MPLS (Multiprotocol Label Switching)

MPLS (Multiprotocol Label Switching)

“MPLS is that it’s a technique, not a service.”

The fundamental concept behind MPLS is that of labeling packets. In a traditional routed IP network,

each router makes an independent forwarding decision for each packet based solely on the packet’s

network-layer header. Thus, every time a packet arrives at a router, the router has to “think through”

where to send the packet next.

With MPLS, the first time the packet enters a network, it’s assigned to a specific forwarding equivalence

class (FEC), indicated by appending a short bit sequence (the label) to the packet. Each router in the

network has a table indicating how to handle packets of a specific FEC type, so once the packet has

entered the network, routers don’t need to perform header analysis. Instead, subsequent routers use

the label as an index into a table that provides them with a new FEC for that packet.

This gives the MPLS network the ability to handle packets with particular characteristics (such as coming

from particular ports or carrying traffic of particular application types) in a consistent fashion. Packets

carrying real-time traffic, such as voice or video, can easily be mapped to low-latency routes across the

network — something that’s challenging with conventional routing. The key architectural point with all

this is that the labels provide a way to “attach” additional information to each packet — information

above and beyond what the routers previously had.

Figure 1 MPLS Basic Architecture


Multiprotocol Label Switching (MPLS) enables Enterprises and Service Providers to build next-generation

intelligent networks that deliver a wide variety of advanced, value-added services over a single

infrastructure.

MPLS can encapsulate packets of various network protocols. MPLS supports a range of access

technologies, including T1/E1, ATM, Frame Relay, and DSL.

MPLS provides these beneficial applications:

Virtual Private Networking (VPN)

Traffic Engineering (TE)

Quality of Service (QoS)

Any Transport over MPLS (AToM)

Layer 2 or Layer 3?

MPLS is best summarized as a “Layer 2.5 networking protocol”.

There’s been a lot of confusion over the years about whether MPLS is a Layer 2 or Layer 3 service. But

MPLS doesn’t fit neatly into the OSI seven-layer hierarchy. In fact, one of the key benefits of MPLS is that

it separates forwarding mechanisms from the underlying data-link service. MPLS can be used to create

forwarding tables for ATM or frame relay switches (using the existing ATM or DLCI header) or for plain

old IP routers by appending MPLS tags to IP packets.

The bottom line is that network operators can use MPLS to deliver a wide variety of services. The two

most popular implementations of MPLS are layer 3 BGP/MPLS-VPNs (based on RFC 2547) and Layer 2 (or

pseudowire) VPNs.

MPLS allows most packets to be forwarded at Layer 2 (the switching level) rather than having to be

passed up to Layer 3 (the routing level). Each packet gets labeled on entry into the service provider's

network by the ingress router. All the subsequent routing switches perform packet forwarding based

only on those labels—they never look as far as the IP header. Finally, the egress router removes the

label(s) and forwards the original IP packet toward its final destination.

There are several flavors of layer 2 MPLS services, but what they have in common is that a Layer 2

packet (or ATM cell or frame relay frame) is encased in an MPLS header and forwarded through the

MPLS core. When it reaches the other side, the packet’s labels are removed, and the packet that arrives

at the ultimate destination exactly where it entered the MPLS network. Thus, Layer 2 MPLS services

effectively extend services such as Ethernet or frame relay across an IP WAN.


How Does MPLS Work?

MPLS works by tagging the traffic, in this example packets, with an identifier (a label) to distinguish the

LSPs. When a packet is received, the router uses this label (and sometimes also the link over which it

was received) to identify the LSP. It then looks up the LSP in its own forwarding table to determine the

best link over which to forward the packet, and the label to use on this next hop.

A different label is used for each hop, and it is chosen by the router or switch performing the forwarding

operation. This allows the use of very fast and simple forwarding engines, which are often implemented

in hardware.

Ingress routers at the edge of the MPLS network classify each packet potentially using a range of

attributes, not just the packet's destination address, to determine which LSP to use. Inside the network,

the MPLS routers use only the LSP labels to forward the packet to the egress router.

The diagram above shows a simple example of forwarding IP packets using MPLS, where the forwarding

is based only on packet destination IP address. LSR (Label Switched Router) A uses the destination IP

address on each packet to select the LSP, which determines the next hop and initial label for each

packet (21 and 17). When LSR B receives the packets, it uses these labels to identify the LSPs, from

which it determines the next hops (LSRs D and C) and labels (47 and 11). The egress routers (LSRs D and

C) strip off the final label and route the packet out of the network.

