Data Plane, Mangement Plane, Control Plan & Services Plane
I've seen these ideas mentioned in Cisco Security Documentation. Yet, I cannot find where the definitions of these terms are clearly defined along with the associated techniques. There is documentation regarding Securing the Management Plan and Control Plane but as for the other "planes" mentioned there is no concise source where Cisco really expands on the ideas and make it clear where they are going with it.
Does anyone have a clear understanding of what these terms refer to or what considerations we should have regarding them?
"Each router plane requires its own protective tools:
"Data plane protection requires detecting traffic anomalies and responding to attacks in real time. Some of the tools associated with securing the data plane are NetFlow, IP Source Tracker, access control lists (ACLs), Unicast Reverse Path Forwarding (uRPF), Remotely Triggered Blackhole (RTBH) Filtering, and quality-of-service (QoS) tools.
Control plane protection calls for a defense-in-depth approach to routing control. Some of the tools for securing the control plane are Receive ACL (rACL) and Control Plane Policing (CoPP).
Management plane protection allows secure, continuous management of Cisco IOS Software-based network infrastructure. Among the tools for securing the management plane are CPU and memory thresholding and dual export syslog. "
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...