gRPC-based RIB API

RIB/FIB API overview

Each router stores information about how to forward IP and MPLS packets in a set of RIB (routing information base) and FIB (forwarding information base) tables. These tables are conventionally populated by the management plane of the router (static entries) and by control plane protocols such as BGP, OSPF, ISIS, RSVP, LDP or segment routing.

In some SDN (Software Defined Networking) use cases, it may be useful to augment the RIB/FIB state held by a router to also include forwarding entries programmed by an external controller. SR OS supports a powerful and flexible gRPC-based RIB API service for this purpose. Using gRPC between a controller (gRPC client) and a router (gRPC server) has many benefits:

  • gRPC is open source, with broad industry support and a rich ecosystem of tools and applications.

  • gRPC is fast and efficient. The combination of HTTP/2 and protocol buffers ensures that a minimum number of bytes are sent across the wire as part of an RPC.

  • gRPC is supported by many languages and platforms, including C, C++, C#, Go, Java, Node.js, Python, and Ruby.

To build a gRPC client that implements the RIB API service you must obtain, from Nokia, the protobuf definition file for the Nokia SR OS RIB API service. This protobuf file defines a RIB API service and its supported RPCs. The RIB API service supports one bidirectional streaming RPC called Modify and one unary RPC called GetVersion. The Modify RPC is used to add, delete or replace entries in any of the following RIB/FIB tables:

  • IPv4 route table of the base router

  • IPv6 route table of the base router

  • IPv4 tunnel table

  • IPv6 tunnel table

  • MPLS label forwarding table

The GetVersion RPC allows the client to request the overall RIB API version and the individual RIB table versions supported by the router.

For maximum programming flexibility and speed, the entries added by the RIB-API service are not processed or stored as configuration data; they are provided directly to the control plane and modeled as though learned from a pseudo-protocol. RIB-API entries have the same persistence characteristics as protocol routes: if a router (gRPC server) detects that a gRPC client has disconnected or terminated its RPC, or if the router reboots, dependent RIB API entries are removed and must be re-programmed if persistence is required.

A gRPC client cannot delete entries it does not own, including routes from other protocols, but it can supersede routes from other sources through appropriate programming of preference values.

A gRPC client can read RIB/FIB entries programmed using the RIB API service (by any client) and obtain other state information that it needs using the gNMI management interface. gNMI is another gRPC-based service supported by the router and it supports RPCs for configuration, one-time state retrieval and telemetry state subscriptions. The same client can have active gNMI and RIB API RPCs with the same target router and at the same time using the same TCP connection.

RIB/FIB API fundamentals

The Modify RPC allows a gRPC client to add, modify or delete RIB/FIB entries. To accomplish this, the client sends a stream of ModifyRequest messages to the server (router) and receives, in return, a stream of ModifyResponse messages. Each ModifyRequest message can include multiple Request messages. Each Request message has a 64-bit ID (used to pair it with a Response message) and conveys one of the following instructions:

  • A request to add an entry to one of the five supported RIB/FIB tables. The add operation requires the client to specify values for all parameters of the route, tunnel or label entry being programmed. If the add operation is successful, the RIB/FIB entry is considered owned by the client that carried out the transaction.

  • A request to replace an entry in one of the five supported RIB/FIB tables. This operation completely replaces a RIB/FIB entry that was previously programmed by the same client. All the parameters of the new route, tunnel or label entry must be specified, even values that did not change from the previous entry.

  • A request to delete an entry in one of the five supported RIB/FIB tables. This operation deletes a RIB/FIB entry that was previously programmed by the same client. The delete operation requires only the key values of the entry that should be deleted.

  • An end-of-rib marker for one of the five supported RIB/FIB tables. This operation is used to accelerate the removal of stale entries associated with a RIB/FIB table, instead of waiting for purge timers to expire. Additional details are discussed in this chapter.

  • A next-hop-switch instruction. The client sends this request to manually activate the primary or backup next hop associated with a specific next-hop-group of a specific tunnel or label entry. This may be done to facilitate a maintenance action or to manually revert traffic back to a primary next hop after it recovers from a failure that diverted traffic to a backup next hop.

The following general points should be noted:

  • The router does not support multiple RIB API RPC sessions with the same client IP. If a client machine has multiple independent controllers, they need to interact with the router using different IP addresses.

