Driving multivendor communication the open source way
Often in life, we see how the community can make things better. For example, a community of neighbors can organize to help clean up a local park, deter crime or host monthly barbecues. The point is communities understand what they need most and what needs to be improved within their specific context, and can work collectively to achieve these goals.
This principle also applies to the way an organized and motivated technical community works together to steer technology for the benefit of the community at large. Specifically, the OpenConfig technical community is building a set of open-source projects that facilitate open networking and the creation and support of operational tools to manage multivendor networks.
In my previous post, I described OpenConfig in detail. In this post, I want to build on that to describe some of the specific multivendor operational services that OpenConfig supports (e.g., gNMI, gNOI, gNSI) and the importance of gRPC as the foundation for all these services.
gRPC is the architectural foundation of multivendor communication
The foundation for many of OpenConfig’s multivendor services are Remote Procedure Calls, or more simply gRPC. Developed initially by Google, this open-source architectural framework enables high-speed communication between systems and devices from multiple vendors. gRPC offers the following advantages over legacy approaches such as REST:
-
Flexibility: gRPC supports multiple programming languages and multivendor platforms.
-
Speed: gRPC uses binary data formats, compression, multiplexing and other techniques to reduce the amount of data transferred.
-
Efficiency: gRPC allows the client and server continuous, bi-directional data exchange and streaming of granular state and configuration changes to one or many clients.
-
Security: gRPC supports encryption, which ensures the confidentiality and integrity of the data exchanged between the client and the server.
Services such as gNMI, gNOI, and gNSI run on top of this common gRPC framework, providing a consistent communication model for network operators to integrate across vendors to deliver a wide variety of management capabilities.
gNMI: the modern approach for streaming telemetry
OpenConfig’s gRPC Network Management Interface (gNMI) service provides the ability to manage state on a network device. It supports state retrieval through streaming telemetry or simple requests for a snapshot in time of a specific piece of data. gNMI can also be used to configure or modify state. The service assumes data is modeled according to the YANG data model, which defines a set of rules on how data is organized.
gNMI is best known as a push-based approach that allows network devices to stream data continuously and automatically to data collectors in the network. This approach enables near-real-time network data collection, which significantly improves the visibility and responsiveness of network monitoring.
To help facilitate this capability, Nokia developed a gNMIc client and provided it to the open-source community through OpenConfig. In addition to getting, setting and modifying configuration and state information from the network, the client can set streaming telemetry to be received directly from the network devices. As a gNMI collector, gNMIc provides the flexibility to direct this streaming telemetry to any entity that can process this data, including open-source databases (e.g., Prometheus, InfluxDB) or open-source message queues (e.g., NATS, Apache Kafka), or simply to the terminal or a file.
Managing multivendor networks with gNOI
The gRPC Network Operations Interface (gNOI) service allows operators to manage network devices across multiple vendor operating systems. With gNOI, operators can execute simple system commands such as ping, traceroute and reboot or perform more complicated management tasks by using the device’s file system and system health commands.
gNOI is perhaps best known for its ability to automate remote software upgrades across a multivendor network. In fact, the granularity of capabilities offered through gNOI gives operators the ability to automate the entire upgrade process. A typical gNOI managed node upgrade could include:
-
Check the health of the system
-
Create a backup of the system
-
Transfer new software to the system
-
Change boot parameters to use the new system
-
Activate the new software
-
Provide post-upgrade health checks
-
Roll back to the old software if needed.
Similarly to Nokia’s contribution of gNMIc to assist gNMI user, Nokia has developed a gNOIc client to ease the operationalization of gNOI for the community.
Network security made easy with gNSI
Transport Layer Security (TLS) is an essential protocol for protecting network data. With TLS installed and configured, all client-server communication conducted on the system is encrypted, and the client and server are authenticated using certificates. TLS is also used to validate the integrity of the data transmitted between the client and the server.
The challenge with implementing TLS in the system is that it involves generating and validating certificates. There are several tools that can perform these functions, including OpenSSL, CLI, Containerlab, and even gNOIc. All of these tools can create, install and revoke certificates but in some cases they are missing TLS profile management capabilities. These capabilities allow operators to assign certificates to the various applications in the system, apply a revocation list of certificates and load an initial certificate.
gRPC Network Security Interface (gNSI) was created specifically to enable comprehensive management of TLS across multivendor network devices. It offers complete certificate and profile management capabilities. A network device configured with gNSI from the factory will ship with a default self-signed TLS profile. This profile removes any initial security concerns by ensuring that the first communication to the node is encrypted. To speed the adoption of the valuable gNSI capabilities, Nokia has invested in the development of a gNSIc application, which will soon be available to the broad community.
Our commitment to OpenConfig and open architectures
Each of these gRPC services is maintained and improved by the community itself. This ensures that the services will evolve as network technology evolves. We are putting a lot of time and investment into these tools, so it is gratifying to witness a massive global adoption of them. For example, one of the world’s largest cloud infrastructure providers has adopted these tools for provisioning and telemetry collection. These open source tools have enabled our customers to integrate brand new platforms into its network in a fraction of the time and without costly integration professional services from system integrators.
Looking forward, Nokia will continue to play a big role in the evolution of gRPC tools. We are leveraging our 25-plus years of open source experience to optimize the selection and positioning of open source tools in our products and solutions. We are committed to being a leader and advocate for the growth of OpenConfig and its open source services. This commitment is reflected in our development of gNMIc, gNOIc and the soon-to-be-delivered gNSIc, all of which are available to the OpenConfig community for further support and development. In addition, we are currently working with OpenConfig on new feature requests (https://github.com/openconfig/gnmi/pull/169, https://github.com/openconfig/gnmi/pull/182) to further improve gNMI.
Network operators are seeing our contribution to OpenConfig and its tools as evidence of our commitment to the future of open architectures and the importance of community in helping to shape the future of networking.
We invite you to join the OpenConfig community to see how Nokia and others are working together to solve the exciting challenges of managing networks of all sizes.