"The idea behind MPLS is straightforward: attach a short fixed-length label to each packet at the entry point of the MPLS domain, and use that label -- rather than the destination IP address -- to forward the packet through the network." -- Kurose & Ross, Computer Networking: A Top-Down Approach, 9th ed., §5.4
Lecture (100 min)
1.1 The WAN Scaling Problem and Why IP Routing Alone Does Not Solve It
NET-201 left you with a working multi-router OSPF/BGP topology. At the enterprise scale of NET-201 -- a few dozen routers, relatively static traffic patterns, paths that can be computed by shortest-path IGP -- that is sufficient. Carrier networks operate at a different scale: hundreds of thousands of routes, traffic-engineered paths that must satisfy latency SLAs, link-utilization constraints, and fast-reroute requirements that converging IGP timers cannot meet.
Two historical answers to this scaling problem:
ATM (Asynchronous Transfer Mode): established virtual circuits at Layer 2; fixed 53-byte cells; connection-oriented. ATM solved traffic-engineering and QoS at the cost of massive operational complexity and poor interoperability with the IP universe.
Frame Relay: variable-length frames; committed information rates per virtual circuit; simpler than ATM but still circuit-oriented. Dominant in WAN access through the 1990s.
MPLS, introduced in the late 1990s (RFC 3031, 2001) and standardized through the 2000s, provided a third answer: label-switched forwarding in the IP universe, keeping IP's operational simplicity while gaining ATM's traffic-engineering and fast-reroute capabilities.
1.2 MPLS: Label Switching Mechanics
The MPLS label: a 32-bit value inserted between Layer 2 and Layer 3 headers. Four fields:
| Field | Bits | Meaning |
|---|---|---|
| Label value | 20 | Forwarding equivalence class (FEC) identifier |
| TC (Traffic Class) | 3 | QoS marking (replaced EXP bits) |
| S (Bottom of Stack) | 1 | 1 = this is the last label in the stack |
| TTL | 8 | Hop-limit; decremented at each MPLS hop |
MPLS roles:
- LER (Label Edge Router): ingress -- classifies incoming packets into FECs and pushes a label; egress -- pops the label and forwards the original IP packet
- LSR (Label Switching Router): core -- swaps incoming label with outgoing label; does not look at IP header
- LSP (Label Switched Path): the unidirectional path a labeled packet takes through the MPLS domain
LDP (Label Distribution Protocol): the original signaling protocol. Each LSR distributes label bindings to neighbors: "I will use label 103 for destination prefix 10.0.1.0/24." Neighbors chain the bindings to construct the LSP hop by hop.
RSVP-TE (Resource Reservation Protocol -- Traffic Engineering): a more complex signaling protocol that allocates bandwidth reservations along explicitly specified paths. RSVP-TE is the basis for classical traffic-engineered MPLS, where the operator specifies which physical path each LSP must take through the network.
1.3 Traffic Engineering and Fast-Reroute
The core value of MPLS-TE is the ability to route packets along paths that are not the IGP shortest path. A backbone operator with two parallel paths between two cities can load-balance traffic across both paths explicitly, even if the IGP would route all traffic via one. This requires:
Explicit routing: the head-end LER computes the full LSP path and signals it via RSVP-TE. Intermediate LSRs do not make independent forwarding decisions; they execute the signaled path.
Traffic-engineering database: a link-state database that contains not just topology but also link bandwidth and reservation state. OSPF-TE and IS-IS-TE are extensions to OSPF and IS-IS that flood this additional information.
Fast Reroute (FRR): when a link or node fails, RSVP-TE can signal a pre-computed backup LSP within 50ms -- faster than IGP reconvergence. Two FRR models:
| Model | What it protects | Backup type |
|---|---|---|
| Link protection | The failing link only | Bypass tunnel around the link |
| Node protection | A failing router | Bypass tunnel around both the link and the next-hop node |
1.4 Segment Routing (SR-MPLS)
Classical MPLS-TE's weakness is operational complexity: every LSP requires RSVP-TE state in every transit LSR, and a large backbone accumulates tens of thousands of LSP states. Segment Routing (RFC 8402, 2018) solves this by eliminating per-LSP state at transit nodes.
The core insight: in SR, the entire forwarding path is encoded in the packet header as a stack of segments. Each segment is an instruction: "forward to this node" or "exit via this adjacency." The head-end router computes the path and encodes it; transit nodes simply execute the topmost segment instruction.
Two SR data planes:
SR-MPLS: segments are MPLS labels. The label stack encodes the path; each LSR pops or swaps labels as it executes segments.
SRv6 (Segment Routing over IPv6): segments are 128-bit IPv6 addresses. The Segment Routing Header (SRH) is an IPv6 extension header; each segment is a node or service-identifier address. The entire forwarding state is in the IPv6 address space.
