TLS Configuration
This section outlines the sample configuration for streaming telemetry over TLS in dial-in subscription mode.
Prerequisites
Before configuring streaming telemetry with TLS, ensure the following:
| • | A supported OcNOS router running a compatible release. |
| • | Access to the management interface of the router. |
| • | Any gNMI client that complies with gNMI specifications can be used as a client. |
| • | Download and install the gNMI collector package by referring to the Streaming Telemetry section. |
| • | Generate the server and client certificates following the Certificate Management for OcNOS and gNMI process to enable secure communication. |
Topology
In the following topology (Figure 11), the gNMI Server (OcNOS Router) establishes a telemetry session with the gNMI Client (Collector). TLS encrypts the telemetry stream, ensuring secure, real-time monitoring of network performance data.
Before configuring, meet all Prerequisites.
| 1. | Enable TLS Connection |
Enable streaming telemetry in management VRF
Virtual Routing and Forwarding and TLS to encrypt and protect the data transmitted during dial-in sessions with the TLS port number 55545.
Copy
OcNOS(config)#feature streaming-telemetry vrf management
OcNOS(feature-telemetry-config)#tls tls-port 55545
OcNOS(feature-telemetry-config)#commit
OcNOS(feature-telemetry-config)#exit
OcNOS(config)#debug telemetry gnmi enable severity debug
OcNOS(config)#commitStreaming Telemetry Running Configuration
To verify the telemetry configuration and view the overall commands used for TLS configuration, use the show running-config streaming-telemetry command on the OcNOS router.
Copy
OcNOS#show running-config streaming-telemetry
!
feature streaming-telemetry vrf management
tls tls-port 55545
!
debug telemetry gnmi enable severity debug
!
!Validation
To verify the TLS connection status, check the TLS and insecure-tls fields in the show output. If the TLS field shows enabled, the TLS connection is active. If the insecure-tls field is marked as false, it confirms that it is a secure TLS connection.
Copy
OcNOS#show streaming-telemetry
Number of telemetry instances : 1 (management)
Platform type : High range
Maximum sensor-paths : 100
Minimum sample-interval : 10
Number of active sensor-paths : 6 (Dial-In : 6, Dial-out : 0)
SI : Sampling Interval in seconds
Enc-Type : Encoding type
Origin:Path : Sensor Path
1. Subscription Details (VRF-Name: management):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Port : 55545
TLS : Enabled
insecure-tls : False
Dial-In STREAM Mode Subscription Details:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ClientIP:Port ID SI Enc-Type Origin:Path
------------- ------ ---- -------- ------------
10.14.105.105:41982 22122 30 JSON ipi:/interfaces/interface[name="eth0"]/state
ipi:/interfaces/interface[name="eth0"]/state/counters
ipi:/interfaces/interface[name="xe8"]/state
ipi:/interfaces/interface[name="xe8"]/state/counters
ipi:/components/component[name="CPU"]/cpu/state
ipi:/components/component[name="HARD-DISK"]/storage/stategnmic Response
Below is a sample response illustrating how gnmic retrieves telemetry metrics.
