Control Plane vs Data Plane | The Ancient Soldier

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

you weren't working networking long before you hear someone talking about the control plane and the data plane at first this can be quite confusing what are they what are they used for what's the difference between them we're here to demystify the control and data planes in times past communication was very manual think of an ancient general organizing his troops he may post a soldier as a messenger this soldier needs to listen closely for any messages or watch read signals and be prepared to pass them on he's not overly concerned with the message itself he just needs to pass it on quickly and accurately but there are also times when the messages are meant directly for him another soldier may be talking to him maybe he's getting new orders or maybe he's finding out about a shift change in this case our soldier cares about this message he needs to listen to what's being said think about it and then respond our networking devices are like this soldier a major part of what they do is receive traffic and pass it on quickly and accurately this is the data plane also known as the forwarding plane this includes the FIB at layer 3 and switching at layer 2 routers and switches will also make good use of technologies like saif t cam tables and specialized Asics if they're available but these devices also need to be able to respond to traffic that's sent to them and generate messages themselves they need to participate in the conversation this kind of traffic could include management routing protocols ping monitoring and so on this is control plane traffic the control plane is special as it's involved in controlling how data is forwarded through the network think of routing protocols for example the control plane can definitely affect the data plane this includes altering and filtering data like load balancing firewall rules and so on you can roughly think of the control plane as the brain of the network but why do we bother making a distinction between the two one reason is technologies can be developed independently you can take a router that you bought a few years ago and installed new software on it giving you new features the control plane features are not locked into the hardware of the data plane as they can major advantage is seen in Software Defined Networking if the data plane and control plane is separate we can remove the control plane from the device and now we have a separate device such as an SDN controller which manages how the network behaves our switches and routers can now simply focus on forwarding only think of our soldier again for a moment imagine if he gets too busy chatting to another soldier he could get easily distracted or overwhelmed this may make it difficult to do his real job he might even miss something important the same can happen in the network the control plane utilizes the CPU regularly so if the CPU gets fully utilized the control plane suffers if it gets too busy to handle any new packets it may struggle with something critical like OSPF or EIGRP this in turn can cause a problem for the data plane so as you can see the control plane is a potential attack surface if an attacker can overwhelm the control plane perhaps with a ping flood or some other DDoS attack they could compromise the whole device this is why we can use control plane protection this is where we limit the amount of certain types of control plane traffic that a device will accept some devices will have basic protection built-in some more advanced platforms will let you configure the protection yourself mostly through quads policies there's just one last thing I'd like to cover and that's what is sometimes known as the management plane the management plane is management traffic that's going to a device like ssh telnet web console SNMP and others strictly speaking this is still control plane traffic but you can treat it differently to other types of control plane traffic like routing updates NetFlow ping and so on this raises an interesting question is all management traffic control plane traffic well it depends on the perspective if management traffic is going to a device then as far as this device is concerned this is control plane traffic if management traffic is going through a device perhaps to manage another device somewhere else then from the devices perspective this is data plane traffic so the simplified version of all this is that when forwarding traffic were using the data plane when generating or responding to traffic we're using the control plane hope all this makes sense and thank you for watching

Info

Channel: Network Direction

Views: 33,479

Rating: 4.9331102 out of 5

Keywords: data plane, data plane vs control plane, management plane, forwarding plane, control plane and data plane, network device planes, data plane and control plane in networking, control plane and forwarding plane, control plane vs data plane cisco, control plane, control plane policing, control plane protection, switch, explanation, computer science, ccnp, vxlan explained, security, ssh, rdp, network architecture, computer network (industry), ccie, copp, mpls, network direction

Id: P9ZMugAf9lU

Channel Id: undefined

Length: 4min 58sec (298 seconds)

Published: Thu Jul 26 2018