SR concepts:
| Concept | Meaning |
|---|---|
| Node Segment (Prefix-SID) | A globally unique segment identifying a node; encodes the shortest-path to that node per the IGP |
| Adjacency Segment (Adj-SID) | A locally unique segment representing a specific outgoing link; encodes "exit via this interface" |
| SRGB (SR Global Block) | The label range reserved for Prefix-SIDs; typically 16000-23999 |
| SR Policy | A set of candidate paths for a traffic-steering intent; instantiated at head-end |
SR-MPLS forwarding example:
A packet from router A to router E, taking a non-shortest path (A→B→D→E instead of A→C→E), uses the label stack [Adj-SID(A→B), Adj-SID(B→D), Prefix-SID(E)]. Router A pushes all three labels. Router B pops Adj-SID(A→B), finds Adj-SID(B→D) on top, and forwards via the B→D link. Router D pops Adj-SID(B→D), finds Prefix-SID(E), and forward via the shortest IGP path to E.
No RSVP-TE state anywhere in the network. No LSP setup or teardown. The path is encoded in the packet header.
1.5 SRv6: Segment Routing over IPv6
SRv6 extends SR into IPv6 native transport. Instead of MPLS labels, segments are IPv6 addresses with specific structure:
128-bit SRv6 SID format:
| LOC:BLOCK (e.g., /48) | NODE-ID (/16) | FUNCTION (/16) | ARG (/48) |
SRv6 behaviors: each SID's function field identifies what action to take when it is the active segment:
| Behavior | Code | Action |
|---|---|---|
| End | 0x0001 | Forward to next SID (basic routing) |
| End.X | 0x0005 | Forward to specific interface (adjacency) |
| End.T | 0x0002 | Forward via specific routing table |
| End.DX4 | 0x000B | Decapsulate + forward to IPv4 next-hop |
| End.DT6 | 0x0012 | Decapsulate + forward to IPv6 table |
The carrier case for SRv6: a native IPv6 infrastructure eliminates the separate MPLS data plane. Service functions (VPN endpoint, firewall insertion, DPI) become SR behaviors expressed as SRv6 SIDs. The entire service chain is encoded in the packet's Segment Routing Header.
1.6 Architecture Comparison: MPLS-LDP vs MPLS-TE vs SR-MPLS vs SRv6
| Feature | MPLS-LDP | MPLS-TE (RSVP) | SR-MPLS | SRv6 |
|---|---|---|---|---|
| Signaling protocol | LDP | RSVP-TE | None (IGP extensions) | None (IGP extensions) |
| Per-LSP state at transit | Yes | Yes | No | No |
| Traffic engineering | No | Yes | Yes (via SR Policy) | Yes (via SR Policy) |
| Fast reroute | 50ms with FRR | 50ms with FRR | 50ms with TI-LFA | 50ms with TI-LFA |
| Control plane simplicity | Low | High | High | High |
| Interop with IPv4 | Native | Native | Native | Encapsulation required |
| Dominant use case | Legacy BGP-free core | Pre-SR carrier TE | Modern carrier | Telco cloud / 5G transport |
Kurose-Ross Weave
Kurose-Ross 9e §5.4 introduces MPLS in the context of generalized forwarding: the shift from "look at destination IP" to "look at an arbitrary field (the label) to determine forwarding action." The 9e frames this as a precursor to SDN's match-action model. NET-301 takes this framing further: SR extends the generalized-forwarding idea by removing the distinction between data-plane forwarding state and control-plane path decisions. The forwarding state is the path, encoded in the packet. This is the architecture the major carriers (Comcast, AT&T, China Telecom) have migrated to in the 2020s.
Lab 1 Introduction
Lab 1 sets up a minimal MPLS-SR topology in Containerlab using FRRouting 9.x. You will configure an IS-IS domain with SR extensions enabled (Prefix-SIDs assigned to each router), verify LSP connectivity using traceroute with MPLS label observation, and deliberately route traffic off the shortest path using an SR Policy. This produces a working SR-MPLS fabric that Ch 2 (VXLAN-EVPN) can use as the WAN underlay in subsequent weeks.
Independent Practice (5 hr)
- Kurose-Ross 9e §5.4 (MPLS) -- full section
- RFC 8402 (Segment Routing Architecture) -- read §1-§5 (architecture sections; skip implementation appendices)
- White & Banks Computer Networking Problems and Solutions -- Ch 3 (MPLS and traffic engineering)
- Lab 1 -- Part A (Containerlab topology setup + IS-IS SR baseline)
- Supplemental: watch the Cisco Live SR-MPLS introductory session from CL2023 (YouTube; ~45 min)