ARN

MPLS explained

Multi-protocol label switching is a way to insure reliable connections for real-time applications, but it's expensive, leading enterprises to consider SD-WAN as a way to limit its use.

The thing about MPLS is that it’s a technique, not a service — so it can deliver anything from IP VPNs to metro Ethernet. It's expensive, so with the advent of SD-WAN enterprises are trying to figure how to optimize its use vs. less expensive connections like the internet.

Did you ever order something online from a distant retailer and then track the package as it makes strange and seemingly illogical stops all over the country.

That’s similar to the way IP routing on the Internet works. When an internet router receives an IP packet, that packet carries no information beyond a destination IP address. There is no instruction on how that packet should get to its destination or how it should be treated along the way.

Each router has to make an independent forwarding decision for each packet based solely on the packet’s network-layer header. Thus, every time a packet arrives at a router, the router has to “think through” where to send the packet next. The router does this by referring to complex routing tables.

The process is repeated at each hop along the route until the packet eventually reaches its destination. All of those hops and all of those individual routing decisions result in poor performance for time-sensitive applications like video-conferencing or voice over IP (VoIP).

What is MPLS?

Mulit-protocol label switching (MPLS), that venerable WAN workhorse launched at the turn of the century, addresses this problem by establishing pre-determined, highly efficient routes.

With MPLS, the first time a packet enters the network, it’s assigned to a specific forwarding equivalence class (FEC), indicated by appending a short bit sequence (the label) to the packet.

Each router in the network has a table indicating how to handle packets of a specific FEC type, so once the packet has entered the network, routers don’t need to perform header analysis. Instead, subsequent routers use the label as an index into a table that provides them with a new FEC for that packet.

This gives the MPLS network the ability to handle packets with particular characteristics (such as coming from particular ports or carrying traffic of particular application types) in a consistent fashion. Packets carrying real-time traffic, such as voice or video, can easily be mapped to low-latency routes across the network — something that’s challenging with conventional routing.

The key architectural point with all this is that the labels provide a way to attach additional information to each packet — information above and beyond what the routers previously had.

How does MPLS work?

The beauty of MPLS is that it’s not tied to any underlying technology. It was designed back in the days of ATM and frame relay as an overlay technique designed to simplify and improve performance -- that’s the “multi-protocol” part.

ATM and frame relay are distant memories, but MPLS lives on in carrier backbones and in enterprise networks. The most common use cases are branch offices, campus networks, metro Ethernet services and enterprises that need quality of service (QoS) for real-time applications.

Is MPLS Layer 2 or Layer 3?

There’s been a lot of confusion about whether MPLS is a Layer 2 or Layer 3 service. But MPLS doesn’t fit neatly into the OSI seven-layer hierarchy. In fact, one of the key benefits of MPLS is that it separates forwarding mechanisms from the underlying data-link service. In other words, MPLS can be used to create forwarding tables for any underlying protocol.

Specifically, MPLS routers establish a label-switched path (LSP), a pre-determined path to route traffic in an MPLS network, based on the criteria in the FEC. It is only after an LSP has been established that MPLS forwarding can occur. LSPs are unidirectional which means that return traffic is sent over a different LSP.

When an end user sends traffic into the MPLS network, an MPLS label is added by an ingress MPLS router that sits on the network edge. The MPLS Label consists of four sub-parts:

The Label: The label holds all of the information for the MPLS routers to determine where the packet should be forwarded.

Experimental: Experimental bits are used for Quality of Service (QoS) to set the priority that the labeled packet should have.

Bottom-of-Stack: The Bottom-of-Stack tells the MPLS Router if it is the last leg of the journey and there are no more labels to be concerned with.  This usually means the router is an egress router.

Time-To-Live: This identifies how many hops the packet can make before it is discarded.

Related articles:

https://www.networkworld.com/article/3224568/network-management/mpls-or-ipsec-vpn-which-is-better.html

https://www.networkworld.com/article/3226371/wide-area-networking/is-sd-wan-better-than-mpls.html

https://www.networkworld.com/article/3188666/uc-voip/internet-vpn-or-mpls-for-branch-office-ip-phone-communication.html

MPLS Pros and Cons

The benefits of MPLS are scalability, performance, better bandwidth utilization, reduced network congestion and a better end-user experience.

MPLS itself does not provide encryption, but it is a virtual private network and, as such, is partitioned off from the public Internet. Therefore, MPLS is considered a secure transport mode. And it is not vulnerable to denial of service attacks, which might impact pure-IP-based networks.

On the negative side, MPLS is a service that must be purchased from a carrier and is far more expensive than sending traffic over the public Internet.

As companies expand into new markets, they may find it difficult to find an MPLS service provider who can deliver global coverage. Typically, service providers piece together global coverage through partnerships with other service providers, which can be costly.

And MPLS was designed in an era when branch offices sent traffic back to a main headquarters or data center, not for today’s world where branch office workers want direct access to the cloud.  

Is MPLS dead?

Garter raised that provocative question back in 2013 and answered itself by predicting that MPLS would continue to be a fundamental part of the WAN landscape, but that most enterprises would slowly transition to a hybrid environment consisting of both MPLS networks and the public Internet.

MPLS will continue to have a role connecting specific point-to-point locations, like large regional offices, retail facilities with point of sale systems, regional manufacturing facilities, and multiple data centers. And it is required for real-time applications.

But enterprise WAN architects need to make a risk/reward calculation between the top-notch but expensive performance of MPLS vs. the cheaper but less reliable performance of the Internet. Which brings us to an exciting new technology called SD-WAN.

MPLS vs. SD-WAN

If you listen to the hype, cheap, flexible SD-WAN is going to wipe out MPLS, the slow-footed dinosaur. But, in fact, both technologies have a role to play in modern WANS.

SD-WAN is the application of Software Defined Networking (SDN) concepts to the WAN. This means the deployment of SD-WAN edge devices that apply rules and policies to send traffic along the best path.

SD-WAN is a transport-agnostic overlay that can route any type of traffic – including MPLS. The advantage of SD-WAN is that an enterprise WAN-traffic architect can sit at a central point and easily apply policies across all WAN devices.

By contrast, with MPLS predetermined routes need to be painstakingly provisioned and once the fixed circuits are up, making changes is not a point-and-click exercise.

But once an MPLS network is deployed, it delivers guaranteed performance for real-time traffic. SD-WAN can route traffic along the most efficient path, but once those IP packets hit the open Internet, there are no performance guarantees.

The most sensible strategy going forward will be to offload as much MPLS traffic as possible to the public Internet, but continue to use MPLS for time-sensitive applications that require guaranteed delivery.  Nobody wants to get caught in the cross-hairs when the CEO’s monthly videoconference with branch office employees drops off mid-sentence.