It's easy to set up a Virtual Private Network (VPN) for individuals. Trying to set up private networks over the public Internet for branch offices
-- that’s harder. To make VPNs work across multiple offices, you need to scale at an entirely different level to handle the traffic. That's where Multiprotocol Label Switching (MPLS) comes in.
The techie details, first. As Cisco describes it:
“MPLS can be integrated seamlessly over almost any existing infrastructure, such as IP, frame relay, ATM, or Ethernet. Subscribers with differing access links can be aggregated on an MPLS edge without changing their current environments, as MPLS is independent of access technologies.”
In an MPLS network, each packet has a MPLS header with one or more labels. Each label has four fields:
- A 20-bit label value
- A 3-bit Traffic Class field for Quality of Service (QoS) priority and Explicit Congestion Notification (ECN)
- A 1-bit bottom of stack flag. If this is set, it signifies that the current label is the last in the stack.
- An 8-bit Time-to-Live (TTL) field.
These labels are assigned by label edge routers (LER). These then use Label Switched Path (LSP) to set up bi-directional data paths between offices. In turn, you can use these paths to create VPNs and Virtual Local Area Networks (VLANs) over ordinary Internet connections.
There's a strategic difference between this approach and that of ordinary VPNs. In a typical VPN, one user connects to the office. In a MPLS VPN, all the traffic between offices is encapsulated and secured.
Thus, with a MPLS VPN, you can set all your offices to interconnect transparently over the Internet. To your users, the MPLS VPN looks and acts like one large LAN.
To make this work, of course, you need a lot of costly bi-directional bandwidth. This makes MPLS more of a play for medium to large businesses. If yours is a small business, it's unlikely you're a candidate for MPLS services.
Here's how it works in MPLS VPN language. Your network is a customer controlled part (C-network) and you're connected to a provider controlled network (P network), such as the Internet. The contiguous local part of a C-network are called sites and are linked with the P network through Customer Edge (CE) routers.
The CE routers connect to the Provider Edge (PE) routers. These are the edge device of the P network. The core devices or the P-routers in the P network provide the transit transport across the service provider backbone or Internet. In MPLS VPN, PE routers participate in customer routing, providing optimum routing between sites and site provisioning. Since the PE routers contains separate set of routes for each customer, if you use a service provider for your MPLS services your traffic is still kept privately, separate from that of other MPLS customers.
Although I've mentioned Cisco a lot, MPLS VPN is not a Cisco technology. While it's true that Cisco first explored the technology in the late 90s, under the name Tag switching, MPLS quickly became an open technology. Today there's an Internet Engineering Task Force (IETF) group devoted to nothing but keeping MPLS and additions to it as open standards.
So, for example, you can get MPLS VPN capable hardware and software from companies such as HP, Juniper Networks (PDF), and Brocade. Your network engineers should be able to mix and match MPLS technologies from different vendors as needed. As always, to prevent troubleshooting headaches, it's better if you can find one vendor whose equipment you can trust.
You don’t have to go to the trouble of building your own MPLS network from scratch. Many business-class ISPs are happy to supply your company with MPLS services. Several of the most noteworthy of these include MegaPath, Verizon, and Level 3.
MPLS services also gives you several advantages, starting with quality of service (QoS) guarantees. That means you have the traditional “one throat to choke” if something goes wrong. If your business needs real-time networking level services for Voice-over-Internet Protocol (VoIP) and video-conferencing, getting a guarantee of top-level QoS from your vendor can be quite important.
So why would you want your company to invest in MPLS? I think it's simple. Besides security for your remote offices, you also get flexibility. MPLS is both an open standard and runs on top of any transport. Plus, with so many different vendors and service providers supporting it, you should be able to get a good price for MPLS regardless of whether you run it yourself or use a third party. Secure, flexible, open, and relatively inexpensive to boot – what's not to like?