• Originally created to enable faster routing/switching of packets, but today's hardware/wire-speed routers make this benefit redundant.
  • MPLS header -- 4 bytes:
    • 20 bits: label
    • 3 bits: experimental (used for QoS)
    • 1 bit: bottom of label stack
    • 8 bits: TTL

Router Types

  • P = LSR = label switch router
  • PE = LER = label edge router


  • When an unlabelled packet arrives, the PE router determines the FEC and assigns a label before forwarding.
  • When a labelled packet arrives, either:
    • swap
    • push (add label, i.e. encapsulate/stack)
    • pop
  • FEC = forwarding equivalence class:
    • typically based on the destination IP + QoS.
    • usually corresponds to an LSP.
  • PHP = penultimate hop popping: "implicit null" label = 3


  • RFC 2547bis → RFC 4364
  • Define VRF and add interfaces to the VRF.
  • Each VRF has its own FIB (in addition to the main FIB).
  • Each prefix is tagged with the RD for that VRF (to maintain address space separation):
    • uses extended communities (RT = route target).
  • Layer 2 VPNs
  • Layer 3 VPNs
  • Layer 2 VPNs compared to Layer 3 VPNs


There are advantages and disadvantages for each approach, so one needs to consider those in addition to:
  • The current/future requirements of the service.
  • The existing provider infrastructure.
  • Cost.

Type of Traffic

  • L3: IP only.
  • L2: multiple protocols (IPv4, IPv6, IPX, DECnet, OSI, etc.).

Connectivity Scenarios

  1. Point-to-point
  2. Hub and spoke
  3. Partial mesh
  4. Full mesh
  5. Overlapping VPNs
  • L3: does 1, 4, 5 well (2 and 3 are more complex).
  • L2: does 1, 2, 3, 4 well (5 more complex).


  • Both: maximum number of LSPs and/or VCs supported on a PE router.
  • Both: maximum configuration file size:
    • L3: VRF, RD, extended communities, filtering policies.
    • L2: VPN peer PEs, ports associated with VPNs.
  • L3: maximum number of routs (use summarisation).
  • L2: maximum number of layer 2 forwarding table entries (require that CE be a router to limit the number of MACs per VPN).


  • L3:
    • usually require large PE routers.
    • BGP knowledge/expertise.
    • possible Route Reflector change to avoid overload.
    • confederations require inter-AS VPNs.
  • L2:
    • simpler PE routers.
    • no BGP.


  • L3:
    • design routing for VPN topology.
    • assign RDs and RT communities (and configure).
    • CE → PE peering configuration.
  • L2:
    • PE → PE in a VPN to establish VCs.
    • assign CE interfaces to VPN.

Management / Maintenance

  • L3:
    • BGP peering sessions.
    • BGP routes with different extended communities (multiple tables/VRF).
    • BGP route propagation and selection.
    • CE peering.
    • potentially large configuration files.
  • L2:
    • no BGP peering (unless used for VPN signalling).
    • no customer routes.
    • VCs that make up the VPN.
    • ports assigned to a VPN.
    • VFI MAC tables.


  • L3:
    • probably a bit more expensive for deployment (higher hardware demands).
    • higher management/maintenance costs.

IOS Configuration Example

ip vrf <vrf-name>
  rd xxx:yyy
  route-target export aaa:bbb
  route-target import aaa:bbb

mpls label protocol ldp
mpls ldp neighbor x.x.x.x password <...>

interface <...>
  description <...>
  mtu 1530
  ip address x.x.x.x
  ip ospf message-digest-key <...>
  ip ospf network point-to-point
  ip ospf cost <...>
  tag-switching ip

router bgp
  <...>        ! all the usual stuff here
  address-family ipv4 vrf <vrf-name>
    redistribute connected
    max-paths 2
    no auto-summary
    no synchronization

JUNOS Configuration Example

    preference <...>
    interface <...>

    interface <...>
      unit <...>
        family mpls

    instance-type vrf
    interface <...>
    route-distinguisher xxx:yyy
        <...>        ! all the usual stuff here

