴资源管理器 API 管理客户 ExpressRoute 线路的第 2 层和第 3 层配置。The ExpressRoute Partner Resource Manager API allows ExpressRoute partners to manage the layer-2 and layer-3 configuration of customer ExpressRoute circuits. ExpressRoute 合作伙伴资源管理器 API 引入了新的资源类型 expressRouteCrossConnectionsThe ExpressRoute Partner Resource Manager API introduces a new resource type, expressRouteCrossConnections. 合作伙伴可以使用此资源来管理客户 ExpressRoute 线路。Partners use this resource to manage customer ExpressRoute circuits.

工作流Workflow

expressRouteCrossConnections 资源是 ExpressRoute 线路的影子资源。The expressRouteCrossConnections resource is a shadow resource to the ExpressRoute circuit. 当 Azure 客户创建 ExpressRoute 线路并选择特定的 ExpressRoute 合作伙伴时,Microsoft 将在合作伙伴的 Azure ExpressRoute 管理订阅中创建 expressRouteCrossConnections 资源。When an Azure customer creates an ExpressRoute circuit and selects a specific ExpressRoute partner, Microsoft creates an expressRouteCrossConnections resource in the partner's Azure ExpressRoute management subscription. 在此过程中,Microsoft 将定义一个可在其中创建 expressRouteCrossConnections 资源的资源组。In doing so, Microsoft defines a resource group to create the expressRouteCrossConnections resource in. 资源组的命名标准是 *CrossConnection- PeeringLocation*;其中,PeeringLocation 表示 ExpressRoute 位置。The naming standard for the resource group is *CrossConnection- PeeringLocation*; where PeeringLocation = the ExpressRoute Location. 例如,如果客户在丹佛创建了一条 ExpressRoute 线路,则会在合作伙伴的 Azure 订阅的以下资源组中创建 CrossConnection:CrossConnnection-Denver.For example, if a customer creates an ExpressRoute circuit in Denver, the CrossConnection will be created in the partner's Azure subscription in the following resource group: CrossConnnection-Denver.

ExpressRoute 合作伙伴通过针对 expressRouteCrossConnections 资源发出 REST 操作来管理第 2 层和第 3 层配置。ExpressRoute partners manage layer-2 and layer-3 configuration by issuing REST operations against the expressRouteCrossConnections resource.

优点Benefits

移到 expressRouteCrossConnections 资源的好处:Benefits of moving to the expressRouteCrossConnections resource:

  • 将来面向 ExpressRoute 合作伙伴的任何增强功能将在 ExpressRouteCrossConnection 资源中提供。Any future enhancements for ExpressRoute partners will be made available on the ExpressRouteCrossConnection resource.

  • 合作伙伴可将基于角色的访问控制应用于 expressRouteCrossConnection 资源。Partners can apply Role-Based Access Control to the expressRouteCrossConnection resource. 这些控制可以定义有关哪些用户帐户可以修改 expressRouteCrossConnection 资源以及添加/更新/删除对等互连配置的权限。These controls can define permissions for which users accounts can modify the expressRouteCrossConnection resource and add/update/delete peering configurations.

  • expressRouteCrossConnection 资源公开一些有助于排查 ExpressRoute 连接问题的 API。The expressRouteCrossConnection resource exposes APIs that can be helpful in troubleshooting ExpressRoute connections. 这包括 ARP 表、BGP 路由表摘要和 BGP 路由表详细信息。This includes ARP table, BGP Route Table Summary, and BGP Route Table details. 经典部署 API 不支持此功能。This capability is not supported by classic deployment APIs.

  • 合作伙伴还可以使用 RouteFilter 资源在 Microsoft 对等互连中查找广告社区。Partners can also look up the advertised communities on Microsoft peering by using the RouteFilter resource.

API 开发和集成步骤API development and integration steps

若要针对合作伙伴 API 进行开发,ExpressRoute 合作伙伴可以利用测试客户和测试合作伙伴设置。To develop against the Partner API, ExpressRoute partners leverage a test customer and test partner setup. 测试客户设置用于在映射到虚拟设备和端口的测试对等互连位置中创建 ExpressRoute 线路。The test customer setup will be used to create ExpressRoute circuits in test peering locations that map to dummy devices and ports. 测试伙伴设置用于管理在测试对等互连位置中创建的 ExpressRoute 线路。The test partner setup is used to manage the ExpressRoute circuits created in the test peering location.

