Introduction to MPLS - Fundamentals of MPLS

MPLS Multiprotocol Label Switching is one of the most popular and commonly used technologies in today's Service Provider and Enterprise networks. In this post, we will explain the most fundamental topics about MPLS.

After reading this post, you will learn a lot about MPLS, why we should use MPLS to MPLS packet formats, USA cases of MPLS to MPLS advantages and MPLS disadvantages, some recommendations about MPLS books, MPLS training, some basics MPLS questions, and many other things will be covered. Sit tight and let's enjoy!.

What is MPLS in Networking?

Multiprotocol Label Switching - MPLS, is a networking technology that switch the network traffic using the shortest path based on “labels,” rather than IP destination addresses, to handle forwarding over a private Wide Area Network. MPLS is a scalable and protocol-independent solution, that can carry Layer 3 IP and Non-IP and Layer 2 traffic, PPP, HDLC, Frame-Relay, Ethernet, all are possible. MPLS provides transport and can be considered one of the tunneling mechanisms. MPLS transport protocols as of 2022, are LDP, RSVP, Segment Routing and BGP LU.

An MPLS network is Layer 2.5, meaning it falls between Layer 2 (Data Link) and Layer 3 (Network) of the OSI 7 layer model hierarchy. When MPLS was invented for the first time, the reason was faster packet processing. The common belief was label switching would be faster compared to IP destination-based lookup.

Businesses use MPLS to connect remote branch offices that require access to applications that reside in the organization's data center or company headquarters. Service Providers use MPLS in their network to scale their network and to connect thousands, if not tens of thousands of their customers' locations.

What is MPLS used for, Why MPLS is used?

MPLS is used to create a transport network actually. It provides an underlay medium for overlay services. The main services that we run with the MPLS are:

  • Layer 2 MPLS VPN with Pseudowires (VPWS, VPLS)
  • EVPN
  • Layer 3 MPLS VPN
  • Inter-AS MPLS VPN
  • Carrier Supporting Carrier
  • MPLS Traffic Engineering with RSVP and Segment Routing
  • Seamless MPLS/Unified MPLS
These are some of the reasons/use cases we have MPLS in the networks.

What MPLS network consists of?

MPLS network consists of  three different types of devices:

MPLS PE Router:

PE is a Provider Edge device. In MPLS networks, all the intelligence is at the edge. The core is kept as simple as possible. KISS principle in network design comes from the ‘ Intelligent Edge, Dummy Core ‘ idea. PE device looks at the incoming frame or packet and identifies which egress PE device is used for transport. A second lookup is made to determine the egress interface on the egress device

MPLS CE Router:

CE is customer equipment that can be managed by Service Provider or Customer depending on SLA. It resides in the customer network and doesn't run MPLS with the PE router. The only exception is CSC - Carrier Supporting Carrier Architecture, in that case, LDP or BGP runs between CSC-CE and CSC-PE nodes, otherwise, in any other MPLS service, the CE router doesn't run MPLS.

MPLS P Router:

P is the Provider device and only has a connection to the MPLS-enabled devices. P device doesn’t have a connection to the customer network. Its main job is to connect the PE devices and provide reachability between the PE nodes. MPLS network can run without P nodes. In that case, the scalability of the MPLS network might be an issue. If the MPLS network runs without P routers, then the LSP - Label switch path is referred to as One-hop LSP.  

Figure - MPLS Network nodes/elements

MPLS Header

MPLS Header is 4 bye - 32 bits field. First 20 bits for MPLS Label, 3 bits for EXP, 1 bit for Bottom-of-stack, and 8 bits for TTL purposes. Labels 16 - 100,000 are in the default range used by Cisco devices. Each router's label range can be specified with the 'mpls label range command'.

MPLS Label stack has 4 parts!

The MPLS Label consists of four parts:

The Label - 20 bits

The label holds all of the information for MPLS routers to determine where the packet should be forwarded. It is 20-bits long, thus 1,048,576 labels can be assigned in the MPLS network. Sometimes this amount of labels may not be enough but in this post, we won't cover it.

