{"id":433,"date":"2022-08-06T19:46:12","date_gmt":"2022-08-06T18:46:12","guid":{"rendered":"http:\/\/192.168.1.213:8088\/?p=433"},"modified":"2023-10-13T05:40:14","modified_gmt":"2023-10-13T04:40:14","slug":"model-driven-telemetry-with-cisco-nexus","status":"publish","type":"post","link":"http:\/\/192.168.1.213:8088\/model-driven-telemetry-with-cisco-nexus\/","title":{"rendered":"Model-Driven Telemetry With Cisco Nexus (Using GRPC with SSL on Telegraf)"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"433\" class=\"elementor elementor-433\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cf67add elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cf67add\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-964300d\" data-id=\"964300d\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0399e11 elementor-toc--minimized-on-tablet elementor-widget elementor-widget-table-of-contents\" data-id=\"0399e11\" data-element_type=\"widget\" data-settings=\"{&quot;headings_by_tags&quot;:[&quot;h2&quot;,&quot;h3&quot;],&quot;exclude_headings_by_selector&quot;:&quot;.exclude-from-toc .elementor-heading-title&quot;,&quot;marker_view&quot;:&quot;bullets&quot;,&quot;icon&quot;:{&quot;value&quot;:&quot;fas fa-circle&quot;,&quot;library&quot;:&quot;fa-solid&quot;},&quot;minimize_box&quot;:&quot;yes&quot;,&quot;minimized_on&quot;:&quot;tablet&quot;,&quot;hierarchical_view&quot;:&quot;yes&quot;,&quot;min_height&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]}}\" data-widget_type=\"table-of-contents.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-toc__header\">\n\t\t\t<h2 class=\"elementor-toc__header-title\">\n\t\t\t\tTable of Contents\t\t\t<\/h2>\n\t\t\t\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--expand\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__0399e11\" aria-expanded=\"true\" aria-label=\"Open table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/div>\n\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--collapse\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__0399e11\" aria-expanded=\"true\" aria-label=\"Close table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/div>\n\t\t\t\t\t<\/div>\n\t\t<div id=\"elementor-toc__0399e11\" class=\"elementor-toc__body\">\n\t\t\t<div class=\"elementor-toc__spinner-container\">\n\t\t\t\t<i class=\"elementor-toc__spinner eicon-animation-spin eicon-loading\" aria-hidden=\"true\"><\/i>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0695852 elementor-widget elementor-widget-heading\" data-id=\"0695852\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Introduction Into Model-Driven Telemetry With Cisco Nexus<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-42ffeba elementor-widget elementor-widget-text-editor\" data-id=\"42ffeba\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"background-color: var( --e-global-color-6fbcf51 );\">When using model-driven telemetry with Cisco Nexus, y<\/span>ou&#8217;re probably sending sensitive data across your network without using encryption.<\/p><p>By not encrypting your traffic, you&#8217;re leaving yourself open to attacks from anyone who may be monitoring your traffic.<\/p><p>Keep on reading to learn how you can implement model-driven telemetry with Cisco Nexus devices and encrypt the traffic.<\/p><p>Over the last few days, I came across the question of how I can secure the connection between my <a title=\"Learn more about Telegraf\" href=\"https:\/\/www.influxdata.com\/time-series-platform\/telegraf\/\" target=\"_blank\" rel=\"noopener\">Telegraf<\/a> instance and my Cisco Nexus device.\u00a0<\/p><p>The steps are quite simple and in this post, I will walk you through the steps which are needed to configure your Cisco Nexus device and your Telegraf instance.<\/p><p>When we&#8217;re finished, you&#8217;ll have working and securely encrypted setup to transmit your telemetry data and monitor your network effectively.