You need to recall that ...
Everything that is sent from one computer to the another computer that is there on the network, is divided into smaller pieces. These smaller pieces of data in any form, are called 'Packets'.
Whether you are sending an email, or opening a web-page in your browser, or watching a movie on Netflix, or uploading a video on YouTube, everything is being sent or received in a series of Packets. At the destination terminals or systems, these packets are then re-assembled and then displayed on the screen or stored at the system.
Each packet has an attached header that contains all the information about -- where the packet is from and where it is going, including its destination IP address (like the address on a piece of mail). In order to make a packet to reach its intended destination, ROUTERS have to forward it from one network to the next until it finally arrives at the network that contains its destination IP address. That network will then forward the packet to that address and the associated device. It is the jobs of routers throughout the journey of packets, to forward them to next router in the next network.
Before routers can forward a packet to its final IP address, they must first determine where the packet needs to go. Routers do this by referencing and maintaining a 'ROUTING TABLE,' which tells them how to forward each packet. Each router examines the packet's headers, consults its internal routing table, and forwards the packet to the next network. A router in the next network goes through the same process, and the process is repeated until the packet arrives at its destination.
This approach to routing works so very well for most purposes. In fact, the most of the Internet actually runs using IP addresses and routing tables. However, your users or your organization may want their data to travel FASTER over paths you can directly control, especially in case of enterprise-wide Branch-to-HQ connectivity. And MPLS does this job beautifully...
What is MPLS?
Before you understand, what MPLS is, you need to know the little more piece of information here, how routers works in these sorts of scenarios, e.g., Internet. That over the internet, each individual router makes decisions INDEPENDENTLY based on its OWN internal routing table.
For example, there is a router and it receives 2-packets which have come from the same source or place. The analysis of their headers reveal to router that both packets need to be forwarded to the same destination. There is no instruction on how these packets should get to their destination or how they should be treated along the way. That's why, it is not necessary that both data packets would take the same route to reach the same destination. They may take different network paths if a router updates its routing table after the first packet passes through. This process would be repeated at each hop along the route until these packet eventually reaches its destination. All of those hops and all of those individual routing decisions result in poor performance for time-sensitive applications like video-conferencing or voice over IP (VoIP).
However, with MPLS, all packets will take the SAME PATH every time. Result is very good performance of such applications, almost zero latency! MPLS is not like other network protocols which route traffic based on source-address and destination-address, MPLS routes your traffic based on predetermined “Labels.” That's why it has got its name, viz., Multi-Protocol Label Switching (MPLS).
Multi-Protocol Label Switching(MPLS) is a method of switching packets using 'LABELS' instead of IP addresses (or Layer 3 information). It is a technique that's why it works with most protocols and speeds up packet forwarding and routing. Today, MPLS is used not only to facilitate higher speed requirements of your network, but it also allows your company to develop advanced and augmented 'applications and services' over your existing network infrastructure.
With MPLS, the first time a packet enters the network or reaches to first router, that router assigns a specific forwarding class of service (CoS)—also known as a forwarding equivalence class (FEC) to it. This FEC is indicated by appending a short bit sequence (the label) to the packet.
These classes are often indicative of the type of traffic they carry. For example, a business might label the classes as:
Remember, each of your application would be placed in one of these classes. The fastest, low-latency path would be reserved for real-time apps like voice and video, thereby ensuring quality is high. Separating the traffic based on its performance requirements is very important to maintain the Quality of Service (QoS).
Now you've understood the Forwarding Equivalence Class (FEC). Now you need to understand LSP. Label-Switched Path (LSP) are network paths that these labeled packets can take. Basically, LSP is a predefined path that the packet takes during transmission.
A packet's class (FEC) determines which path (LSP) the packet will be assigned to. Packets with the same FEC, will follow the same LSP all the time, every time. However, these LSPs are unidirectional which means that return traffic is sent over a different LSP.
The key architectural point with all this is that the labels provide a way to attach ADDITIONAL information to each packet above and beyond what the routers previously had.
Each packet would have an MPLS header, which will store one or more labels attached to that packet. This MPLS header is added on the top of all other headers attached to a packet. FECs are listed within each packet's labels.
Then what happens is that Routers throughout the journey to the destination, do not examine the packet's other headers; they can essentially ignore the IP header. Instead, they examine the packet's label in MPLS header and direct the packet to the right LSP.
Since MPLS-supporting routers only need to see the MPLS labels attached to a given packet, MPLS can work with almost any protocol (hence the name "multiprotocol"). It does not matter how the rest of the packet is formatted, as long as the router can read the MPLS labels at the front of the packet.
When speed and reliability are highly important to your organization, you should use MPLS.
Applications that require near-immediate data delivery are known as real-time applications. Voice calls and video calls are two common examples of real-time applications. MPLS can also be used to set up wide area networks (WANs).
Is MPLS Layer 2 or Layer 3?
If you want to know what layer of OSI model, the MPLS belongs to, then you would be disappointed to know that MPLS does not fit 'neatly' into OSI model.
In fact, one of the key benefits of MPLS is that it separates forwarding mechanisms from the underlying data-link service. In other words, MPLS can be used to create forwarding tables for any underlying protocol.
When any end-user sends traffic into your MPLS network, an MPLS label is added by an ingress MPLS router that sits on the network edge. The MPLS Header consists of four sub-parts:
1. The Label
The label holds all of the information for MPLS routers to determine where the packet should be forwarded.