Copy
./gnmic -a 10.16.179.113:55545 -u admin -p admin --mode STREAM --stream-mode sample --sample-interval 30s sub --path "ipi:/interfaces/interface[name=\"eth0\"]/state" --path "ipi:/interfaces/interface[name=\"xe8\"]/state" --path "ipi:/components/component[name=\"CPU\"]/cpu/state" --path "ipi:/components/component[name=\"HARD-DISK\"]/storage/state" --tls-cert ClientCert.pem --tls-key client.pem --tls-ca ca.pem --tls-server-name "OcNOS"
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333698145383105,
"time": "2025-03-18T21:34:58.145383105Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"eth0\"]/state",
"values": {
"interfaces/interface/state": {
"admin-status": "up",
"ifindex": 3,
"last-change": 9200,
"logical": false,
"oper-status": "up",
"vrf-name": "management"
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333698159202200,
"time": "2025-03-18T21:34:58.1592022Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"eth0\"]/state/counters",
"values": {
"interfaces/interface/state/counters": {
"in-broadcast-pkts": 0,
"in-discards": 0,
"in-errors": 0,
"in-multicast-pkts": 36404,
"in-octets": 3370900,
"in-pkts": 38518,
"in-unicast-pkts": 0,
"last-clear": "Never",
"out-broadcast-pkts": 0,
"out-discards": 0,
"out-errors": 0,
"out-multicast-pkts": 0,
"out-octets": 342580,
"out-pkts": 2555,
"out-unicast-pkts": 0
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333698166395384,
"time": "2025-03-18T21:34:58.166395384Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"xe8\"]/state",
"values": {
"interfaces/interface/state": {
"admin-status": "up",
"ifindex": 10009,
"last-change": 12700,
"logical": false,
"oper-status": "up"
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333698178179386,
"time": "2025-03-18T21:34:58.178179386Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"xe8\"]/state/counters",
"values": {
"interfaces/interface/state/counters": {
"in-broadcast-pkts": 0,
"in-discards": 0,
"in-errors": 0,
"in-fcs-errors": 0,
"in-multicast-pkts": 141,
"in-octets": 15582,
"in-pkts": 183,
"in-unicast-pkts": 42,
"last-clear": "Never",
"out-broadcast-pkts": 0,
"out-discards": 0,
"out-errors": 0,
"out-multicast-pkts": 1649,
"out-octets": 229334,
"out-pkts": 1700,
"out-unicast-pkts": 51
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333698250104789,
"time": "2025-03-18T21:34:58.250104789Z",
"updates": [
{
"Path": "ipi:components/component[name=\"CPU\"]/cpu/state",
"values": {
"components/component/cpu/state": {
"cpu-15min-load-percentage": 3.55,
"cpu-1min-load-percentage": 5.71,
"cpu-5min-load-percentage": 3.89,
"cpu-utilization": 6.35,
"cpu-utilization-alert": 90,
"cpu-utilization-critical": 80,
"processor-count": 8
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333698250711580,
"time": "2025-03-18T21:34:58.25071158Z",
"updates": [
{
"Path": "ipi:components/component[name=\"HARD-DISK\"]/storage/state",
"values": {
"components/component/storage/state": {
"head-count": 16,
"sector-count": 250000000,
"total-memory": 122070,
"unformatted-bytes-or-sector": 0,
"unformatted-bytes-or-track": 0
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333727146348463,
"time": "2025-03-18T21:35:27.146348463Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"eth0\"]/state",
"values": {
"interfaces/interface/state": {
"admin-status": "up",
"counters": {
"in-broadcast-pkts": 0,
"in-discards": 0,
"in-errors": 0,
"in-multicast-pkts": 36424,
"in-octets": 3372999,
"in-pkts": 38547,
"in-unicast-pkts": 0,
"last-clear": "Never",
"out-broadcast-pkts": 0,
"out-discards": 0,
"out-errors": 0,
"out-multicast-pkts": 0,
"out-octets": 345007,
"out-pkts": 2564,
"out-unicast-pkts": 0
},
"ifindex": 3,
"last-change": 9200,
"logical": false,
"oper-status": "up",
"vrf-name": "management"
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333727167695852,
"time": "2025-03-18T21:35:27.167695852Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"xe8\"]/state",
"values": {
"interfaces/interface/state": {
"admin-status": "up",
"counters": {
"in-broadcast-pkts": 0,
"in-discards": 0,
"in-errors": 0,
"in-fcs-errors": 0,
"in-multicast-pkts": 141,
"in-octets": 15582,
"in-pkts": 183,
"in-unicast-pkts": 42,
"last-clear": "Never",
"out-broadcast-pkts": 0,
"out-discards": 0,
"out-errors": 0,
"out-multicast-pkts": 1650,
"out-octets": 229475,
"out-pkts": 1701,
"out-unicast-pkts": 51
},
"ifindex": 10009,
"last-change": 12700,
"logical": false,
"oper-status": "up"
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333727251455652,
"time": "2025-03-18T21:35:27.251455652Z",
"updates": [
{
"Path": "ipi:components/component[name=\"CPU\"]/cpu/state",
"values": {
"components/component/cpu/state": {
"cpu-15min-load-percentage": 3.55,
"cpu-1min-load-percentage": 4.9,
"cpu-5min-load-percentage": 3.91,
"cpu-utilization": 2.57,
"cpu-utilization-alert": 90,
"cpu-utilization-critical": 80,
"processor-count": 8
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333727251935488,
"time": "2025-03-18T21:35:27.251935488Z",
"updates": [
{
"Path": "ipi:components/component[name=\"HARD-DISK\"]/storage/state",
"values": {
"components/component/storage/state": {
"head-count": 16,
"sector-count": 250000000,
"total-memory": 122070,
"unformatted-bytes-or-sector": 0,
"unformatted-bytes-or-track": 0
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333757147739862,
"time": "2025-03-18T21:35:57.147739862Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"eth0\"]/state",
"values": {
"interfaces/interface/state": {
"admin-status": "up",
"counters": {
"in-broadcast-pkts": 0,
"in-discards": 0,
"in-errors": 0,
"in-multicast-pkts": 36444,
"in-octets": 3375108,
"in-pkts": 38576,
"in-unicast-pkts": 0,
"last-clear": "Never",
"out-broadcast-pkts": 0,
"out-discards": 0,
"out-errors": 0,
"out-multicast-pkts": 0,
"out-octets": 347514,
"out-pkts": 2574,
"out-unicast-pkts": 0
},
"ifindex": 3,
"last-change": 9200,
"logical": false,
"oper-status": "up",
"vrf-name": "management"
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333757169646737,
"time": "2025-03-18T21:35:57.169646737Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"xe8\"]/state",
"values": {
"interfaces/interface/state": {
"admin-status": "up",
"counters": {
"in-broadcast-pkts": 0,
"in-discards": 0,
"in-errors": 0,
"in-fcs-errors": 0,
"in-multicast-pkts": 141,
"in-octets": 15582,
"in-pkts": 183,
"in-unicast-pkts": 42,
"last-clear": "Never",
"out-broadcast-pkts": 0,
"out-discards": 0,
"out-errors": 0,
"out-multicast-pkts": 1651,
"out-octets": 229616,
"out-pkts": 1702,
"out-unicast-pkts": 51
},
"ifindex": 10009,
"last-change": 12700,
"logical": false,
"oper-status": "up"
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333757252957426,
"time": "2025-03-18T21:35:57.252957426Z",
"updates": [
{
"Path": "ipi:components/component[name=\"CPU\"]/cpu/state",
"values": {
"components/component/cpu/state": {
"cpu-15min-load-percentage": 3.47,
"cpu-1min-load-percentage": 3.8,
"cpu-5min-load-percentage": 3.72,
"cpu-utilization": 2.03,
"cpu-utilization-alert": 90,
"cpu-utilization-critical": 80,
"processor-count": 8
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333757253488377,
"time": "2025-03-18T21:35:57.253488377Z",
"updates": [
{
"Path": "ipi:components/component[name=\"HARD-DISK\"]/storage/state",
"values": {
"components/component/storage/state": {
"head-count": 16,
"sector-count": 250000000,
"total-memory": 122070,
"unformatted-bytes-or-sector": 0,
"unformatted-bytes-or-track": 0
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333787148439365,
"time": "2025-03-18T21:36:27.148439365Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"eth0\"]/state",
"values": {
"interfaces/interface/state": {
"admin-status": "up",
"counters": {
"in-broadcast-pkts": 0,
"in-discards": 0,
"in-errors": 0,
"in-multicast-pkts": 36468,
"in-octets": 3377517,
"in-pkts": 38608,
"in-unicast-pkts": 0,
"last-clear": "Never",
"out-broadcast-pkts": 0,
"out-discards": 0,