<\/p><p>Before I get started let me explain the Lab setup that I&#8217;m working with:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-da0784b elementor-widget elementor-widget-heading\" data-id=\"da0784b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Lab Setup<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9cca64a elementor-widget elementor-widget-image\" data-id=\"9cca64a\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry-lab-setup.png\" data-elementor-open-lightbox=\"yes\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6NDQxLCJ1cmwiOiJodHRwOlwvXC8xOTIuMTY4LjEuMjEzOjgwODhcL3dwLWNvbnRlbnRcL3VwbG9hZHNcLzIwMjJcLzA4XC90ZWxlbWV0cnktbGFiLXNldHVwLnBuZyJ9\">\n\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"272\" height=\"346\" src=\"http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry-lab-setup.png\" class=\"attachment-large size-large wp-image-441\" alt=\"\" srcset=\"http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry-lab-setup.png 272w, http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry-lab-setup-236x300.png 236w\" sizes=\"(max-width: 272px) 100vw, 272px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6ad02ad elementor-widget elementor-widget-text-editor\" data-id=\"6ad02ad\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>I run two virtual machines on a VMware environment in order to test different Telemetry scenarios on the Cisco Nexus devices.\u00a0<\/p><p>My current configuration on the Cisco Nexus device looks like this:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b002aaf elementor-widget elementor-widget-heading\" data-id=\"b002aaf\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Current Telemetry Config<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-112b15c elementor-widget elementor-widget-code-highlight\" data-id=\"112b15c\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"prismjs-default copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-markup line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-markup\">\n\t\t\t\t\t<xmp>feature telemetry\ntelemetry\n  destination-profile\n    use-vrf management\n  destination-group 1\n    ip address 172.16.16.254 port 57000 protocol gRPC encoding GPB \n  sensor-group 1\n    data-source YANG\n    path openconfig-interfaces:interfaces\n  subscription 1\n    dst-grp 1\n    snsr-grp 1 sample-interval 10000\n<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3a73dd2 elementor-widget elementor-widget-text-editor\" data-id=\"3a73dd2\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>I subscribed the openconfig YANG model for interface statistics and sent it out via gRPC with GBP encoded to my Telegraf instance <b>unencrypted<\/b>.<\/p><p>Then, I analyzed the traffic between the Nexus device and the Telegraf instance with a tcpdump to see what data was being transmitted across the network:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-22460b3 elementor-widget elementor-widget-heading\" data-id=\"22460b3\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Wireshark unencrypted Payload<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-50c0a1a elementor-widget elementor-widget-image\" data-id=\"50c0a1a\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_Wireshark_unencrypted.png\" data-elementor-open-lightbox=\"yes\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6NDYxLCJ1cmwiOiJodHRwOlwvXC8xOTIuMTY4LjEuMjEzOjgwODhcL3dwLWNvbnRlbnRcL3VwbG9hZHNcLzIwMjJcLzA4XC90ZWxlbWV0cnlfV2lyZXNoYXJrX3VuZW5jcnlwdGVkLnBuZyJ9\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"800\" height=\"505\" src=\"http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_Wireshark_unencrypted-1024x646.png\" class=\"attachment-large size-large wp-image-461\" alt=\"\" srcset=\"http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_Wireshark_unencrypted-1024x646.png 1024w, http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_Wireshark_unencrypted-300x189.png 300w, http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_Wireshark_unencrypted-768x484.png 768w, http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_Wireshark_unencrypted.png 1177w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bd28e10 elementor-widget elementor-widget-text-editor\" data-id=\"bd28e10\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Following one TCP stream in Wireshark shows all the information about the interface&#8217;s state (as highlighted in the image above).<\/p><p>This example shows only statistics and interface data, which aren&#8217;t exactly critical&#8230; however, in worst-case scenarios, attackers would see sensitive data like BGP neighbours if the data model has been subscribed to that dataset.<\/p><p>In those situations, we&#8217;d face a big security threat &#8211; which we obviously want to avoid (but we still want to use model-driven telemetry with Cisco Nexus).<\/p><p>Therefore, let&#8217;s try to improve the configuration and secure the connection with SSL certificates.