2. Experimental
Experimental 'bits' are used for Quality of Service (QoS) to set the priority that the labeled packet should have.
3. Bottom-of-Stack
The Bottom-of-Stack tells MPLS routers if they are the last leg of the journey and there are no more labels to be concerned with. This usually means the router is an egress router.
4. Time-To-Live
This identifies how many hops the packet can make before it is discarded.
As a direct consequence of this MPLS Header, it is very difficult to say what layer of OSI model it belongs to. Since MPLS header sits between Layer 2 and Layer 3 headers and is thus called the 2.5 Layer protocol or the shim protocol. It forwards packets with the speed of Layer 2 protocols while preserving the scalability and dynamic capabilities of Layer 3. The routers using MPLS forwarding tables do not find the need to open Layer 3 headers of packets at all, thereby saving resources and time. The above graphic shows you this very clearly.
MPLS Vs VPN Technologies & BGP
VPN technology has been around longer than MPLS. In past, ATM or Frame Relay technologies provided VPN facilities at Layer 2 and were very popular too. In such a network, the service provider ran ATM or Frame Relay to provide connectivity, which typically formed the backbone network.
In case of MPLS, VPN services are provided differently. MPLS forms the 'backbone network' over which VPN services are provided. A virtual network built on top of existing network infrastructure(Underlay) is called an Overlay. This technique of overlaying a virtual network on an underlay increases the scalability of the network and supports multi-tenancy, modularity and virtualization.
MPLS based Virtual Private Network, or MPLS VPN, is the most sought-after and widespread implementation of MPLS technology.
As you already know that a VPN extends a private network across a public network and enables its users to send and receive data across shared or public networks as if their computing devices were directly connected to a private network. VPN does so by constructing a virtual tunnel between the endpoints. Transportation of data between these ends is achieved by encapsulating an entire data packet into a datagram, thereby allowing a safe exchange of data across public or shared networks.
A typical MPLS VPN model consists of Provider Edge(PE) routers, Provider( P) routers, Customer Edge(CE) routers and Customer( C) routers. The PE and CE are directly connected at Layer 3. In the service provider’s network, all PE and P routers run MPLS VPN as a service. They are equipped to send and receive packets with MPLS labels and take routing decisions accordingly. Therefore, routing and forwarding is carried out with the help of Label Switch Paths(LSPs). Customer networks run Layer 3 routing protocols internally. CE routers need not run MPLS.
MPLS can also be used to efficiently exchange routes using the Border Gateway Protocol(BGP).
BGP can be deployed at the edge of a network with an MPLS core. MPLS provides end to end transport for BGP routes. The PEs in the provider network using MPLS BGP use the Multiprotocol-Border Gateway Protocol (MP-BGP) to dynamically communicate with each other. This MPLS BGP model enhances the efficiency and scalability of routing/forwarding features of the underlying network infrastructure.
_
Indeed, MPLS provides your company the benefits of scalability, performance, better bandwidth utilization, reduced network congestion and a better end-user experience.
However, MPLS itself does not provide encryption, but it is a VPN by virtue and, as such, is partitioned off from the public Internet. Therefore, you can consider MPLS as a secure transport mode. And it is not vulnerable to DoS attacks, which might impact pure-IP-based networks.
On the negative side, MPLS was designed for organizations that have multiple remote branch offices that are geographically dispersed across the country or the globe where the majority of traffic was on-net to enterprise data centers. Today businesses have shifted much of their traffic to and from cloud instead, making MPLS sub-optimal.
Modern Software-defined WANs (SD-WAN) are architected with cloud connectivity in mind, which is why so many businesses have been replacing or augmenting their MPLS networks with SD-WANs.
Technically, it is possible to shift an all-broadband WAN. But most enterprises are still preferring to use MPLS of their SD-WAN implementations. MPLS will continue to have a role connecting specific point-to-point locations, like large regional offices, retail facilities with point of sale systems, regional manufacturing facilities, and multiple data centers. MPLS is still required for real-time applications like video conferencing and other very specific applications.
Once an MPLS network is deployed, it delivers guaranteed performance for real-time traffic. SD-WAN can route traffic along the most efficient path, but once those IP packets hit the open Internet, there are no performance guarantees. But it is still better and relatively assured vis-a-vis, broadband. Integration of MPLS application components, including Layer 3 VPNs, Layer 2 VPNs, Traffic Engineering, QoS, GMPLS, and IPV6 enable the development of highly efficient, scalable, and secure networks that guarantee Service Level Agreements.
All-in-all, SD-WAN represents evolution of MPLS technology which has successfully powered private connectivity for more than two decades. In many ways, SD-WAN can be seen as a software abstraction of MPLS technology that is applicable to wider scenarios, i.e., it brings secure, private connectivity agnostic to all kinds of links and providers and is cloud aware. Whereas MPLS handled failure scenarios with backup links, SD-WAN handles them with real-time traffic steering based on centralized policy. Also, given that SD-WAN unifies the entire WAN backbone, it delivers comprehensive analytics across the full enterprise back bone, globally.
Because SD-WAN provides a network of encrypted routing paths, it is in a good position to replace MPLS in the vast majority of situations. SD-WAN already optimizes the transfer of data, directing packets to their destinations in a more efficient manner. Therefore, SD-WAN is often a more-than-sufficient solution.
Kindly write your comments on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.
You can also share with all of us if the information shared here helps you in some manner.
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
_____
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM