MPLS

MPLS operates between Layer 2 (data link) and Layer 3 (IP) — sometimes called Layer 2.5. When a packet enters an MPLS network, the ingress Label Edge Router (LER) examines the IP header, assigns a short label (a 20-bit integer), and pushes it onto the packet. Intermediate Label Switch Routers (LSRs) forward the packet based solely on the label — a simple table lookup that is faster than IP routing table lookups. At the egress LER, the label is popped and the original IP packet is delivered. The predetermined path from ingress to egress is called a Label Switched Path (LSP).

The MPLS label header

An MPLS label is a 32-bit (4-byte) shim inserted between the Layer 2 header and the IP header. The four fields are:

• Label (20 bits): the forwarding identifier used for the table lookup at each LSR. Values 0–15 are reserved; usable labels start at 16.
• TC — Traffic Class (3 bits): formerly called EXP bits, used for QoS marking and ECN (Explicit Congestion Notification).
• S — Bottom of Stack (1 bit): set to 1 on the innermost label in a label stack, signalling to the router that the next header is IP.
• TTL (8 bits): a hop count decremented at each LSR, preventing label loops analogously to IP TTL.

Multiple labels can be stacked on a single packet (the label stack), which is how MPLS VPNs work — an outer label routes the packet across the provider network while an inner VPN label identifies the customer VRF at the egress PE router.

LER vs LSR roles

Two router types perform distinct roles in an MPLS network. A Label Edge Router (LER) — also called a Provider Edge (PE) router — sits at the boundary between the MPLS network and customer or external networks. The ingress LER classifies IP packets, assigns labels, and pushes them onto the stack. The egress LER pops labels and delivers the original IP packet to the destination. A Label Switch Router (LSR) — the Provider (P) router — sits inside the MPLS core and performs only label swap operations, never examining the IP header. This is what makes MPLS forwarding fast: core routers do a single integer lookup per packet rather than a longest-prefix IP match.

MPLS vs traditional IP routing

MPLS VPNs: L3VPN and L2VPN

MPLS enables two classes of VPN service used by enterprises and carriers:

• L3VPN (RFC 4364, BGP/MPLS IP VPN): The PE routers participate in the customer's IP routing using Virtual Routing and Forwarding (VRF) tables. Customer sites exchange IP routes via the provider network with full traffic isolation — different customers can use overlapping address space without conflict. This is the dominant enterprise WAN VPN model.
• L2VPN (VPLS / EVPN): Extends a Layer 2 Ethernet segment across the MPLS network, making geographically separated sites appear to be on the same LAN. Used for data centre interconnect and legacy applications that require Layer 2 adjacency.

Traffic engineering with RSVP-TE

Standard IP routing picks the shortest path regardless of congestion. MPLS traffic engineering (MPLS-TE) with RSVP-TE (Resource Reservation Protocol — Traffic Engineering) allows operators to explicitly route LSPs along paths that avoid congested links and to reserve bandwidth along the path. A router signals its required bandwidth via RSVP; intermediate routers admit or reject the request based on available capacity. This gives ISPs predictable paths and bandwidth guarantees that best-effort IP routing cannot provide — critical for voice, video, and SLA-backed enterprise services.

MPLS vs SD-WAN

The enterprise WAN landscape has shifted significantly since 2015. SD-WAN (Software-Defined WAN) uses commodity internet broadband, LTE, or multiple links simultaneously, with a software overlay that performs policy-based steering, path quality monitoring, and automatic failover. For most enterprise branch connectivity, SD-WAN over broadband delivers comparable application performance at 30–70% lower cost than dedicated MPLS circuits.

MPLS retains advantages where SD-WAN over public internet cannot match its guarantees: applications with strict sub-10 ms latency requirements, regulated industries requiring private transport with no public internet traversal, and carrier backbone engineering where the ISP itself needs guaranteed internal paths. Most enterprises today run hybrid architectures — MPLS for critical real-time traffic and SD-WAN/internet for everything else.

Is MPLS still relevant in 2025?

MPLS is very much alive at the carrier level. Every major ISP backbone uses MPLS for internal traffic engineering, regardless of what services they sell to customers. At the enterprise edge, MPLS WAN circuits continue to decline in new deployments as SD-WAN matures and internet reliability improves. However, the installed base remains large — many enterprises have MPLS circuits with multi-year contracts. For new greenfield deployments in 2025, SD-WAN over internet is typically the first choice unless the specific application or regulatory requirement demands private MPLS transport.

Frequently Asked Questions

What is MPLS used for?

Traffic engineering (directing traffic along specific paths to balance load and reserve bandwidth), Layer 3 VPNs (connecting enterprise branches over shared carrier infrastructure with full traffic isolation), L2VPN for data centre interconnect, and QoS for latency-sensitive applications like VoIP and video conferencing.

Is MPLS being replaced by SD-WAN?

At the enterprise edge, yes — SD-WAN over broadband is replacing MPLS circuits for most new deployments due to lower cost and comparable performance. Carriers still use MPLS internally for backbone traffic engineering. The two often coexist in hybrid WAN architectures.

Does MPLS improve internet speed?

MPLS does not increase raw bandwidth — it improves routing efficiency, predictability, and path control. By directing traffic along predetermined paths that avoid congestion and providing bandwidth reservations, MPLS reduces latency and jitter compared to best-effort IP routing.