MPLS (Multiprotocol Label Switching, full form: Multiprotocol Label Switching) is the protocol that runs the inside of every major service provider's network and a substantial fraction of large enterprise WANs. It uses fixed-length labels instead of IP lookup to forward packets, decouples the forwarding plane from the routing plane, and serves as the substrate for VPNs (L3VPN, L2VPN), traffic engineering (RSVP-TE), and now segment routing. It is also the protocol that SD-WAN was supposed to replace, except most production networks still run both.
This is the cluster overview for the full PingLabz MPLS series: labels and the label stack, LDP for label distribution, MPLS L3VPN with MP-BGP and VPNv4, traffic engineering, and the segment routing successor story. We will work through what MPLS actually does, how labels move packets through the network, the L3VPN model that made MPLS a service-provider standard, and the modern segment-routing direction. If you are studying for CCIE Service Provider, designing an MPLS deployment, or trying to understand what your carrier is selling you, start here.
What MPLS Solves
Two problems drove MPLS in the late 1990s:
- IP forwarding was slow. Routers had to perform a longest-prefix-match lookup against the full routing table for every packet. CPUs of the era struggled at gigabit speeds. MPLS replaced this with a fixed-length label lookup, which is dramatically faster.
- Traffic engineering was impossible with pure IP. IP routing picks the shortest path; you cannot easily say "send this customer's traffic over the western backbone, this other customer's traffic over the eastern backbone." MPLS enabled explicit path control.
The hardware-acceleration story for IP eventually caught up - modern routers do longest-prefix-match in silicon at terabit speeds - but by then MPLS had become the substrate for an even more important capability: VPNs. MPLS L3VPN lets a service provider carry many customers' overlapping IP address spaces over one shared backbone, with each customer seeing only their own routes and addresses. That capability is what made MPLS a service-provider standard.
By 2026 the original speed argument is moot, traffic engineering has spawned segment routing as a successor, and SD-WAN has eaten into MPLS's enterprise WAN role. But MPLS still runs underneath most carrier networks and most of the BGP-VPN deployments enterprises buy from carriers.
How MPLS Works (the 10,000-Foot View)
An MPLS network has three router roles:
| Role | Acronym | Job |
|---|---|---|
| Customer Edge | CE | The customer's router; runs IP, no MPLS |
| Provider Edge | PE | The MPLS network's edge; pushes/pops labels; runs IP-facing-customer and MPLS-facing-core |
| Provider Core | P | Core MPLS router; only label-switches; never sees customer IP |
A packet's journey:
- The customer's CE router sends an IP packet to the PE router.
- The PE looks up the destination, decides which Label Switched Path (LSP) to use, pushes one or more labels onto the packet, and forwards.
- Each P router along the path looks at the outermost label, swaps it for the next hop's expected label (label switching), and forwards.
- The egress PE pops the label(s) and forwards the original packet (or the inner packet of an L2VPN) to the destination CE.
This is fundamentally different from IP forwarding. The P routers do not look at IP at all - they only see the MPLS label and forward based on that. The label-switched path is determined when the LSP is set up, not per-packet. This is what enables traffic engineering, and what makes the same backbone usable for L3VPNs, L2VPNs, traffic engineering, and IP transit simultaneously.
MPLS Labels and the Label Stack
An MPLS label is a 32-bit shim header inserted between the data-link layer header (e.g. Ethernet) and the IP header. The format:
+-----------------+-----+---+-------------+
| Label | EXP | S | TTL |
| 20 bits | 3 | 1 | 8 bits |
+-----------------+-----+---+-------------+| Field | Bits | Purpose |
|---|---|---|
| Label | 20 | The label value (0-1048575); locally significant per LSR |
| EXP / Traffic Class | 3 | QoS priority; equivalent to DSCP top 3 bits |
| S (Bottom of Stack) | 1 | 1 = bottom label; 0 = more labels follow |
| TTL | 8 | Hop count, decremented at each LSR |
Multiple labels can be stacked. A typical L3VPN packet has two labels: an outer "transport" label that gets it across the MPLS core, and an inner "VPN" label that identifies which customer VPN it belongs to. The S bit on the inner label is 1; the outer label has S=0.