  • It is up to the client to choose a unique 64-bit identifier for each Request transaction, but Request IDs must increase throughout the lifetime of the RPC session.

  • If a gRPC client omits any parameter that is considered mandatory by the server side, the router assumes that the intended value for the parameter is zero (0). This may cause an error if the zero value is invalid or unavailable.

  • A status code of OK sent by the router to a client (in a ModifyResponse message) only indicates that the request was valid. In the case of an add/delete/modify operation, it does not mean that the FIB was actually modified and in the case of a next-hop-switchover it does not mean that the switchover has actually occurred.

  • A RIB/FIB entry programmed by a gRPC client may be unusable because none of its next hops are resolvable or the requested label resources are not available. The entry is still accepted by the router and acknowledged with an OK status code response to the client. If at a later time the entry becomes usable, it is activated by the router automatically.

RIB/FIB API entry persistence

All states created by the RIB API service are ephemeral. In other words, when the router reboots, none of the API-programmed entries are preserved. The necessary entries must be reprogrammed by a gRPC client in the same way that BGP routes must be relearned from BGP peers after a reboot.

The persistence of a programmed RIB/FIB entry also depends on the liveness of the RPC session with the client that owns the entry, and this in turn depends on the liveness of the underlying TCP connection. If the TCP connection with a client goes down (because of link or router failures, or both, client failure, or CPM switchover by the router) the router starts a purge timer for all affected clients and marks their owned RIB/FIB entries as stale. When a client's purge timer expires all of its stale entries are removed. While a purge timer is running, the associated stale entries remain valid and usable for forwarding but are less preferred than any non-stale entry. The purge timer gives an opportunity for the disconnected client or some other client to re-program the necessary RIB/FIB tables so that forwarding continues uninterrupted.

Detection of TCP connection failures by the router (gRPC server) can be assisted by enabling TCP keepalive on the gRPC TCP connections. When it is enabled, TCP keepalive messages are sent to all gRPC clients, regardless of the RPCs they support (gNMI or RIB API).

On the router, TCP keepalive is configured by specifying 3 parameters: idle-time, interval, and retries. These parameters are configured in the config>system>grpc>tcp-keepalive context. The sending of TCP keepalives starts when the connection has been idle (no TCP segments sent or received) for more than idle-time seconds. At that point the router sends a probe (TCP ACK with a sequence number = current sequence number - 1) and expects a TCP ACK. It repeats this probe every interval seconds for the configured number of retries and if no response is received to any of them the connection is immediately closed, starting the purge timer if the TCP connection is supporting a Modify RPC.

When a client is done programming all entries in a particular RIB/FIB table it can optionally send an end-of-rib request for that table to immediately remove all stale RIB entries associated with that table, regardless of the owner client IP.

RIB/FIB API configuration overview

Configuration related to the RIB/FIB API service on the router is spread across two general areas:
  • system-level GRPC configuration (config>system>grpc or config>system>security>profile>grpc)

  • routing instance configuration (config>router or config>service>vprn)

To enable the router to receive and process RIB API requests from a client perform the following steps.
  1. The RIB API service must be enabled at the gRPC system level: config>system>grpc>rib-api>no shutdown.
  2. Optionally, a non-zero purge-timeout can be configured: config>system>grpc>rib-api>purge-timeout.
    The purge-timeout applies to all gRPC clients participating in the RIB API service.
  3. Optionally, the sending of TCP keepalives can be enabled toward all gRPC clients by configuring values under the config>system>grpc>tcp-keepalive context.
  4. One or more gRPC user accounts should be created, and these user accounts should be attached to a profile that authorizes the GetVersion and Modify RPCs associated with the RIB API service. Clients need to send a valid username and password when initiating any RPC.
  5. Nokia recommends using TLS-based encryption between the client and server. This involves associating a tls-server-profile with the gPRC server. For more information, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.
  6. If you want to use the RIB API service to program MPLS label entries then a reserved-label-block must be configured using the config>router>rib-api>mpls>reserved-label-block command and MPLS programming functionality must be enabled using the config>router>rib-api>mpls>no shutdown command.

To enable the router to use RIB API tunnel entries for resolving specific types of static and BGP routes, additional configuration is needed. For more information, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Unicast Routing Protocols Guide.

