Getting Started with MPLS and MPLS VPN

MPLS Overview and Background

Multiprotocol Label Switching (MPLS) uses labels, not routes, to forward packets and combines the advantages of IP and asynchronous transfer mode (ATM) technology.

IP technology, while simple and cheap to deploy, relies on the longest match algorithm, which is not the most efficient choice for forwarding packets. In comparison, ATM is much more efficient at forwarding packets. ATM uses fixed-length labels (called cells) and maintains a label table, which is much smaller than a routing table. However, ATM is a complex protocol with a high deployment cost, which has hindered its widespread popularity and growth.

MPLS was developed to satisfy users who wanted a technology that combines the best features of both IP and ATM.

MPLS is designed to increase forwarding rates. Unlike IP, MPLS analyzes packet headers on the edge of a network, not at each hop. Therefore, packet processing time is shortened.

Although losing its advantage in accelerating the forwarding speed, MPLS supports multi-layer labels, and its forwarding plane is connection-oriented. MPLS is widely used in virtual private network (VPN), traffic engineering (TE), and quality of service (QoS) scenarios.

Typical MPLS Network Structure

The following figure illustrates the typical MPLS network structure.

Label switching routers (LSRs) are the basic elements of an MPLS network. There are three main types of LSRs:

• An Ingress is on the MPLS network edge and receives packets from another network. It analyzes data packets and adds a label to them.
• A transit LSR is within an MPLS domain and it forwards packets based on labels.
• An egress is on the MPLS network edge and sends packets to another network. It removes the label from the packet before sending the packet out of the MPLS network.

MPL Header and Label

An MPLS header is 4 bytes long and contains the following fields.

• Label: a label value.
• EXP: used for extension. This field is used to implement the class of service (CoS) function, which is similar to Ethernet 802.1p.
• S: whether a label is at the bottom of a label stack. MPLS supports multiple labels that can be stacked. Value 1 indicates a label at the bottom of a label stack.
• TTL: short for time to live. This field is the same as the TTL in IP packets.

Label Distribution Process

Data packets travel along label switched paths (LSPs) across an MPLS network. LSPs that are unidirectional originate from the ingress and terminate at the egress. MPLS forwarding is performed in a "road is built first, and cars go" way. Before packets are forwarded, labels must be distributed to establish an LSP.

A label is assigned by a downstream LSR to an upstream LSR. In the following figure, Transit-2 is downstream to Transit-1 and Egress is downstream to Transit-2. Conversely, Tansit-1 is upstream to Transit-2 and Ingress is upstream to Transit-1.

Downstream LSRs assign labels because the downstream LSR itself uses these labels to identify a packet that can be forwarded. If an upstream LSR assigns a label, the downstream LSRs do not know how to use the label to forward a packet unless they agree on this label. To simplify the process, the downstream LSR itself assigns the label.

Packet Forwarding Process

1. The ingress receives an IP packet destined for 10.1.1.1, adds label Z to the packet, and forwards it downstream.
2. Transit-1 receives the labeled packet, swaps label Z for label Y, and forwards the packet downstream.
3. Transit-2 receives the labeled packet, swaps label Y for label X, and also forwards the packet downstream.
4. The egress receives the packet, removes label X, and forwards the packet over an IP route to 10.1.1.1.

Label Operation — Push, Swap, and Pop

• Push: Adding a label to a packet, as shown in Step 1 stated above.
• Swap: Swapping a label at the top of the label stack in an MPLS packet for another label assigned by a next hop, as shown in Steps 2 and 3 stated above.
• Pop: Removing a label from an MPLS packet before the packet leaves the MPLS network, as shown in Step 4 stated above. In addition, the penultimate LSR can also remove a label from an MPLS packet. This process is called penultimate hop popping (PHP), and is described in the following section.

PHP Mechanism and Implicit Null Label

Assume that an MPLS packet arrives at the egress, the last hop of an LSP. The egress looks up its MPLS forwarding table for a matching entry and removes the label from the MPLS packet. After the egress finds that the MPLS packet becomes an unlabeled IP packet, the egress re-looks up for an entry in the IP forwarding table and forwards the packet. Obviously, the lookup in the MPLS forwarding table is unnecessary and reduces forwarding efficiency. To make an improvement, PHP enables the egress to instruct the penultimate LSR to remove the last label from the MPLS packet before sending the packet to the egress. After receiving the packet, the egress directly forwards the unlabeled IP packet or single-labeled packet. PHP helps reduce the burden on the egress.