MPLS Experimental - EXP bits - 3 bits

Experimental bits are used for Quality of Service (QoS) to set the priority that the labeled packet should have. In DSCP we have 6 bits for QoS, in layer 2 802.1p we have 3 COS - Class of Service bits for QoS and in MPLS, we have 3 bits EXP field. When QoS is done in the MPLS network, COS to EXP or DSCP to EXP mapping is done. Based on the MPLS DiffServ Tunneling mode, Uniform, Short-Pipe, and Pipe Model, EXP bit mapping would be different.

Bottom-of-Stack - 1 bit 

The Bottom-of-Stack tells MPLS routers whether there are no more labels in the label stack. The bottom--of-stack bit is a field that is set to 1 for the last MPLS header. For example, with MPLS VPN the VPN label will have the bottom-of-stack label set to 1, which tells the MPLS router to process the embedded transport protocol. This bit in some resources is referred to as S-bit.

MPLS Time-To-Live - 8 bits

This identifies how many hops the packet can make before it is discarded. MPLS TTL, similar to IP header, is an 8-bit value. Similar to the IP header, the TTL field is used to prevent infinite forwarding loops of MPLS frames. Max value is 255 because it is 8-bits. The TTL field can be used for path tracking like MPLS Traceroute.

MPLS Reserved Labels

Reserved labels 0 - 15 have a special meaning in MPLS

    • Label 0 - Explicit Null in IPv4 - The egress LSR tells the neighboring LSRs to forward the packet keeping the explicit null label (0). The egress router strips the label, paying attention to the QoS value, and makes the IP lookup, without doing a lookup on the label. The biggest advantage of explicit null is transferring the QoS information.
    • Label 1 - Router Alert - the label that informs the LSR to look at the packet using software instead of forwarding in hardware. This is mainly used for traceroute purpose
    • Label 2 - Explicit Null in IPv6 - Same as Label 0 in IPv4 but Label2 is for IPv6
    • Label 3 - Implicit Null label which is used for Penultimate Hop Popping - PHP purpose. The egress LSR tells the neighboring LSR to pop the topmost label before forwarding to the egress LSR. This also removes the EXP bits which may not be ideal when using MPLS DiffServ Tunneling modes(Uniform and Pipe models). The benefit of doing implicit Null is that egress LSR does not have to do the lookup on the label, strip it, and then lookup IP forwarding. It is done to improve the performance of the network but MPLS TP (Transport Profile) for example, we need the topmost/outer label end to end.

    MPLS OSI Layer

    MPLS in OSI Layer is considered as Layer 2.5 As you might know, Ethernet is Layer 2 in the OSI Layering model and IP is Layer 3 based on OSI. MPLS header is placed between Ethernet and IP, meaning between Layer 2 and Layer3, thus MPLS is commonly referred to as Layer 2.5 technology.

    What is MPLS Connection?

    Any circuit, layer 2 or layer3, that connects the device to another device for MPLS service to be carried is called MPLS Connection. Over the circuit MPLS, with LDP or RSVP doesn't need to run. The circuit might be an Ethernet and MPLS Layer 2 VPNs can run on top of it. Or Circuit (Link), can be Layer 3 and IP routing might run between the two end-points, and it can support MPLS Layer 3 VPNs. So, MPLS Connection is an underlay connection/transport which provides a medium for the overlay MPLS service.

    How does MPLS work?

    MPLS works based on 3 operations. MPLS Label Push, Swap, and POP. Ingress (First node) router does the IP destination-based lookup, assigns a label to the packet, and mid routers change this label towards the Egress router, and Egress router POP all the MPLS labels and forward the packet to the destination.

    1. The first device does a routing lookup, just like before in IP Routing
    2. But instead of finding a next-hop, it finds the final destination router.
    3. And it finds a pre-determined path, called Label switched path,  to that final router
    4. The router applies the MPLS label based on this information.
    5. Future routers use the label to forward the traffic
    6. Without needing to perform any additional IP lookups
    7. At the final destination router, the label is removed
    8. And the packet is delivered via normal IP routing.

