Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Example: Configure a gRPC Tunnel


This section covers the steps needed to configure the target for this example. The focus is on the target because that is the Junos device where the gRPC tunnel configuration is housed.


This example uses the following software and hardware components:

  • Junos OS or Junos Evolved Release 22.4 or later for routing and switching devices

  • One target device running Junos

  • One host device as the tunnel client

  • One host device as the tunnel server


Host device H0, will act as the tunnel server.

Host device H1, will act as the tunnel client or collector from which the connection to the target is to be established for different target types. In certain cases, this function can be selfcontained within the tunnel server.

The target and H0 is connected with at least one direct WAN connection.

Figure 1 shows the topology used in this example.

Figure 1: gRPC tunnel setup gRPC tunnel setup

Post completion of the registration process, the tunnel client requests a tunnel session towards a specific target. After the request is made, the tunnel server requests a new session from the target through the same Register RPC. If the target supports the requested target type, the device will dial-out a new Tunnel stream. This establishes a gRPC tunnel between the tunnel client and the target through the tunnel server. Once the session is established, the tunnel client can access the desired TCP server applications on the target.

Configure a gRPC tunnel

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

Follow these steps to configure the gRPC tunnel in the target device.

  1. Configure the servers under gRPC-tunnel.

    1. Configure the tunnel server name. You can configure a maximum of 10 tunnel servers.

    2. Set the dial-to IPv4/IPv6 address or hostname of the tunnel server.

    3. Set the port number the tunnel server listens to.

    4. Configure the credentials using the tls statement.

    5. Specify the target applications you want to access. The options available are ssh, netconf-ssh and gnmi-gnoi.

  2. (Optionally) Set the retry-interval (in seconds). If the tunnel-server is unreachable, the target device will retry to connect after the retry-interval.

  3. (Optionally) Configure the target-string-option under grpc-tunnel.

    1. Use the pattern statement to create an ordered list of supported options.

    2. Use the custom-string statement to define a custom string that is sent when the statement pattern contains custom as one of the options.

    3. Use the delimiter statement when more than one option is selected in the pattern. By default, the | (pipe symbol) is used.


Display the results of the configuration on the target device. The output reflects only the functional configuration added in this example.