Re: Trying to understand the differences between the data/control/management planes

wrainwater · ‎11-11-2018

I see these terms get thrown around a lot. In my cisco novice mind im assuming

data = all the data packets flowing through the switch.

control = not sure. assuming the protocols that control the traffic ??

Management = the traffic flowing through the management interface ??? not sure either.

can someone help me understand them?

Mohammed al Baqari · ‎11-11-2018

I will give you an example to make it closer. In IPSec VPN,

data is the actual encrypted traffic (called esp or ah)
control is the traffic required to setup vpn (called isakmp)

management is the management traffic to the box such as telnet, ssh, etc

Similarly for BGP routing

data is the actual traffic going from one router to another
control is the traffic required to establish BGP neighborship

Dennis Mink · ‎11-11-2018

I look at it like this:

data plane: the hardware and logic required to process packets, for instance from eth1/16 to eth 1/1 on a nexus switch. if an ethernet frame goes between these ports only the cam table is used and the frame is simply switched without the intervention of the control plane.

the control plane, where the configuration lives, process traffic for instance if it need to router traffic or encapsulate it into IPSEC.

management plane, all that is needed to manage the device. firewall can have a dedicated port for that.

read up on ISSU on a nexus switch, this gives you an inside of how the data and control plan can work independently

Please remember to rate useful posts, by clicking on the stars below.