Securing OpenConfig Telemetry Connections

This topic describes the steps to secure incoming connections from gNMI clients. By default, the gNMI server on SLX-OS listens on the insecure port 9339. To secure incoming connections, you must configure a port (range 1024-49151) on which the gNMI server listens on for incoming connections. The existence of this port configuration determines whether the gNMI server is listening for incoming connections in the secure or insecure mode.

Before you begin

It is assumed that your infrastructure is set up with a gNMI client. Its configuration is beyond the scope of this document.

About this task

Configuring a port for the gNMI server to listen on enables securing incoming connection.

Procedure

  1. Navigate to the device's Configuration Terminal context. 
    SLX#
SLX# config terminal
SLX (config)#
  2. Navigate into the gNMI Server context. 
    SLX (config)# gnmi server
SLX (config-gNMI-server)#
  3. Configure a secure port on which to listen to incoming connections. 
     SLX (config-gNMI-server)# secure-port 48151
SLX (config-gNMI-server)#

Results

The gNMI server will start listening to incoming connections on port number 48151

9037309-01 Rev AA