How MPLS Transforms WAN: From Legacy IP to High‑Performance Label Switching

Broad‑Area Network Data Communication Technology Evolution

Since 1978, when TCP was split into IP and TCP, IP routing has been widely used in WAN data transmission. IP uses a longest‑match‑first algorithm for routing decisions, but early hardware limitations made software‑based longest‑match processing a performance bottleneck.

In the mid‑1990s, ATM emerged with fixed‑length cells and a small label table, offering higher forwarding performance than IP, though its complexity and cost limited adoption.

As the Internet exploded, the need for larger, more efficient WANs grew, leading to the development of MPLS in 1996, which combines L3 routing flexibility with L2 switching efficiency.

IP technology is simple but performance‑limited.

ATM offers high performance but is complex and costly.

MPLS operates at the L2.5 layer, merging L3 routing and L2 switching.

MPLS Protocol Format

MPLS Label Stack

The MPLS label stack (MPLS header) sits between the L2 and L3 headers, enabling support for multiple upper‑layer protocols such as IPv6, IPX, and CLNP.

The stack consists of several MPLS label entries, including an outer label (closest to the L2 frame header) and an inner label (closest to the L3 packet header).

Labels are processed FIFO: the router starts with the outer label (stack index 0) and, after popping the inner label, restores a standard IP packet.

Examples of two‑label and three‑label stacks are shown below.

2 Label Entries

3 Label Entries

The MPLS label stack is key for MPLS‑TE FRR or SR‑MPLS, which can be centrally controlled by an SDN controller.

MPLS Label Entries

A label entry contains:

Label (20 bits) : identifies a FEC or local meaning; supports millions of values. Standard ranges are:

0‑15: special values.

16‑1023: static signaling (e.g., static LSP).

1024‑1048575: dynamic signaling (e.g., LDP, RSVP‑TE, MP‑BGP).

EXP (3 bits) : used for Class of Service.

S (Bottom of Stack, 1 bit) : indicates position in the stack.

TTL (8 bits) : copied from the IP header TTL and decremented at each hop.

RFC 5462 defines EXP as a Traffic‑Control field to support QoS and ECN.

MPLS WAN Forwarding Principles

Basic MPLS Network Elements

LSR (Label Switching Router) : core MPLS device.

LER (Label Edge Router) : network edge device, divided into:

MPLS Ingress Node – adds labels to incoming IP packets.

MPLS Egress Node – removes labels before forwarding to IP routing.

MPLS Router Components

The control plane manages routes and labels:

IRP (IP Routing Protocol) : generates routes.

RIB (Routing Information Base) : stores routes.

LDP (Label Distribution Protocol) : generates labels.

LIB (Label Information Base) : stores labels.

The data plane handles packet encapsulation, label swapping/popping, and forwarding.

FIB (Forwarding Information Base) : forwards IP packets using routes from the RIB.

LFIB (Label Forwarding Information Base) : forwards MPLS packets using labels from the LIB.

Basic MPLS Forwarding Principle

Traditional IP routing parses the IP header, finds the destination FEC, and forwards based on longest‑match. MPLS introduces Label Switching Hop (LSH): after the first ingress, packets are forwarded solely based on labels and the Next Hop Label Forwarding Entry (NHLFE), which may swap, pop, or push labels, eliminating the need for IP header parsing at each hop and achieving O(1) lookup.

MPLS VPN WAN Dedicated Lines

Although modern ASICs have reduced the raw performance advantage of MPLS, its support for multi‑label, connection‑oriented forwarding, QoS, and Traffic Engineering keeps it widely used in VPN, TE, and QoS scenarios.

MPLS VPN (often called MPLS dedicated line service) is an ISP‑provided WAN underlay leased line, offering SLA guarantees for bandwidth, latency, jitter, and packet loss, commonly used for enterprise branch connectivity and data‑center interconnect (DCI).

MPLS L2VPN

L2VPN creates an L2‑over‑MPLS network, allowing multiple sites to share a Layer‑2 switching fabric and support various data‑link technologies (ATM, FR, VLAN, Ethernet, PPP). Implementations include VLL, PWE3, and VPLS. PE devices do not perform L3 routing for user traffic, improving scalability.

