sjvn01

VPN Intranet Over the Internet: Understanding Multiprotocol Label Switching

by sjvn01 on ‎03-10-2011 06:00 AM

It's easy to set up a Virtual Private Network (VPN) for individuals. Trying to set up private networks over the public Internet for branch offices -- that’s harder. To make VPNs work across multiple offices, you need to scale at an entirely different level to handle the traffic. That's where Multiprotocol Label Switching (MPLS) comes in.

The techie details, first. As Cisco describes it:

“MPLS can be integrated seamlessly over almost any existing infrastructure, such as IP, frame relay, ATM, or Ethernet. Subscribers with differing access links can be aggregated on an MPLS edge without changing their current environments, as MPLS is independent of access technologies.”

In an MPLS network, each packet has a MPLS header with one or more labels. Each label has four fields:

  • A 20-bit label value
  • A 3-bit Traffic Class field for Quality of Service (QoS) priority and Explicit Congestion Notification (ECN)
  • A 1-bit bottom of stack flag. If this is set, it signifies that the current label is the last in the stack.
  • An 8-bit Time-to-Live (TTL) field.

These labels are assigned by label edge routers (LER). These then use Label Switched Path (LSP) to set up bi-directional data paths between offices. In turn, you can use these paths to create VPNs and Virtual Local Area Networks (VLANs) over ordinary Internet connections.  

There's a strategic difference between this approach and that of ordinary VPNs. In a typical VPN, one user connects to the office. In a MPLS VPN, all the traffic between offices is encapsulated and secured. 

Thus, with a MPLS VPN, you can set all your offices to interconnect transparently over the Internet. To your users, the MPLS VPN looks and acts like one large LAN.

To make this work, of course, you need a lot of costly bi-directional bandwidth. This makes MPLS more of a play for medium to large businesses. If yours is a small business, it's unlikely you're a candidate for MPLS services.

Here's how it works in MPLS VPN language. Your network is a customer controlled part (C-network) and you're connected to a provider controlled network (P network),  such as the Internet. The contiguous local part of a C-network are called sites and are linked with the P network through Customer Edge (CE) routers.

The CE routers connect to the Provider Edge (PE) routers. These are the edge device of the P network. The core devices or the P-routers in the P network provide the transit transport across the service provider backbone or Internet. In MPLS VPN, PE routers participate in customer routing, providing optimum routing between sites and site provisioning. Since the PE routers contains separate set of routes for each customer, if you use a service provider for your MPLS services your traffic is still kept privately, separate from that of other MPLS customers.

Although I've mentioned Cisco a lot, MPLS VPN is not a Cisco technology. While it's true that Cisco first explored the technology in the late 90s, under the name Tag switching, MPLS quickly became an open technology. Today there's an Internet Engineering Task Force (IETF) group devoted to nothing but keeping MPLS and additions to it as open standards.

So, for example, you can get MPLS VPN capable hardware and software from companies such as HP, Juniper Networks (PDF), and Brocade. Your network engineers should be able to mix and match MPLS technologies from different vendors as needed. As always, to prevent troubleshooting headaches, it's better if you can find one vendor whose equipment you can trust.

You don’t have to go to the trouble of building your own MPLS network from scratch. Many business-class ISPs are happy to supply your company with MPLS services. Several of the most noteworthy of these include MegaPath, Verizon, and Level 3.

MPLS services also gives you several advantages, starting with quality of service (QoS) guarantees. That means you have the traditional “one throat to choke” if something goes wrong. If your business needs real-time networking level services for Voice-over-Internet Protocol (VoIP) and video-conferencing, getting a guarantee of top-level QoS from your vendor can be quite important.

So why would you want your company to invest in MPLS?  I think it's simple. Besides security for your remote offices, you also get flexibility. MPLS is both an open standard and runs on top of any transport. Plus, with so many different vendors and service providers supporting it, you should be able to get a good price for MPLS regardless of whether you run it yourself or use a third party. Secure, flexible, open, and relatively inexpensive to boot – what's not to like? 

Article Options
Comments
by tallenm(anon) on ‎04-10-2011 06:55 AM
Options

I believe this article is a little misleading.  You can not run MPLS over the Internet, because the Internet does not support LDP and will not build LSP's for your MPLS traffic.  You can purchase MPLS (L3VPN) services from the same service provider that you get your Internet from and run MPLS over that, but that is through their network and not the Internet.

by sjvn01 on ‎04-10-2011 06:59 AM
Options

Patato, Patato, Yes, you need every link to support MPLS but it still runs over the Internet.

Steven

by tallenm(anon) on ‎04-10-2011 10:57 AM
Options

But LDP is not found anywhere on the Internet.  Only eBGP.  LDP is going to run on the service providers private networks which will be a seperate connection than your Internet connection.

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 

The HP Input Output site is sponsored by HP and features articles and content from HP and third-party contributors. Third-party articles and content, while paid for by HP, do not necessarily represent the views and opinions of HP. HP does not endorse this content and is not responsible for its accuracy, availability and quality.

Follow Us
Spotlight
"It's Not My Job" - Handling the Vendor Finger-Pointing Trap Is Teamwork Dead? A Post-Agile Prognosis Improving Your Personal Brand with Social Networking 5 Types of Meetings Every Business Must Explore
┼ Based on energy, paper and toner savings from regular printer usage. Results may vary.