Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Using gRPC Dial-Out for Secure Telemetry Collection

Understanding gRPC Dial-Out

Starting with Junos OS Release 20.2R1, JTI supports remote gRPC dial-out support on ACX Series routers, MX Series routers, PTX Series routers, and QFX Series switches. With gRPC dialout, the target device (server) initiates a gRPC session with the collector (client). When the session is established, the target streams the telemetry data that is specified by the sensor-group subscription to the collector. This is in contrast to the gRPC network management interface (gNMI) dial-in method, in which the collector initiates a connection to the target device.

gRPC dial-out simplifies streaming telemetry statistics. Configuring the target device to stream statistics and export them to a collector IP address removes the burden of access being placed on the collector (client). (see Figure 1).

Figure 1: gRPC Dial-Out with gRPC Dial-Out with

gRPC dial-out provides several benefits as compared to gRPC dial-in:

  • Reduces target device exposure to threats outside of their topology.

  • Simplifies access to a target device. The gRPC Dial-In method requires a collector to overcome a series of complex firewall configurations to gain access to the target device. gRPC Dial-Out does not.

  • Collectors can be stateless; without the need to initiate a session, they simply listen, subscribe, and store collected data.

  • Support mutual encryption for heightened security.

To enable export of statistics, include the export-profile and sensor statements at the [edit services analytics] hierarchy level. The export profile must include the reporting rate, the transport service (for example, gRPC), and the format (for example, gbp-gnmi). The sensor configuration should include the name of the collector (the server’s name), the name of the export profile, and the resource path. An example of a resource path is /interfaces/interface[name='fxp0'.

Starting with Junos OS Evolved Release 20.2R1, gRPC dialout is supported on PTX Series routers.

Release History Table
Release
Description
20.2R1
Starting with Junos OS Release 20.2R1, JTI supports remote gRPC dial-out support on ACX Series routers, MX Series routers, PTX Series routers, and QFX Series switches.
20.2R1
20.2R1
Starting with Junos OS Evolved Release 20.2R1, gRPC dialout is supported on PTX Series routers.