<\/p><p>Login to your Telegraf instance and run the following commands in order to generate the SSL certificate and copy the certificates to the Telegraf directory:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-02f6628 elementor-alert-warning elementor-widget elementor-widget-alert\" data-id=\"02f6628\" data-element_type=\"widget\" data-widget_type=\"alert.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-alert\" role=\"alert\">\n\n\t\t\t\t\t\t<span class=\"elementor-alert-title\">Attention<\/span>\n\t\t\t\n\t\t\t\t\t\t<span class=\"elementor-alert-description\">Note down the common name that you entered while generating the certificate! We will need that later.\n<br>\nIn my case I used: <b>telegraf<\/span>\n\t\t\t\n\t\t\t\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8078f17 elementor-widget elementor-widget-heading\" data-id=\"8078f17\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Generate Certificate<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f6ccf91 elementor-widget elementor-widget-code-highlight\" data-id=\"f6ccf91\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"prismjs-default copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-markup line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-markup\">\n\t\t\t\t\t<xmp>sudo openssl genrsa -out telegraf.key 2048\nsudo openssl req -new -x509 -days 365 -key telegraf.key -out telegraf.crt\nsudo cp telegraf.* \/etc\/telegraf\/<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-72e2010 elementor-widget elementor-widget-text-editor\" data-id=\"72e2010\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Edit the Telegraf config file as follows and uncomment\/change the certificate statements (see line 6+7):<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d229336 elementor-widget elementor-widget-heading\" data-id=\"d229336\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Add Certificate To The Telegraf Configuration<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2329f1b elementor-widget elementor-widget-code-highlight\" data-id=\"2329f1b\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"prismjs-default copy-to-clipboard \">\n\t\t\t<pre data-line=\"6-7\" class=\"highlight-height language-markup line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-markup\">\n\t\t\t\t\t<xmp> sudo vi \/etc\/telegraf\/telegraf.conf\n \n [[inputs.cisco_telemetry_mdt]]\n  transport = \"grpc\"\n  service_address = \"172.16.16.254:57000\"\n  tls_cert = \"\/etc\/telegraf\/telegraf.crt\"\n  tls_key = \"\/etc\/telegraf\/telegraf.key\"<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9e63a8b elementor-widget elementor-widget-text-editor\" data-id=\"9e63a8b\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Restart the telegraf service and verify that the service is up and running:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-75466dc elementor-widget elementor-widget-code-highlight\" data-id=\"75466dc\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"prismjs-default copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-markup line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-markup\">\n\t\t\t\t\t<xmp>sudo systemctl restart telegraf.service \nsudo systemctl status telegraf.service <\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-95394e7 elementor-widget elementor-widget-code-highlight\" data-id=\"95394e7\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"prismjs-default  \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-markup line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-markup\">\n\t\t\t\t\t<xmp> telegraf.service - The plugin-driven server agent for reporting metrics into InfluxDB\n     Loaded: loaded (\/lib\/systemd\/system\/telegraf.service; enabled; vendor preset: enabled)\n     Active: active (running) since Sat 2022-08-06 22:13:28 CEST; 19min ago\n       Docs: https:\/\/github.com\/influxdata\/telegraf\n   Main PID: 2272686 (telegraf)\n      Tasks: 11 (limit: 38397)\n     Memory: 66.4M\n        CPU: 45.317s\n     CGroup: \/system.slice\/telegraf.service\n             \u2514\u25002272686 \/usr\/bin\/telegraf -config \/etc\/telegraf\/telegraf.conf -config-directory \/etc\/telegraf\/telegraf.d\n\nAug 06 22:13:29 tig-stack telegraf[2272686]: 2022-08-06T20:13:29Z I! Starting Telegraf 1.21.4+ds1-0ubuntu2\nAug 06 22:13:29 tig-stack telegraf[2272686]: 2022-08-06T20:13:29Z I! Loaded inputs: cisco_telemetry_mdt cpu disk diskio kernel mem