data plane

What is the data plane?

The data plane -- sometimes known as the user plane, forwarding plane, carrier plane or bearer plane -- is the part of a network that carries user traffic. The data plane, the control plane and the management plane are the three basic components of a telecommunications architecture.

In networking, a plane is not a physical component, but an intangible idea that helps conceptualize traffic flows through a network. It refers to a part of the physical network architecture -- or an area of operations -- where certain activities and processes take place.

The control plane and management plane serve the data plane, which bears the traffic that the network is designed to carry. The data plane enables data transfer to and from clients, handling multiple conversations through multiple protocols, and manages conversations with remote peers. In addition, it dictates application behavior and executes everything from service-level agreements and policies to retries and keepalives to ensure network links are available and other scaling or behavior triggers. Data plane traffic travels through routers, rather than to or from them.

Control plane vs. data plane

The control plane is the network component that carries information about the network and programs actions for the data plane. It defines the network topology and controls all activities related to traffic routing and packet forwarding.

This plane is also where routing tables are created by routers -- after processing the packets and using various protocols such as Open Shortest Path First (OSPF), Border Gateway Protocol (BGP) or Intermediate System to Intermediate System -- and where quality of service and virtual LAN are implemented. The routing table provides path details for the data packets. The router will refer to these details to determine where the packet should go. The control panel makes all routing decisions.

Control plane vs. data plane illustration of cars and traffic lights at an intersection.
The stoplights at the intersection represent the control plane, and the cars that obey the stoplights and forward the traffic on the road represent the data plane.

Once the control plane determines how and to which ports packets should be forwarded, the data plane refers to the logic and actually forwards the packets. This is why it is also known as the forwarding plane. Thus, the network layer handles all traffic and moves packets from source to destination based on the actions and logic programmed and supplied to it by the control plane.

After sourcing the traffic, the data plane sends it on to other network-supported devices. Routers then forward the packets downstream to their appropriate destinations. All data plane packets go through routers, and the traffic is tightly controlled to protect the network from malicious network traffic.

In any network, both the data plane and control plane are required in order to move traffic. The data plane cannot function without the control plane because it requires the logic created by the control plane to determine where traffic should go. In contrast, the control plane works independently and doesn't depend on the data plane to determine how and where packets will be transported.

Data plane vs. management plane

The management plane is the area where the network's operations are configured, managed and monitored. It can be considered a subset of the control plane, although it has its own distinct functions, particularly related to configuration and monitoring. Also, the management plane uses protocols such as Simple Network Management Protocol, Secure Shell and Telnet for its configuration and management tasks, whereas the control plane uses protocols such as OSPF and BGP to allow network devices to exchange information.

The management plane is where devices and tools such as switches, routers, command-line interfaces and shells are configured. Their performance is also monitored in the management plane. This plane defines the traffic that will be used to manage and monitor the various network elements. It also ensures the network operates efficiently and securely, blocks unauthorized access, prevents traffic compromise and makes software updates as required.

Both the control and management planes can be considered the high-level planes of a network architecture due to their higher-level functions and also because they operate at a higher layer of the Open Systems Interconnection, or OSI, model. The data plane is considered a low-level plane since it is mainly responsible for forwarding data packets rather than managing and optimizing the network's operations.

Diagram of the OSI model.
The seven layers of the OSI model, where the data plane is considered a low-level plane as it is mainly responsible for forwarding data packets, while the control and management planes can be considered the high-level network architecture planes.

What is SDN and decoupling of control and data planes?

In conventional networking, all three planes in the network topology are implemented in the firmware of routers and switches. Packets travel through routers and are forwarded by the data plane based on information provided by the routing tables -- created in the control plane -- and with the help of routing protocols.

Software-defined networking (SDN) decouples the data and control planes and implements the data plane in software instead, which enables programmatic access to make network administration much more flexible.

Software-defined networking diagram.
SDN architecture separates the network into three distinguishable layers, connected via northbound and southbound APIs. It decouples the data and control planes, implementing the former in software instead.

Decoupling means that the two planes function autonomously and are unaware of each other. Doing so allows dynamic access and administration. A network administrator can shape traffic from a centralized control console without having to touch individual switches. The administrator can change any network switch's rules when necessary -- prioritizing, deprioritizing or even blocking specific types of packets with a very granular level of control.

Decoupling also makes it easier to troubleshoot the network architecture. Further, it helps with the creation of a more scalable and flexible infrastructure that can more easily keep up with evolving business requirements.

Read about the five different types of network management and network management tasks and best practices. Explore the importance of unified, end-to-end network management and how to plan a network management strategy for multiple tools. Learn what SDN data center controllers do in a network and what software-defined LAN means for campus virtualization. Check out three factors involved in SDN security and how SD-WAN technology uses SDN concepts to distribute network traffic across a wide area network.

This was last updated in October 2023

Continue Reading About data plane

Dig Deeper on Network infrastructure

Unified Communications
Mobile Computing
Data Center