For the full byte-level walkthrough, see MPLS Labels Explained.
LDP: Label Distribution Protocol
Labels do not appear by magic. Some protocol must distribute them so each router knows which label to use for which destination. Three main label distribution protocols exist:
| Protocol | Use for | Status in 2026 |
|---|---|---|
| LDP (Label Distribution Protocol) | IP-driven label assignment for unicast | Dominant for IP/MPLS |
| RSVP-TE | Traffic-engineered LSPs with bandwidth reservation | Dominant for TE; declining as Segment Routing takes over |
| BGP-LU (BGP Labeled Unicast) | Inter-AS label distribution | Common in service provider Option B/C designs |
| Segment Routing | Source routing without per-LSP signaling | Rising; replaces LDP and RSVP-TE in modern deployments |
LDP is the workhorse. Every PE and P router runs LDP, builds a session with each neighbor, and exchanges label mappings: "for prefix X, I will use label Y." The forwarding state derives from the IP routing table - LDP simply assigns labels for each prefix in the IGP and shares those mappings.
For LDP fundamentals, configuration, and verification, see LDP and MPLS Label Distribution.
MPLS L3VPN: The Service That Made MPLS Successful
The L3VPN (Layer 3 VPN) model is what every enterprise customer of "MPLS service" actually buys. The carrier runs an MPLS backbone and offers each customer a private routing instance (VRF) with private label space. Customer routes never mix; customer A and customer B can both use 10.0.0.0/24 without conflict.
The mechanism (RFC 4364):
- Each customer gets a VRF on the PE.
- The customer's IPv4 routes are converted to VPNv4 routes by prepending an 8-byte Route Distinguisher (RD) - the same prefix gets a globally unique 12-byte VPNv4 representation.
- VPNv4 routes are exchanged between PEs via MP-BGP. Route Targets (RTs) attached as extended communities determine which VRFs import which routes.
- Each VPN route gets a per-VPN label. Two-label stack on the wire: outer transport label (LDP) plus inner VPN label.
- The egress PE pops both labels and forwards the original IPv4 packet into the customer's VRF.
This is where the BGP cluster connects directly. MP-BGP carries VPNv4 routes via address-family vpnv4 unicast. Route distinguishers and route targets are MPLS-VPN concepts that live in BGP. See the MP-BGP article for the BGP side and MPLS L3VPN with MP-BGP for the MPLS side.
L2VPN: Carrying Layer 2 Over MPLS
L3VPN carries IP routes. L2VPN carries Layer 2 frames over the same MPLS backbone. Two main flavors:
| Service | Topology | Use for |
|---|---|---|
| VPWS (Virtual Private Wire Service / EoMPLS) | Point-to-point | Replacing leased lines; "pseudowire" for one customer link |
| VPLS (Virtual Private LAN Service) | Multipoint (one big virtual LAN) | Multi-site Layer 2 connectivity for one customer |
| EVPN over MPLS | Multipoint with control-plane MAC learning | Modern replacement for VPLS |
EVPN is rapidly displacing VPLS for new deployments because of its control-plane MAC learning and active-active multihoming features. See the BGP cluster's MP-BGP article for EVPN context.
Traffic Engineering and Segment Routing
RSVP-TE was the original MPLS traffic engineering protocol. Operators would specify constraints (bandwidth, link metrics, explicit paths) and RSVP-TE would signal LSPs through the network meeting those constraints. It worked but the per-LSP state was operationally heavy.
