← Lessons

quiz vs the machine

Gold1380

System Design

Control Plane vs Data Plane

The split between the proxies that carry traffic and the brain that configures them.

5 min read · core · beat Gold to climb

Two Planes, Two Jobs

A mesh separates what moves traffic from what decides how. The data plane is the set of proxies that actually forward bytes. The control plane is the management layer that programs those proxies.

Data Plane Responsibilities

  • Forwarding requests and balancing load.
  • Applying retries, timeouts, and circuit breakers.
  • Terminating and originating encryption.
  • Emitting metrics and traces.

The data plane is on the hot path, so it must be fast and stay running even if the control plane is down.

Control Plane Responsibilities

  • Distributing configuration to every proxy.
  • Managing service discovery and endpoints.
  • Issuing certificates for identity.
  • Enforcing policy from a central source of truth.

Why the Split Matters

Because the data plane caches its last known config, a control plane outage degrades gracefully. Existing traffic keeps flowing using the rules already pushed. New routing changes simply pause until the control plane recovers. This separation is what lets a mesh survive partial failure.

Key idea

The data plane forwards traffic on the hot path while the control plane configures it from the side, so a control plane outage degrades gracefully rather than dropping requests.

Check yourself

Answer to earn rating on the learn ladder.

1. What happens to live traffic if the control plane goes down?

2. Which responsibility belongs to the control plane?

3. Why must the data plane be fast?