processes statsd swap system\nAug 06 22:13:29 tig-stack telegraf[2272686]: 2022-08-06T20:13:29Z I! Loaded aggregators:\nAug 06 22:13:29 tig-stack telegraf[2272686]: 2022-08-06T20:13:29Z I! Loaded processors:\nAug 06 22:13:29 tig-stack telegraf[2272686]: 2022-08-06T20:13:29Z I! Loaded outputs: influxdb prometheus_client\nAug 06 22:13:29 tig-stack telegraf[2272686]: 2022-08-06T20:13:29Z I! Tags enabled: host=tig-stack\nAug 06 22:13:29 tig-stack telegraf[2272686]: 2022-08-06T20:13:29Z I! [agent] Config: Interval:10s, Quiet:false, Hostname:\"tig-stack\", Flush Interval:10s\nAug 06 22:13:29 tig-stack telegraf[2272686]: 2022-08-06T20:13:29Z I! [outputs.prometheus_client] Listening on http:\/\/[::]:9273\/metrics\nAug 06 22:13:29 tig-stack telegraf[2272686]: 2022-08-06T20:13:29Z I! [inputs.statsd] UDP listening on \"[::]:8125\"\nAug 06 22:13:29 tig-stack telegraf[2272686]: 2022-08-06T20:13:29Z I! [inputs.statsd] Started the statsd service on \":8125\"\n<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-61dba76 elementor-widget elementor-widget-text-editor\" data-id=\"61dba76\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Now it is time to copy the certificate and change the telemetry config on the <strong>Cisco Nexus device<\/strong>:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6ed9ae8 elementor-alert-warning elementor-widget elementor-widget-alert\" data-id=\"6ed9ae8\" data-element_type=\"widget\" data-widget_type=\"alert.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-alert\" role=\"alert\">\n\n\t\t\t\t\t\t<span class=\"elementor-alert-title\">Attention<\/span>\n\t\t\t\n\t\t\t\t\t\t<span class=\"elementor-alert-description\">Now it is time to use the common name that has been used in the certificate creation. Name the file as you set the common name (In my case <b>telegraf<\/b>):<\/span>\n\t\t\t\n\t\t\t\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-931dbfd elementor-widget elementor-widget-heading\" data-id=\"931dbfd\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Update Cisco Nexus Device Configuration<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7102d45 elementor-widget elementor-widget-text-editor\" data-id=\"7102d45\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The Cisco Nexus device needs to be configured to load the .crt file we just generated and added to Telegraf.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ce754c2 elementor-widget elementor-widget-code-highlight\" data-id=\"ce754c2\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"prismjs-default copy-to-clipboard \">\n\t\t\t<pre data-line=\"5\" class=\"highlight-height language-markup line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-markup\">\n\t\t\t\t\t<xmp>  copy scp:\/\/USER@172.16.16.254\/\/etc\/telegraf\/telegraf.crt bootflash:telegraf.key vrf management \n  show file bootflash:telegraf.crt\n  conf t\n    telemetry \n      certificate \/bootflash\/telegraf.crt telegraf<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0d62b0a elementor-widget elementor-widget-text-editor\" data-id=\"0d62b0a\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Let&#8217;s check if the configuration works and we are sending data to the Telegraf instance:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5a5c6a1 elementor-widget elementor-widget-code-highlight\" data-id=\"5a5c6a1\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"prismjs-default  \">\n\t\t\t<pre data-line=\"5\" class=\"highlight-height language-markup line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-markup\">\n\t\t\t\t\t<xmp>n9k# show telemetry transport \n\nSession Id      IP Address      Port       Encoding     Transport  Status    \n--------------------------------------------------------------------------------\n0               172.16.16.254   57000      GPB          gRPC       Transmit Error\n--------------------------------------------------------------------------------<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-94a50cd elementor-alert-danger elementor-widget elementor-widget-alert\" data-id=\"94a50cd\" data-element_type=\"widget\" data-widget_type=\"alert.