    MPLS Router Roles

    Label Edge Router - LER or ingress node:

    The router first encapsulates a packet inside an MPLS LSP. Also, the route which makes the initial path selection.

    Label Switching Router - LSR or transit node:

    A router that only does MPLS switching in the middle of an LSP.

    Egress Node

    The final router at the end of a Label Switch Path - LSP, which removes the label

    What is MPLS Label Swapping?
    Mid-LSR, Label Switch Router only replaces the incoming label with the outgoing label. So it receives a label from its downstream node, to reach the final destination and advertises another label to its upstream for the same destination. Let's say it receives Label 10 to reach the destination/egress router, it assigns label 20 and advertises to its upstream router. Whenever its upstream router sends the packet with Label 20, LSR swaps/replace the label 20 with label 10 and sends it towards the final destination.

    What is MPLS Push Operation?

    Ingress PE router, which is the first router in the MPLS domain, does the IP lookup and assigns a label for the final destination. Assigning a label is called PUSH. Basically, it is adding a label to send the traffic towards the Egress PE router.

    What is MPLS POP Operation?

    MPLS POP means basically removing the MPLS labels. The topmost label can be removed if there is PHP, otherwise, MPLS Labels are carried all the way to the egress router and it POPs/removes the MPLS labels and forward the traffic towards the correct MPLS CE interface.

    What is MPLS Penultimate Hop Popping - PHP?

    Egress LSR, in order to improve the performance of the network, can send the Implicit Null labels which were explained earlier in the post. The benefit of doing implicit Null is that egress LSR does not have to do the lookup on the label, strip it, and then lookup IP forwarding.

    This process is called Penultimate Hop Popping. A weird name. But basically, next to the last-hop router, remove the topmost label. Only a service label/VPN label packet might have if MPLS VPN is enabled and the Egress router doesn't have to do a double lookup, one for MPLS and one for IP.

    Where MPLS PHP is used?

    Almost in any MPLS application, MPLS PHP is used by default. MPLS Layer 2 VPNs, MPLS Layer 3 VPNs, RSVP-TE, RSVP Fast Reroute, PHP is used.

    Where MPLS PHP is not used?

    MPLS Transport Profile - TP, requires an end-to-end label for OAM purposes. Also, when the topmost label needs to be carried for QoS information, Explicit Null is sent to preserve the topmost label header. Thus in general, QoS and MPLS TP don't have MPLS PHP.

    What is MPLS FEC?

    Wikipedia's explanation for MPLS FEC is, it is a forwarding equivalence class (FEC) is a term used in Multiprotocol Label Switching (MPLS) to describe a set of packets with similar or identical characteristics which may be forwarded the same way; that is, they may be bound to the same MPLS label. MPLS FEC can be identified by address, tunnel, or CoS - Class of Service. Typically, a device assigns the same label to one MPLS FEC. The traffic of one FEC is forwarded in the same mode and through the same path. However, not all packets with the same label belong to the same FEC. The EXP values of the packets may be different. Therefore, they are processed in different ways and belong to different FECs. Because the ingress LSR needs to classify packets and add labels to the packets, it is responsible for determining the FEC to which packets belong.

    MPLS FEC Examples:

    • Unicast Packets with the destination IP addresses match the same prefix.
    • Multicast packets belonging to a specific multicast group.
    • Packets that are processed in the same mode based on the process or the IP DSCP field.

    MPLS Label Signalling Protocols:

    MPLS Labels can be assigned by 4 protocols currently. LDP, RSVP, BGP, and Segment Routing. For the Service layer/Overlay MPLS Label, SR and RSVP are not used. The service layer which is also referred to as Overlay, LDP, and BGP is used. When LDP is used for the service layer, it is called Targeted LDP - tldp. When LDP is used for transport, sometimes it is referred to as Directed LDP. Underlay/Transport MPLS Label signaling can be done based on LDP, RSVP, Segment Routing, and BGP. BGP here, basically a BGP LU - Labeled Unicast.

    MPLS Switch and MPLS Routing

    MPLS is a switching technology. Switching is done based on MPLS Label. But, MPLS with an IP control plane, requires a routing protocol to set up an underlay transport network. For MPLS nodes to communicate with each other, underlay routing needs to provide reachability. Static routing or any dynamic routing protocols can be an underlay routing for MPLS.

    MPLS Internet

    Many companies want to have Internet Access with SLA, but unfortunately, this is not possible. Internet is a best-effort service, meaning there can't be Packet Loss, Delay, and Jitter guarantee and Service Providers cannot give an SLA - Service Level Agreement to their customers. MPLS on the other hand can provide SLA for availability, packet loss, latency, jitter, and many other criteria. MPLS and Internet are totally different services. Over the Internet, VPN can be created let's say via GRE, mGRE, or DMVPN technologies and MPLS can run over those technologies. So, MPLS cannot run directly over the Internet, which is a public network, but it can run over some other private networks. Not all though. For example, MPLS cannot run over GETVPN, although GETVPN is an overlay VPN, there is no tunnel with GETVPN, thus MPLS or routing protocols cannot run over GETVPN.

    is MPLS Layer 2 or Layer3?

    MPLS doesn’t fit neatly into the OSI seven-layer hierarchy, thus MPLS is not Layer 2 or Layer 3 in OSI layering. Although the Network Engineering community has been discussing whether the OSI layering is suitable for the many protocols for definition, if we would fit MPLS somewhere in the OSI layer, it is considered Layer 2.5 Because the MPLS header is placed between Layer 2 MAC and Layer 3 IP Headers. Thus, MPLS is commonly referred to as Layer 2.5 protocol. 

    Figure - MPLS is layer 2.5 Source:

    MPLS Extra StudyTutorials

    MPLS Recommended Books

    1. Network Convergence: Ethernet Applications and Next Generation Packet Transport Architectures
    2. Definitive MPLS Network Designs (Networking Technology)
    3. MPLS-Enabled Applications: Emerging Developments and New Technologies 3rd Edition

    MPLS Related Blog Posts

    1. Making the case for Layer 2 and Layer 3 VPNs
    2. Scalable VPLS Architecture
    3. Juniper MPLS Based Layer 2 VPNs
    4. Understanding MPLS VPNs Jeff Doyle

    MPLS Training Suggestions

    We strongly recommend MPLS Training with Cisco from Orhan Ergun for MPLS Training. This training comes with more than 30 hours of network design and 40 hours of hands-on practical labs using Cisco routers and switches. Network design examples in MPLS training are vendor-neutral, meaning applicable to every vendor. Also, MPLS VPN with Juniper Network Training, explains the MPLS Layer 3 VPN, MPLS Layer 2 VPNs, and EVPN by using Juniper network equipment.

    is MPLS Point-to-Point?

    Actually, MPLS depends on the protocol that we used for labeling can be a point to point, point to multipoint, or multipoint to point. If we use regular LDP, it is Multi to Point, which is used in IP Unicast transport networks. If MPLS is used with mLDP - Multipoint LDP, when it is Point to Multipoint or Multipoint to Multipoint and mLDP is used in MPLS Multicast. if regular RSVP is used, then MPLS is a point-to-point, and RSVP is used in IP Unicast transport as well. Last but not least, if RSVP is used for MPLS Multicast, then MPLS would be considered as P2MP - Point to Multipoint.

    How many Labels do MPLS Layer 3 VPNs have?

    MPLS Layer 3 VPN has two labels.
    Most MPLS operation requires a minimum of 2 labels. In MPLS Layer 3 VPN, Transport, and BGP label
    In Layer 2 VPN, based on pseudowire technology, MPLS labels are Transport and VC Label.

    What is the most common MPLS use case in 2022?

