gRPC tunnels

A gRPC tunnel is a client-server protocol like any other gRPC-based service. The gRPC tunnel concept is defined by OpenConfig (https://github.com/openconfig/grpctunnel) and is based on three entities:

• target

  The target represents the network element.

• tunnel server

  The tunnel server represents the software entity that tracks all registered targets, along with information about supported target types, all registered tunnel clients and the target type they subscribe to.

• tunnel clients

  The tunnel client is a software entitiy which performs client tasks, such as requestion a session to the specified target.

The following figure shows the gRPC tunnel service concept.

After the registration process is complete, the tunnel server informs the tunnel client about all available targets supporting the target type that it is subscribed to. The tunnel client can then request a tunnel session toward a specific target. When a request is made, the tunnel server establishes a TCP tunnel between itself and the target (if one is not already open for another session) and establishes a tunnel session between the target and the tunnel client. After this session is established, the tunnel client can open any supported application session (gNMI or gNOI) toward applications on the target.

The following RPCs are defined to facilitate gRPC tunnels.

• RegisterRPC

  The RegisterRPC is used to perform the following tasks:

  • sent from a target to a tunnel server to register the network element after a reboot or the configuration of a gRPC tunnel on the network element
  • sent from a tunnel client to a tunnel server to subscribe to a specific target type
  • sent from a tunnel client to a tunnel server to request a session to a specified target with a specific target type
• TunnelRPC

  The TunnelRPC is used for the actual exchange of data (in the form of TCP datagrams tagged with a tag ID agreed upon during the session registration phase of the RegisterRPC). The exchange of data on a TunnelRPC is initiated by the service used by the tunnel; for example, in a gNOI service, the controller opens a gNOI RPC that is tunneled through the gRPC tunnel. The network element handles this request like any other request received from the gNOI client directly.

Using a gRPC tunnel instead of a direct gRPC connection provides the following advantages:

• Using a gRPC tunnel avoids firewall issues by initiating the TCP connection from the network element.

• The network element registers itself, which provides active network element discovery.

• The common gRPC tunnel interface on the network element does not require any adaptations to use different management interfaces, such as gNMI, gNOI, SSH, or NETCONF.