Segment Routing (SR) is the modern direction. Instead of signaling LSPs, the source encodes the path as a list of segments (labels) in the packet itself. The MPLS data plane is unchanged - SR uses the same label format - but the control plane is dramatically simpler. No per-LSP state in the network; only segment-to-prefix mappings advertised by the IGP.
| Approach | Control plane | State per LSP | Complexity |
|---|---|---|---|
| RSVP-TE | Per-LSP signaling | State on every router along path | High operational overhead |
| Segment Routing (SR-MPLS) | IGP-distributed segments | None per-LSP; only prefix-to-segment mappings | Much simpler |
| SRv6 | IPv6-based segments (no MPLS) | None | Simplest; replaces MPLS data plane entirely |
Modern service-provider deployments are migrating from LDP+RSVP-TE to SR-MPLS, with SRv6 being the longer-term direction for greenfield IPv6-only networks.
MPLS vs SD-WAN
The most common framing question for enterprise customers is whether to renew MPLS or migrate to SD-WAN. The honest answer in 2026 is hybrid - run SD-WAN over multiple transports including MPLS for hard-QoS-required flows. See the dedicated SD-WAN vs MPLS article for the cost analysis and migration patterns. The PingLabz position: SD-WAN is the routing layer, MPLS is one of the transports.
MPLS Deep Dives in This Cluster
- MPLS Labels Explained: Format, Stacking, and Penultimate Hop Popping
- LDP and MPLS Label Distribution
- MPLS L3VPN with MP-BGP and VPNv4
- Cisco MPLS Configuration on IOS XE
- SD-WAN vs MPLS: When Each Wins in 2026
Frequently Asked Questions
What does MPLS stand for?
MPLS stands for Multiprotocol Label Switching. The "multiprotocol" part means it can carry IPv4, IPv6, Ethernet frames, ATM cells, or any other Layer 3 protocol. The "label switching" part means it forwards based on labels rather than IP destination addresses.
What OSI layer is MPLS?
Layer 2.5. It sits between Layer 2 (the data link, e.g. Ethernet) and Layer 3 (IP). The MPLS shim header inserts between the Ethernet header and the IP header. This is sometimes called the "shim layer."
What is the advantage of MPLS over plain IP?
Three big ones: faster forwarding via fixed-length label lookup (mattered more in the 1990s than today), traffic engineering via explicit paths, and VPN services (L3VPN, L2VPN) over a shared backbone. The forwarding speed advantage is largely gone; the VPN and TE capabilities are why MPLS is still dominant in service-provider networks.
What is the difference between MPLS and MPLS L3VPN?
MPLS is the underlying label-switching protocol. MPLS L3VPN is a service built on top of MPLS that uses MP-BGP to distribute customer routes (in VPNv4 format) across the MPLS backbone, allowing many customers' overlapping IP address spaces to coexist on one provider network. When enterprises buy "MPLS" from a carrier, they almost always buy MPLS L3VPN.
Is SD-WAN replacing MPLS?
Partially. SD-WAN replaces MPLS as the enterprise WAN routing layer, but still uses MPLS as one of the transports for hard-QoS-required flows. Most 2026 enterprise deployments are hybrid: SD-WAN over a mix of MPLS, broadband, and LTE. Pure SD-WAN-internet-only is common at smaller branches.
What is segment routing and is it replacing MPLS?
Segment Routing is a modern source-routing approach where the source router specifies the path as a list of segments (labels). SR-MPLS uses the existing MPLS data plane with a simpler control plane. SRv6 uses IPv6 instead of MPLS. SR is replacing LDP and RSVP-TE in many service-provider networks; SRv6 may eventually replace MPLS itself, but that is a long migration.
Key Takeaways
MPLS is the protocol that runs the inside of every major service provider network and most of the BGP-VPN services enterprises buy. Labels (32 bits, stackable), LDP (label distribution), and MP-BGP (for VPN routes) together make L3VPN possible. Segment Routing is the modern direction; LDP and RSVP-TE are gradually being phased out in service-provider networks.
If you take one thing away from this guide, make it the two-label stack model for L3VPN: outer transport label gets the packet across the MPLS core, inner VPN label tells the egress PE which customer VRF to deliver to. Master that and the rest of MPLS-VPN follows. Bookmark this page, work through the cluster articles in order, and lab every concept.