Configuring gRPC for the Junos Telemetry Interface
Starting with Junos OS Release 16.1R3 on MX Series routers and PTX3000 and PTX5000 routers, you can stream telemetry data for various network elements through gRPC, an open source framework for handling remote procedure calls based on TCP. The Junos Telemetry Interface relies on a so-called push model to deliver data asynchronously, which eliminates polling. For all Juniper devices that run a version of Junos OS with upgraded FreeBSD kernel, you must install the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions. For Juniper Network devices that run other all other versions of the Junos OS, this functionality is embedded in the Junos OS software. For more information about installing the Junos Network Agent package, see Installing the Network Agent Package.
The Junos Telemetry Interface and gRPC streaming are supported on QFX10000 and QFX5200 switches, and PTX1000 routers starting with Junos OS Release 17.2R1.
The Junos Telemetry Interface and gRPC streaming are supported on QFX5110, EX4600, and EX9200 switches starting with Junos OS Release 17.3R1.
Before you begin:
Install Junos OS Release 16.1R3 or later on your Juniper Networks device.
If your Juniper Networks device is running a version of Junos OS with an upgraded FreeBSD kernel, install the Junos Network Agent software package.
Install the OpenConfig for Junos module. For more information see, Installing the OpenConfig Package.
To configure your system for gRPC services:
- Specify the API connection setting either as unsecured
or as based on Secure Socket Layer (SSL) technology. You can specify
only one type of connection.
For example, to set the API connection as unsecured:
For example, to set the API connection based on a SSL:
For an SSL-based connection, you must specify a local-certificate name or you can rely on the default IP address (::) to enable Junos to “listen” for all IPv4 and IPv6 addresses on incoming connections. If you would rather specify an IP address, follow stp b. below.
- Specify a local certificate-name. The certificate can
be any user-defined value from the certificate configuration (not
shown here). The certificate name should used in thisexample is jsd_certificate:user@host# set ssl local-certificate jsd_certificate
Enter the name of a certificate you have configured with the local certificate-name statement at the [edit security certificates] hierarchy level.
- (Optional) Specify an IP address to listen to for incoming
connections. for example,
192.0.2.0:[edit system services extension-service request-response grpc]user@host# set ssl ip-address 192.0.2.0
If you do not specify an IP address, the default address of :: is used to listen for incoming connections.
- Specify a local certificate-name. The certificate can be any user-defined value from the certificate configuration (not shown here). The certificate name should used in thisexample is jsd_certificate:
- Specify port 32767 for accepting incoming connections
Port 32767 is the required port for gRPC streaming for both unsecured and SSL-based connections.[edit system services extension-service request-response grpc]user@host# set ssl port 32767