A control plane is an infrastructure layer that governs how data travels across the network, and updates rules that control how traffic (the data plane) is routed.

Control planes also include APIs that fulfill numerous administrative functions. Requests are  sent automatically on startup (when the control plane launches and discovers connected nodes and services), in response to resource updates or configuration changes, and manually based on user inputs. Capabilities will vary from one control plane to the next, but generally encompass actions that directly influence configurations, security policies, service discovery, and others. 

Some might categorize these functions under the "management plane" umbrella, but each control works a little differently (or comprehensively) depending on the overall platform they're integrated with.

What makes a control plane useful?

Many control planes are indeed API-driven (via the CLI), but others include a graphical user interface (GUI) to appeal to a wider user demographic. This type of interface offers some key benefits: 

  • Richer visualization of performance metrics and traffic data beyond just text readouts

  • Clearer visual feedback that an action or operation has occurred as expected

  • Easier use by more teams and more individual users with varying degrees of technical expertise

  • Easier multitasking and batching of administrative actions

  • Improved accessibility

  • Automation controls

  • Aesthetic appeal that increases user friendliness and user delight (in other words, "we want to spend more time in here")

These are important advantages with widespread appeal. A good control plane interface will preserve the technical capabilities (and runtime data) that power users crave without alienating them—or oversimplifying UX to the point where nobody feels empowered. That's why control planes often pair a foundational API component, working behind the scenes, with a GUI to help democratize use.

How does a control plane work?

Versus the data plane, control planes are relatively complex due to their robust orchestration abilities. Control planes are typically composed of associated APIs, an optional GUI (as mentioned), management workflows, one or more databases, and important business logic. 

introduction-architecture-fusion-architecture

A depiction of control plane functionality, as demonstrated using HAProxy Fusion Control Plane.

Relatively speaking, there are multiple components and therefore potential points of failure that organizations must continually monitor. That larger footprint also increases the control plane's attack surface, boosting the importance of secure application design. 

Although they're treated as separate components, the control plane and data plane are tightly intertwined. Let's say you're firing up your control plane. After initialization, the control plane can automatically perform API operations to discover active nodes within your infrastructure—such as load balancer instances, for example—and clearly display them. From there, users are free to push per-node or global security policies, configuration changes, and more through the GUI. These actions rely on one or more separate APIs supporting the data plane, which provide some abstraction. 

A control plane can tap into the data plane to pull performance metrics from running nodes. Beyond that, it empowers users to add or remove nodes and services as needed. Automated service discovery boosts scalability as clusters multiply. And some control planes—often using AI or similar technologies—can suggest remediative actions after detecting infrastructure faults. These functions are unique to each control plane product. 

The control plane operates at layer 3 of the OSI model—also called the network layer—and uses a number of internet protocols (aside from often using HTTP for its own APIs): 

  • Border Gateway Protocol (BGP)

  • Routing Information Protocol (RIP)

  • Enhanced Interior Gateway Routing Protocol (EIGRP)

  • Internet Control Message Protocol (ICMP)

  • Open Shortest Path First (OSPF)

  • Intermediate System to Intermediate System (IS-IS)

  • Multiprotocol Label Switching (MPLS)

Does HAProxy include a control plane? 

Yes! HAProxy Fusion gives DevSecOps teams the power to simplify, scale, and secure their HAProxy application delivery infrastructure with a centralized control plane. Teams can manage a distributed load balancing layer and multiple teams with robust enterprise controls, via a modern GUI and REST API. 

HAProxy Fusion enables management, monitoring, and automation for all your HAProxy Enterprise instances. HAProxy Fusion works seamlessly with on-premises deployments, multi-cloud deployments, Kubernetes, and anything in between.

To learn more about control plane functionality in HAProxy, check out our HAProxy Fusion Has Landed blog post or Announcing HAProxy Fusion 1.3 to view the latest and greatest product developments.