MPLS provides a secure and resilient private VPN for inter-site connectivity. The technology foregoes the need to purchase and manage multiple firewalls as an organization's traffic is routed within its secure virtual private network. Rather than installing a firewall at each location, all that is needed is a router.

Conceived and developed in the late 90s by the Internet Engineering Task Force, MPLS, (Multi-protocol Label Switching) is a network management protocol originally intended to integrate layer 2 information about network links (bandwidth, latency, utilization) into layer 3 (IP) elements within a particular system.

While traditional IP networks have no means of labelling, categorizing or monitoring the packets that traverse them, MPLS technology works to solve those IP shortcomings, placing labels on IP packets and providing that labelling function. And because MPLS is an overlay protocol it can operate on top of the IP protocol in the same network without interference. MPLS is not designed to replace IP. Rather, it is designed to add a set of rules to IP so that traffic can be classified, marked and policed.

MPLS-equipped networks use MPLS-aware devices known as Label Edge Routers (LERs), positioned at the network's edges. These devices are designed to inspect IP packets entering the network and add MPLS headers, as well as removing the headers from packets leaving the MPLS network. Inside the boundaries of the MPLS network, devices known as Label Switch Routers (LSRs) look for an MPLS label on each packet that passes through them, looking up and following the instructions contained in those labels, routing them based on a list of instructions.

MPLS allows administrators to define routes known as Label Switched Paths (LSPs) from one LER to another, through a series of LSRS, across the MPLS network. These LSPs are pre-assigned and pre-engineered paths that packets with a certain label should follow.

One of the most obvious advantages of MPLS is that it provides customers with a number of tools for traffic engineering. An MPLS network can offer the same sort of quality of service guarantees that data transport services like Frame Relay or ATM can, without requiring the use of any dedicated lines. Customers, for example, can define an LSP that ensures VoIP traffic will be routed through the most reliable, highest performing sections of the network while less critical traffic, such as email, is sent across the slower sections.

The reason MPLS technology is contributing to the rapid growth of the Virtual Private Networking (VPN) market is that it provides service providers and network operators with a simpler means of adding VPN technology to their portfolios, and a simpler means of provisioning VPNs to their customers. Because MPLS allows service providers to create new VPNs without having to install new hardware, it significantly reduces the cost of implementation, which in turn reduces the overall cost of VPNs. And reduced cost is possibly the largest motivator in the migration from more infrastructure-heavy private networking.

While most of the benefits of MPLS lie on the service provider side of the network, there are results of the MPLS architecture that have direct benefits for end users. MPLS-based service provider edge equipment is designed to communicate with CPE (Customer Premises Equipment) in a standards-based environment, reducing the need for customers to deploy new equipment, and protecting CPE investments.

Having visibility to the Internet from the cloud, rather than Head Office, gives resilience to the network and ensures that Head Office is not a single point of failure.

Security

More access points to a company's VPN (Virtual Private Network) means a greater potential security threat and a costly investment in infrastructure. If a business takes the traditional model of achieving inter-site connectivity by using numerous firewalls and IPSEC (Internet Protocol Security) VPNs to create a secure link between its different offices, this is clearly a costly solution both in terms of infrastructure and IT support - a limited resource at most mid-sized companies.

IPSEC is a good multi-site solution however for these growing multi-site companies it can be incredibly time-consuming to manage with numerous firewalls, multiple gateways to the Internet and browsing traffic from multiple sites. Multiple firewalls are a headache to the IT Manager as they can mean numerous avenues of attack to the company network.

In most Internet security scenarios we would assume that less firewalls means less security however in the case of MPLS, less firewalls actually means greater security. With only a single firewall there is only one gateway onto the MPLS network, meaning only one point of compromise. All the offices connect to a MPLS network which is a private network with no Internet facing gateways. With a single gateway security can easily be managed with all traffic in and out of the network monitoring more effectively.

Centralised control

MPLS can dramatically reduce network complexity and cost through centralised control. Rather than setting up and managing individual points between each office, customers need to provide only one connection from their office router to the service provider. This central control effectively removes the need for additional trained manpower. Additional benefits can be realised through this central management as a business is given greater control of Internet usage.

Cost effectiveness

MPLS technology offers businesses the performance of traditional VPNs but is far more cost effective. As the intelligence resides in the MPLS network core, there is no need for any expensive VPN appliances to be located on the customer premises. Because MPLS allows service providers to create new virtual private networks without having to install new hardware, it significantly reduces the cost of implementation, which in turn reduces the overall cost of VPNs.

Despite the obvious advantages of rolling out an MPLS solution, many mid-sized businesses would naturally have cost concerns about the implementation. New IT projects often foster the perception that hidden infrastructure and indirect management costs will arise. A natural resolution to this would be to consider a hosted MPLS solution.

Deploying MPLS via a managed, hosted model has two immediate advantages for IT managers. Firstly, a reduction in costs - businesses can benefit from the latest technologies without the high cost of ownership and resource associated with maintaining and supporting systems in-house. Secondly, increased security - by connecting to the Internet via a state-of-the-art data centres, businesses will automatically have a secure and resilient connection through a single firewall, as well as dedicated resources in place to detect and eliminate security vulnerabilities.

A managed solution also allows a company to enjoy the related benefits of dealing with one vendor. Focusing on a single IT vendor allows a company to consolidate its IT spend and develop a higher service relationship with this one vendor. The total cost of ownership of the MPLS solution can therefore be managed and driven down.