3. Control Plane (CP)
Control Plane performs all the intelligent and sophisticated activities. For example, the CP takes care of the fixup for Multi Channel Protocol, which helps in dynamically inspecting and opening up the necessary ports for the data connection. Control Plane also processes the traffic destined for it. The CP takes care of the overall NP managementsyslogging, routing and so on.
To understand the previous steps clearly, take an example of packet flow across the FWSM for FTP connection, as depicted in Figure 4-4. FTP connection requires packet processing on the CP and all network processors (both fast and Session Management NPs). This section walks through the packet flow of an FTP session when fixup is turned on for FTP as shown in Figure 4-4.
Figure 4-4. Packet Flow for FTP Session
Step 1. When the first FTP control packet arrives, the session lookup fails in Fast Path NP (NP1 or NP2), and the packet is directed to the Session Management Path (NP3).
Step 2. After passing the ACL tests in NP3, the packet is then forwarded to the CP for fixup, as this is an FTP packet.
Step 3. The CP processes the packet and sends it out through the NAT module.
Step 4. The CP inserts the control channel session entry in the fast path's session, and NAT modules indicating all the control channel packets should be directed to CP.
Step 5. On seeing the payload of the subsequent packets (PORT / PASV command), the CP inserts the necessary rule for allowing the data channel in the session module.
Step 6. All packets corresponding to the data channel are short-circuited in the fast path (NP1 & NP2).