Table of Contents

MPLS Zero to Hero Training

30:07:04 Hours
52 Lectures


MPLS VPN Zero to Hero Training

15:12:01 Hours
24 Lectures


MPLS VPNs with Juniper Networks

06:19:51 Hours
20 Lectures


Introduction to MPLS - Fundamentals of MPLS

MPLS Multiprotocol Label Switching is one of the most popular and commonly used technologies in today's Service Provider and Enterprise networks. In this post, we will explain the most fundamental topics about MPLS.

After reading this post, you will learn a lot about MPLS, why we should use MPLS to MPLS packet formats, USA cases of MPLS to MPLS advantages and MPLS disadvantages, some recommendations about MPLS books, MPLS training, some basics MPLS questions, and many other things will be covered. Sit tight and let's enjoy!.

What is MPLS in Networking?

Multiprotocol Label Switching - MPLS, is a networking technology that switch the network traffic using the shortest path based on “labels,” rather than IP destination addresses, to handle forwarding over a private Wide Area Network. MPLS is a scalable and protocol-independent solution, that can carry Layer 3 IP and Non-IP and Layer 2 traffic, PPP, HDLC, Frame-Relay, Ethernet, all are possible. MPLS provides transport and can be considered one of the tunneling mechanisms. MPLS transport protocols as of 2022, are LDP, RSVP, Segment Routing and BGP LU.

An MPLS network is Layer 2.5, meaning it falls between Layer 2 (Data Link) and Layer 3 (Network) of the OSI 7 layer model hierarchy. When MPLS was invented for the first time, the reason was faster packet processing. The common belief was label switching would be faster compared to IP destination-based lookup.

Businesses use MPLS to connect remote branch offices that require access to applications that reside in the organization's data center or company headquarters. Service Providers use MPLS in their network to scale their network and to connect thousands, if not tens of thousands of their customers' locations.

What is MPLS used for, Why MPLS is used?

MPLS is used to create a transport network actually. It provides an underlay medium for overlay services. The main services that we run with the MPLS are:

  • Layer 2 MPLS VPN with Pseudowires (VPWS, VPLS)
  • EVPN
  • Layer 3 MPLS VPN
  • Inter-AS MPLS VPN
  • Carrier Supporting Carrier
  • MPLS Traffic Engineering with RSVP and Segment Routing
  • Seamless MPLS/Unified MPLS
These are some of the reasons/use cases we have MPLS in the networks.

What MPLS network consists of?

MPLS network consists of  three different types of devices:

MPLS PE Router:

PE is a Provider Edge device. In MPLS networks, all the intelligence is at the edge. The core is kept as simple as possible. KISS principle in network design comes from the ‘ Intelligent Edge, Dummy Core ‘ idea. PE device looks at the incoming frame or packet and identifies which egress PE device is used for transport. A second lookup is made to determine the egress interface on the egress device

MPLS CE Router:

CE is customer equipment that can be managed by Service Provider or Customer depending on SLA. It resides in the customer network and doesn't run MPLS with the PE router. The only exception is CSC - Carrier Supporting Carrier Architecture, in that case, LDP or BGP runs between CSC-CE and CSC-PE nodes, otherwise, in any other MPLS service, the CE router doesn't run MPLS.

MPLS P Router:

P is the Provider device and only has a connection to the MPLS-enabled devices. P device doesn’t have a connection to the customer network. Its main job is to connect the PE devices and provide reachability between the PE nodes. MPLS network can run without P nodes. In that case, the scalability of the MPLS network might be an issue. If the MPLS network runs without P routers, then the LSP - Label switch path is referred to as One-hop LSP.  

Figure - MPLS Network nodes/elements

MPLS Header

MPLS Header is 4 bye - 32 bits field. First 20 bits for MPLS Label, 3 bits for EXP, 1 bit for Bottom-of-stack, and 8 bits for TTL purposes. Labels 16 - 100,000 are in the default range used by Cisco devices. Each router's label range can be specified with the 'mpls label range command'.

MPLS Label stack has 4 parts!

