One of the key Cisco Nexus switch features to ensure great availability and high performance is the separation of traffic and processing of traffic into what are called different planes. The three main planes are:
- Data
- Control
- Management
Data refers to packets that are being transferred between systems – for example, the packets that make up a website that a client is accessing. Control traffic is that traffic that helps make the infrastructure functional and intelligent. For example, Spanning Tree Protocol traffic at Layer 2 and OSPF traffic at Layer 3. Finally, management traffic might consist of SSH access and SNMP packets.
Notice the illustration above – it shows different traffic forms flowing through the device. From the bottom up – these traffic flows shown are data, services, control, and management traffic. Notice how interface Access Control Lists can restrict all of these traffic forms on ingress. Control Plane Policing (CoPP) permits the limiting of control, services, and management traffic to ensure the CPU does not experience a Denial of Service (malicious or otherwise) during network activity.
Notice also from the graphic the intentional separation of the control plane traffic and the data traffic. By design, the data traffic is switched through the system while bypassing the control plane. This adds stability and performance to the system.
Something else to consider in the Nexus architecture is the ability for failed services to restart and (hopefully) not affect forwarding on the device. A System Manager watches over the processes running on the system and can restart them in a stateful manner (thanks to a setting called the HA Policy). The process can restart with state information thanks to a Persistent Storage Service that the System Manager can access for the previous state information for the process.
This post represents a high-level overview of this subject covered in detail in the 200-155 course at CBT Nuggets releasing in June of 2018.