Planes

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Planes

Not applicable

Is there a matrix or list of items that describes each of the plane functions? I know there is a management & data plane on the Palo but I'm not sure where to place the 'control' functions such as routing updates or switching path information and caching.

For example, if you restart the mgmt plane, will this trigger HA failover? I am guessing (because I don't know) that the failover would take place. Because if the interface receives a heartbeat, the heartbeat 'ping' would be destined for the device itself and need to be processed by the route processor which resides in the mgmt plane, right? The fact that there is a separation of mgmt and data plane implies a table that is created from the control/mgmt plane to switch packets like a graceful restart when the managment plane is restarted. Is this the case?

I'm aware of the single pass architecture but does the network processor on the data plane process packets destined for the device itself?

If anyone could provide a listing of such things that would be greatly appreciated!

1 REPLY 1

L6 Presenter

Hopefully someone from PA will see this thread and create such document? 🙂

Closest to your request today is:

(look at page 4)

along with

http://media.paloaltonetworks.com/documents/techbrief-app-id.pdf

and

http://media.paloaltonetworks.com/documents/techbrief-content-id.pdf

but these docs are more into the flow of a packet and not necessary the architecture of the hardware (regarding dependencies).

There are also some slides in the PAN-EDU-301 course which somewhat shows what happens where but still not on the level as your example.

Even if PA has one mgmtplane and one dataplane (well sometimes several DP's) there are still dependencies between them. For example if you use url-categories and the url doesnt already exist in the DP cache then a request is made towards mgmtplane which will perform the lookup if im not mistaken. Same goes with userid-stuff. Which gives that during a reboot of the mgmtplane, even if dataplane is separate, then new sessions (during the time the mgmtplane is rebooting) might be blocked depending on how your rules are setup (like if they use userid and/or url-filtering and the item doesnt already exist in the DP cache).

  • 2289 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!