ExpressRoute CrossConnnections API 开发和集成
通过 ExpressRoute 合作伙伴资源管理器 API,ExpressRoute 合作伙伴可以管理客户 ExpressRoute 线路的第 2 层和第 3 层配置。 ExpressRoute 合作伙伴资源管理器 API 引入了新的资源类型 expressRouteCrossConnections。 合作伙伴使用此资源来管理客户 ExpressRoute 线路。
工作流
expressRouteCrossConnections 资源是 ExpressRoute 线路的影子资源。 当 Azure 客户创建 ExpressRoute 线路并选择特定的 ExpressRoute 合作伙伴时,Azure 将在合作伙伴的 Azure ExpressRoute 管理订阅中创建 expressRouteCrossConnections 资源。 在此过程中,Azure 将定义一个可在其中创建 expressRouteCrossConnections 资源的资源组。 资源组的命名标准是 CrossConnection-PeeringLocation,其中 PeeringLocation = ExpressRoute 位置。 例如,如果客户在丹佛创建了 ExpressRoute 线路,则将在以下资源组的合作伙伴的 Azure 订阅中创建 CrossConnection:CrossConnnection-Denver。
ExpressRoute 合作伙伴通过针对 expressRouteCrossConnections 资源发出 REST 操作来管理第 2 层和第 3 层配置。
好处
移动到 expressRouteCrossConnections 资源的好处:
对于 ExpressRoute 合作伙伴,将来任何增强功能都将在 ExpressRouteCrossConnection 资源上提供。
合作伙伴可以将 Azure 基于角色的访问控制 (Azure RBAC) 应用到expressRouteCrossConnection 资源。 这些控制可以定义有关哪些用户帐户可以修改 expressRouteCrossConnection 资源以及添加/更新/删除对等互连配置的权限。
expressRouteCrossConnection 资源公开了有助于对 ExpressRoute 连接进行故障排除的 API。 其中包括 ARP 表、BGP 路由表摘要和 BGP 路由表详细信息。 经典部署 API 不支持此功能。
合作伙伴还可使用 RouteFilter 资源在 Microsoft 对等互连上查找播发的社区。
API 开发和集成步骤
为了针对合作伙伴 API 进行开发,ExpressRoute 合作伙伴可利用测试客户和测试合作伙伴设置。 测试客户设置将用于在映射到虚拟设备和端口的测试对等互连位置中创建 ExpressRoute 线路。 测试合作伙伴设置用于管理在测试对等互连位置中创建的 ExpressRoute 线路。
1. 登记订阅
若要请求测试合作伙伴和测试客户设置,请将两个标准预付费套餐 Azure 订阅登记到 ExpressRoute 工程联系人:
ExpressRoute_API_Provider_Sub:此订阅将用于管理对等互连位置中创建的生产 ExpressRoute 线路。
ExpressRoute_API_Dev_Provider_Sub: 此订阅将用于管理虚拟设备和端口上测试对等互连位置中创建的 ExpressRoute 线路。
ExpressRoute_API_Dev_Customer_Sub: 此订阅将用于在映射到虚拟设备和端口的测试对等互连位置中创建 ExpressRoute 线路。
测试对等互连位置:默认情况下,不向生产客户公开虚拟设备和端口。 若要创建映射到测试设置的 ExpressRoute 线路,需要启用订阅功能标志。
2. 注册 Dev_Provider 订阅以访问 expressRouteCrossConnections API
为了访问 expressRouteCrossConnections API,需要在 Microsoft.Network 资源提供程序中注册合作伙伴订阅。 请遵循 Azure 资源提供程序和类型一文中的步骤完成注册过程。
3. 为 Azure 资源管理器 REST API 调用设置身份验证
在调用服务 API 之前,大多数 Azure 服务都要求客户端代码使用有效凭据通过资源管理器进行身份验证。 身份验证由 Microsoft Entra ID 在各个操作者之间进行协调,并为客户端提供访问令牌作为身份验证的证明。
身份验证过程涉及两个主要步骤:
4. 向客户端应用程序提供网络参与者权限
成功配置身份验证后,需要在 Dev_Provider_Sub 下向网络参与者授予对客户端应用程序的访问权限。 若要授予权限,请登录到 Azure 门户 并完成以下步骤:
- 导航到“订阅”,选择“Dev_Provider_Sub”
- 导航到“访问控制(IAM)”
- 添加角色分配
- 选择网络参与者角色
- 向 Microsoft Entra 用户、组或服务主体分配访问权限
- 选择你的客户端应用程序
- 保存更改
5. 开发
针对 expressRouteCrossConnections API 进行开发。
连接管理工作流
从目标客户收到 ExpressRoute 服务密钥后,请按照以下工作流和示例 API 操作来配置 ExpressRoute 连接:
- 列出 expressRouteCrossConnection: 若要管理 ExpressRoute 连接,需要标识目标 expressRouteCrossConnection 资源的“名称”和“资源组” 。 expressRouteCrossConnection 的名称是客户的 ExpressRoute 线路的目标服务密钥。 若要查找 ResourceGroupName,需要列出提供程序订阅中的所有 expressRouteCrossConnection,并搜索目标服务密钥的结果。 在此处,可以记录 ResourceGroupName,并形成 GET expressRouteCrossConnection API 调用。
GET /subscriptions/<ProviderManagementSubscription>/providers/Microsoft.Network/expressRouteCrossConnections?api-version=2018-02-01 HTTP/1.1
Host: management.chinacloudapi.cn
Authorization: Bearer eyJ0eXAiOiJKV...
