MPLS over IP Encapsulations and Comparison between MPLS over LSP

MPLS over IP Encapsulations - Do you need an LSP for MPLS ? In this post, I will go through below topics. This is one of the points which network engineers struggle to understand as I have seen.  

  • What is an LSP (Label Switched Path) ?
  • What was the purpose of having LSP in the first place?
  • Do we need an LSP for MPLS and MPLS Applications such as 2547 VPNs ?
  • MPLS over LSP vs. MPLS over IP Encapsulations
  • MPLS VPN infrastructure in 2017

What is an LSP
  LSP is a tunnel between the edge devices in very basic definition. There are many discussions whether LSP is a tunnel, in this post I will not start that discussion again. Edge devices in MPLS network is called PE (Provider Edge) devices. LSP can be created with four ways. LDP, RSVP-TE, BGP+Label (BGP-LU) and IGP Advertisement (Segment Routing/Spring uses this concept)  

What was the purpose of having LSP in the first place ?
  Before LSP, we had IP based lookup. It is also called as destination based lookup. Since the IP header is 20 byte(Without options), back in old days routers were having a performance issue. They needed a simple lookup to increase the packet processing performance, so MPLS was born. Of course today MPLS is used mostly for the VPNs and Traffic Engineering but initial purpose was performance.  

Do we need an LSP for MPLS and MPLS Applications such as 2547 VPNs ?
  In the below figure, nodes are in MPLS networks shared. As I stated above, LSP is created between the edge devices which are PE devices. When you have a tunnel or encapsulation between the edge devices, you can hide the customer prefixes from the core devices. That’s why when you have an LSP, P devices don’t have to keep the customer specific information. So, LSP is used to hide the service specific (customer MAC address/IP address etc.) from the core network and require reachability between PE devices. (Unless you statically configure them through NMS as in the case of MPLS-TP which doesn’t require IP control plane)

But, what if we don’t have an LSP in the network. We just need a connectivity between the PE devices, right? So if I have IP connectivity between the PE devices, can I setup MP-BGP VPNv4 session for example ?. Yes of course. We can setup VPNv6 and other BGP address families as well. So, we can provide MPLS Layer 3 VPN service over IP connectivity only.

Problem with this, P devices would know the customer prefixes. Thus, you could create GRE tunnel which would allow to hide the customer prefixes from the core of the network(P devices) and run MPLS over GRE tunnel. This would provide hiding customer prefixes from the core of the network without having MPLS in the core.

Of course GRE adds extra 4 byte header, so MTU would increase as well. MPLS can run over mGRE (Multipoint GRE) as well which brings scalability to the solutions as the GRE is point to point and in large scale brings operational complexity. Or you could run L2TPv3 between PE devices and run MPLS over L2TPv3.  

MPLS over LSP vs. MPLS over IP Encapsulations
  • IP core is considered as less secure compare to MPLS core. IP core is more vulnerable to Spoofing Attacks for example, compare to MPLS core.
  • IP header is 16 byte more than MPLS header, which is less efficient compare to MPLS core. At least performance point of view.
  • MPLS over IP encapsulations might create interoperability issues due to multiple encapsulation options (IP, GRE, L2TPv3)
  • MPLS over IP doesn’t hide the customer specific information from the core devices but MPLS over LSP does. (MPLS over GRE and L2TPv3 hides as well)
  • MPLS over IP encapsulations can be used as migration mechanisms. If your network doesn’t have an LSP today, by starting MPLS at the PE nodes and running MPLS over IP and then you can continue with the core nodes for the migration.
MPLS VPN infrastructure in 2017
Enough theory I guess. Because today in almost any network which provides MPLS VPN service, they use LSP rather than IP. Although it is possible to create MPLS Layer 3 VPN for example over IP core, everyone uses LDP and/or RSVP-TE for Labeled Switched Path and create MP-BGP (Multi Protocol BGP) session for the service over these LSPs.