RIB/FIB API - IPv4 route table programming

The RIB API service proto definition requires the client to provide values for all of the parameters listed in IPv4 route table programming when performing an add or replace of an IPv4 route. When performing a delete operation, only the bolded parameters (the lookup keys) are required. IPv4 route table programming describes the meaning of each parameter and its valid range.

Table 1. IPv4 route table programming
Parameter Type Description

prefix

string

IPv4 prefix and prefix-length in CIDR format

preferences

uint32 (0-65535)

RIB API preference, used to compare one RIB API entry to another one; the lowest preference wins

rtm_preference

uint32 (0-255)

RTM preference, used to compare RIB API entry to other routes in RTM; the lowest preference wins

metric

uint32 (0-16777215)

Route cost/metric

tunnel_next_hop

string

A remote IPv4 address that must correspond to an API-programmed IPv4 tunnel

The router's RIB API database can hold up to eight different gPRC-programmed entries per IPv4 prefix. Typically N entries would be associated with N different gRPC clients although the same client can program multiple entries for the same prefix as long as the preference values are unique.

When an IPv4 route entry is successfully added or modified in the RIB API database, the router assesses whether the entry is valid or invalid and constantly re-evaluates this status. The entry is invalid if its next hop cannot be resolved to a gRPC-programmed IPv4 tunnel that is up.

If the entry is valid, the router compares it to all other valid API-programmed entries for the same IPv4 prefix. The router chooses any non-stale entry over a stale entry, then the entry with the lowest preference value, and then if there is a tie, the lowest metric, and then if there is a still a tie, the entry from the client with the lowest 128-bit IP address (an IPv4 address is encoded in the lower 32 bits).

If the entry is valid and the best relative to other RIB API entries then it is submitted to the route table manager. This software task compares the API route to all other non-API routes it has for the same IPv4 prefix. The router chooses the entry with the lowest RTM preference value, and then if there is a tie, the lowest metric, and then if there is still a tie, the entry submitted by the protocol with the lowest default preference.

If the route table manager selects the API route as the best route it is sent to the FIB manager for programming into the datapath.

RIB/FIB API - IPv6 route table programming

The RIB API service proto definition requires the client to provide values for all of the parameters listed in IPv6 route table programming when performing an add or replace of an IPv6 route. When performing a delete operation, only the bolded parameters (the lookup keys) are required. IPv6 route table programming describes the meaning of each parameter and its valid range.

Table 2. IPv6 route table programming
Parameter Type Description

prefix

string

IPv6 prefix and prefix-length in CIDR format

preferences

uint32 (0-65535)

RIB API preference, used to compare one RIB API entry to another one; the lowest preference wins

rtm_preference

uint32 (0-255)

RTM preference, used to compare RIB API entry to other routes in RTM; the lowest preference wins

metric

uint32 (0-16777215)

Route cost/metric

tunnel_next_hop

string

A remote IPv6 address that must correspond to an API-programmed IPv6 tunnel

The router's RIB API database can hold up to eight different gPRC-programmed entries per IPv6 prefix. Typically N entries would be associated with N different gRPC clients although the same client can program multiple entries for the same prefix as long as the preference values are unique.

When an IPv6 route entry is successfully added or modified in the RIB API database, the router assesses whether the entry is valid or invalid and constantly re-evaluates this status. The entry is invalid if its next hop cannot be resolved to a gRPC-programmed IPv6 tunnel that is up.

If the entry is valid, the router compares it to all other valid API-programmed entries for the same IPv6 prefix. The router chooses any non-stale entry over a stale entry, then the entry with the lowest preference value, and then if there is a tie, the lowest metric, and then if there is a still a tie, the entry from the client with the lowest 128-bit IP address (an IPv4 address is encoded in the lower 32 bits).

If the entry is valid and the best relative to other RIB API entries then it is submitted to the route table manager. This software task compares the API route to all other non-API routes it has for the same IPv6 prefix. The router chooses the entry with the lowest RTM preference value, and then if there is a tie, the lowest metric, and then if there is still a tie, the entry submitted by the protocol with the lowest default preference.

If the route table manager selects the API route as the best route it is sent to the FIB manager for programming into the datapath.