User-Agent: ARMClient/1.2.0.0
Accept: application/json
x-ms-request-id: f484de7d-6c19-412f-a5eb-e5c9dd247d3c
---------- Response (601 ms) ------------
HTTP/1.1 200 OK
Pragma: no-cache
x-ms-request-id: 620ec7bf-4fd1-446f-96e9-97fbae16722f
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache
Server: Microsoft-HTTPAPI/2.0; Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-reads: 14999
x-ms-correlation-request-id: 6e484d0b-2f2e-4cef-9e18-87a9b7441bc4
x-ms-routing-request-id: chinanorth:20180501T192531Z:6e484d0b-2f2e-4cef-9e18-87a9b7441bc4
X-Content-Type-Options: nosniff
Date: Tue, 01 May 2018 19:25:31 GMT
{
"value": [
{
"name": "24e6ea2b-6940-4bec-b0b3-3a9e5471e512",
"id": "/subscriptions/<ProviderManagementSubscription>/resourceGroups/CrossConnection-EUAPTest/providers/Microsoft.Network/expressRouteCrossConnections/24e6ea2b-6940-4bec-b0b3-3a9e5471e512",
"etag": "W/\"19fa7ada-5189-4817-a9d6-499b02e379cc\"",
"type": "Microsoft.Network/expressRouteCrossConnections",
"location": "chinaeast2euap",
"properties": {
"provisioningState": "Succeeded",
"expressRouteCircuit": {
"id": "/subscriptions/<TargetCustomerSubscription>/resourceGroups/Karthikcrossconnectiontest/providers/Microsoft.Network/expressRouteCircuits/TestCircuit2"
},
"peeringLocation": "EUAP Test",
"bandwidthInMbps": 200,
"serviceProviderProvisioningState": "Provisioned",
"peerings": []
}
},
{
"name": "9ee700ad-50b2-4b98-a63a-4e52f855ac24",
"id": "/subscriptions/8030cec9-2c0c-4361-9949-1655c6e4b0fa/resourceGroups/CrossConnection-EUAPTest/providers/Microsoft.Network/expressRouteCrossConnections/<ProviderManagementSubscription>",
"etag": "W/\"f07a267f-4a5c-4538-83e5-de1fcb183801\"",
"type": "Microsoft.Network/expressRouteCrossConnections",
"location": "chinaeast2euap",
"properties": {
"provisioningState": "Succeeded",
"expressRouteCircuit": {
"id": "/subscriptions/<ProviderManagementSubscription>/resourceGroups/Karthikcrossconnectiontest/providers/Microsoft.Network/expressRouteCircuits/TestCircuitXYZ"
},
"peeringLocation": "EUAP Test",
"bandwidthInMbps": 200,
"serviceProviderProvisioningState": "NotProvisioned",
"peerings": []
}
}
]
}
- GET expressRouteCrossConnection: 标识目标 expressRouteCrossConnection 资源的 Name 和 ResourceGroupName 后,需要执行 GET expressRouteCrossConnection API 调用 。
GET /subscriptions/<ProviderManagementSubscription>/resourceGroups/CrossConnection-EUAPTest/providers/Microsoft.Network/expressRouteCrossConnections/9ee700ad-50b2-4b98-a63a-4e52f855ac24?api-version=2018-02-01 HTTP/1.1
Host: management.chinacloudapi.cn
Authorization: Bearer eyJ0eXAiOiJKV...
User-Agent: ARMClient/1.2.0.0
Accept: application/json
x-ms-request-id: d17924c4-f977-4c82-b933-d66c5fa334dd
---------- Response (3317 ms) ------------
HTTP/1.1 200 OK
Pragma: no-cache
x-ms-request-id: 41621c90-2e59-4220-9a32-3b29b1198bf5
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache
Server: Microsoft-HTTPAPI/2.0; Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-reads: 14999
x-ms-correlation-request-id: 85e08ce4-5a8f-4fe4-a434-e3fddef250d4
x-ms-routing-request-id: chinanorth:20180501T193230Z:85e08ce4-5a8f-4fe4-a434-e3fddef250d4
X-Content-Type-Options: nosniff
Date: Tue, 01 May 2018 19:32:29 GMT
{
"name": "9ee700ad-50b2-4b98-a63a-4e52f855ac24",
"id": "/subscriptions/<ProviderManagementSubscription>/resourceGroups/CrossConnection-EUAPTest/providers/Microsoft.Network/expressRouteCrossConnections/9ee700ad-50b2-4b98-a63a-4e52f855ac24",
"etag": "W/\"f07a267f-4a5c-4538-83e5-de1fcb183801\"",
"type": "Microsoft.Network/expressRouteCrossConnections",
"location": "chinaeast2euap",
"properties": {
"provisioningState": "Succeeded",
"expressRouteCircuit": {
"id": "/subscriptions/<TargetCustomerSubscription>/resourceGroups/Karthikcrossconnectiontest/providers/Microsoft.Network/expressRouteCircuits/TestCircuitXYZ"
},
"peeringLocation": "EUAP Test",
"bandwidthInMbps": 200,
"serviceProviderProvisioningState": "NotProvisioned",
"primaryAzurePort": "EUAP-ARMTEST-06GMR-CIS-1-PRI-A",
"secondaryAzurePort": "EUAP-ARMTEST-06GMR-CIS-2-SEC-A",
"sTag": 3,
"peerings": []
}
}
- PUT expressRouteCrossConnection: 预配第 2 层连接后,将 ServiceProviderProvisioningState 更新为“已预配”。 此时,客户可以配置 Azure 或专用对等互连,并创建从 ExpressRoute 线路到客户订阅中部署的虚拟网络网关的连接。
PUT /subscriptions/<ProviderManagementSubscription>/resourceGroups/CrossConnection-EUAPTest/providers/Microsoft.Network/expressRouteCrossConnections/9ee700ad-50b2-4b98-a63a-4e52f855ac24?api-version=2018-02-01 HTTP/1.1
Host: management.chinacloudapi.cn
Authorization: Bearer eyJ0eXAiOiJKV...
User-Agent: ARMClient/1.2.0.0
Accept: application/json
x-ms-request-id: d867c3c9-2acf-4c54-a0f0-d7ca50fc7b9b
{
"properties": {
"serviceProviderProvisioningState": "Provisioned",
"peeringLocation": "EUAP Test",
"expressRouteCircuit": {
"id": "/subscriptions/<ProviderManagementSubscription>/resourceGroups/Karthikcrossconnectiontest/providers/Microsoft.Network/expressRouteCircuits/TestCircuitXYZ"
},
"bandwidthInMbps": 200
},
"location": "China East 2 EUAP"
}
---------- Response (1740 ms) ------------
HTTP/1.1 200 OK
Pragma: no-cache
Retry-After: 10
x-ms-request-id: 0a8d458b-8fe3-44e6-89c9-1b156b946693
Azure-AsyncOperation: https://management.chinacloudapi.cn/subscriptions/8030cec9-2c0c-4361-9949-1655c6e4b0fa/providers/Microsoft.Network/locations/chinaeast2euap/operations/0a8d458b-8fe3-44e6-89c9-1b156b946693?api-version=2018-02-01
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache
Server: Microsoft-HTTPAPI/2.0; Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-writes: 1199
x-ms-correlation-request-id: d2d38c28-0dbe-4b40-8824-c74968c46b50
x-ms-routing-request-id: chinanorth:20180501T222105Z:d2d38c28-0dbe-4b40-8824-c74968c46b50
X-Content-Type-Options: nosniff
Date: Tue, 01 May 2018 22:21:04 GMT
{
"name": "9ee700ad-50b2-4b98-a63a-4e52f855ac24",
"id": "/subscriptions/<ProviderManagementSubscription>/resourceGroups/CrossConnection-EUAPTest/providers/Microsoft.Network/expressRouteCrossConnections/9ee700ad-50b2-4b98-a63a-4e52f855ac24",
"etag": "W/\"ecdcb1a4-873b-4dad-ae56-a4b17795a84a\"",
"type": "Microsoft.Network/expressRouteCrossConnections",
"location": "chinaeast2euap",
