Understanding MPLS Routing
High-performance and reliable network connectivity is vital to the modern enterprise. Many corporate applications are latency-sensitive, and slow connectivity and broken links can impair employee productivity and the customer experience.
Multiprotocol label switching (MPLS) networks are designed to provide organizations with more performant, reliable network connectivity than the public Internet. MPLS networks use labels to route traffic over predefined routes. These labels and routes reduce the delays caused by routers determining the next step in a packet’s journey through the network.
How Does Routing Normally Work?
Normally, network traffic is routed based on the destination IP address. Every system connected to a private network or the public Internet has an IP address that uniquely identifies it to the rest of the network.
Traffic moves through a network via a series of hops between routers. Each router in the network maintains a routing table that identifies the next system in the packet’s journey. This routing table may include specific systems for known routes and a default behavior if a route is not known. For example, an internal router in an organization may route some traffic to specific systems but will be configured to send most traffic to the gateway router.
How MPLS Routing Works
Routing based on IP addresses is inefficient, increasing network latency. MPLS is designed to use shorter labels to send packets along predefined routes. For example, if an organization has an MPLS circuit linking two locations, all packets that will be sent over that circuit will receive the appropriate label. This allows the MPLS routers to more quickly identify the packet’s intended destination and send it on its way.
Architecture of MPLS
MPLS works differently than traditional routing based on IP addresses. As a result, an MPLS network has a slightly different architecture than a traditional IP-based network. Some of the key vocabulary associated with an MPLS network includes the following:
- Forward Equivalent Class (FEC): In an MPLS network, packets with similar characteristics share an FEC. The FEC states that these packets can be routed the same way through the MPLS network.
- Label Switch Path (LSP): An LSP is a predefined, unidirectional path through an MPLS network. For example, an organization may have LSPs flowing from the headquarters network to the corporate data center or branch locations.
Packets are assigned an FEC and LSP to move them through an MPLS network. Once it reaches an MPLS network, it will move through the following systems:
- Ingress Label Edge Router (LER): The ingress LER is the router where a packet enters the MPLS network. At this ingress node, the packet is assigned an FEC and a label and is encapsulated within an LSP.
- Label Switch Router (LSR): After a packet leaves the ingress LER, it follows a series of hops between routers just like in traditional routing. The primary difference is that these LERs only look at the assigned label to determine the next step rather than using IP addresses and routing tables.
- Egress Label Edge Router (LER): The egress LER is the last router on the packet’s journey through the MPLS network. After leaving the MPLS network, the packet is routed on to its destination via traditional means.
SD-WAN and SASE are an MPLS Alternative
Companies invest in MPLS circuits because they provide greater network performance and reliability than the public Internet. However, these guarantees come at a steep cost, and MPLS bandwidth is very expensive.
Software-defined wide area networking (SD-WAN) provides an alternative to MPLS, offering similar performance and reliability guarantees by optimizing the use of available transport media. SD-WAN endpoints aggregate multiple transport media and use information about the health of network links and the sources of network traffic to optimally route traffic based on corporate policies.
SD-WAN provides numerous advantages when compared to MPLS. These include:
- Reduced Cost per Mbps: SD-WAN optimizes the use of available transport media rather than investing in expensive MPLS links. This can provide the same level of network performance and reliability with a lower total cost of ownership (TCO).
- Investment Optimization: SD-WAN bases network routing decisions on application identification and corporate policy. This helps to ensure that expensive network bandwidth — such as MPLS links — is reserved for the traffic that needs it.
- Scalability: MPLS bandwidth is limited, and deploying new MPLS circuits is time-consuming and expensive. SD-WAN can use any available transport medium, making it easy to grow to meet expanding bandwidth needs or to support new locations.
- Security: MPLS provides efficient routing but does not inspect or secure the network traffic it carries. SD-WAN, deployed as part of a Secure Access Service Edge (SASE) solution can both optimally route and secure corporate network traffic.
Cato provides the world’s most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, including ZTNA, SWG, CASB/DLP, and FWaaS into a global cloud service. With over 75 PoPs worldwide, Cato optimizes and secures application access for all users and locations, and is easily managed from a single pane of glass. Learn more about consolidating and streamlining your organization’s security architecture with Cato SASE Cloud by signing up for a free demo today.