"out-errors": 0,
"out-multicast-pkts": 0,
"out-octets": 350031,
"out-pkts": 2584,
"out-unicast-pkts": 0
},
"ifindex": 3,
"last-change": 9200,
"logical": false,
"oper-status": "up",
"vrf-name": "management"
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333787175261207,
"time": "2025-03-18T21:36:27.175261207Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"xe8\"]/state",
"values": {
"interfaces/interface/state": {
"admin-status": "up",
"counters": {
"in-broadcast-pkts": 0,
"in-discards": 0,
"in-errors": 0,
"in-fcs-errors": 0,
"in-multicast-pkts": 141,
"in-octets": 15582,
"in-pkts": 183,
"in-unicast-pkts": 42,
"last-clear": "Never",
"out-broadcast-pkts": 0,
"out-discards": 0,
"out-errors": 0,
"out-multicast-pkts": 1652,
"out-octets": 229757,
"out-pkts": 1703,
"out-unicast-pkts": 51
},
"ifindex": 10009,
"last-change": 12700,
"logical": false,
"oper-status": "up"
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333787254084630,
"time": "2025-03-18T21:36:27.25408463Z",
"updates": [
{
"Path": "ipi:components/component[name=\"CPU\"]/cpu/state",
"values": {
"components/component/cpu/state": {
"cpu-15min-load-percentage": 3.47,
"cpu-1min-load-percentage": 3.96,
"cpu-5min-load-percentage": 3.75,
"cpu-utilization": 2.58,
"cpu-utilization-alert": 90,
"cpu-utilization-critical": 80,
"processor-count": 8
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333787254608376,
"time": "2025-03-18T21:36:27.254608376Z",
"updates": [
{
"Path": "ipi:components/component[name=\"HARD-DISK\"]/storage/state",
"values": {
"components/component/storage/state": {
"head-count": 16,
"sector-count": 250000000,
"total-memory": 122070,
"unformatted-bytes-or-sector": 0,
"unformatted-bytes-or-track": 0
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333817149889539,
"time": "2025-03-18T21:36:57.149889539Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"eth0\"]/state",
"values": {
"interfaces/interface/state": {
"admin-status": "up",
"counters": {
"in-broadcast-pkts": 0,
"in-discards": 0,
"in-errors": 0,
"in-multicast-pkts": 36491,
"in-octets": 3379761,
"in-pkts": 38638,
"in-unicast-pkts": 0,
"last-clear": "Never",
"out-broadcast-pkts": 0,
"out-discards": 0,
"out-errors": 0,
"out-multicast-pkts": 0,
"out-octets": 352373,
"out-pkts": 2592,
"out-unicast-pkts": 0
},
"ifindex": 3,
"last-change": 9200,
"logical": false,
"oper-status": "up",
"vrf-name": "management"
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333817179553310,
"time": "2025-03-18T21:36:57.17955331Z",
"updates": [
{
"Path": "ipi:interfaces/interface[name=\"xe8\"]/state",
"values": {
"interfaces/interface/state": {
"admin-status": "up",
"counters": {
"in-broadcast-pkts": 0,
"in-discards": 0,
"in-errors": 0,
"in-fcs-errors": 0,
"in-multicast-pkts": 141,
"in-octets": 15582,
"in-pkts": 183,
"in-unicast-pkts": 42,
"last-clear": "Never",
"out-broadcast-pkts": 0,
"out-discards": 0,
"out-errors": 0,
"out-multicast-pkts": 1653,
"out-octets": 229898,
"out-pkts": 1704,
"out-unicast-pkts": 51
},
"ifindex": 10009,
"last-change": 12700,
"logical": false,
"oper-status": "up"
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333817255106323,
"time": "2025-03-18T21:36:57.255106323Z",
"updates": [
{
"Path": "ipi:components/component[name=\"CPU\"]/cpu/state",
"values": {
"components/component/cpu/state": {
"cpu-15min-load-percentage": 3.47,
"cpu-1min-load-percentage": 3.97,
"cpu-5min-load-percentage": 3.78,
"cpu-utilization": 2.8,
"cpu-utilization-alert": 90,
"cpu-utilization-critical": 80,
"processor-count": 8
}
}
}
]
}
{
"source": "10.16.179.113:55545",
"subscription-name": "default-1742333759",
"timestamp": 1742333817255632799,
"time": "2025-03-18T21:36:57.255632799Z",
"updates": [
{
"Path": "ipi:components/component[name=\"HARD-DISK\"]/storage/state",
"values": {
"components/component/storage/state": {
"head-count": 16,
"sector-count": 250000000,
"total-memory": 122070,
"unformatted-bytes-or-sector": 0,
"unformatted-bytes-or-track": 0
}
}
}
]
}