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-alert\" role=\"alert\">\n\n\t\t\t\t\t\t<span class=\"elementor-alert-title\">Transmit error<\/span>\n\t\t\t\n\t\t\t\t\t\t<span class=\"elementor-alert-description\">After configuring the certificate, the Nexus device was not sending any data and the state got stuck in <b>Transmit error<\/b>. To solve the issue I unconfigured telemetry (line 1) and configured it again<\/span>\n\t\t\t\n\t\t\t\t\t\t<button type=\"button\" class=\"elementor-alert-dismiss\">\n\t\t\t\t\t\t\t\t\t<span aria-hidden=\"true\">&times;<\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-screen-only\">Dismiss this alert.<\/span>\n\t\t\t<\/button>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f9c6b51 elementor-widget elementor-widget-code-highlight\" data-id=\"f9c6b51\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"prismjs-default copy-to-clipboard \">\n\t\t\t<pre data-line=\"1\" class=\"highlight-height language-markup line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-markup\">\n\t\t\t\t\t<xmp>   no telemetry \n    telemetry\n        certificate \/bootflash\/telegraf.crt telegraf\n        destination-profile\n            use-vrf management\n        destination-group 1\n            ip address 172.16.16.254 port 57000 protocol gRPC encoding GPB \n        sensor-group 1\n            data-source YANG\n            path openconfig-interfaces:interfaces\n            dst-grp 1\n            snsr-grp 1 sample-interval 10000\n<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eaa5e2e elementor-widget elementor-widget-text-editor\" data-id=\"eaa5e2e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Let&#8217;s check if this workaround is solving the issue:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-75942d4 elementor-widget elementor-widget-text-editor\" data-id=\"75942d4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>With &#8220;show telemetry data collector details&#8221; we can verify if our configured subscription works:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fceb881 elementor-widget elementor-widget-code-highlight\" data-id=\"fceb881\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"prismjs-default  \">\n\t\t\t<pre data-line=\"5,12\" class=\"highlight-height language-markup line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-markup\">\n\t\t\t\t\t<xmp>n9k(conf-tm-sub)# show telemetry transport \n\nSession Id      IP Address      Port       Encoding     Transport  Status    \n--------------------------------------------------------------------------------\n0               172.16.16.254   57000      GPB          gRPC       Idle      \n--------------------------------------------------------------------------------\n\nn9k(conf-tm-sub)# show telemetry transport \n\nSession Id      IP Address      Port       Encoding     Transport  Status    \n--------------------------------------------------------------------------------\n0               172.16.16.254   57000      GPB          gRPC       Connected \n--------------------------------------------------------------------------------<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-429921f elementor-widget elementor-widget-code-highlight\" data-id=\"429921f\" data-element_type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"prismjs-default  \">\n\t\t\t<pre data-line=\"6,14\" class=\"highlight-height language-markup line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-markup\">\n\t\t\t\t\t<xmp>n9k(conf-tm-sub)# show telemetry data collector details \n\n--------------------------------------------------------------------------------\nRow ID         Successful     Failed         Skipped        Sensor Path(GroupId)\n--------------------------------------------------------------------------------\n0              243            0              0             openconfig-interfaces:interfaces(1)\n--------------------------------------------------------------------------------\n\nn9k(conf-tm-sub)# show telemetry data collector details \n\n--------------------------------------------------------------------------------\nRow ID         Successful     Failed         Skipped        Sensor Path(GroupId)\n--------------------------------------------------------------------------------\n0              246            0              0             openconfig-interfaces:interfaces(1)\n--------------------------------------------------------------------------------<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-10705a4 elementor-widget elementor-widget-text-editor\" data-id=\"10705a4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The &#8220;State&#8221; is <strong>connected <\/strong>and we are<strong> sending data<\/strong>!