The MPLS Label consists of four parts:

The Label - 20 bits

The label holds all of the information for MPLS routers to determine where the packet should be forwarded. It is 20-bits long, thus 1,048,576 labels can be assigned in the MPLS network. Sometimes this amount of labels may not be enough but in this post, we won't cover it.

MPLS Experimental - EXP bits - 3 bits

Experimental bits are used for Quality of Service (QoS) to set the priority that the labeled packet should have. In DSCP we have 6 bits for QoS, in layer 2 802.1p we have 3 COS - Class of Service bits for QoS and in MPLS, we have 3 bits EXP field. When QoS is done in the MPLS network, COS to EXP or DSCP to EXP mapping is done. Based on the MPLS DiffServ Tunneling mode, Uniform, Short-Pipe, and Pipe Model, EXP bit mapping would be different.

Bottom-of-Stack - 1 bit 

The Bottom-of-Stack tells MPLS routers whether there are no more labels in the label stack. The bottom--of-stack bit is a field that is set to 1 for the last MPLS header. For example, with MPLS VPN the VPN label will have the bottom-of-stack label set to 1, which tells the MPLS router to process the embedded transport protocol. This bit in some resources is referred to as S-bit.

MPLS Time-To-Live - 8 bits

This identifies how many hops the packet can make before it is discarded. MPLS TTL, similar to IP header, is an 8-bit value. Similar to the IP header, the TTL field is used to prevent infinite forwarding loops of MPLS frames. Max value is 255 because it is 8-bits. The TTL field can be used for path tracking like MPLS Traceroute.

MPLS Reserved Labels

Reserved labels 0 - 15 have a special meaning in MPLS

    • Label 0 - Explicit Null in IPv4 - The egress LSR tells the neighboring LSRs to forward the packet keeping the explicit null label (0). The egress router strips the label, paying attention to the QoS value, and makes the IP lookup, without doing a lookup on the label. The biggest advantage of explicit null is transferring the QoS information.
    • Label 1 - Router Alert - the label that informs the LSR to look at the packet using software instead of forwarding in hardware. This is mainly used for traceroute purpose
    • Label 2 - Explicit Null in IPv6 - Same as Label 0 in IPv4 but Label2 is for IPv6
    • Label 3 - Implicit Null label which is used for Penultimate Hop Popping - PHP purpose. The egress LSR tells the neighboring LSR to pop the topmost label before forwarding to the egress LSR. This also removes the EXP bits which may not be ideal when using MPLS DiffServ Tunneling modes(Uniform and Pipe models). The benefit of doing implicit Null is that egress LSR does not have to do the lookup on the label, strip it, and then lookup IP forwarding. It is done to improve the performance of the network but MPLS TP (Transport Profile) for example, we need the topmost/outer label end to end.

    MPLS OSI Layer

    MPLS in OSI Layer is considered as Layer 2.5 As you might know, Ethernet is Layer 2 in the OSI Layering model and IP is Layer 3 based on OSI. MPLS header is placed between Ethernet and IP, meaning between Layer 2 and Layer3, thus MPLS is commonly referred to as Layer 2.5 technology.

    What is MPLS Connection?

    Any circuit, layer 2 or layer3, that connects the device to another device for MPLS service to be carried is called MPLS Connection. Over the circuit MPLS, with LDP or RSVP doesn't need to run. The circuit might be an Ethernet and MPLS Layer 2 VPNs can run on top of it. Or Circuit (Link), can be Layer 3 and IP routing might run between the two end-points, and it can support MPLS Layer 3 VPNs. So, MPLS Connection is an underlay connection/transport which provides a medium for the overlay MPLS service.

    How does MPLS work?

    MPLS works based on 3 operations. MPLS Label Push, Swap, and POP. Ingress (First node) router does the IP destination-based lookup, assigns a label to the packet, and mid routers change this label towards the Egress router, and Egress router POP all the MPLS labels and forward the packet to the destination.

    1. The first device does a routing lookup, just like before in IP Routing
    2. But instead of finding a next-hop, it finds the final destination router.
    3. And it finds a pre-determined path, called Label switched path,  to that final router
    4. The router applies the MPLS label based on this information.
    5. Future routers use the label to forward the traffic
    6. Without needing to perform any additional IP lookups
    7. At the final destination router, the label is removed
    8. And the packet is delivered via normal IP routing.