1.登记订阅1. Enlist subscriptions

若要请求测试合作伙伴和测试客户设置,请将两个即用即付 Azure 订阅登记到 ExpressRoute 工程联系人:To request the test partner and test customer setup, enlist two Pay-As-You-Go Azure subscriptions to your ExpressRoute engineering contact:

  • ExpressRoute_API_Dev_Provider_Sub: 此订阅用于管理在测试对等互连位置的虚拟设备和端口上创建的 ExpressRoute 线路。ExpressRoute_API_Dev_Provider_Sub: This subscription will be used to manage ExpressRoute circuits created in test peering locations on dummy devices and ports.

  • ExpressRoute_API_Dev_Customer_Sub: 此订阅用于在映射到虚拟设备和端口的测试对等互连位置中创建 ExpressRoute 线路。ExpressRoute_API_Dev_Customer_Sub: This subscription will be used to create ExpressRoute circuits in test peering locations that map to dummy devices and ports.

测试对等互连位置:默认情况下,不会向生产客户公开虚拟设备和端口。The test peering locations: dummy devices and ports are not exposed to production customers by default. 若要创建映射到测试设置的 ExpressRoute 线路,需要启用订阅功能标志。In order to create ExpressRoute circuits that map to the test setup, a subscription feature flag needs to be enabled.

2.注册 Dev_Provider 订阅以访问 expressRouteCrossConnections API2. Register the Dev_Provider subscription to access the expressRouteCrossConnections API

若要访问 expressRouteCrossConnections API,需要在 Microsoft.Network 资源提供程序中注册合作伙伴订阅。In order to access the expressRouteCrossConnections API, the partner subscription needs to be enrolled in the Microsoft.Network Resource Provider. 遵循 Azure 资源提供程序和类型一文中的步骤完成注册过程。Follow the steps in the Azure resource providers and types article to complete the registration process.

3.设置 Azure 资源管理器 REST API 调用的身份验证3. Set up authentication for Azure Resource Manager REST API calls

大多数 Azure 服务要求客户端代码在调用服务 API 之前,使用有效的凭据对资源管理器进行身份验证。Most Azure services require client code to authenticate with Resource Manager, using valid credentials, prior to calling service APIs. 身份验证由 Azure AD 在各种执行组件之间进行协调,并为客户端提供一个访问令牌,作为身份验证的证据。Authentication is coordinated between the various actors by Azure AD and provides the client with an access token as proof of authentication.

身份验证过程涉及到两个主要步骤:The authentication process involves two main steps:

  1. 注册客户端Register the client.
  2. 创建访问请求Create the access request.

4.为网络参与者提供对客户端应用程序的权限4. Provide Network Contributor permission to the client application

成功配置身份验证后,需要在 Dev_Provider_Sub 下向网络参与者授予对客户端应用程序的访问权限。Once authentication has been successfully configured, you need to grant Network Contributor access to your client application, under the Dev_Provider_Sub. 若要授予权限,请登录到 Azure 门户并完成以下步骤:To grant permission, sign in to the Azure portal and complete the following steps:

  1. 导航到“订阅”并选择“Dev_Provider_Sub”Navigate to Subscriptions and select the Dev_Provider_Sub
  2. 导航到“访问控制(IAM)”Navigate to Access Control (IAM)
  3. 添加角色分配Add Role Assignment
  4. 选择“网络参与者角色”Select the Network Contributor Role
  5. 向 Azure AD 用户、组或服务主体分配访问权限Assign Access to Azure AD User, Group, or Service Principal
  6. 选择客户端应用程序Select your client application
  7. 保存更改Save changes

5.开发5. Develop

针对 expressRouteCrossConnections API 进行开发。Develop against the expressRouteCrossConnections API.

REST APIREST API

如需 REST API 文档,请参阅 ExpressRoute CrossConnections REST APISee ExpressRoute CrossConnections REST API for REST API documentation.

后续步骤Next steps

有关所有 ExpressRoute REST API 的详细信息,请参阅 ExpressRoute REST APIFor more information on all ExpressRoute REST APIs, see ExpressRoute REST APIs.