<\/p><p>Now we need the prove and verify with a tcpdump if the device sends out encrypted data:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d5bfd75 elementor-widget elementor-widget-heading\" data-id=\"d5bfd75\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Wireshark encrypted content<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-122fb08 elementor-widget elementor-widget-image\" data-id=\"122fb08\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_wireshark_encrypted.png\" data-elementor-open-lightbox=\"yes\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6NDQ1LCJ1cmwiOiJodHRwOlwvXC8xOTIuMTY4LjEuMjEzOjgwODhcL3dwLWNvbnRlbnRcL3VwbG9hZHNcLzIwMjJcLzA4XC90ZWxlbWV0cnlfd2lyZXNoYXJrX2VuY3J5cHRlZC5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"800\" height=\"669\" src=\"http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_wireshark_encrypted-1024x856.png\" class=\"attachment-large size-large wp-image-445\" alt=\"\" srcset=\"http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_wireshark_encrypted-1024x856.png 1024w, http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_wireshark_encrypted-300x251.png 300w, http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_wireshark_encrypted-768x642.png 768w, http:\/\/192.168.1.213:8088\/wp-content\/uploads\/2022\/08\/telemetry_wireshark_encrypted.png 1158w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5fdaab4 elementor-widget elementor-widget-text-editor\" data-id=\"5fdaab4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong>Awesome, the payload is encrypted now!\u00a0<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0316754 elementor-widget elementor-widget-heading\" data-id=\"0316754\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\">Useful links<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f89ea98 elementor-widget elementor-widget-text-editor\" data-id=\"f89ea98\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/switches\/datacenter\/nexus9000\/sw\/93x\/progammability\/guide\/b-cisco-nexus-9000-series-nx-os-programmability-guide-93x\/b-cisco-nexus-9000-series-nx-os-programmability-guide-93x_chapter_0101001.html\" rel=\"noopener\">Nexus 9000 Model Driven Telemetry<\/a><\/li><li><a href=\"https:\/\/github.com\/YangModels\/yang\/tree\/main\/vendor\/cisco\/nx\" rel=\"noopener\">Cisco YANG model repository<\/a><\/li><li><a href=\"https:\/\/github.com\/influxdata\/telegraf\/blob\/master\/plugins\/inputs\/cisco_telemetry_mdt\/README.md\" rel=\"noopener\">Telegraf Model Driven Telemetry Plugin<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-32ee22e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"32ee22e\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-aa476d5\" data-id=\"aa476d5\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Table of Contents Introduction Into Model-Driven Telemetry With Cisco Nexus When using model-driven telemetry with Cisco Nexus, you&#8217;re probably sending sensitive data across your network without using encryption. By not encrypting your traffic, you&#8217;re leaving yourself open to attacks from anyone who may be monitoring your traffic. Keep on reading to learn how you can [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":434,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[14],"tags":[],"class_list":["post-433","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cisco-technologies"],"_links":{"self":[{"href":"http:\/\/192.168.1.213:8088\/wp-json\/wp\/v2\/posts\/433"}],"collection":[{"href":"http:\/\/192.168.1.213:8088\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/192.168.1.213:8088\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/192.168.1.213:8088\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/192.168.1.213:8088\/wp-json\/wp\/v2\/comments?post=433"}],"version-history":[{"count":75,"href":"http:\/\/192.168.1.213:8088\/wp-json\/wp\/v2\/posts\/433\/revisions"}],"predecessor-version":[{"id":1473,"href":"http:\/\/192.168.1.213:8088\/wp-json\/wp\/v2\/posts\/433\/revisions\/1473"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/192.168.1.213:8088\/wp-json\/wp\/v2\/media\/434"}],"wp:attachment":[{"href":"http:\/\/192.168.1.213:8088\/wp-json\/wp\/v2\/media?parent=433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/192.168.1.213:8088\/wp-json\/wp\/v2\/categories?post=433"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/192.168.1.213:8088\/wp-json\/wp\/v2\/tags?post=433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}