    MPLS Router Roles

    Label Edge Router - LER or ingress node:

    The router first encapsulates a packet inside an MPLS LSP. Also, the route which makes the initial path selection.

    Label Switching Router - LSR or transit node:

    A router that only does MPLS switching in the middle of an LSP.

    Egress Node

    The final router at the end of a Label Switch Path - LSP, which removes the label

    What is MPLS Label Swapping?
    Mid-LSR, Label Switch Router only replaces the incoming label with the outgoing label. So it receives a label from its downstream node, to reach the final destination and advertises another label to its upstream for the same destination. Let's say it receives Label 10 to reach the destination/egress router, it assigns label 20 and advertises to its upstream router. Whenever its upstream router sends the packet with Label 20, LSR swaps/replace the label 20 with label 10 and sends it towards the final destination.

    What is MPLS Push Operation?

    Ingress PE router, which is the first router in the MPLS domain, does the IP lookup and assigns a label for the final destination. Assigning a label is called PUSH. Basically, it is adding a label to send the traffic towards the Egress PE router.

    What is MPLS POP Operation?

    MPLS POP means basically removing the MPLS labels. The topmost label can be removed if there is PHP, otherwise, MPLS Labels are carried all the way to the egress router and it POPs/removes the MPLS labels and forward the traffic towards the correct MPLS CE interface.

    What is MPLS Penultimate Hop Popping - PHP?

    Egress LSR, in order to improve the performance of the network, can send the Implicit Null labels which were explained earlier in the post. The benefit of doing implicit Null is that egress LSR does not have to do the lookup on the label, strip it, and then lookup IP forwarding.

    This process is called Penultimate Hop Popping. A weird name. But basically, next to the last-hop router, remove the topmost label. Only a service label/VPN label packet might have if MPLS VPN is enabled and the Egress router doesn't have to do a double lookup, one for MPLS and one for IP.

    Where MPLS PHP is used?

    Almost in any MPLS application, MPLS PHP is used by default. MPLS Layer 2 VPNs, MPLS Layer 3 VPNs, RSVP-TE, RSVP Fast Reroute, PHP is used.

    Where MPLS PHP is not used?

    MPLS Transport Profile - TP, requires an end-to-end label for OAM purposes. Also, when the topmost label needs to be carried for QoS information, Explicit Null is sent to preserve the topmost label header. Thus in general, QoS and MPLS TP don't have MPLS PHP.

    What is MPLS FEC?

    Wikipedia's explanation for MPLS FEC is, it is a forwarding equivalence class (FEC) is a term used in Multiprotocol Label Switching (MPLS) to describe a set of packets with similar or identical characteristics which may be forwarded the same way; that is, they may be bound to the same MPLS label. MPLS FEC can be identified by address, tunnel, or CoS - Class of Service. Typically, a device assigns the same label to one MPLS FEC. The traffic of one FEC is forwarded in the same mode and through the same path. However, not all packets with the same label belong to the same FEC. The EXP values of the packets may be different. Therefore, they are processed in different ways and belong to different FECs. Because the ingress LSR needs to classify packets and add labels to the packets, it is responsible for determining the FEC to which packets belong.

    MPLS FEC Examples:

    • Unicast Packets with the destination IP addresses match the same prefix.
    • Multicast packets belonging to a specific multicast group.
    • Packets that are processed in the same mode based on the process or the IP DSCP field.

    MPLS Label Signalling Protocols:

    MPLS Labels can be assigned by 4 protocols currently. LDP, RSVP, BGP, and Segment Routing. For the Service layer/Overlay MPLS Label, SR and RSVP are not used. The service layer which is also referred to as Overlay, LDP, and BGP is used. When LDP is used for the service layer, it is called Targeted LDP - tldp. When LDP is used for transport, sometimes it is referred to as Directed LDP. Underlay/Transport MPLS Label signaling can be done based on LDP, RSVP, Segment Routing, and BGP. BGP here, basically a BGP LU - Labeled Unicast.