Useful Articles

  • MPLS label switching.  [ipCisco]
  • Typical EVPN BGP routing designs.  [ipSpace]
  • What is EVPN?  [ipSpace]
  • EVPN route target considerations.  [ipSpace]
  • MPLS:
  • Who's pushing L2 VPN services?  [ipSpace]
  • EVPN with MPLS data plane in data centers.  [ipSpace]
  • EVPN is more than VPLS on steroids.  [ipSpace]
  • Using EVPN in very small data centre fabrics.  [ipSpace]
  • BGP in EVPN-based data centre fabrics.  [ipSpace, ipSpace]
    • BGP in EVPN-based data centre fabrics - part 2.  [ipSpace]
  • VPWS - Virtual Private Wire Service.  [ipCisco: part 1]
  • Distributed Epipe service configuration.  [ipCisco]
  • How does VPRN work?  [ipCisco]
  • VPLS overivew.  [ipCisco]
  • The end of MPLS?  [Jason Wells]
  • Cisco buying SD-WAN startup Viptela may herald a sunset for MPLS.  [DC Knowledge]
  • MPLS tutorial.  [NANOG YouTube]
  • DMEVPN: DMVPN-based alternative to EVPN.  [Packet Pushers]
  • RSVP-TE deep dive.  [Packet Pushers: part 1, part 2]
  • MPLS-TE design.  [Packet Pushers: part 1, part 2, part 3]
  • Back to basics: label distribution and assignment modes.  [Packet Pushers]
  • MPLS lives on in the hybrid WAN era.  [Network Computing]
  • Do enterprises need MPLS?  [ipSpace]
  • Creating a PCE prototype.  [Russ White]  [PacketPushers]
  • Label Switched Multicast (LSM) -- an introduction.  [Packet Mischief]
  • CCDE -- MPLS-TE auto tunnels.  [Lost In Transit]
  • The Importance of BGP NEXT_HOP in L3VPNs.  [Packet Mischief]
  • LDP label allocation revisited.  [ipSpace]
  • MPLS "no label" vs "pop label".  [Packet Mischief]
  • Walking with packets: traceroute through MPLS cloud.  [Packet Mischief]
  • EVPN -- the essential parts.  [Aldrin Isaac, presentation]
  • Combining MPLS/VPN, MPLS-TE, and QoS on MPLS talks.  [ipSpace, video]
  • Unique RD per PE in MPLS VPN for load sharing and faster convergence.  [LostInTransit]
  • How does MPLS-TE interact with QoS?  [ipSpacevideo]
  • MPLS tech talks: MPLS TE 101.  [ipSpace]
  • FECs, LDP and BGP in an MPLS world.  [ipSpace]
  • Handling the bottom of MPLS stack.  [ipSpace]
  • MPLS-TE basics.  [ipSpace]
  • The essence of MPLS.  [ipSpace]
  • A quick look at MPLS-TE.  [LostInTransit]
  • Load sharing in MPLS core.  [ipSpace]
    • MPLS load sharing - data plane considerations.  [ipSpace]
  • Replacing an MPLS WAN with an Internet VPN overlay.  [PacketLife]
    • Could you replace MPLS/VPN with IPSec-over-Internet?  [ipSpace]
  • eBGP vpnv4 MPLS VPN over multiple BGP autonomous systems - getting correct next hop?  [Reddit]
  • Cisco: Is it possible to see an EFP path within an EVC?  [StackExchange]
  • EoMPLS, MSTP, and RPVST.  [StackExchange]
  • BGP MPLS vpn design question.  [Reddit]
  • Deploying a datacenter MPLS/VPN on JUNOS.  [PacketLife]
  • Inter-VRF routing IOS XR.  [Reddit]
  • Network design question on MPLS and Layer 2 domains.  [Reddit]
  • MPLS requires custom silicon -- really?  [ipSpace]
  • MPLS can reroute, but can it route?  [StackExchange]
  • Using VPLS as an underlay to DIY an MPLS core - why not?  [Reddit]
  • Dual stack OSPF redistribution in MP-BGP.  [StackExchange]
  • Simple guide to MPLS/L3VPN with Junos.  [Reddit]  [JuniperLabs]  [JuniperLabs]
  • MPLS lab examples for Juniper routers.  [Reddit]
  • Interfacing overlay virtual networks with MPLS/VPN WAN.  [ipSpace]
  • How are the LERs determined in an MPLS LSP using LDP?  [StackExchange]
  • Overlay networking & VXLAN means MPLS in the data center is dead.  [EtherealMind]
  • There is an MPLS for every occasion.  [EtherealMind]
  • Internet traffic gets MPLS labels when you deploy MPLS/VPN.  [ipSpace]
  • Junos vs IOS: MPLS and LDP.  [ipSpace]