RIB/FIB API - IPv4 tunnel table programming

The RIB API service proto definition requires the client to provide values for all of the parameters listed in IPv4 tunnel table programming when performing an add or replace of an IPv4 MPLS tunnel. When performing a delete operation, only the bolded parameters (the lookup keys) are required. IPv4 tunnel table programming describes the meaning of each parameter and its valid range.

Table 3. IPv4 tunnel table programming
Parameter Type Description

prefix

string

IPv4 host address

preferences

uint32 (0-65535)

RIB API preference, used to compare one RIB API entry to another one; the lowest preference wins

ttm_preference

uint32 (0-255)

TTM preference, used in the programming of the tunnel in TTM

metric

uint32 (0-16777215)

Route cost/metric

next-hop-group[id]

list

A list of next-hop groups

id

uint32 (1-32)

Unique identifier of the next-hop group. Selected by the client

weight

uint32

Weight assigned to the next-hop-group when weighted ECMP is needed between next-hop-groups

primary

Mandatory

ip_address

string

IPv4 or IPv6 address on a local subnet; can be a secondary address

pushed_label_stack

list of uint32

A list of one or more MPLS labels, up to ten MPLS labels

backup

Optional

ip_address

string

IPv4 or IPv6 address on a local subnet; can be a secondary address

pushed_label_stack

list of uint32

A list of up to ten MPLS labels

egress-statistics

enable

boolean

Indicates whether statistics collection is enabled for this entry

The router's RIB API database can hold up to eight different gPRC-programmed entries per IPv4 tunnel endpoint. Typically N entries would be associated with N different gRPC clients although the same client can program multiple entries for the same tunnel endpoint as long as the preference values are unique

When an IPv4 tunnel endpoint entry is successfully added or modified in the RIB API database, the router assesses whether the entry is valid or invalid and constantly re-evaluates this status. The tunnel is invalid if none of its primary next hops can be resolved to an interface that is up or if MPLS programming using the RIB API is currently administratively disabled.

If the IPv4 tunnel entry is valid the router compares it to all other valid API-programmed entries for the same IPv4 endpoint address. The router chooses any non-stale entry over a stale entry, then the entry with the lowest preference value, and then if there is a tie, the lowest metric, and then if there is a still a tie, the entry from the client with the lowest 128-bit IP address (an IPv4 address is encoded in the lower 32 bits).

If the entry is valid and the best relative to other RIB API entries then it is programmed into the FIB and added to the base router IPv4 tunnel table. The tunnel entry is now active and can be used to resolve the next hops of other routes. For more information, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Unicast Routing Protocols Guide.

RIB/FIB API - IPv6 tunnel table programming

The RIB API service proto definition requires the client to provide values for all of the parameters listed in IPv6 tunnel table programming when performing an add or replace of an IPv6 MPLS tunnel. When performing a delete operation, only the bolded parameters (the lookup keys) are required. IPv6 tunnel table programming describes the meaning of each parameter and its valid range.

Table 4. IPv6 tunnel table programming
Parameter Type Description

prefix

string

IPv6 host address

preferences

uint32 (0-65535)

RIB API preference, used to compare one RIB API entry to another one; the lowest preference wins

ttm_preference

uint32 (0-255)

TTM preference, used in the programming of the tunnel in TTM

metric

uint32 (0-16777215)

Route cost/metric

next-hop-group[id]

list

A list of next-hop groups

id

uint32 (1-32)

Unique identifier of the next-hop group; selected by the client

weight

uint32

Weight assigned to the next-hop-group when weighted ECMP is needed between next-hop-groups

primary

Mandatory

ip_address

string

IPv4 or IPv6 address on a local subnet; can be a secondary address.

pushed_label_stack

list of uint32

A list of one or more MPLS labels, up to ten MPLS labels

backup

Optional

ip_address

string

IPv4 or IPv6 address on a local subnet; can be a secondary address

pushed_label_stack

list of uint32

A list of up to ten MPLS labels

egress-statistics

enable

boolean

Indicates whether statistics collection is enabled for this entry

The router's RIB API database can hold up to eight different gPRC-programmed entries per IPv6 tunnel endpoint. Typically N entries would be associated with N different gRPC clients although the same client can program multiple entries for the same tunnel endpoint as long as the preference values are unique.

