Net: MPLS and Traffic Engineering

In modern service provider networks, simply forwarding packets based on their destination IP address is often insufficient. Networks must guarantee performance, efficiently utilize expensive backbone links, and offer complex services like secure, scalable VPNs. Multiprotocol Label Switching (MPLS) solves these challenges by introducing a connection-oriented, label-based forwarding paradigm that is independent of Layer 3 routing, enabling sophisticated traffic engineering and service delivery.

From IP Routing to Label Switching

Traditional IP routing is a hop-by-hop decision process. Each router independently examines a packet’s destination IP address, consults its routing table, and forwards the packet to the next hop. This process is repeated at every router, which can be computationally intensive and offers limited control over the actual path traffic takes across the network.

MPLS introduces a streamlined approach. It prepends a short, fixed-length label to packets. This label acts as a simple identifier that dictates the packet’s path through the network. Routers within the MPLS domain, called Label Switching Routers (LSRs), forward packets based solely on this label, not by performing a complex IP lookup at each hop. This label-based forwarding is performed in hardware, making it extremely fast. The path an MPLS packet follows is called a Label Switched Path (LSP). The critical operation that makes this work is the establishment of a label for each Forwarding Equivalence Class (FEC)—a group of packets forwarded in the same manner, over the same path, with the same treatment.

The Mechanics of Label Operations

The power of MPLS lies in three simple label manipulations performed by LSRs: push, swap, and pop. Understanding these is key to visualizing packet flow.

When an IP packet first enters an MPLS network at an ingress LSR (also called a Label Edge Router or LER), the router determines the appropriate FEC and pushes (adds) a new MPLS label onto the packet. This is often called imposing the label stack. The packet is now encapsulated with an MPLS header.

As the labeled packet traverses the MPLS core, each intermediate LSR performs a swap. The router uses the incoming interface and label as a key to look up its Label Forwarding Information Base (LFIB). This table specifies the outgoing interface and the new label to use. The LSR swaps the incoming label for the outgoing label and forwards the packet. This swap operation is simple and fast.

Finally, when the packet reaches the egress LSR at the exit point of the MPLS domain, the router pops (removes) the MPLS label. The now-unlabeled IP packet is then routed normally via its IP header to the final destination. In some designs, the penultimate router (the one before the egress) can pop the label to relieve the egress router of that duty, a technique known as Penultimate Hop Popping (PHP).

Configuring LSPs for Traffic Engineering

The ability to explicitly define paths is the cornerstone of MPLS Traffic Engineering (MPLS-TE). Instead of being slaves to the shortest IGP path, network operators can configure LSPs to follow specific routes to optimize resource utilization. For example, you can engineer an LSP to traverse a high-capacity, underutilized link even if it's not the shortest path, thereby avoiding congestion on a more direct, overloaded route.

LSPs are typically signaled using a protocol like RSVP-TE (Resource Reservation Protocol - Traffic Engineering). RSVP-TE establishes the LSP by reserving bandwidth along the desired path and distributing labels hop-by-hop. When configuring an LSP, you define constraints such as required bandwidth, affinity links (matching certain colors or attributes), and explicit hops (listing specific routers the path must traverse). The ingress LSR calculates a path meeting these constraints and uses RSVP-TE to set up the LSP. This allows for precise control, enabling critical applications like Voice over IP (VoIP) to have a guaranteed, low-latency path across the network, completely separate from best-effort web traffic.

MPLS VPN Architectures: Layer 3 VPNs

One of the most powerful applications of MPLS is building scalable Layer 3 VPNs (L3VPNs), often called MPLS VPNs. This architecture allows a service provider to offer private IP network services to multiple customers over a shared MPLS backbone.

