Control Planes Vs Data Planes: What's The Difference

What's the difference between a control plane and a data plane?

For the past few years, I’ve been managing cloud services, and one key idea in cloud service architecture is the use of a control plane and data plane.

Most cloud services (e.g AWS EC2, Oracle API Gateway, Amazon S3) are separated into two logical areas - control planes and data planes.

The term control plane and data plane originate from compute networking and roughly describe an area of responsibility. In networking, a control plane might determine how packets should be forwarded, and the data plane forwards the packet.

In the context of this article, we'll consider this a "general architectural pattern" for building large-scale services.

Control Plane

Control planes provide the administrative APIs to create, read, update, delete and list cloud resources. For example, when a user launches an Amazon EC2 instance, provisions an API Gateway, or lists Amazon S3 buckets, they do so by talking to a control plane API.

Control planes are management and orchestration systems that control the lifecycle and state of resources in a data plane.

Suppose a user wants to provision a new PostgreSQL database instance. The control plane must find compute capacity, provision the database based on the user's configuration, and keep track of the database instance's state.

A control plane:

• Handles customer requests to provision, describe, update, and terminate data plane resources.
• Provides the operational interface for managing data plane resources
• Tells the data plane what it needs to do (e.g provision a virtual machine or database instance).
• Owns and reports on the authoritative current and desired state for the resources it controls.

Data Plane

A data plane implements the functionality of a service for its users. The functionality of “services” that run in the data plane can differ significantly (e.g., database instances, queues, networks, compute instances, storage volumes).

Data planes provide a service's primary function. For example, if you’re building a managed PostgreSQL cloud service, your data plane is where the databases, including the compute, run.

A data plane:

• Is the thing you interact with as a consumer of a service.
• Typically requires higher availability SLAs than control planes because customers rely on the data plane resources when building applications. Not being able to provision a new database instance is not generally as critical as not being able to use the database.

Kubernetes

Kubernetes also uses the concept of a control plane and data plane in its architecture.

The Kubernetes control plane manages Kubernetes clusters and the workloads that run on them.

The Kubernetes data plane is made up of the machines that run pods. Each compute host in a Kubernetes cluster runs an agent (the kubelet) that takes commands from the control plane and performs an action - e.g run a container.

Examples

• You create an Amazon EC2 through the control plane and interact with it through the data plane via SSH.
• You create, update, or delete a database instance through a control plane. To interact with the database, you use the data plane.

TLDR

The control plane takes instructions and manages the resources that run in the data plane. It orchestrates and manages the lifecycle of data plane resources. The data plane is where resources run.

This separation of concerns has performance and operational benefits. If there is a significant cloud outage, you may find that only the control plane is impacted, and the data plane is running fine. For example, you cannot create new EC2 instances as a customer, but your existing instances run fine.

Thanks for reading.

If you're interested in these topics, I write about software engineering management, software architecture and leadership at https://newsletter.softwareengineeringmanager.com/.