Also IPSEC can run on top of any model. It can run with MPLS over LSP or MPLS over IP models and provide security. And as you might know MPLS over IP or MPLS over LSP doesn’t come up with confidentiality so there is no encryption by default. In my opinion it was important to know the alternative approaches and if you like this post, share/like/comment it on social media ?

Created by
Orhan Ergun

Orhan Ergun, CCIE/CCDE Trainer, Author of Many Networking Books, Network Design Advisor, and Cisco Champion 2019/2020/2021

He created OrhanErgun.Net 10 years ago and has been serving the IT industry with his renowned and awarded training.

Wrote many books, mostly on Network Design, joined many IETF RFCs, gave Public talks at many Forums, and mentored thousands of his students.  

Today, with his carefully selected instructors, OrhanErgun.Net is providing IT courses to tens of thousands of IT engineers. 

View profile

Daniel Lardeux
Daniel Lardeux Senior Network Consultant at Post Telecom

I passed the CCDE Practical exam and Orhan’s CCDE course was very important contributor to my success. I attended the CCDE course of Orhan Ergun in July and it was exactly what I needed, Orhan is taking the pain to break down the different technologies.

Roy Lexmond
Roy Lexmond Senior Network Designer at Routz CCDE #20150017 & CCIE R&S; #26557

After I attended Orhan Ergun’s CCDE course I passed the CCDE practical exam.I really enjoyed the course a lot ...

Nicholas Russo
Nicholas Russo Network Consulting Engineer (CCDE/CCIEx2), Cisc

I signed up for Orhan’s CCDE training. This training is very technically detailed and the use-cases, quizzes, scenarios, and mind maps are all great resources in the overall training program. Orhan teaches his students to think like a network designer ...

Slide Heading
Slide Heading Network Systems Engineer at Conscia A/S CCIE #42544 (SP) & CCDE #20160015

Orhan is forcing you to take off the implementation hat that most of us have been wearing for many years, instead he is providing a new fancy design hat, which makes you see and deal with the issues presented ...

Kim Pedersen
Kim Pedersen CCIE in RS and SP (#29189) CCDE#20170021

I’ve used Orhan’s self-paced CCDE training material. If you are interested in knowing how all the technologies go together in a coherent design i can highly recommend it.I also enjoyed the Quizzes which helped pick out my weak spots in selecting ...

Laurent Metzger
Laurent Metzger 3xCCIE/CCDE Senior Network Architect

Hi Orhan. I passed the CCDE exam on February 22. I read everything that you put on your Self Paced CCDE Training course and it was very helpful in my success. Thank you very much.

Martin J. Duggan
Martin J. Duggan Network Architect at AT&T;, Ciscopress Author CCDE #20160006 & CCIE#7942

I attended Orhan’s April 201610 days CCDE Bootcamp. I am CCDE now !

You can tell Orhan has a great deal of experience, it really comes through when he presents his design case studies and the CCDE Practical scenarios.

Muhammad Abubakar
Muhammad Abubakar Lead Network Architect – CCDE #20160016 2xCCIE #26693 2xJNCIE VCIX

Your excellent CCDE materials and amazing Bootcamp helped me tremendously through my learning journey.Also thank you very much for being available whenever I have a design question or a complex design topics. I can’t compare your design skills ...

Jennifer Pai
Jennifer Pai Network/Security Engineer at KNET Technology

Thanks Orhan very much for this course. It helped strengthen my “Network design mind”.

Ruslan Silyayev
Ruslan Silyayev Solution Architect at R.I.S.K Company

Training by Orhan is not a CCDE preperation training only. It will be useful for engineers which are dealing with design. You want to pass CCDE exam or learn network design, then don’t look at anywhere else!

Sameer Meher
Sameer Meher Solutions Architect at 23 Wards/Japan

Orhan Ergun’s CCDE course was really very good. CCDE Level Intelligence was delivered very well and with very useful case studies and the scenarios, I am thankful to Orhan for all his help!