Figure 2 How MPLS Works


The above is only one use of MPLS. Since MPLS uses only the label to forward packets, it is protocol-

independent, hence the term "Multi-Protocol" in MPLS. It can be used to carry any content (not only

packets) over any link technology (using different label encoding for each layer 2 link type).

Forwarding Equivalence Class (FEC)?

FEC is a group of IP packets which are forwarded in the same manner, over the same path, and with the

same forwarding treatment. An FEC might correspond to a destination IP subnet, but it also might

correspond to any traffic class that the Edge-LSR considers significant. For example, all traffic with a

certain value of IP precedence might constitute a FEC.

MPLS Operation?

MPLS works by prefixing packets with an MPLS header, containing one or more labels. This is called a

label stack. Each label stack entry contains four fields:

A 20-bit label value. A label with the value of 1 represents the router alert label.

A 3-bit Traffic Class field for QoS (quality of service) priority (experimental) and ECN (Explicit

Congestion Notification).

A 1-bit bottom of stack flag. If this is set, it signifies that the current label is the last in the stack.

An 8-bit TTL (time to live) field.

These MPLS-labeled packets are switched after a label lookup/switch instead of a lookup into the IP

table. As mentioned above, when MPLS was conceived, label lookup and label switching were faster

than a routing table or RIB (Routing Information Base) lookup because they could take place directly

within the switched fabric and not the CPU.

The presence of such a label, however, has to be indicated to the router/switch. In the case of Ethernet

frames this is done through the use of EtherType values 0x8847 and 0x8848, for unicast and multicast

connections respectively.

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Label EXP: Experimental

(QoS and ECN)

S: Bottom-

of-Stack TTL: Time-to-Live


MPLS Label Stacking?

MPLS labels can also be stacked multiple times.

• The top label is used to control the delivery of the packet.

• When destination is reached, the top label is removed (or “popped”), and the second label takes over

to direct the packet further.

Some common stacking applications are:

• VPN/Transport services, which use an inner label to map traffic to specific interfaces, and an outer

label to route through the network.

• “Bypass” LSPs, which can protect a bundle of other LSPs to redirect traffic quickly without having to

completely re-signal every LSP, in the event of a router failure.

MPLS Traffic Engineering?

In MPLS traffic engineering, all configurations are done on a specific network node called the headend

or ingress node. Here is where all tunnels and constraints are created. Tunnel destination address is also

specified at the headend. For example, if an MPLS traffic engineering tunnel will be set up between R2

and R6 in Figure 1, all the definitions are done at R2. The tunnel destinations are called tailend or egress

node.

MPLS traffic engineering tunnels are unidirectional tunnels and not congruent. This means that if one

tunnel is created to carry traffic between R2 and R6, the return tunnel from R6 to R2 is not created

automatically. Reverse tunnels must also be created, but this time R6 is used as the headend and R2 as

the tailend. The tailend has no configuration.

Figure 3 MPLS Label Stacking


Four steps are required for MPLS traffic engineering to take place:

1. Link-state protocols carry link attributes in their link-state advertisements (LSAs) or link-state

packets (LSPs).

2. Based on the constraints defined, the traffic path is calculated with the help of Constrained

Shortest Path First (CSPF).

3. The path is signaled by Resource Reservation Protocol (RSVP).

4. Traffic is then sent to the MPLS traffic engineering tunnel.

Let's take a look these steps in detail:

By default, link-state protocols send only connected interface addresses and metric information

to their neighbors. Based on this information, the Shortest Path First (SPF) algorithm creates a

tree and builds the topology of the network. MPLS traffic engineering allows us to add some

constraints. In Figure 1 above, let's assume the R2-R5 link is 5 Mbit/s; R5-R6 is 10 Mbit/s; and all

the interfaces between the bottom routers are 6 Mbit/s.

If we want to set up a 6-Mbit/s tunnel, SPF will not even take the R2-R5-R6 path into

consideration, because the link from R2 to R5 does not satisfy the minimum requirement.

In addition, we could assign an administrative attribute, also called a "color," to the link. For

example, the R2-R5-R6 interfaces could be designated blue, and the R2-R3-R4-R6 route could be

Figure 4 MPLS Traffic Engineering


assigned red. At the headend, the constraint can then specify whether to use a path that

contains a red or blue color.