  • Label to route mapping, label generation scalability.  [StackExchange]
  • Can two peering LSR generate same label to same or different prefix and distribute among them?  [StackExchange]
  • What is a FEC in MPLS domain?  [StackExchange]
  • Is it possible to run an IPv6-only MPLS core?  [StackExchange]
  • Eliminating VLANs and fragility in underlay with network.  [NetworkStatic]
  • Using a GRE tunnel VRF to separate the physical interface.  [PacketU]
  • VRF export maps.  [PacketLife]
  • VPLS multihoming on Junos -- FEC confusion.  [StackExchange]
  • LDP in MPLS.  [StackExchange]
  • MPLS/VPN carrier's carrier -- myth or reality?  [ipSpace]
  • Introduction to VRF Lite.  [PacketLife]
    • Inter-VRF routing with VRF Lite.  [PacketLife]
    • Route distinguishers and route targets.  [PacketLife]
  • Load balancing across multiple MPLS/VPN providers.  [ipSpace]
  • Could you run an MPLS-TE-only MPLS/VPN network without LDP?  [ipSpace]
  • Edge protocol independence: another benefit of edge-and-core layering.  [ipSpace]
  • Extending MPLS/VPN to customer sites.  [ipSpace]
  • Secondary MPLS-TE tunnels and FRR.  [ipSpace]
  • Is it safe to run Internet in a VRF?  [ipSpace]
    • Internet-in-a-VRF and LFIB explosion.  [ipSpace]
  • BGP route reflection in MPLS/VPN PE-routers.  [ipSpace]
  • LDP-IGP synchronisation in MPLS networks.  [IOS Hints]
  • MPLS is not tunneling.  [IOS Hints]
  • PHP demystified.  [IOS Hints]
  • Asymmetric MPLS MTU problem.  [IOS Hints]
  • The MPLS MTU challenges.  [IOS Hints]
  • Random MPLS/VPN Q&A.  [IOS Hints]
  • Building CsC-enabled MPLS backbone.  [IOS Hints]
  • MPLS/VPN transport options.  [IOS Hints]
  • MPLS VPN with common services.  [PacketLife]
  • MPLS/VPN common services design.  [IOS Hints]
    • Scalability of common services MPLS/VPN topology.  [IOS Hints]
  • Creating an MPLS VPN.  [PacketLife]
  • MPLS/VPN-over-GRE-over-IPsec: does it really work?  [IOS Hints]
  • Load sharing in MPLS/VPN networks with route reflectors.  [IOS Hints]
  • Building MPLS/VPN services across an enterprise WAN.  [IOS Hints]
  • Campfire: the true story of MPLS.  [IOS Hints]
  • MPLS VPNs in enterprise networks.  [IOS Hints]
  • Scaling VPLS.  [CCIE Blog]
  • VPLS is a technology, not just a service provider offering.  [IOS Hints]
  • Solving the MPLS/VPN QoS challenge.  [IOS Hints]
  • What is MPLS-TP and is it relevant?  [IOS Hints]
  • QoS over MPLS/VPN networks.  [IOS Hints]
  • MPLS tunnels explained.  [CCIE Blog]
  • Scaling MPLS network.  [CCIE Blog]
  • Troubleshooting tips for MPLS.  [CCIE Blog]
  • MPLS and EIGRP: going the (admin) distance.  [CCIE Blog]
  • What's the difference between MPLS and IP?  [Search Telecom]  [IOS Hints]
  • MPLS components.  [CCIE Blog - part 1]  [CCIE Blog - part 2]
  • Is LDP required for VPNv4 labels?  [MPLS VPN]
  • How does LDP initialise?  [MPLS VPN]
  • What are downstream and upstream routers in MPLS?  [MPLS VPN]
  • MPLS and QoS DiffServ.  [CCIE Blog]
  • Types of pseudowire.  [MPLS VPN]
  • The advantages of MPLS.  [MPLS VPN]
  • MPLS TE autoroute basics.  [IOS Hints]  [NIL Wiki]
  • Inter-VRF routing with VRF Lite.  [PacketLife]
  • Do you use MPLS to transport Internet traffic?  [IOS Hints]
  • Using MPLS and M-LDP signaling for multicast VPNs.  [CCIE Blog]
  • MPLS control plane and forwarding plane interaction.  [CCIE Blog]
  • The MPLS forwarding plane - LDP.  [CCIE Blog]
  • The MPLS forwarding plane.  [CCIE Blog]
  • Why do we need MPLS?  [CCIE Blog]
  • Understanding modern VPN service offerings.  [IOS Hints]  [NIL Wiki]
  • The long road to M-LSPs.  [CCIE Blog]
  • Intro to VRF Lite.  [PacketLife]  [CCIE Journey]