Route

Initialization

Confirm Endpoint

Before configuring the endpoint for SDK usage, please refer to the developer guide section on Route Service Domains to understand endpoint-related concepts. Baidu AI Cloud currently supports multiple regions. Please refer to Region Selection Guide.

Currently supported regions are: "North China-Beijing," "South China-Guangzhou," "East China-Suzhou," "Hong Kong," "Central Finance-Wuhan," and "North China-Baoding." Corresponding details:

Retrieve access key

To use Baidu AI Cloud's route feature, users need an AK (Access Key ID) and SK (Secret Access Key) for signature authentication. These keys are system-assigned strings used to identify users and verify signatures.

Your AK/SK information can be obtained and understood through the following steps:

Register a Baidu AI Cloud account

Create AK/SK

Create route client

The route client serves as the interface for route services, offering various methods for developers to interact with the services.

Create a new route client with AK/SK

Users can refer to the following code to create a new route client to access route with AK/SK:

1import (
2	"github.com/baidubce/bce-sdk-go/services/vpc"
3)
4func main() {
5 // User’s Access Key ID and Secret Access Key
6	ACCESS_KEY_ID, SECRET_ACCESS_KEY := <your-access-key-id>, <your-secret-access-key>
7 // User-specified Endpoint
8	ENDPOINT := <domain-name>
9 // Initialize a route client
10	routeClient, err := vpc.NewClient(AK, SK, ENDPOINT)
11}

In the code above, ACCESS_KEY_ID corresponds to “Access Key ID” in the console. SECRET_ACCESS_KEY corresponds to “Access Key Secret” in the console. Refer to the Guide - How to Retrieve AKSK. The third parameter ENDPOINT is a user-specified domain name. If left empty, the default domain name will be used as the VPC service address.

Note:The endpoint parameter must be defined with the domain name of the specified region. For example, if the service is located in Beijing, the endpoint will be bcc.bj.baidubce.com.

Create a route client with STS

Request STS Token

Route allows temporary third-party access authorization through the STS mechanism. STS (Security Token Service) is a temporary authorization service provided by Baidu AI Cloud. Using STS, you can issue access credentials with customized validity periods and permissions for third-party users. These users can use the credentials to directly call Baidu AI Cloud APIs or SDKs for accessing cloud resources.

To access a route via STS, users must first obtain a certification string through the STS client.

Create route client with STS Token

After acquiring the STS token, configure it in the route client to enable STS token-based client creation.

Code example

The GO SDK implements the STS service API. Below is a complete example for requesting an STS token and creating an route client object:

1import (
2	"fmt"
3 "github.com/baidubce/bce-sdk-go/auth"                    //Import the authentication module
4 "github.com/baidubce/bce-sdk-go/services/vpc" //Import VPC service module
5 "github.com/baidubce/bce-sdk-go/services/sts"            //Import the Baige service module
6)
7func main() {
8 //Create a Client object for the STS service, using the default Endpoint
9	AK, SK := <your-access-key-id>, <your-secret-access-key>
10	stsClient, err := sts.NewClient(AK, SK)
11	if err != nil {
12		fmt.Println("create sts client object :", err)
13		return
14	}
15 //Obtain a temporary authentication token with a validity period of 60 seconds and an empty ACL
16	stsObj, err := stsClient.GetSessionToken(60, "")
17	if err != nil {
18		fmt.Println("get session token failed:", err)
19		return
20    }
21	fmt.Println("GetSessionToken result:")
22	fmt.Println("  accessKeyId:", stsObj.AccessKeyId)
23	fmt.Println("  secretAccessKey:", stsObj.SecretAccessKey)
24	fmt.Println("  sessionToken:", stsObj.SessionToken)
25	fmt.Println("  createTime:", stsObj.CreateTime)
26	fmt.Println("  expiration:", stsObj.Expiration)
27	fmt.Println("  userId:", stsObj.UserId)
28 //Create a route client object using the requested temporary STS, with the default endpoint
29	routeClient, err := vpc.NewClient(stsObj.AccessKeyId, stsObj.SecretAccessKey, "bcc.bj.baidubce.com")
30	if err != nil {
31		fmt.Println("create route client failed:", err)
32		return
33	}
34	stsCredential, err := auth.NewSessionBceCredentials(
35		stsObj.AccessKeyId,
36		stsObj.SecretAccessKey,
37		stsObj.SessionToken)
38	if err != nil {
39		fmt.Println("create sts credential object failed:", err)
40		return
41	}
42	routeClient.Config.Credentials = stsCredential
43}

Note: Currently, when configuring a route client with STS, regardless of where the corresponding route service endpoint is located, the STS endpoint must be set to http://sts.bj.baidubce.com. This default is utilized when creating an STS object in the above code.