Ken Young
Ken Young Senior Technical Architect Province of Nova Scotia, 2xCCIE #41597 | CCDE #20170047

If anyone wants to understand network design and architecture, also pass CCDE exam , I recommend you to attend Orhan’s online courses! I am a CCDE now but learning is a journey, we will be together in your other courses too Orhan!

Matt Cross
Matt Cross Technical Architect at Heartland – CCDE #2019::7

Orhan did an excellent job of filling in the gaps of knowledge that I had that took me to the finish line of the practical exam CCDE. The community of people that Orhan facilitates are both engaging and supportive of the journey to CCDE. Orhan ...

Shiling Ding
Shiling Ding Sentinel Technologies – CCDE #2019::12

Just passed the CCDE Practical exam! I attended Orhan Ergun’s CCDE training program , used Orhan’s Instructor Led and Self-Paced CCDE training and Online CCDE Practical Scenarios during my CCDE journey. Orhan’s CCDE In Depth book is an excellent summary ...

Abelardo Basurto
Abelardo Basurto Solutions Architect at Cisco Systems – CCDE 2018::6

Hi everyone, I’ve just passed the CCDE Exam. My Number is CCDE 2018::6 I attended to Online CCDE Bootcamp of Orhan. I want to thank Orhan not only for the great book and bootcamp, but also for his commitment, availability and willingness to assist the ...

Hady Mohamed Abdellah
Hady Mohamed Abdellah Network Architect Hamad International Airport Qatar – CCDE 2018::1

Hi guys, I’m so happy that I passed the exam. I’ve already got my number CCDE 2018::1. Thanks to Orhan for being the best CCDE instructor in the world. I highly recomend Orhan’s CCDE Training and In-Depth-CCDE ...

Bryan Bartik
Bryan Bartik Sr. Systems Engineer at CompuNet – CCDE 20170059

Hi Orhan I passed CCDE Practical exam on November 2017 ! I really enjoyed your materials and quizzes and use cases. They were definitely helpful in my preparation. Thanks a lot !

Giedrius Trapkauskas
Giedrius Trapkauskas Network Solutions Architect at Liberty Global – CCDE 20180004

I attended Orhan’s CCDE Training in Istanbul and it was very helpful in my preparation. I passed the exam recently and I want to say Thank you Orhan! For those who want to pass the CCDE exam, definitely start with ...

Alaa Issa
Alaa Issa Sr.Solutions Architect – CCDE#20180033 3xCCIE ( Collab|DC|Security )#27146

I registered to Orhan’s training in Feb 2017. From that time, I attended Orhan’s training several times. The depth of knowledge which Orhan has is amazing, and how to present such consistent knowledge to the ...

Mazin Ahsan Design Lead Engineer | Solutions Engineer | CCDE License # 20160030 | CCIE Licence # 23892

I passed the CCDE Practical Lab exam on November 17,2016 from supplications of elders and dedication from my Sensei Mr. Orhan Ergun I took different CCDE bootcamps in the past. Orhan has the most depth and expertise ...

Jeff Patterson CCDE# 2018::11

Hi Orhan I wanted to pass along my appreciation for the outstanding training material. I used the online CCDE training provided by Orhan as well as the In-Depth-CCDE book and passed the exam in February 2018. Thank you Orhan!

Mehdi Sfar
Mehdi Sfar Network and Security Architect / CCDE #20210003 | CCIE R&S; #51583

I signed up for Orhan’s CCDE Self paced Course. This course, along with the CCDE In Depth book, helped me for my CCDE Practical as well as Written exams. It pushed me to ask the "WHY" questions and allowed ...

Related courses

Cisco CCDE v3 Training

71:39:34 Hours
225 Lectures


MPLS Zero to Hero Training

30:07:04 Hours
51 Lectures


Cisco CCIE Service Provider Training

108:43:00 Hours
258 Lectures