MPLS
What It Is
Multiprotocol Label Switching forwards packets using labels instead of only destination IP lookups. MPLS is still common in service provider cores, enterprise WANs, L3VPNs, pseudowires, traffic engineering, and segment routing designs. The modern view is broader than classic LDP: understand the MPLS data plane, then identify which control plane is installing labels.
Classic MPLS often uses IGP plus LDP. Modern transport may use SR-MPLS with IS-IS or OSPF extensions and no LDP.
Label Stack
| Field | Size | Purpose |
|---|---|---|
| Label | 20 bits | Forwarding value |
| TC | 3 bits | Traffic class for QoS |
| S | 1 bit | Bottom of stack marker |
| TTL | 8 bits | Loop prevention and traceroute behavior |
Modern note: MPLS can carry multiple labels. A packet may have a transport label, a VPN label, and service labels depending on the design.
Core Terms
| Term | Meaning |
|---|---|
| LSR | Label switch router |
| PE | Provider edge router, connects customer or service edge |
| P | Provider core router, usually label switches only |
| CE | Customer edge router |
| LSP | Label-switched path |
| FEC | Forwarding equivalence class |
| LIB | Label information base |
| LFIB | Label forwarding information base |
| PHP | Penultimate hop popping |
| Explicit null | Label used to preserve QoS or force final label lookup behavior |
Planes
| Plane | Role | Examples |
|---|---|---|
| Control plane | Learns routes and exchanges labels | IGP, LDP, RSVP-TE, BGP, IS-IS SR, OSPF SR |
| Data plane | Forwards labeled packets | Swap, push, pop |
| Service plane | Adds VPN or service meaning | L3VPN, EVPN, VPWS, VPLS |
Watch out: MPLS forwarding can be healthy while the VPN service is broken, and the VPN can be healthy while the transport LSP is broken. Troubleshoot by layer.
Label Distribution Options
| Method | What It Does | Modern Notes |
|---|---|---|
| LDP | Distributes labels for IGP-chosen paths | Still common in brownfield MPLS |
| RSVP-TE | Signals traffic-engineered LSPs | Less common in new designs |
| BGP labeled unicast | Carries labels with BGP routes | Used in inter-AS and some transport designs |
| Segment routing MPLS | Encodes instructions as MPLS labels | Reduces LDP/RSVP state, uses IGP extensions |
Design note: SR-MPLS is still MPLS in the data plane. The difference is how labels are assigned and how paths are expressed.
Classic LDP Design
| Requirement | Why It Matters |
|---|---|
| IGP reachability | LDP follows routed next hops |
| Stable loopbacks | LDP router IDs and BGP next hops need reachability |
| MPLS on core links | Labels must exist hop by hop |
| MTU headroom | Label stacks add overhead |
| LDP-IGP sync | Avoid blackholing during convergence |
| Route consistency | LFIB depends on FIB and labels |
Watch out: If the IGP chooses a path where MPLS is not enabled on every hop, labeled traffic can fail even though IP ping works.
Cisco IOS/IOS-XE Examples
Classic LDP core:
ip cef
!
mpls label protocol ldp
mpls ldp router-id Loopback0 force
!
interface Loopback0
ip address 10.255.0.1 255.255.255.255
!
interface GigabitEthernet0/0
description MPLS core link to P2
ip address 10.0.12.1 255.255.255.252
mpls ip
mpls mtu 1512OSPF LDP autoconfig pattern:
router ospf 100
mpls ldp autoconfig area 0Segment routing MPLS pattern:
segment-routing mpls
global-block 16000 23999
!
router isis CORE
address-family ipv4 unicast
segment-routing mplsNotes:
- MPLS, LDP, SR-MPLS, and VPN feature support varies heavily by platform license and ASIC.
- Do not enable MPLS toward access or untrusted networks.
- Raise MTU only where the underlay supports it end to end.
Troubleshooting
| Symptom | Check | Likely Cause |
|---|---|---|
| No LDP neighbor | MPLS enabled, LDP discovery, TCP/646, IGP | LDP not forming |
| Label missing | LIB, LFIB, route to FEC | No binding or no route |
| IP works, VPN fails | MP-BGP VPNv4/VPNv6, VRF routes, labels | Service label issue |
| Labeled ping fails | MPLS MTU, label path, LFIB | Transport LSP issue |
| Traceroute oddity | PHP, explicit null, TTL propagation | Normal MPLS behavior or policy |
| Blackhole after failure | LDP-IGP sync, convergence, stale labels | IGP and LDP out of sync |
| QoS lost | TC mapping, explicit null, provider policy | QoS not preserved across label stack |
Commands
show mpls interfaces
show mpls ldp neighbor
show mpls ldp bindings
show mpls forwarding-table
show ip cef <prefix> detail
show mpls ldp discovery
show bgp vpnv4 unicast all labels
show segment-routing mpls connected-prefix-sid-map
traceroute mpls ipv4 <prefix> <mask>Expected clues:
- Core-facing interfaces show MPLS enabled.
- LDP neighbors match the intended core topology.
- LFIB has labels for loopbacks and transport prefixes.
- VPN routes have service labels where L3VPN is used.
- MTU supports the expected label stack.
Watch Out
- Do not confuse IP reachability with labeled reachability.
- Do not ignore MTU. MPLS labels add 4 bytes each.
- Do not enable MPLS on customer-facing interfaces unless the service requires it.
- Do not migrate from LDP to segment routing without planning interworking.
- Do not troubleshoot L3VPN before proving the transport LSP is healthy.