PHP enables the egress to assign only implicit null label (label 3), to the penultimate LSR. The implicit null label is removed before appearing in the label stack of a packet reaching the egress. When an implicit null label is distributed to a penultimate LSR, the LSR directly removes the label without having to swap an existing label for it at the top of the label stack.

MPLS VPN Overview

As mentioned in the MPLS background, MPLS is widely used in virtual private network (VPN) services. Well, what is VPN?

Before the advent of VPN, telecom carriers rented Layer 2 leased lines to enterprises. Each leased line was exclusive to a specific enterprise.

Each time a leased line was added, a new physical link needed to be built, which was time consuming and costly. ATM and Frame Relay (FR), following the leased line technique, enabled carriers to use virtual circuits to provide P2P leased lines. Such leased lines were time-saving and of low cost. Virtual circuits depended on dedicated transmission media. Either ATM or FR if used must be supported by all devices in all service areas. Costly network construction and low transmission rates made virtual circuit-based services lag behind the development speed of applications on the Internet.

A substitute solution was invented to use VPNs over an existing IP network. The nature of VPNs is to provide virtual leased line services over a shared network (known as a public network), which poses a problem. No enterprise wants its data to be exposed on the shared public network, and their VPNs must be isolated from one another. Packets of a specific VPN must be transparently transmitted over the public network. To tackle this issue, VPNs use the tunneling technique to transmit data.

The tunneling technique provides a tunnel between two network nodes to transparently exchange data. Tunnel protocols are used to establish tunnels. They include Generic Routing Encapsulation (GRE), Layer 2 Tunneling Protocol (L2TP), and MPLS that is what we are talking about. After a tunnel is established, one end adds a tunnel protocol header to each packet and forwards the packet to the other end. Upon receipt of it, the other end removes the header and forwards the packet. Tunnels, including MPLS LSPs, are the integral part of VPNs. MPLS LSPs are the most commonly used on carrier networks. VPNs that transmit data along MPLS LSPs are called MPLS VPNs.

MPLS VPNs are classified as MPLS L3VNs or MPLS L2VPNs. MPLS L2VPNs involve virtual private LAN service (VPLS) tunnels and virtual leased line (VLL) and pseudo wire emulation edge-to-edge (PWE3) tunnels.

• MPLS L3VPN: L3VPN users consider that a shared network (public network) is like a router connecting to VPN sites to one another. The public network builds dedicated routing and forwarding tables for each VPN.

  

• VPLS: uses virtual leased network segments to connect LANs to one another. For VPLS users, a public network is like an Ethernet switch connecting VPN sites to each other. VPLS is also called E-LAN.

  

• VLL and PWE3: use an IP network to simulate traditional leased lines. VLL users take a public network as a P2P link to connect VPN sites to one another. VLL is also called virtual private wire service (VPWS) or E-Line. PWE3 is an extension to VLL.

  

MPLS Label Position

Labels are encapsulated between the data link and network layers. Their position in a data packet is illustrated in the following figure.

An MPLS packet can carry multiple labels. The label next to the physical layer is called the outer label or stack top label. The label next to the network layer is called the inner label or stack bottom label. Theoretically, an unlimited number of MPLS labels can be stacked in an MPLS packet.

On an MPLS VPN, the most inner label is the VPN label, also called a private network label. The most outer label is the tunnel label, also called a public network label.

Related subjects:

[IP Adventure] A Packet's Adventures on Routers - 08

[IP Adventure] A Packet's Adventures on Routers - 07

[IP Adventure] A Packet's Adventures on Routers - 06

[IP Adventure] A Packet's Adventures on Routers - 05

[IP Adventure] A Packet's Adventures on Routers - 04

[IP Adventure] A Packet's Adventures on Routers - 03

[IP Adventure] A Packet's Adventures on Routers - 02

[IP Adventure] A Packet's Adventures on Routers - 01

[IP Adventure] A Packet's Adventures on Routers - Introduction

Worthy document related with MPLS and MPLS VPN

Very good information about MPLS and MPLS VPN

marvellous data doc.