Juniper: Control, Data and Services plane


The three main planes of Juniper’s Junos operating system are the control plane, data plane and services plane.

The control plane is the brain of the junos operating system. This is where the bulk of the brain work takes place. It is the control plane that runs protocol daemons and creates a routing table that is sent to the data plane. The data plane is not as clever as the control plane but is a different beast altogether. Transmitting received packets at light speed, the data plane relies solely on the forwarding table created by the control plane. The forwarding table in essence is a copy of the routing table created specifically with the data plane in mind.

The data plane discards any packets it doesn’t has a forwarding entry for in the forwarding table. The data plane is also known as the forwarding plane or packet forwarding engine (PFE).

Most of the time as network engineers we tend to ignore the forwarding table. This is because we assume whatever is in the routing table is replicated to the forwarding table. This is true as this is how junos is meant to operate. However, in my experience, I have found myself in situations where the control plane is working as intended and all protocol daemons seem to be working fine but no traffic is passing through. In those instances, I have found the forwarding table to be empty or forwarding destinations missing from it due to a bug, usually. So its always a good practice to check the forwarding table using the show route forwarding-table command. This would ensure the data plane is working as intended.

Whenever traffic is received that intends to use a state full service, such as a state full firewall service or any service non native to the data plane, it is forwarded to the services plane. However, once the services plane has dealt with it, the traffic is sent back to the data plane to forward it to the intended destination.

Finding it all too complicated to grasp? Don’t worry, I have created a concise video that explains these concepts with graphical illustration and simple terms just for you.

Got questions? Leave a comment! Let’s chat.

Rafay Rasool is a Network Specialist with over 10 years of experience designing, configuring and implementing core network solutions based predominantly but not limited to Juniper Routers, Switches and Firewalls along with other vendors such as Cisco, Huawei, Siemens, Aerohive, Ringmaster, Pulse etc for Internet Service Provider and Enterprise Networks.

Rafay is an avid supporter of network automation and likes to code and automate networking solutions.