MPLS is used for a variety of purposes; two of the most common are Layer 3 VPNs and Layer 2 VPNs. But why MPLS? What are the business drivers for MPLS? One of the first use cases was SP/carrier networks, where they needed to consolidate networks, provide multiple L2/L3 services, support increasingly stringent SLAs, and handle the increasing scale and complexity of IP-based networks. From the enterprise space, the trend picked up later and was driven by multi-site configurations and the need for network segmentation. MPLS originated in the mid-1990s and evolved until approximately 2004 when MPLS OAM became available.
MPLS is built on labels. Every packet is stamped with a label and MPLS will switch that packet through the network based on the label. There is an MPLS forwarding plane (where labeled packets are switched instead of routed) and an MPLS control/signaling plane (where MPLS utilises existing IP-based control protocols and extensions).
Within the enterprise space, there are two general types of MPLS deployments:
- The enterprise is subscribed to an MPLS-based network from a provider
- The enterprise has deployed MPLS in it’s own network
Continuing with the enterprise space, there are three major reasons for deploying/using MPLS:
- Network segmentation (network virtualization, distribution application virtualization)
- Network realignment/migration (consolidation of multiple networks)
- Network optimization (full-mesh and hub-and-spoke deployments, Traffic Engineering [TE] for bandwidth protection)
Moving on to to the technology components of MPLS, the core of MPLS is the MPLS signaling and forwarding components. Within the MPLS network, there is a Label Switched Path (LSP) from one end to the other end based on a label. There are a number of different terms applied in an MPLS network:
- PE (Provider Edge): This is an edge router that adds labels (on ingress) or removes lables (on egress).
- P (Provider) router: This is a label-switching router or a core router.
- CE (Customer Edge)
The MPLS label itself is a 32-bit structure. The first part of the label is the actual MPLS label, which occupies 20 bits. Then you have the EXP/COS bits for QoS handling, and then you have the S bit; the S bit represents the bottom of the stack. (The S bit facilitates multiple layers of MPLS labels.) The label wraps up with an 8 bit TTL. The MPLS label is usually placed just after the transport header (for example, just after the MAC header for Ethernet).
Some additional terms to understand:
- Label imposition: Occurs at the PE at ingress; classify and label packets
- Label swapping or switching: Occurs at the P router; forwards packets based on label and indicates service class and destination
- Label disposition: Occurs at a PE on egress; remove label and forward packets
The Forwarding Equivalence Class (FEC) is the mechanism to map Layer 2/3 packets onto an LSP by the ingress PE router. There are a variety of FEC mappings possible. Label Distribution Protocol (LDP) handles exchanging label information between and among MPLS nodes. There is a push operation (used on the ingress PE node to know which label to use for a given FEC), swap operation (occurs on the core P node), pop operation (occurs at egress PE node to inform node about FEC mapping). LDP is a superset of Cisco-specific TDP, and you can also use BGP with some extensions as well. As an MPLS control plane protocol, it is L3 based (runs over IP) and uses a specific set of TCP ports and protocols to communicate MPLS label information.
Looking also at the general steps involved in MPLS forwarding, MPLS supports various IGPs: EIGRP, IS-IS, OSPF on core facing and core links. RSVP and LDP are supported on core and/or core-facing links. MP-iBGP runs on edge routers.
The S bit (Bottom of Stack) bit which was mentioned earlier; is one of the real superpowers of MPLS is label stacking. This allows organizations to stack labels for QoS, security, traffic engineering, segmentation, etc.
One of the key drivers for MPLS is VPN: both Layer 3 and Layer 2 VPNs. The connection to the MPLS network is handled by the PE-CE link; this is the connection between the PE (for ingress/egress) and the CE. Once the traffic enters the MPLS network, then all the advantages of MPLS (via labels and label stacking) become available.
Options for MPLS VPNs include:
- Layer 2 VPNs (point-to-point and multi-point): Routing is always CE-CE; no SP involvement
- Layer 3 VPNs
Focusing a bit more on L3 VPNs. In this case, the CE has a peering link with the PE and there is IP routing/forwarding across the PE-CE link. In this case, the MPLS VPN is part of the customer’s IP routing domain. MPLS VPNs enable full-mesh, hub-and-spoke, and hybrid connectivity among connected CE sites.
Components of an L3 MPLS VPN:
- PE-CE link
- MPLS L3 VPN control plane
- MPLS L3 VPN forwarding plane
VRFs (Virtual Routing and Forwarding instances) are created for each customer VPN on the PE router. Each VRF is associated with one or more customer interfaces, has its own routing table (RIB) and forwarding table (CEF) and has its own instance for PE-CE configured routing protocols.
MP-iBGP is Multi-Protocol BGP extensions; this is for supporting non-IP protocols over BGP. Typically BGP RR (Route Reflector) to improve scalability.
MPLS uses a Route Distinguisher (RD) along with a VPNv4 address to help ensure that all customer routes are unique across the MPLS network.