When an IPv6 tunnel endpoint entry is successfully added or modified in the RIB API database, the router assesses whether the entry is valid or invalid and constantly re-evaluates this status. The tunnel is invalid if none of its primary next hops can be resolved to an interface that is up or if MPLS programming using the RIB API is currently administratively disabled.

If the IPv6 tunnel entry is valid the router compares it to all other valid API-programmed entries for the same IPv6 endpoint address. The router chooses any non-stale entry over a stale entry, then the entry with the lowest preference value, and then if there is a tie, the lowest metric, and then if there is a still a tie, the entry from the client with the lowest 128-bit IP address (an IPv4 address is encoded in the lower 32 bits).

If the entry is valid and the best relative to other RIB API entries then it is programmed into the FIB and added to the base router IPv6 tunnel table. The tunnel entry is now active and can be used to resolve the next hops of other routes. For more information, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Unicast Routing Protocols Guide.

RIB/FIB API - MPLS LFIB programming

The RIB API service proto definition requires the client to provide values for all of the parameters listed in MPLS LFIB programming when performing an add or replace of an MPLS LFIB entry. When performing a delete operation, only the bolded parameters (the lookup keys) are required. MPLS LFIB programming describes the meaning of each parameter and its valid range.

Table 5. MPLS LFIB programming
Parameter Type Description

prefix

string

Incoming label value

preferences

uint32 (0-65535)

RIB API preference, used to compare one RIB API entry to another one; the lowest preference wins

next-hop-group[id]

list

A list of next-hop groups; required for a SWAP operation; omitted when the operation is a POP

id

uint32 (1-32)

Unique identifier of the next-hop group; selected by the client

weight

uint32

Weight assigned to the next-hop-group when weighted ECMP is needed between next-hop-groups

primary

Mandatory

ip_address

string

IPv4 or IPv6 address on a local subnet; can be a secondary address

pushed_label_stack

list of uint32

A list of zero or more MPLS labels, up to ten MPLS labels

backup

Optional

ip_address

string

IPv4 or IPv6 address on a local subnet; can be a secondary address

pushed_label_stack

list of uint32

A list of up to ten MPLS labels

ingress-statistics

enable

bool

type

enum 0, 1, 2

INVALID = 0

POP = 1

SWAP = 2

egress-statistics

enable

boolean

Indicates whether statistics collection is to be enabled for this entry

The router's RIB API database can hold up to eight different gPRC-programmed entries per MPLS label value. Typically N entries would be associated with N different gRPC clients although the same client can program multiple entries for the same label value as long as the preference values are unique.

When an MPLS label entry is successfully added or modified in the RIB API database, the router assesses whether the entry is valid or invalid and constantly re-evaluates this status. The label entry is invalid if it is a SWAP operation and none of the primary next hops can be resolved to an interface that is up or if MPLS programming using the RIB API is administratively disabled or if the requested incoming label has already been allocated to another owner sharing the same reserved label block or if the requested incoming label is outside the reserved label block range.

If the label entry is valid the router compares it to all other valid API-programmed entries for the same label value. The router chooses any non-stale entry over a stale entry, then the entry with the lowest preference value, and then if there is a tie, the entry from the client with the lowest 128-bit IP address (an IPv4 address is encoded in the lower 32 bits).

If the label entry is valid and best relative to other RIB API entries then it is programmed into the forwarding plane.

RIB/FIB API - using next-hop-groups, primary next hops, and backup next hops

The RIB API service proto definition allows each MPLS tunnel and each MPLS label entry to have multiple next-hop-groups, each with a primary next hop and optionally one backup next hop. When a tunnel or label entry has more than one next-hop-group, this instructs the router to spray matching traffic across the next-hop-groups based on an ECMP or weighted-ECMP algorithm.

At any time, traffic hashed to a particular next-hop-group uses only the primary or backup next hop for forwarding. The selection of the active next hop within each next-hop-group is influenced by failures and by next-hop-switch Request messages made by the owner gRPC client. The specific rules are:

  • If the primary next hop is resolved to an up interface when the next-hop-group is initially activated then it immediately becomes the active next hop.