    As of 2022, the most common MPLS use case is MPLS VPNs. MPLS Layer 3 VPN and MPLS Layer 2 VPNs are the most common reasons that networks deploy MPLS technology. MPLS Fast Reroute would be considered the second most common use case for MPLS.

    Created by
    Orhan Ergun

    Orhan Ergun, CCIE/CCDE Trainer, Author of Many Networking Books, Network Design Advisor, and Cisco Champion 2019/2020/2021

    He created OrhanErgun.Net 10 years ago and has been serving the IT industry with his renowned and awarded training.

    Wrote many books, mostly on Network Design, joined many IETF RFCs, gave Public talks at many Forums, and mentored thousands of his students.  

    Today, with his carefully selected instructors, OrhanErgun.Net is providing IT courses to tens of thousands of IT engineers. 

    View profile

    Daniel Lardeux
    Daniel Lardeux Senior Network Consultant at Post Telecom

    I passed the CCDE Practical exam and Orhan’s CCDE course was very important contributor to my success. I attended the CCDE course of Orhan Ergun in July and it was exactly what I needed, Orhan is taking the pain to break down the different technologies.

    Roy Lexmond
    Roy Lexmond Senior Network Designer at Routz CCDE #20150017 & CCIE R&S; #26557

    After I attended Orhan Ergun’s CCDE course I passed the CCDE practical exam.I really enjoyed the course a lot ...

    Nicholas Russo
    Nicholas Russo Network Consulting Engineer (CCDE/CCIEx2), Cisc

    I signed up for Orhan’s CCDE training. This training is very technically detailed and the use-cases, quizzes, scenarios, and mind maps are all great resources in the overall training program. Orhan teaches his students to think like a network designer ...

    Slide Heading
    Slide Heading Network Systems Engineer at Conscia A/S CCIE #42544 (SP) & CCDE #20160015

    Orhan is forcing you to take off the implementation hat that most of us have been wearing for many years, instead he is providing a new fancy design hat, which makes you see and deal with the issues presented ...

    Kim Pedersen
    Kim Pedersen CCIE in RS and SP (#29189) CCDE#20170021

    I’ve used Orhan’s self-paced CCDE training material. If you are interested in knowing how all the technologies go together in a coherent design i can highly recommend it.I also enjoyed the Quizzes which helped pick out my weak spots in selecting ...

    Laurent Metzger
    Laurent Metzger 3xCCIE/CCDE Senior Network Architect

    Hi Orhan. I passed the CCDE exam on February 22. I read everything that you put on your Self Paced CCDE Training course and it was very helpful in my success. Thank you very much.

    Martin J. Duggan
    Martin J. Duggan Network Architect at AT&T;, Ciscopress Author CCDE #20160006 & CCIE#7942

    I attended Orhan’s April 201610 days CCDE Bootcamp. I am CCDE now !

    You can tell Orhan has a great deal of experience, it really comes through when he presents his design case studies and the CCDE Practical scenarios.

    Muhammad Abubakar
    Muhammad Abubakar Lead Network Architect – CCDE #20160016 2xCCIE #26693 2xJNCIE VCIX

    Your excellent CCDE materials and amazing Bootcamp helped me tremendously through my learning journey.Also thank you very much for being available whenever I have a design question or a complex design topics. I can’t compare your design skills ...

    Jennifer Pai
    Jennifer Pai Network/Security Engineer at KNET Technology

    Thanks Orhan very much for this course. It helped strengthen my “Network design mind”.

    Ruslan Silyayev
    Ruslan Silyayev Solution Architect at R.I.S.K Company

    Training by Orhan is not a CCDE preperation training only. It will be useful for engineers which are dealing with design. You want to pass CCDE exam or learn network design, then don’t look at anywhere else!

    Sameer Meher
    Sameer Meher Solutions Architect at 23 Wards/Japan

    Orhan Ergun’s CCDE course was really very good. CCDE Level Intelligence was delivered very well and with very useful case studies and the scenarios, I am thankful to Orhan for all his help!

