It seems it’s easy to define what a network device control plane is (and how it’s different from the data plane)… until someone starts unearthing the interesting corner cases. This blog post is trying to address some of them.

What Exactly Is The Control Plane?

Tassos opened an interesting can of worms in a comment to my Management, Control and Data Planes post: Is ICMP response to a forwarded packet (TTL exceeded, fragmentation needed or destination unreachable) a control- or data-plane activity?

Other control plane protocols (BGP, OSPF, LDP, LACP, BFD ...) are more clear-cut – they run between individual network devices (usually adjacent, but there’s also targeted LDP and multihop BGP) and could be (at least in theory) made to run across a separate control plane network (or VRF).

Control plane protocols usually run over data plane interfaces to ensure shared fate – if the packet forwarding fails, the control plane protocol fails as well – but there are scenarios (example: optical gear) where the data plane interfaces cannot process packets, forcing you to run control plane protocols across a separate set of interfaces.

Typical control plane protocols aren’t data-driven: BGP, LACP or BFD packet is never sent as a direct response to a data plane packet.

ICMP is different: some ICMP packets are sent as replies to other ICMP packets, others are triggered by data plane packets (ICMP unreachables and ICMPv6 neighbor discovery).

Trying to classify protocols based on where they’re run is also misleading. It’s true that the networking device CPU almost always generates ICMP requests and responses (it doesn’t make sense to spend silicon real estate to generate ICMP responses). In some cases, ICMP packets might be generated in the slow path, but that’s just how a particular network operating system works. Let’s ignore those dirty details for the moment; just because a device’s CPU touches a packet doesn’t make that packet a control plane packet.

Vendor terminology doesn’t help us either. Most vendors talk about Control Plane Policing or Protection, equating control plane with the device CPU – these mechanisms usually apply to control plane protocols as well as data plane packets punted from ASICs to the CPU.

Even IETF terminology isn’t exactly helpful – while C in ICMP does stand for Control, it doesn’t necessarily imply control plane involvement. ICMP is simply a protocol that passes control messages (as opposed to user data) between IP devices.

Honestly, I’m stuck. Is ICMP a control plane protocol that’s triggered by data plane activity or is it a data plane protocol? Can you point me to an authoritative source explaining what ICMP is? Share your thoughts in the comments!

Latest blog posts in OpenFlow Basics series

More blog posts in this series

Recent posts in the same categories

11 comments:

  1. Unknown 07 October 2013 08:49
    Excellent question, I think the outdated RFC 792 explains it very well. Why else would they call it control message protocol?
  2. Anonymous 07 October 2013 15:56
    My view is that data plane / control plan / management plane are high level abstractions. I'm not sure how useful it is to be able to strictly classify every protocol or packet type. And I think the problem would get worse when you try to make distinctions between control and management protocols.

    But FWIW, wouldn't Openflow have many of the same issues with classification, since a lot of Openflow traffic is going to be generated in response to unknown packets?
  3. Steve 07 October 2013 16:07
    Control plane, but only for the endpoint routers.
  4. Anonymous 07 October 2013 16:55
    Seems like a grey area. ICMP is confusing in another way too -- it's considered part of layer 3, but it's like a layer 4 protocol in that is has its own IP protocol number and the ICMP header comes after the IP header.

    - Nik Weidenbacher
  5. Roland Dobbins 07 October 2013 17:52
    ICMP is a control-plane protocol. The confusion (such as it is) is that control-plane protocols are in-band in TCP/IP - consider BGP multi-hop, for example.
    Replies
    1. Ivan Pepelnjak 07 October 2013 18:12
      Are ECN TCP bits then also a control-plane protocol? What's the difference between setting bits to indicate congestion and sending a packet to indicate network error?
  6. Bhargav Bhikkaji 07 October 2013 18:32
    Would probably define Control plane as following

    Control plane is a process by which certain states are derviated to aid data plane. Most of the protocols (BGP, OSPF...) derive states independent of data plane. Certain protocols like Multicast, ICMP use data plane itself to arrive at states to aid data plane.

    Strictly speaking, Control plane policing (CoPP) could probably be renamed to CPU Policing, as policies both control and data plane.
  7. Piotr Jablonski 07 October 2013 21:42
    This discussion is multi-level.

    1. From the definition point of view ICMP is the control plane protocol.
    2. From the hardware point of view some protocols (like ICMP, BFD) can be offloaded to line cards so they do not affect the HW control plane which is represented by a control module. It is hard to say about PING represented by an ICMP Echo Request that this is a control-plane packet on distributed devices. An LC can respond. Thus no operations really needed on the RP CPU.
    3. Does it mean that the control plane can be just attributed to the HW module? Of course not. The control plane is more like an abstraction - as someone mentioned earlier. So from the functionality/abstraction point of view some protocols can be the control/data/mgmt (match any) plane protocols at the same time.
  8. Tassos 07 October 2013 23:06
    Ivan, although we've discussed it in the original post, i don't see any obvious reason why a response to a data plane packet cannot be a control plane packet.

    So, i can see a clear role for ICMP as a two-way control plane protocol handling the status/info communication between devices and as an one-way control plane protocol handling the error reporting of a device towards another.
  9. Ianislav Trendafilov 08 October 2013 17:04
    Hey Ivan, I have one more question: Which plane generates a "TTL expired" message?
    I think that the answer should be: depends on implementation. It could be a process running on router CPU (control plane process) or hardware ASIC (data plane).
    Same is for ICMP replies. Some hardware may implement it in ASIC, but usually this is a kernel process (control plane).
  10. Unknown 02 March 2016 07:58
    the ping initiating and terminating devices - control plane is invoked.
    The pass through devices - data plane is initiated.
Add comment
Home
Sidebar