"properties": {
"provisioningState": "Updating",
"expressRouteCircuit": {
"id": "/subscriptions/<TargetCustomerSubscription>/resourceGroups/Karthikcrossconnectiontest/providers/Microsoft.Network/expressRouteCircuits/TestCircuitXYZ"
},
"peeringLocation": "EUAP Test",
"bandwidthInMbps": 200,
"serviceProviderProvisioningState": "Provisioned",
"primaryAzurePort": "",
"secondaryAzurePort": "",
"sTag": 0,
"peerings": []
}
}
C:\Users\kaanan\Documents\Expressroute\Partner APIs\ARMClient-master\ARMClient-master>armclient get https://management.chinacloudapi.cn/subscriptions/<ProviderManagementSubscription>/providers/Microsoft.Network/locations/chinaeast2euap/operations/0a8d458b-8fe3-44e6-89c9-1b156b946693?api-version=2018-02-01
{
"status": "Succeeded"
}
- (可选)要配置专用对等互连的 PUT expressRouteCrossConnection 如果管理第 3 层 BGP 连接,可以启用专用对等互连
PUT /subscriptions/<ProviderManagementSubscription>/resourceGroups/CrossConnection-EUAPTest/providers/Microsoft.Network/expressRouteCrossConnections/9ee700ad-50b2-4b98-a63a-4e52f855ac24/peerings/AzurePrivatePeering?api-version=2018-02-01 HTTP/1.1
Host: management.chinacloudapi.cn
Authorization: Bearer eyJ0eXAiOiJKV...
User-Agent: ARMClient/1.2.0.0
Accept: application/json
x-ms-request-id: 9c1413a5-6d27-4e87-b075-1fedb15d63a3
{
"properties": {
"peeringType": "AzurePrivatePeering",
"peerASN": 500,
"primaryPeerAddressPrefix": "10.0.0.0/30",
"secondaryPeerAddressPrefix": "10.0.0.4/30",
"sharedKey": "A1B2C3D4",
"vlanId": 200
},
"name": "AzurePrivatePeering"
}
---------- Response (2354 ms) ------------
HTTP/1.1 201 Created
Pragma: no-cache
Retry-After: 10
x-ms-request-id: 344eccc8-2958-4958-aa6f-3958f3fd5648
Azure-AsyncOperation: https://management.chinacloudapi.cn/subscriptions/<ProviderManagementSubscription>/providers/Microsoft.Network/locations/chinaeast2euap/operations/344eccc8-2958-4958-aa6f-3958f3fd5648?api-version=2018-02-01
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache
Server: Microsoft-HTTPAPI/2.0; Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-writes: 1199
x-ms-correlation-request-id: b5d08e36-339c-423a-ac2c-b6ec2063c8a6
x-ms-routing-request-id: chinanorth:20180501T194026Z:b5d08e36-339c-423a-ac2c-b6ec2063c8a6
X-Content-Type-Options: nosniff
Date: Tue, 01 May 2018 19:40:26 GMT
{
"name": "AzurePrivatePeering",
"id": "/subscriptions/<ProviderManagementSubscription>/resourceGroups/CrossConnection-EUAPTest/providers/Microsoft.Network/expressRouteCrossConnections/9ee700ad-50b2-4b98-a63a-4e52f855ac24/peerings/AzurePrivatePeering",
"properties": {
"provisioningState": "Updating",
"peeringType": "AzurePrivatePeering",
"azureASN": 0,
"peerASN": 500,
"primaryPeerAddressPrefix": "10.0.0.0/30",
"secondaryPeerAddressPrefix": "10.0.0.4/30",
"sharedKey": "A1B2C3D4",
"state": "Disabled",
"vlanId": 200,
"lastModifiedBy": ""
}
}
C:\Users\kaanan\Documents\Expressroute\Partner APIs\ARMClient-master\ARMClient-master>armclient get https://management.chinacloudapi.cn/subscriptions/<ProviderManagementSubscription>/providers/Microsoft.Network/locations/chinaeast2euap/operations/344eccc8-2958-4958-aa6f-3958f3fd5648?api-version=2018-02-01
{
"status": "Succeeded"
}
- (可选)运行 PUT expressRouteCrossConnection 以配置 Microsoft 对等互连:如果要管理第 3 层 BGP 连接,可以启用 Microsoft 对等互连
PUT /subscriptions/<ProviderManagementSubscription>/resourceGroups/CrossConnection-EUAPTest/providers/Microsoft.Network/expressRouteCrossConnections/9ee700ad-50b2-4b98-a63a-4e52f855ac24/peerings/MicrosoftPeering?api-version=2018-02-01 HTTP/1.1
Host: management.chinacloudapi.cn
Authorization: Bearer eyJ0eXAiOiJKV...