  • If the primary next hop is unresolved when the next-hop-group is initially activated then no next hop is immediately activated (even if the backup next hop is up) and a fixed wait-timer is started (three seconds). If the primary next hop comes up during that timer window then it is immediately activated. If the timer runs out and the primary has not yet come up the backup next hop is activated and stays active even if the primary comes up a short while later, after the timer expired.

  • If the currently active next hop fails, the system automatically activates the other next hop.

  • If the system receives a next-hop-switch Request targeting this specific entry and next-hop-group then the next hop indicated in the Request message is immediately activated, as long as it is up. If the requested next hop is down the message is ignored.

    Note: The router returns a status of OK in response to a next-hop-switch Request as long as the key values identify a next-hop-group that exists for a tunnel or label entry owned by the gRPC client, even if the needed next hop is not activated.

RIB/FIB API - state and telemetry

A gRPC client can use the gRPC gNMI service (Get RPC, Subscribe RPC) to retrieve state information from the router that can help it make better programming decisions. All states maintained by the router (and exposed to model-driven management interfaces) are available to the gRPC client.

RIB/FIB API also introduces additional YANG state models that are complementary to the programming actions. This new state is available through the following YANG paths:

  • state/router/route-fib

  • state/router/tunnel-fib

  • state/router/label-fib

  • state/router/rib-api/route

  • state/router/rib-api/tunnel

  • state/router/rib-api/label

The corresponding show commands are also provided for reference.

  • show router fib-telemetry route
  • show router fib-telemetry tunnel
  • show router fib-telemetry label
  • show router rib-api route
  • show router rib-api tunnel
  • show router rib-api label

The state information represented by the state/router/route-fib and state/router/tunnel-fib paths, and the show router fib-telemetry route and show router fib-telemetry tunnel show commands list are not collected by default, because it requires additional processing. In order for this state to be collected you must configure the configure router fib-telemetry command. If this command is not configured then these states are not collected at all, and telemetry subscriptions are not supported for any of the following paths:

  • /state/router/route-fib
  • /state/router/tunnel-fib
  • /state/router/label-fib

It is not possible for a single telemetry subscription to include any of these three paths in addition to other state paths outside of this tree. This is because of the potential volume of information in the tables described in this chapter.

For gNMI telemetry subscriptions, the following restrictions should be noted:

  • If a route, tunnel or MPLS label entry is modified, and it covered by an ON-CHANGE subscription to a state path enabled by config>router>fib-telemetry, the update replays the current values of the entire entry (except for statistics), including values did not change from the last update. It is up to the client to compare the update to the previous one received if it needs to know the exact properties that changed.

  • Subscriptions to list keys of state paths enabled by fib-telemetry are not supported.

Traffic statistics

A gRPC client can make a request for traffic statistics to be collected. Both ingress and egress statistics are available but not all types of entries support both.

Traffic statistics are expressed in number of packets and in octets and are provided without forwarding-class or QoS profile distinction.

The system provides capabilities to display or show, clear, or monitor statistics.

Ingress statistics

Only RIB-API MPLS tunnel table entries support ingress statistics. The counters are attached to the ILM entry that is formed when the RIB-API entry is programmed. When different RIB-API entries use the same ILM or label, then the traffic statistics for these RIB-API entries are identical. Traffic counters are kept until the ILM entry is removed. Because of a lack of resources, the system may not be able to allocate counters (statistic indexes) to an ILM. In this case, the system automatically retries until it succeeds.

Egress statistics

Egress statistics are supported for the three RIB-API tunnel tables (IPv4, IPv6, and MPLS). The counters are attached to the NHLFE of each next hop. Counters are effectively allocated by the system at the time that the instance is programmed in the data-path. Counters are maintained even if an instance is deprogrammed and values are not reset. This means that, if an instance is reprogrammed, traffic counting resumes at the point where it last stopped. Traffic counters are released and therefore traffic statistics are lost when the instance or entry is removed from the database.

No retry mechanism is available for egress statistics. The system maintains a state per next hop and per instance identifying whether allocation of statistic indexes is successful. If the system is not able to allocate all the needed indexes on a specified instance because of a lack of resources, then the user should disable egress statistics on that instance. This action frees enough statistic indexes and re-enables egress statistics on the needed entry. The selection of which other construct to release statistic indexes from is beyond the scope of this document.