Showing results for 
Search instead for 
Did you mean: 

Data Plane, Mangement Plane, Control Plan & Services Plane

Level 1
Level 1

I've seen these ideas mentioned in Cisco Security Documentation. Yet, I cannot find where the definitions of these terms are clearly defined along with the associated techniques. There is documentation regarding Securing the Management Plan and Control Plane but as for the other "planes" mentioned there is no concise source where Cisco really expands on the ideas and make it clear where they are going with it.

Does anyone have a clear understanding of what these terms refer to or what considerations we should have regarding them?

1 Reply 1

Level 3
Level 3

per ........

"Each router plane requires its own protective tools:

"Data plane protection requires detecting traffic anomalies and responding to attacks in real time. Some of the tools associated with securing the data plane are NetFlow, IP Source Tracker, access control lists (ACLs), Unicast Reverse Path Forwarding (uRPF), Remotely Triggered Blackhole (RTBH) Filtering, and quality-of-service (QoS) tools.

Control plane protection calls for a defense-in-depth approach to routing control. Some of the tools for securing the control plane are Receive ACL (rACL) and Control Plane Policing (CoPP).

Management plane protection allows secure, continuous management of Cisco IOS Software-based network infrastructure. Among the tools for securing the management plane are CPU and memory thresholding and dual export syslog. "

You may also want to look into the following: