Akber, 

1.  How is Control Plane and data plane traffic segmented in Cisco ACI.

Control plane on ACI exists on all devices (APIC, spines, and leaf nodes). APIC control plane pushes policy and configuration down to the switches. Switches will take the config sent by the APIC and program it into hardware (data plane). Fabric switches cannot provision configuration changes without the APIC. If an APIC or APIC cluster were to become disconnected from the fabric switches, then data plane and control-plane protocols would still function.

Leaf and spine switches also run control-plane protocols to maintain fabric services. Few examples below:

Intermediate Switch–to–Intermediate Switch (IS-IS) protocol maintains infrastructure reachability from leaf or spine to leaf or spine

VXLAN forms tunnels between tunnel endpoints (TEPs). This can be physical TEP (PTEP) to physical TEP (leaf to leaf or leaf to spine). This can also be physical TEP to proxy TEP.

Council of Oracles Protocol (COOP) maintains consistency of the endpoint database throughout the fabric

MP-BGP advertises external WAN routes to rest of the fabric

In regards to traffic, a leaf node can learn an endpoint (mac entry, IP entry, or entry with both mac and IP) via data plane and control plane (ARP). Data plane learning can be disabled. 

 2.  How many L2/L3 out construct we can can create per Bridge Domain , Per VRF and Tenant , Please let us know if any limitations .

I would recommend checking out the scalability guide. It provides information about verified and supported limits for a 'per leaf' basis and for an entire fabric.  

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/verified_scalability/b_Verified_Scalability_2_2_x.pdf