Configure HTTPS protocol access route

Route supports the HTTPS transport protocol. To use HTTPS to access route services with the Route Go SDK, specify HTTPS in the endpoint when creating the route client object.

1// import "github.com/baidubce/bce-sdk-go/services/vpc"
2 ENDPOINT := ""https://bcc.bj.baidubce.com" // Specify the use of HTTPS protocol
3AK, SK := <your-access-key-id>, <your-secret-access-key>
4routeClient, _ := vpc.NewClient(AK, SK, ENDPOINT)

Configure route client

If users need to configure specific parameters for the route client, they can customize the configuration using the exported Config field of the route client object after its creation. This allows for configuring parameters such as proxy and maximum number of connections for the client.

Use a proxy

The following code snippet enables the client to access route service using a proxy:

1// import "github.com/baidubce/bce-sdk-go/services/vpc"
2 // Create a route client object
3AK, SK := <your-access-key-id>, <your-secret-access-key>
4ENDPOINT := "bcc.bj.baidubce.com"
5client, _ := vpc.NewClient(AK, SK, ENDPOINT)
6 // Use the local port 8080 for the proxy
7client.Config.ProxyUrl = "127.0.0.1:8080"

Set network parameters

Users can configure network parameters using the following example code:

1// import "github.com/baidubce/bce-sdk-go/services/vpc"
2AK, SK := <your-access-key-id>, <your-secret-access-key>
3ENDPOINT := "bcc.bj.baidubce.com"
4client, _ := bcc.NewClient(AK, SK, ENDPOINT)
5 // Configure to not retry, default: Back Off retry
6client.Config.Retry = bce.NewNoRetryPolicy()
7 // Configure connection timeout to 30 seconds
8client.Config.ConnectionTimeoutInMillis = 30 * 1000

Configure options for generating signature strings

1// import "github.com/baidubce/bce-sdk-go/services/vpc"
2AK, SK := <your-access-key-id>, <your-secret-access-key>
3ENDPOINT := "bcc.bj.baidubce.com"
4client, _ := bcc.NewClient(AK, SK, ENDPOINT)
5 // Configure the HTTP request header Host for signing
6headersToSign := map[string]struct{}{"Host": struct{}{}}
7client.Config.SignOption.HeadersToSign = HeadersToSign
8 // Configure the validity period of the signature to 30 seconds
9client.Config.SignOption.ExpireSeconds = 30

Parameter description

When using the GO SDK to access route, the Config field of the created route client object supports the following parameters, as shown in the table below:

Description:

1. The Credentials is created using the auth.NewBceCredentials and auth.NewSessionBceCredentials functions. The former is used by default, while the latter is used for STS certification. For details, refer to Create a Route Client with STS.
2. The SignOption field represents options when generating a signature string, as detailed in the table below:

1 Among configuration options, HeadersToSign defaults to `Host`, `Content-Type`, `Content-Length` and `Content-MD5`; TimeStamp is typically set to zero, indicating that the timestamp at the time of generating the certification string shall be used, and users generally shall not explicitly specify the value for this field; ExpireSeconds defaults to 1,800 seconds or 30 minutes.

3. The Retry field specifies the retry policy, currently supporting two types: NoRetryPolicy and BackOffRetryPolicy. By default, the latter is used. This retry policy specifies the maximum number of retries, the maximum retry duration, and the retry base. Retries increase exponentially based on the retry base multiplied by 2 until the maximum number of retries or the maximum retry duration is reached.

Route table management

A route table is a list that manages ingress entries on a router.

Query route table

Use the following code to query route table information

Function declaration

1func (c *Client) GetRouteTableDetail(routeTableId, vpcId string) (*GetRouteTableResult, error)

Parameter meaning

Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/jjwvyuh0v

Response value

Operation succeeded:

1{
2"routeTableId": "rt-q1zg3i8mx8p6",
3"vpcId": "vpc-56rj0s4ha42a",
4"routeRules": [
5    {
6        "routeTableId": "rt-q1zg3i8mx8p6",
7        "description": "",
8        "nexthopId": "vpn-snx074964j9d",
9        "destinationAddress": "10.0.0.1/32",
10        "sourceAddress": "192.168.0.0/20",
11        "routeRuleId": "rr-dvq3cxpghw5e",
12        "nexthopType": "vpn"
13    },
14    {
15        "routeTableId": "rt-q1zg3i8mx8p6",
16        "description": "",
17        "nexthopId": "",
18        "destinationAddress": "192.168.0.0/20",
19        "sourceAddress": "0.0.0.0/0",
20        "routeRuleId": "",
21        "nexthopType": "sys"
22    },
23    {
24        "routeTableId": "rt-q1zg3i8mx8p6",
25        "description": "",
26        "nexthopId": "",
27        "destinationAddress": "192.168.0.0/20",
28        "sourceAddress": "0.0.0.0/0",
29        "routeRuleId": "",
30        "nexthopType": "sys"
31    }
32  ]
33}

Operation failed:

Return error. Refer to the error code list at: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7

Code example

For specific code examples, refer to example_get_route_table_detail.go

Note:

• Request parameters routeTableId and vpcId cannot both be empty
• This API can be used to query all relevant routing rule lists

Create route rules

Use the code below to create routing rules.

Function declaration

1func (c *Client) CreateRouteRule(args *CreateRouteRuleArgs) (*CreateRouteRuleResult, error)

Parameter meaning

Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/Ljwvyugpl

Response value

Operation succeeded:

1{"routeRuleId": "rr-dup3cxpebi5e"}

Operation failed:

Return error. Refer to the error code list at: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7

Code example

For specific code examples, refer to example_create_route_rule.go

Note:

• When selecting a custom source network segment, the custom segment must fall within the range of existing subnets, excluding 0.0.0.0/0;
• The destination segment must not overlap with the current VPC CIDR (except when either is 0.0.0.0/0);
• The source and destination network segments of a new route entry must not duplicate those of any existing entries in the route table.
• Currently three types of next hop are supported: The BCC type is "custom"; the VPN type is "vpn"; and the NAT type is "nat"

Delete route rules

Use the code below to delete specific routing rules.

Function declaration

1func (c *Client) DeleteRouteRule(routeRuleId, clientToken string) error

Operation succeeded:

1{}

Operation failed:

Return error. Refer to the error code list at: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7

Code example

For specific code examples, refer to example_delete_route_rule.go

Update route rules

Use the code below to update routing rules.

Function declaration

1func (c *Client) SwitchRoute(routeRuleId, clientToken string) error

Parameter meaning

Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/Bl6c4kpb4

Response value

Operation succeeded:

1{}

Operation failed:

Return error. Refer to the error code list at: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7

Code example

For specific code examples, refer to example_update_route_rule.go

Query routing rules

Use the code below to query routing rules.

Function declaration

1func (c *Client) GetRouteRuleDetail(args *GetRouteRuleArgs) (*GetRouteRuleResult, error)

Parameter meaning

Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/Dl6xal44j

Response value

Operation succeeded:

1{
2"nextMarker": "rr-rbn5yyz6rtn8",
3"marker": "rr-y43tr5disam1",
4"maxKeys": 1000,
5"isTruncated": true,
6"routeRules": [{
7		"routeTableId": "rt-q1zg3i8mx8p6",
8		"description": "",
9		"nexthopId": "vpn-snx074964j9d",
10		"destinationAddress": "10.0.0.1/32",
11		"sourceAddress": "192.168.0.0/20",
12		"routeRuleId": "rr-dvq3cxpghw5e",
13		"nexthopType": "vpn"
14	},
15	{
16		"routeTableId": "rt-q1zg3i8mx8p6",
17		"description": "",
18		"nexthopId": "",
19		"destinationAddress": "192.168.0.0/20",
20		"sourceAddress": "0.0.0.0/0",
21		"routeRuleId": "rt-2e9fi8chbxvh",
22		"nexthopType": "sys"
23	},
24	{
25		"routeTableId": "rt-q1zg3i8mx8p6",
26		"description": "",
27		"nexthopId": "",
28		"destinationAddress": "192.168.0.0/20",
29		"sourceAddress": "0.0.0.0/0",
30		"routeRuleId": "rr-rbn5yyz6rtn8",
31		"nexthopType": "sys"
32	}
33]
34}

Operation failed:

Return error. Refer to the error code list at: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7

Code example

For specific code examples, please refer to: example_list_route_rules.go

Primary-standby switch

Function declaration

1func (c *Client) SwitchRoute(routeRuleId, clientToken string) error

Parameter meaning

Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/VPC/s/xlalxb0tr

Response value

Operation succeeded:

1{}

Operation failed:

Return error. Refer to the error code list at: https://cloud.baidu.com/doc/VPC/s/sjwvyuhe7

Code example

For specific code examples, refer to example_switchroute.go