    Ken Young
    Ken Young Senior Technical Architect Province of Nova Scotia, 2xCCIE #41597 | CCDE #20170047

    If anyone wants to understand network design and architecture, also pass CCDE exam , I recommend you to attend Orhan’s online courses! I am a CCDE now but learning is a journey, we will be together in your other courses too Orhan!

    Matt Cross
    Matt Cross Technical Architect at Heartland – CCDE #2019::7

    Orhan did an excellent job of filling in the gaps of knowledge that I had that took me to the finish line of the practical exam CCDE. The community of people that Orhan facilitates are both engaging and supportive of the journey to CCDE. Orhan ...

    Shiling Ding
    Shiling Ding Sentinel Technologies – CCDE #2019::12

    Just passed the CCDE Practical exam! I attended Orhan Ergun’s CCDE training program , used Orhan’s Instructor Led and Self-Paced CCDE training and Online CCDE Practical Scenarios during my CCDE journey. Orhan’s CCDE In Depth book is an excellent summary ...

    Abelardo Basurto
    Abelardo Basurto Solutions Architect at Cisco Systems – CCDE 2018::6

    Hi everyone, I’ve just passed the CCDE Exam. My Number is CCDE 2018::6 I attended to Online CCDE Bootcamp of Orhan. I want to thank Orhan not only for the great book and bootcamp, but also for his commitment, availability and willingness to assist the ...

    Hady Mohamed Abdellah
    Hady Mohamed Abdellah Network Architect Hamad International Airport Qatar – CCDE 2018::1

    Hi guys, I’m so happy that I passed the exam. I’ve already got my number CCDE 2018::1. Thanks to Orhan for being the best CCDE instructor in the world. I highly recomend Orhan’s CCDE Training and In-Depth-CCDE ...

    Bryan Bartik
    Bryan Bartik Sr. Systems Engineer at CompuNet – CCDE 20170059

    Hi Orhan I passed CCDE Practical exam on November 2017 ! I really enjoyed your materials and quizzes and use cases. They were definitely helpful in my preparation. Thanks a lot !

    Giedrius Trapkauskas
    Giedrius Trapkauskas Network Solutions Architect at Liberty Global – CCDE 20180004

    I attended Orhan’s CCDE Training in Istanbul and it was very helpful in my preparation. I passed the exam recently and I want to say Thank you Orhan! For those who want to pass the CCDE exam, definitely start with ...

    Alaa Issa
    Alaa Issa Sr.Solutions Architect – CCDE#20180033 3xCCIE ( Collab|DC|Security )#27146

    I registered to Orhan’s training in Feb 2017. From that time, I attended Orhan’s training several times. The depth of knowledge which Orhan has is amazing, and how to present such consistent knowledge to the ...

    Mazin Ahsan Design Lead Engineer | Solutions Engineer | CCDE License # 20160030 | CCIE Licence # 23892

    I passed the CCDE Practical Lab exam on November 17,2016 from supplications of elders and dedication from my Sensei Mr. Orhan Ergun I took different CCDE bootcamps in the past. Orhan has the most depth and expertise ...

    Jeff Patterson CCDE# 2018::11

    Hi Orhan I wanted to pass along my appreciation for the outstanding training material. I used the online CCDE training provided by Orhan as well as the In-Depth-CCDE book and passed the exam in February 2018. Thank you Orhan!

    Mehdi Sfar
    Mehdi Sfar Network and Security Architect / CCDE #20210003 | CCIE R&S; #51583

    I signed up for Orhan’s CCDE Self paced Course. This course, along with the CCDE In Depth book, helped me for my CCDE Practical as well as Written exams. It pushed me to ask the "WHY" questions and allowed ...

    Related courses

    MPLS Zero to Hero Training

    30:07:04 Hours
    51 Lectures


    MPLS VPN Zero to Hero Training

    15:12:01 Hours
    24 Lectures


    MPLS VPNs with Juniper Networks

    06:19:51 Hours
    20 Lectures