The magic lies in the use of two labels. The inner label identifies a customer’s specific VPN route (distinguished by a Route Distinguisher), and the outer label identifies the LSP to the egress PE router. Customer edge (CE) routers connect to provider edge (PE) routers. PE routers maintain separate virtual routing tables (VRFs) for each customer, ensuring complete isolation. PE routers exchange VPN routes with other PEs using Multiprotocol BGP (MP-BGP), which carries the VPN label and route distinguisher. When a packet from a customer enters the network, the ingress PE pushes a two-label stack: the inner VPN label (assigned by MP-BGP) and the outer transport label (for the LSP across the core). Core routers (P routers) only swap the outer label, oblivious to the VPN traffic inside. The egress PE uses the inner label to identify the correct VRF and forward the packet to the right customer site. This model provides the privacy of a traditional leased-line network with the scalability and flexibility of a shared IP/MPLS infrastructure.

Managing Bandwidth and QoS with MPLS

MPLS provides powerful levers for managing network bandwidth and enforcing Quality of Service (QoS) policies. At the service level, MPLS enables Class of Service (CoS). The MPLS header contains a 3-bit Experimental (EXP) field (now often used as the Traffic Class field). Network operators can map IP precedence or DSCP values into this field at the network edge. Core LSRs can then use this field to apply different per-hop behaviors, such as priority queuing, ensuring that high-priority traffic (like VoIP) experiences lower latency and jitter than lower-priority traffic (like email).

From a bandwidth management perspective, MPLS-TE allows for global optimization. You can configure backup LSPs that are pre-established but use zero bandwidth until a primary LSP fails, enabling fast reroute within 50ms. Furthermore, by steering large, predictable flows (like data center replication) onto specific engineered paths, you prevent them from contending with latency-sensitive flows on the IGP shortest path. This holistic view of traffic flows, capacity, and constraints allows service providers to maximize the utility of their expensive backbone links while meeting strict Service Level Agreements (SLAs) for different traffic classes.

Common Pitfalls

1. Ignoring IP Routing Stability: MPLS relies on a stable underlying IGP (like OSPF or IS-IS) to establish transport paths. If the IGP is unstable—flapping links or router instability—LSPs will constantly tear down and re-establish, causing network-wide instability and packet loss. Always ensure your IGP is robust and converged before deploying MPLS services.

1. Misconfiguring MTU: MPLS adds at least one 4-byte header (and more for VPNs or TE) to every packet. If the network’s Maximum Transmission Unit (MTU) is not increased to account for this overhead, large customer IP packets will be fragmented, crippling performance, or silently dropped, causing hard-to-diagnose connectivity issues. Ensure the MTU is increased appropriately on all MPLS-facing interfaces (often to 1508 or 1512 bytes).

1. Over-Engineering Traffic Paths: While MPLS-TE offers precise control, creating hundreds of manually configured explicit-path LSPs can become an operational nightmare. The complexity can lead to routing black holes or suboptimal paths during failures. Use constraint-based path calculation and automated tools where possible, and apply traffic engineering judiciously for key applications, not for all traffic.

1. Neglecting the Control Plane: MPLS forwarding is simple, but the control plane (LDP, RSVP-TE, MP-BGP) is complex. Failing to secure these protocols or monitor their state can lead to security vulnerabilities or undetected failures. Authenticate signaling protocol sessions and implement monitoring that tracks LSP status and label distribution.

Summary

• MPLS decouples forwarding from routing by using short labels to switch packets across a network at high speed, based on established Label Switched Paths (LSPs).
• The core label operations are push (add) at ingress, swap (exchange) in the core, and pop (remove) at egress, enabling efficient packet transit.
• MPLS Traffic Engineering (MPLS-TE) uses protocols like RSVP-TE to establish LSPs along constrained, non-shortest paths, allowing optimal bandwidth utilization and avoidance of network congestion.
• MPLS Layer 3 VPNs provide scalable, private network services over a shared backbone using VRFs for isolation and a two-label stack (transport + VPN) forwarded by MP-BGP.
• Together, these capabilities allow service providers to manage bandwidth holistically and enforce Quality of Service (QoS) by classifying traffic and engineering paths to meet specific performance guarantees.