The color/affinity information, as well as how much bandwidth must be available, reserved, and

unreserved for the tunnel are carried within the link-state packet. In order to carry this

information, some extensions have been added to the link-state protocols. Open Shortest Path

First (OSPF) carries this information in the Opaque LSA (or Type 10 LSA), and Intermediate

System to Intermediate System (IS-IS) uses TLV 22 and 135 for traffic engineering information.

As we stated earlier, SPF is used to calculate the path for destinations. For traffic engineering, a

slightly modified version of SPF is used, called constrained SPF (CSPF). With the extensions to link

state protocols that Opaque LSAs and TLVs provide, a traffic engineering database is created that

is only accessible by CSPF.

CSPF can understand that the link from R2 to R5 is 5 Mbit/s and does not satisfy the 6 Mbit/s

tunnel constraint. So it will not take that path into consideration in its calculation.

If there is an appropriate path, the path is signaled by RSVP. Previously used to provide

Integrated Services QoS, RSVP incorporated new messages, including path and reservation

messages, to enable MPLS traffic engineering. Label information is carried within the reservation

messages.

Once a path is signaled, traffic is put into the tunnel. This can be accomplished via many methods

including static routing, policy-based routing, class-of-service-based tunnel selection (CBTS),

policy-based tunnel selection (PBTS), autoroute, and forwarding adjacency. I'll discuss these

methods in detail in a future post.

Path Selection in MPLS Traffic Engineering?

First, let's have a look at a classic example of traffic engineering.

Figure 5 Path Selection


There are two paths you could take to get from Router 2 (R2) to Router 6 (R6):

1. R2-R5-R6 with the cost of 15+15=30

2. R2-R3-R4-R6 with the cost of 15+15+15=45

Since MPLS Traffic Engineering can only work with the link-state protocols Open Shortest Path First

(OSPF) and Intermediate System to Intermediate System (IS-IS), unless otherwise specified, all our

examples will be given by using link-state protocols.

Link-state protocols use the Shortest Path First (SPF) or Dijkstra algorithm to calculate the route from

point A to point B. In this example, they will choose the path R2-R5-R6, because the total cost is less

than the cost for R2-R3-R4-R6.

The bottom path will not be used until the primary path fails, because link-state protocols traditionally

don't support unequal cost multi-path load sharing, although enhancements had been proposed at the

IETF to change this. Source routing and policy-based routing (PBR) can be used to force traffic to the

bottom path. However, these are complex from a configuration point of view, and open to

administrative mistakes.

In the above example, R5 is connected only to R6. If PBR is used, only R2 needs to be configured. For a

different topology, you may need to implement PBR at each router to send the traffic through the

intended path.

MPLS traffic engineering helps to send selected traffic to alternate paths, which may not be the best

paths from the interior gateway protocol point of view. To accomplish this, a traffic engineering tunnel

is configured at the headend to create a point-to-point traffic engineering label-switched path (LSP).

There are two approaches to creating an LSP: tactical and strategic, also called proactive and reactive.

Strategic is the systematic approach, in which a traffic matrix is identified between each ingress and

egress node and a traffic engineering tunnel reservation is made based on the requirements. This is the

long-term solution for an MPLS traffic engineering LSP.

Alternatively, the tactical approach can be used as a short-term solution to fix a sudden peak traffic

load. The LSP can be created through the lower utilized path for a short time until the primary path

traffic issue is resolved. As an example, the link might be utilized after a major news announcement,

such Orhan Ergun's appointment as CEO of Cisco, causes a large surge in media traffic. Some LSPs over

the primary link might be shifted to lower utilized links.

Fast Reroute In MPLS Traffic Engineering?

Before explaining how fast reroute is used in the context of MPLS traffic engineering, you'll need to

understand the basics of fast reroute.


There are two paths between Router 2 (R2) and Router 6 (R6). If we assume that Open Shortest Path

First (OSPF) is used in this topology, then based on end-to-end total link cost, the R2-R5-R6 path would

be chosen. The information for the R2-R3-R4-R6 link is also kept in the OSPF link-state database table. If

the R2-R5-R6 path fails, the SPF algorithm runs on every router in the same area, and R2 selects R3 as

the next hop. It puts this information into the routing table, and if the router supports separated control

and data planes, the routing information is distributed into a forwarding information base.

The detection of link failure, the propagation of information to every device in the flooding domain, and

calculating and installing the new paths into the routing and forwarding tables of the devices will require

some time. Interior gateway protocol parameters for propagation and detection can be changed, and

convergence time might be reduced to even less one second. But for some applications like voice, this

may not be enough.

