Cisco Network Foundation Protection (NFP) framework

Network Foundation Protection (NFP) is a framework designed by Cisco to logically group functions that occur on a network. The framework combines a number of security techniques to secure routers and switches and ensure the availability of the network even when it is under attack. It is broken down into three basic sections (planes):

  1. Management plane – the protocols and traffic that a network administrator uses to configure network devices from his computer. An example of the management plane traffic is the SSH or Telnet data generated by a network administrator when a Cisco IOS device is configured remotely. If a failure occurs in this plane, the ability to remotely manage a network device might be lost.
  2. Control plane – the protocols and traffic that the network devices send between each other (without interaction from an administrator) for automatic network discovery and configuration. Examples of such traffic are ARP messages or routing protocol updates. If a failure occurs in this plane, the devices might lose ability to share or learn routing information.
  3. Data plane – the end-user traffic. This is the traffic that is going through your network, and not to a network device. For example, the traffic generated when a user in your network browse a website. If a failure occurs in this plane, the user might be prevented from completing his work.


Some interdependence exists between the planes listed above. For example, if the control plane fails and the router doesn’t know how to forward traffic, the data plane will also be impacted because the user’s traffic will not be forwarded.
Geek University 2022