gNMI

Overview

The gRPC Network Management Interface (gNMI) is a protocol for network management based on remote procedure calls (gRPC). It is used to get and subscribe to network device data.

Dial-in

Our implementation of gNMI dial-in allows the Virtual Service Router to export the state data to a gNMI collector for telemetry purposes.

The gNMI dial-in service allows external gNMI collectors to connect to the Virtual Service Router and retrieve or subscribe to the Virtual Service Router state data.

This service can be enabled globally or per VRF and L3VRF.

To configure gNMI dial-in in main VRF, do:

vsr running config# / vrf main gnmi dial-in port 9339
vsr running config# / vrf main gnmi dial-in address ::
vsr running config# / vrf main gnmi dial-in log-level error

The same configuration can be made using this NETCONF XML configuration:

vsr> show config xml absolute / vrf main gnmi dial-in
<config xmlns="urn:6wind:vrouter">
  <vrf>
    <name>main</name>
    <gnmi xmlns="urn:6wind:vrouter/system/gnmi">
      <dial-in>
        <enabled>true</enabled>
        <address>::</address>
        <port>9339</port>
        <log-level>error</log-level>
      </dial-in>
    </gnmi>
  </vrf>
</config>

To display the gNMI dial-in state:

vsr> show state / vrf main gnmi dial-in
dial-in
    enabled true
    address ::
    port 9339
    log-level error
    tls
        enabled false
        ..
    ..

To enabled TLS:

vsr running config# / vrf main gnmi dial-in tls certificate gnmi-certificate private-key gnmi-certificate

Note

The certificates names comes from previously configured X.509 certificates.

To use mTLS, you need to configure a trusted ca-certificate: If you want to force client authentication, set the require-mtls option to true.

vsr running config# / vrf main gnmi dial-in tls ca-certificate gnmi-ca-certificate
vsr running config# / vrf main gnmi dial-in tls require-mtls true

To use username / password authentication:

Note

The password is set with its hashed value in this example. But it can be set by hand using the CLI password prompt.

vsr running config# / vrf main gnmi dial-in auth username gnmi-user
vsr running config# / vrf main gnmi dial-in auth password $6$472E9CY/eTip5mJC$Q/2P/UCun/IZsV/edP/ZYMXFdO.P8p6QYhrevcCgVeTTWeLJtNznFk0loWJ2VRPJFYQMnEQ4b.2REYlxkvTqg0

See also

The certificates documentation for more details about TLS certificates management.