    MPLS Switch and MPLS Routing

    MPLS is a switching technology. Switching is done based on MPLS Label. But, MPLS with an IP control plane, requires a routing protocol to set up an underlay transport network. For MPLS nodes to communicate with each other, underlay routing needs to provide reachability. Static routing or any dynamic routing protocols can be an underlay routing for MPLS.

    MPLS Internet

    Many companies want to have Internet Access with SLA, but unfortunately, this is not possible. Internet is a best-effort service, meaning there can't be Packet Loss, Delay, and Jitter guarantee and Service Providers cannot give an SLA - Service Level Agreement to their customers. MPLS on the other hand can provide SLA for availability, packet loss, latency, jitter, and many other criteria. MPLS and Internet are totally different services. Over the Internet, VPN can be created let's say via GRE, mGRE, or DMVPN technologies and MPLS can run over those technologies. So, MPLS cannot run directly over the Internet, which is a public network, but it can run over some other private networks. Not all though. For example, MPLS cannot run over GETVPN, although GETVPN is an overlay VPN, there is no tunnel with GETVPN, thus MPLS or routing protocols cannot run over GETVPN.

    is MPLS Layer 2 or Layer3?

    MPLS doesn’t fit neatly into the OSI seven-layer hierarchy, thus MPLS is not Layer 2 or Layer 3 in OSI layering. Although the Network Engineering community has been discussing whether the OSI layering is suitable for the many protocols for definition, if we would fit MPLS somewhere in the OSI layer, it is considered Layer 2.5 Because the MPLS header is placed between Layer 2 MAC and Layer 3 IP Headers. Thus, MPLS is commonly referred to as Layer 2.5 protocol. 

    Figure - MPLS is layer 2.5 Source:

    MPLS Extra StudyTutorials

    MPLS Recommended Books

    1. Network Convergence: Ethernet Applications and Next Generation Packet Transport Architectures
    2. Definitive MPLS Network Designs (Networking Technology)
    3. MPLS-Enabled Applications: Emerging Developments and New Technologies 3rd Edition

    MPLS Related Blog Posts

    1. Making the case for Layer 2 and Layer 3 VPNs
    2. Scalable VPLS Architecture
    3. Juniper MPLS Based Layer 2 VPNs
    4. Understanding MPLS VPNs Jeff Doyle

    MPLS Training Suggestions

    We strongly recommend MPLS Training with Cisco from Orhan Ergun for MPLS Training. This training comes with more than 30 hours of network design and 40 hours of hands-on practical labs using Cisco routers and switches. Network design examples in MPLS training are vendor-neutral, meaning applicable to every vendor. Also, MPLS VPN with Juniper Network Training, explains the MPLS Layer 3 VPN, MPLS Layer 2 VPNs, and EVPN by using Juniper network equipment.

    is MPLS Point-to-Point?

    Actually, MPLS depends on the protocol that we used for labeling can be a point to point, point to multipoint, or multipoint to point. If we use regular LDP, it is Multi to Point, which is used in IP Unicast transport networks. If MPLS is used with mLDP - Multipoint LDP, when it is Point to Multipoint or Multipoint to Multipoint and mLDP is used in MPLS Multicast. if regular RSVP is used, then MPLS is a point-to-point, and RSVP is used in IP Unicast transport as well. Last but not least, if RSVP is used for MPLS Multicast, then MPLS would be considered as P2MP - Point to Multipoint.

    How many Labels do MPLS Layer 3 VPNs have?

    MPLS Layer 3 VPN has two labels.
    Most MPLS operation requires a minimum of 2 labels. In MPLS Layer 3 VPN, Transport, and BGP label
    In Layer 2 VPN, based on pseudowire technology, MPLS labels are Transport and VC Label.

    What is the most common MPLS use case in 2022?

    As of 2022, the most common MPLS use case is MPLS VPNs. MPLS Layer 3 VPN and MPLS Layer 2 VPNs are the most common reasons that networks deploy MPLS technology. MPLS Fast Reroute would be considered the second most common use case for MPLS.

    Created by
    Navid Yahyapour

    Instructor at Orhan Ergun, LLC Network Consultancy and Training

    Instructor at Orhan Ergun, LLC Network Consultancy and Training

    Specialized in Routing, Switching, Enterprise and Service Provider Certification Trainings. 

    View profile