Streaming Telemetry Over Transport Layer Security

Overview

Transport Layer Security (TLS) is a cryptographic protocol that secures communication over networks by encrypting data exchanged between systems. TLS ensures confidentiality and integrity, which prevents unauthorized access and data tampering.

Streaming telemetry with TLS secures the real-time transmission of network monitoring data between gNMI Server (OcNOS Target) and gNMI Client (Collector). By encrypting telemetry streams, TLS prevents data interception, manipulation, and unauthorized access, ensuring that only trusted endpoints can exchange sensitive network performance metrics.

Feature Characteristics

To secure networks, configure and copy the TLS server, client, and CA certificates to the OcNOS device, following the telemetry certificate generation process. The session between the gNMI server and the gNMI client remains encrypted using TLS. The system validates connections with the certificates used by the server and client.

Insecure TLS: Allows users to enable an insecure option where client certificates are validated only if provided.

In OcNOS, streaming telemetry over TLS secures incoming packets for dial-in connections. TLS is not supported for dial-out mode subscriptions.

Benefits

Enhanced Security: Encrypts telemetry data in transit, preventing unauthorized access and data interception. TLS ensures confidentiality, integrity, and authentication, making sure only trusted endpoints exchange telemetry data.

Real-Time Secure Monitoring: Ensures telemetry insights are securely delivered to collectors without risk of interception.

Scalability: Supports high-frequency telemetry streams with minimal performance overhead.

Flexibility: Supports both secure (TLS-enabled) and insecure (optional) modes based on deployment needs.