Understanding gRPC Services for Managing Network Devices

• Provide simple, vendor agnostic interfaces for managing network devices.
• Enable you to more easily manage multivendor networks on a large scale.
• Use the gRPC Remote Procedure Call framework for transport and Protocol Buffers for service definitions and encoding, which provide efficient transport and fast processing.

OpenConfig is a collaborative effort in the networking industry to move toward a more dynamic, programmable method for configuring and managing multivendor networks. OpenConfig supports the use of vendor-neutral service definitions and data models to manage and configure the network. The service definitions define common operations executed on network devices, and the data models define the configuration and operational state of network devices for common network protocols or services.

Operators with a multivendor network benefit greatly from using industry standard models and specifications. The goal of OpenConfig is for operators to be able to use a single set of data models and operations to configure and manage all network devices that support the OpenConfig initiative. The OpenConfig working group has developed specifications for gRPC-based interfaces for managing the configuration, operations, and telemetry streams on network devices, which provide advantages over other traditional network management protocols.

gRPC is an open source Remote Procedure Call (RPC) framework that was originally developed by Google. gRPC uses HTTP/2 for transport and supports modern security mechanisms and bidirectional streaming. gRPC uses the Protocol Buffers data format for defining services and encoding data. Protocol Buffers is language agnostic and supports bindings for many different languages, which enables operators to easily integrate gRPC-based services into existing management applications.

The OpenConfig working group has defined specifications for gRPC-based network management protocols. The gRPC-based network services include:

• gRPC Network Management Interface (gNMI)—Single service for configuration management and streaming telemetry.

• gRPC Network Operations Interface (gNOI)—Suite of microservices for operations management.

• gRPC Routing Information Base Interface (gRIBI)—Service that enables external applications to programmatically add or remove entries in a routing table on the target device.

Figure 1 illustrates the scope of the different services.

Figure 1: gRPC Network Interfaces

gNMI provides a single service for state management of network elements. gNMI uses vendor-neutral data models that define the configuration and operational state of network devices for common network protocols or services. gNMI clients can retrieve and modify the configuration of a network device as well as stream operational data. Operators monitor the network by subscribing to the specific data objects of interest. gNMI also supports on-change streaming, which is critical for time-sensitive operations.

For more information about using gNMI for configuration management and telemetry streaming on Junos devices, see:

• OpenConfig User Guide
• Junos Telemetry Interface User Guide

Whereas gNMI handles state management, gNOI handles operations management. gNOI is a collection of gRPC-based microservices for performing common operations on network devices. Each service definition defines remote procedure calls (RPCs) that management applications can execute on a device to perform a set of operations, for example, rebooting a device or upgrading the software. For a list of supported gNOI services, see gNOI Services Overview.

gRIBI provides a single service for managing the network device's routing information base (RIB, also known as a routing table) and forwarding information base (FIB, also known as a forwarding table). Management applications can execute gRIBI RPCs on a device to retrieve, add, modify, or delete routes from the device's RIB or FIB. For more information about supported gRIBI RPCs, see gRIBI.

gNMI, gNOI, and gRIBI use gRPC for transport, and the connection between the gRPC server and the gRPC client is over an SSL-encrypted gRPC session. For example, Figure 2 illustrates a simple connection between a gRPC client and server. Juniper Networks supports both server-only authentication and mutual authentication for the gRPC session, which uses X.509 certificates to authenticate the device or application. Certificates can be signed by a certificate authority or self-signed.

Figure 2: gRPC Server and Client Interaction

gNMI, gNOI, and gRIBI define services for managing network devices. Each service definition defines the operations (RPCs) and data structures (messages) for that specific service in proto definition files. The data structures are defined using Protocol Buffers, which is an open-source, language-neutral data format for serializing structured data. You use protoc or an equivalent compiler to compile the proto files for your language of choice. Management applications can use the code in the compiled files to perform the requested operations on network devices. Table 1 outlines the GitHub repositories containing the proto defintion files for each service interface.

The gRPC-based network services provide alternatives to and advantages over other network management protocols like NETCONF and RESTCONF. Because the proto definition files can be compiled for many different supported languages, the services can be easily integrated with existing management applications to manage multivendor networks. Additionally, the use of Protocol Buffers for data serialization generally provides more efficient transport and faster processing over other serialization formats such as JSON and XML.