MPLS L3VPN

L3VPN is the most widely deployed type, using MP‑BGP as the control plane while retaining MPLS in the data plane.

MPLS L3VPN Working Principle

Basic Network Elements

An MPLS L3VPN consists of ISP backbone and customer sites, offering flexible, scalable topology with support for QoS and TE.

Site : customer location (headquarters, branch).

CE (Customer Edge) : customer‑side router or host, connects to one or more PE.

PE (Provider Edge) : ISP edge router, functions as LER, handles all VPN processing.

P (Provider) : core ISP router, functions as LSR, only forwards data.

MP‑BGP VPN‑IPv4 Routes Types

VPN‑IPv4 routes extend BGP NLRI with a Route Distinguisher (RD) to make overlapping address spaces globally unique.

VPN‑IPv4 Field

Each VPN‑IPv4 address consists of a 12‑byte value: an 8‑byte RD followed by a 4‑byte IPv4 prefix.

RD (Route Distinguisher)

RD uniquely identifies a VPN‑IPv4 prefix. Two common formats are:

Associated with ASN: {16bits ASN}:{32bits Custom number} (e.g., 100:1).

Associated with IP address: {32bits IPv4}:{16bits Custom number} (e.g., 172.1.1.1:1).

Three RD types exist (Type 0, 1, 2) with slightly different field placements; Type 2 uses a 32‑bit ASN with a minimum value of 65536.

RT (Route Target)

RT is used for import/export filtering of VPN routes. Two RT roles:

Export Target : set on routes before a PE advertises them.

Import Target : matched against incoming routes to decide acceptance.

RT formats mirror RD formats.

PE Support for VPN‑IPv4 Routes

PE VPN Instance

Each PE creates a VPN instance per directly connected CE, containing LFIB, VRF, associated interfaces, and configuration (RD, RT, policies).

PE VRF

VRF provides path isolation similar to VLANs, maintaining separate routing and forwarding tables per VPN instance.

VPN‑IPv4 Route Exchange

Route exchange occurs in three steps: Local CE ↔ Ingress PE, Ingress PE ↔ Egress PE, and Egress PE ↔ Remote CE. After these steps, end‑to‑end connectivity is established.

Local CE ↔ Ingress PE

CE advertises its VPN routes to the PE via static or dynamic routing (RIP, OSPF, BGP, IS‑IS). The PE adds RD and RT attributes and forwards the routes.

Ingress PE ↔ Egress PE

Ingress PE uses MP‑BGP to advertise VPN‑IPv4 routes to the Egress PE, which accepts them if Export Target matches its Import Target.

Egress PE ↔ Remote CE

Remote CE learns VPN routes via static, RIP, OSPF, IS‑IS, or eBGP.

L3VPN Packet Forwarding Process

Two‑label forwarding is used:

Outer label : directs the packet across the MPLS backbone from Ingress PE to Egress PE.

Inner label : indicates the destination CE at the egress side.

Example flow: Site1 → CE1 → Ingress PE (adds both labels) → MPLS core (outer label removed) → Egress PE (uses inner label) → CE2 → Destination.

Classic MPLS L3VPN Topologies

Single‑Domain L3VPN

All VPN sites reside within one AS; routes are exchanged only within that AS.

Basic Scheme

Each VPN instance receives a unique Route Target used as both Export and Import Target, ensuring isolation between VPNs.

Hub‑and‑Spoke

Central hub PE controls traffic between spoke sites, using separate Hub and Spoke Route Targets for import/export filtering.

Extranet

Allows selective sharing of resources between VPNs by configuring mutual Export/Import Targets.

Cross‑Domain L3VPN

When VPN sites span multiple ASes, inter‑AS MPLS VPN architectures (Option A, B, C) are required to exchange VPN‑IPv4 routes across AS boundaries.

Option A

Each LSR distributes labels only to directly downstream LSRs, leading to many label‑switched paths; suitable for small networks.

Option B

LSRs primarily communicate with downstream LSRs but may also distribute labels to other LSRs, balancing scalability and complexity.

Option C

All LSRs communicate with every other LSR, building a full mesh of label‑switched paths; suitable only for very large, well‑engineered networks.