Model Driven Telemetry (MDT) Input

NetFlow Optimizer now supports receiving telemetry data using Model Driven Telemetry (MDT). This modern approach allows network devices to proactively stream structured data based on defined data models, providing real-time insights into your network's state and performance.

Key Features of MDT Support in NFO

• Dial-Out Mode: NFO listens for incoming telemetry streams initiated by your network devices. In this dial-out mode, your routers and switches act as clients, establishing a persistent connection to NFO (the server) and continuously pushing telemetry data.
• gRPC Transport: NFO utilizes the gRPC protocol for efficient and high-performance data transport, ensuring reliable and fast delivery of telemetry information.
• Persistent Connections: Once a connection is established, NFO maintains it. If a connection drops, the sending device will automatically attempt to reconnect every 30 seconds, ensuring continuous data flow.

Preparing Your Network Devices for MDT Streaming

Before NFO can receive MDT data, you need to configure your network devices to stream telemetry. This typically involves using a configuration tool like Cisco YANG Suite.

1. Select the Streaming Method: Configure your device to use the yang-push stream.
2. Set the Reporting Interval: Define the frequency at which your device should send telemetry updates for specific data sets (yangsets).
3. Specify the NFO Receiver: Configure the destination IP address or hostname of your NFO server, the port NFO will be listening on (default: 57000), and the protocol as grpc-tcp.
4. Build and Apply Configuration: Use your device's configuration tools to build and apply these settings.

Configuring MDT Inputs in NFO

To enable NFO to receive and process MDT data, you need to configure MDT Inputs. This is done through a dedicated interface within NFO (similar to how SNMP Traps are configured).

1. Navigate to the Inputs section in the NFO web interface.

2. Locate the MDT Inputs configuration area.

3. Here you can configure MDT Inputs with the following parameters:

   • IP/Host to Listen To: Enter the IP address or hostname that NFO should listen on for incoming MDT connections. To listen on all available network interfaces, use 0.0.0.0. The default is 0.0.0.0.
   • Port to Listen On: Specify the TCP port number that NFO will use to listen for incoming MDT streams. The default port is 57000.
   • MDT Credentials ID: If you have configured TLS security for your MDT connections, select the corresponding MDT Credentials ID from the dropdown. This links the input to the necessary certificates and keys.
   • Comment: You can add an optional comment for your own reference.
   • JSON Output: Enable this option to receive the MDT data in JSON format.
   • Output Filter: Choose whether to process all received MDT data or only data related to original NetFlow/IPFIX information (if applicable).

4. Click Add New to create a new MDT Input and configure the necessary parameters.

Securing MDT Connections with TLS (Server Side - NFO)

You can secure the communication between your network devices and NFO using TLS. To enable TLS on the NFO receiver side:

1. In the MDT Inputs configuration, expand the TLS Settings (Server Side) section.
2. Toggle Enabled to Yes.
3. Configure the following TLS parameters:
   • Certificate Name: Select the name of a pre-defined certificate stored in NFO.
   • Private Key Path: Enter the server path to the private key file (in PEM format).
   • Certificate Path: Enter the server path to the certificate file (in PEM format).
   • CA Certificate Path: Enter the server path to the Certificate Authority (CA) certificate file (in PEM format) if you need to authenticate clients.
   • Authenticate Client (mutual auth): Toggle to Yes if you require clients (network devices) to present their certificates for mutual authentication.
   • Validate Client Certs: If client authentication is enabled, keep this set to Yes to reject unauthorized client certificates.
   • Common Name: (Optional) Define a regular expression that the client certificate's Common Name (CN) or Subject Alternative Name (SAN) must match for the connection to be accepted.

MDT Credentials

You can manage TLS certificates and keys in the MDT Credentials watchlist. Each credential entry has a unique ID that you can then associate with specific MDT Inputs.

• MDT Credentials ID: A unique string identifier for the credential set.
• Insecure Credentials: Set to 0 if TLS security is enabled. Set to 1 for insecure connections (not recommended for production environments).
• Certificate Path: The path to the server certificate file (PEM format).
• Private Key Path: The path to the server's private key file (PEM format).
• Comment: An optional field for your notes.

Data Format

NFO receives MDT data and processes it. The raw MDT messages (in XML or JSON format) are then forwarded to the configured Outputs. You can choose to receive the data in JSON format by enabling the JSON Output option in the MDT Input configuration. Example MDT Data (JSON):

{
  "nodeIdStr": "router",
  "subscriptionIdStr": "2000",
  "encodingPath": "ietf-interfaces:interfaces-state/interface",
  "collectionId": "2",
  "collectionStartTime": "1746612261976",
  "msgTimestamp": "1746612261976",
  "dataGpbkv": [
    {
      "timestamp": "1746612261976",
      "fields": [
        {
          "name": "keys",
          "fields": [
            {
              "name": "name",
              "stringValue": "GigabitEthernet1"
            }
          ]
        },
        {
          "name": "content",
          "fields": [
            { "name": "type", "stringValue": "ethernetCsmacd" },
            { "name": "admin-status", "stringValue": "up" },
            { "name": "oper-status", "stringValue": "up" },
            { "name": "last-change", "stringValue": "2025-05-07T06:41:21.052000+00:00" },
            { "name": "if-index", "sint32Value": 1 },
            { "name": "phys-address", "stringValue": "00:15:5d:c3:75:10" },
            { "name": "speed", "uint64Value": "1000000000" },
            {
              "name": "statistics",
              "fields": [
                { "name": "discontinuity-time", "stringValue": "2025-05-07T06:39:29+00:00" },
                { "name": "in-octets", "uint64Value": "395550" },
                { "name": "in-unicast-pkts", "uint64Value": "6351" },
                { "name": "in-broadcast-pkts", "uint64Value": "0" },
                { "name": "in-multicast-pkts", "uint64Value": "0" },
                { "name": "in-discards", "uint32Value": 0 },
                { "name": "in-errors", "uint32Value": 0 },
                { "name": "in-unknown-protos", "uint32Value": 0 },
                { "name": "out-octets", "uint64Value": "618574" },
                { "name": "out-unicast-pkts", "uint64Value": "6109" },
                { "name": "out-broadcast-pkts", "uint64Value": "0" },
                { "name": "out-multicast-pkts", "uint64Value": "0" },
                { "name": "out-discards", "uint32Value": 0 },
                { "name": "out-errors", "uint32Value": 0 }
              ]
            }
          ]
        }
      ]
    }
  ]
}