We may need latency to be less than 100 or 200 ms in order to reroute traffic without experiencing

adverse effects. MPLS traffic engineering can often provide a backup path within 50 ms, because the

alternate path is calculated and installed into the routing and forwarding information bases before

failure happens.

Figure 6 Fast Reroute

Figure 7 Fast Reroute


MPLS traffic engineering is a local protection mechanism. There are two modes of local protection: link

and node protection. If the R2-R5 link fails and we need to protect that link, we call that link protection.

Backup and pre-signaled paths can be created between R2-R3 and R5, so that if the R2-R5 link fails,

traffic is automatically redirected to the backup path. Because the failure is local to R2, it is called local

protection.

It's also possible for R5 to fail. In this case, the R2-R3-R5 path will not work, so we need to bypass R5

completely. An R2-R3-R4-R6 pre-signaled path could be created for node protection purposes, because

in this case, we want to protect the node, rather than the link.

Path protection would come into play if we had the path R1-R2-R5-R6 between R1 and R6 and we

wanted to protect that path from end to end.

Creating a Label-Switched Path between all the nodes in the domain might be cumbersome, so

automesh and autotunnel features can streamline path creation and protection.

MPLS Protection Schemes?

There are two different ways to provide LSP protection:

• One-to-One Protection / Detour

• An individual backup path is fully signaled through RSVP for every LSP, at every point

where protection is provided (i.e. every node).

• The label depth remains at 1, but this can involve a huge number of reservations, and can

cause significant overhead.

• Many-to-One Protection / Facility Backup

• A single bypass LSP is created between two nodes to be protected.

• During a failure, multiple LSPs are rerouted over the bypass LSP.

Also different types of failures that can be protected against:

• Link Protection / Next-Hop Backup

• A bypass LSP is created for every possible link failure.

• Node Protection / Next-Next-Hop Backup.

• A bypass LSP is created for every possible node (router) failure.

MPLS with No Protection

Figure 8 with No Protection


MPLS Link Protection

MPLS Node Protection

MPLS Link and Node Protection

Figure 9 MPLS Link Protection

Figure 10 MPLS Node Protection

Figure 11 MPLS Link & Node Protection


Advantages of Label Switching?

1. Cost Savings- Depending on the specific mix of applications, and network configuration, MPLS-

based services can reduce costs by 10% to 25% over comparable data services (frame relay and

ATM). As companies add voice and video traffic, cost savings can rise to as much as 40%

networkwide.

2. QOS Enablement- One of the primary benefits of MPLS-based services is the ability to support

QoS, particularly key for companies that are rolling out voice and video.

3. Improved Performance- Because of the any-to-any nature of MPLS services, network designers

can reduce the number of “hops” between network points, which translates directly to increased

response time and improved application performance.

4. Disaster Recovery- MPLS-based services improve disaster recovery in a variety of ways. First and

foremost, data centers and other key sites can be connected in multiply redundant ways to the

cloud (and thus to other sites on the network). Secondly, remote sites can quickly and easily

reconnect to backup locations if needed (unlike with ATM and frame networks, in which either

switched or backup permanent-virtual-circuits are required). That’s why several benchmark

participants listed “flexibility for business recovery” as a key justifier behind their MPLS rollouts.

5. Futureproofing the Network- Most companies have come to the conclusion that MPLS

represents “the wave of the future.” Investment in legacy WAN services (ATM, frame) has pretty

much come to a standstill: Virtually no companies plan to invest in ATM or frame services within

the next six to 12 months. As a result, companies increasingly say they’re planning to migrate to

MPLS primarily to avoid being left behind.

Downsides of MPLS?

One major drawback is that it hides suboptimal topologies from BGP, where multiple exits may

exist for the same route.

For example:

Say you peer with a major network in San Jose and Los Angeles.

Traffic coming from Chicago would normally go directly to San Jose.

But because of a capacity issue, the LSP is forced to go via Los Angeles first.

In an IP network, the packet would probably be diverted to the local Los Angeles peer as it

passes through Los Angeles.

But MPLS will hide the suboptimal topology, the packet will continue to San Jose because that’s

what Chicago saw as the best exit.

This can be a good or a bad thing depending on your goals.


MPLS and Traceroute?

MPLS can also let you hide traceroute hops.

Since you aren’t actually doing IP forwarding, there is no need to decrement the IP TTL field as

you MPLS forward the packet.

And if you don’t, the LSP shows up as a single hop in traceroute.

Some networks prefer this behavior, as it hides the internals of their network, and makes for

shorter / prettier traceroutes.