User-Agent: ARMClient/1.2.0.0
Accept: application/json
x-ms-request-id: af4527eb-7b68-4a50-b953-c0606524d8f3
{
"properties": {
"peeringType": "MicrosoftPeering",
"peerASN": 900,
"primaryPeerAddressPrefix": "123.0.0.0/30",
"secondaryPeerAddressPrefix": "123.0.0.4/30",
"vlanId": 300,
"microsoftPeeringConfig": {
"advertisedPublicPrefixes": [
"123.1.0.0/24"
],
"customerASN": 45,
"routingRegistryName": "ARIN"
}
},
"name": "MicrosoftPeering"
}
---------- Response (2530 ms) ------------
HTTP/1.1 201 Created
Pragma: no-cache
Retry-After: 10
x-ms-request-id: e3aa0bbd-4709-4092-a1f1-aa78080929d0
Azure-AsyncOperation: https://management.chinacloudapi.cn/subscriptions/8030cec9-2c0c-4361-9949-1655c6e4b0fa/providers/Microsoft.Network/locations/chinaeast2euap/operations/e3aa0bbd-4709-4092-a1f1-aa78080929d0?api-version=2018-02-01
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache
Server: Microsoft-HTTPAPI/2.0; Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-writes: 1199
x-ms-correlation-request-id: 8e26bc5d-f1cd-4305-a373-860aaf7bb694
x-ms-routing-request-id: chinanorth:20180501T213857Z:8e26bc5d-f1cd-4305-a373-860aaf7bb694
X-Content-Type-Options: nosniff
Date: Tue, 01 May 2018 21:38:56 GMT
{
"name": "MicrosoftPeering",
"id": "/subscriptions/<ProviderManagementSubscription>/resourceGroups/CrossConnection-EUAPTest/providers/Microsoft.Network/expressRouteCrossConnections/9ee700ad-50b2-4b98-a63a-4e52f855ac24/peerings/MicrosoftPeering",
"properties": {
"provisioningState": "Updating",
"peeringType": "MicrosoftPeering",
"azureASN": 0,
"peerASN": 900,
"primaryPeerAddressPrefix": "123.0.0.0/30",
"secondaryPeerAddressPrefix": "123.0.0.4/30",
"state": "Disabled",
"vlanId": 300,
"lastModifiedBy": "",
"microsoftPeeringConfig": {
"advertisedPublicPrefixes": [
"123.1.0.0/24"
],
"advertisedPublicPrefixesState": "NotConfigured",
"customerASN": 45,
"legacyMode": 0,
"routingRegistryName": "ARIN"
}
}
}
C:\Users\kaanan\Documents\Expressroute\Partner APIs\ARMClient-master\ARMClient-master>armclient get https://management.chinacloudapi.cn/subscriptions/<ProviderManagementSubscription>/providers/Microsoft.Network/locations/chinaeast2euap/operations/e3aa0bbd-4709-4092-a1f1-aa78080929d0?api-version=2018-02-01
{
"status": "Succeeded"
}
REST API
有关 REST API 文档,请参阅 ExpressRoute CrossConnections REST API。
后续步骤
有关所有 ExpressRoute REST API 的详细信息,请参阅 ExpressRoute REST API。