The Problem MPLS Solves
Traditional IP routing makes a forwarding decision at every single router: look up the destination IP in the routing table (which may have hundreds of thousands of entries), find the longest matching prefix, and forward accordingly. In the 1990s, this lookup was slow โ hardware wasn't fast enough to perform routing-table searches at wire speed for high-volume traffic.
MPLS solved this by making the routing decision once โ at the network ingress โ and then forwarding based on a short fixed-length label for the rest of the path. Label lookups are dramatically faster than IP routing table lookups. Modern hardware has largely closed this performance gap, but MPLS remains critical for traffic engineering, VPN services, and quality of service guarantees that pure IP routing can't provide as cleanly.
Core Concepts
Labels are 32-bit values inserted between the Layer 2 (Ethernet) header and the Layer 3 (IP) header โ this is sometimes called "Layer 2.5." Each label contains a 20-bit label value, a 3-bit traffic class field (for QoS), a 1-bit bottom-of-stack indicator, and an 8-bit TTL field.
Label Edge Routers (LERs) sit at the edges of the MPLS network โ ingress and egress points. The ingress LER imposes a label on incoming packets. The egress LER removes the label and delivers the original IP packet to its destination.
Label Switch Routers (LSRs) are the core routers within the MPLS network. They forward packets purely based on label values โ swap the incoming label for an outgoing label, forward out the appropriate interface. No IP routing table lookup required.
Label Switched Paths (LSPs) are the predetermined paths through the MPLS network from ingress to egress. Think of them as virtual circuits โ a packet entering a specific LSP will always follow the same path through the network.
Label Operations: Push, Swap, Pop
Push: The ingress LER adds (pushes) a label onto the packet. A packet can have a stack of labels โ the outermost label is used for forwarding decisions, inner labels carry service information (like the VPN identifier).
Swap: Each LSR in the core replaces the incoming label with the appropriate outgoing label for the next hop. This swap table is built by the label distribution protocol and kept in the Label Forwarding Information Base (LFIB) โ equivalent to the IP FIB but keyed by label value.
Pop: The egress LER (or the penultimate hop in PHP mode) removes the label and forwards the original IP packet. Penultimate Hop Popping (PHP) has the second-to-last router pop the label, so the egress router receives a plain IP packet and can do the final routing lookup without the overhead of label processing.
Label Distribution Protocol (LDP)
LDP is the protocol that distributes label bindings between routers โ it's how LSRs learn which label maps to which destination prefix. LDP sessions run between directly connected MPLS-capable routers (similar to BGP neighbor sessions but simpler). Each router advertises its locally assigned labels for the destinations in its IP routing table.
RSVP-TE (Resource Reservation Protocol - Traffic Engineering) is an alternative to LDP that allows explicit path specification and bandwidth reservation โ used when traffic engineering is required. LDP creates hop-by-hop LSPs following the IGP path; RSVP-TE creates LSPs along administrator-specified or constraint-based computed paths.
MPLS VPNs โ The Primary Enterprise Use Case
The most common reason enterprises encounter MPLS is MPLS VPN services from service providers. An MPLS L3VPN (RFC 4364) allows a service provider to offer private routed connectivity between multiple customer sites over a shared infrastructure โ each customer's traffic is isolated from others despite traversing the same physical network.
The mechanics: the provider edge (PE) router uses a two-label stack. The outer label routes the packet through the provider's MPLS core to the correct egress PE. The inner label (the VPN label) identifies which customer VRF (Virtual Routing and Forwarding instance) the packet belongs to at the egress PE. The customer's routing information is carried in MP-BGP between PE routers, completely separate from the provider's IGP.
From the customer's perspective: their CE (Customer Edge) router peers with the provider's PE router, exchanges routes, and the MPLS/VPN mechanics are invisible. Traffic between sites appears to traverse a private routed network.
MPLS Traffic Engineering
MPLS-TE allows network operators to route specific traffic flows along paths other than what IGP shortest-path routing would choose. If your network has a heavily utilised shortest path and an underutilised longer path, MPLS-TE can steer specific traffic classes (video, voice, critical applications) over the longer path to balance load and guarantee capacity.
RSVP-TE signals the LSP through the network, reserving bandwidth at each hop. The path can be explicitly specified by an operator or computed automatically using CSPF (Constrained Shortest Path First) with bandwidth and administrative constraints.
MPLS vs SD-WAN
SD-WAN has eaten a significant portion of the enterprise WAN market that MPLS services previously occupied. For branch connectivity, SD-WAN over broadband internet offers lower cost, higher bandwidth, and more flexibility than MPLS circuits. The trade-off: MPLS provides deterministic latency, jitter, and loss guarantees that internet-based SD-WAN cannot reliably match.
The realistic outcome for most enterprises is hybrid: MPLS for latency-sensitive traffic (voice, video, real-time applications) and SD-WAN over internet for bulk data and less sensitive applications. MPLS is not going away โ it remains the infrastructure of major carrier backbones and is the right tool for the use cases where deterministic performance matters more than cost.