Some networks also run MPLS-only cores, which carry no IP routes.

This presents a problem, since if they did want to show the hops in traceroute, the router can’t

do IP routing to return the ICMP TTL Exceed.

To solve this problem, an “icmp tunneling” feature was implemented.

If an ICMP message is generated inside an LSP, the ICMP message is carried all the way to the

end of the LSP before being routed back.

This can make traceroute look really weird, since you see all the hops along the LSP, but they all

appear to have the same latency as the final hop. This causes much end-user confusion.

Comparisons?

MPLS can make use of existing ATM network or Frame Relay infrastructure, as its labeled flows can be

mapped to ATM or Frame Relay virtual-circuit identifiers, and vice versa.

With Frame Relay

Frame Relay aimed to make more efficient use of existing physical resources, which allow for the

underprovisioning of data services by telecommunications companies (telcos) to their customers, as

clients were unlikely to be utilizing a data service 100 percent of the time. In more recent years, Frame

Relay has acquired a bad reputation in some markets because of excessive bandwidth overbooking by

these telcos.

Telcos often sell Frame Relay to businesses looking for a cheaper alternative to dedicated lines; its use in

different geographic areas depended greatly on governmental and telecommunication companies'

policies.

Many customers are likely to migrate from Frame Relay to MPLS over IP or Ethernet within the next two

years, which in many cases will reduce costs and improve manageability and performance of their wide

area networks.

With ATM

While the underlying protocols and technologies are different, both MPLS and ATM provide a

connection-oriented service for transporting data across computer networks. In both technologies,


connections are signaled between endpoints, connection state is maintained at each node in the path,

and encapsulation techniques are used to carry data across the connection. Excluding differences in the

signaling protocols (RSVP/LDP for MPLS and PNNI: Private Network-to-Network Interface for ATM) there

still remain significant differences in the behavior of the technologies.

The most significant difference is in the transport and encapsulation methods. MPLS is able to work with

variable length packets while ATM transports fixed-length (53 byte) cells. Packets must be segmented,

transported and re-assembled over an ATM network using an adaptation layer, which adds significant

complexity and overhead to the data stream. MPLS, on the other hand, simply adds a label to the head

of each packet and transmits it on the network.

Differences exist, as well, in the nature of the connections. An MPLS connection (LSP) is unidirectional—

allowing data to flow in only one direction between two endpoints. Establishing two-way

communications between endpoints requires a pair of LSPs to be established. Because 2 LSPs are

required for connectivity, data flowing in the forward direction may use a different path from data

flowing in the reverse direction. ATM point-to-point connections (virtual circuits), on the other hand, are

bidirectional, allowing data to flow in both directions over the same path (Both SVC and PVC ATM

connections are bidirectional. Check ITU-T I.150 3.1.3.1).

Both ATM and MPLS support tunneling of connections inside connections. MPLS uses label stacking to

accomplish this while ATM uses virtual paths. MPLS can stack multiple labels to form tunnels within

tunnels. The ATM virtual path indicator (VPI) and virtual circuit indicator (VCI) are both carried together

in the cell header, limiting ATM to a single level of tunnelling.

The biggest advantage that MPLS has over ATM is that it was designed from the start to be

complementary to IP. Modern routers are able to support both MPLS and IP natively across a common

interface allowing network operators great flexibility in network design and operation. ATM's

incompatibilities with IP require complex adaptation, making it comparatively less suitable for today's

predominantly IP networks.

Evolution?

MPLS has been originally proposed to allow high performance traffic forwarding and traffic engineering

in IP networks. However it evolved in Generalized MPLS (GMPLS) to allow the creation of label-switched

paths (LSPs) also in not native IP networks, such as SONET/SDH networks and wavelength switched

optical networks.

Competitors?

MPLS can exist in both an IPv4 and an IPv6 environment (using appropriate routing protocols). The

major goal of MPLS development was the increase of routing speed. Now, therefore, the main

application of MPLS is to implement limited traffic engineering and layer 3 / layer 2 “service provider

type” VPNs over IPv4 networks.


Besides GMPLS, the main competitors to MPLS are Shortest Path Bridging (SPB), Provider Backbone

Bridges (PBB), and MPLS-TP. These also provide services such as service provider layer 2 and layer 3

VPNs. L2TPv3 has been suggested as a competitor, but has not reached any wider success.

Types?

As long as we know these are the MPLS types:

- MPLS VPN,

- LV1 MPLS,

- LV2 MPLS.

Technology

MPLS (Multiprotocol Label Switching)