Monthly Archives: October 2011

Ethernet TLS vs. MPLS Pseudowire

Multiprotocol Label Switching (MPLS) is an encapsulation used in high-performance telecommunications networks which directs and carries data from one network node to the next. MPLS makes it easy to create “virtual links” between distant nodes. It can encapsulate packets of various network protocols.

MPLS is a highly scalable, protocol agnostic, data-carrying mechanism. In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the packet itself. This allows one to create end-to-end circuits across any type of transport medium, using any protocol. The primary benefit is to eliminate dependence on a particular Data Link Layer technology, such as ATM, frame relay, SONET or Ethernet, and eliminate the need for multiple Layer 2 networks to satisfy different types of traffic. MPLS belongs to the family of packet-switched networks.

Comparison Matrix

Traditional Ethernet MPLS Virtual Circuit
Guaranteed Bandwidth No Yes
Path Protection No Yes
Next-Hop Security No Yes
Fast Reroute No Yes
Encapsulation Agnostic No Yes
Control-Packet Restrictions Yes No
Circuits Ride Over Public Internet No No
Jumbo Frames Yes Yes
802.1Q Enabled Sometimes Always

Comparison Matrix Details Explained

Guaranteed Bandwidth – Using Resource Reservation Protocol (RSVP), bandwidth on a circuit can be guaranteed to be available for a customer.

Path Protection – VLANs are typically linear. If VLANs are built in a ring topology, highly-unpredictable and antiquated technologies such as Spanning Tree Protocol (STP) must be used. VLANs are not typically built on inter-city circuits. MPLS circuits can use the underlying IGP routing to route around circuit failures.

Next-Hop Security – IGPs can use password protection along each and every hop, as well as LDP/RSVP authentication. Because of these two authentication methods, “Man-in-the-middle Attacks” on the carrier class network would be very difficult to implement.

Fast Reroute – MPLS Traffic Engineering Tunnels (MPLS-TE Tunnels) can be used throughout a core network. These tunnels are highly configurable. One of the great features is MPLS-TE Fast Reroute (MPLS-TE FRR). A primary and backup path are defined when the tunnels are built. Should the primary path fail, MPLS-TE moves the traffic onto the secondary path in SONET-like fail over times, under 50 milliseconds, or 1/20th of a second. Ethernet VLANs using STP fail over times are by default 30 seconds.

Encapsulation Agnostic – As the name implies, MPLS allows carriers to use several different encapsulation types to be very creative in circuit design, thus allowing them to be very price competitive. Traditional Ethernet VLANs are typically confined to Ethernet networks.

Control-Packet Restrictions – Ethernet control plane traffic is not passed from one network to another network unless expressly permitted. For instance, Cisco Discovery Protocol (CDP), Spanning Tree Protocol (STP) and VLAN Trunking Protocol (VTP) packets are not passed by default; they must be configured to be allowed to pass. Additionally, if your circuit goes through multiple different equipment vendors (Cisco, Juniper, Foundry/Brocade, Force 10, etc) these packets may be stripped. MPLS passes all packets indiscriminately; all packets will reach their intended target.

Circuits Ride Over Public Internet – The most common misconception about MPLS is that MPLS services rides over the public Internet. This is almost never the case.

Jumbo Frames – Jumbo frames are available on Ethernet VLAN and MPLS services.

802.1Q Enabled – Traditional Ethernet VLAN private-line services can be configured to allow customers to pass their own 801.1Q tags most of the time. However, this is not enabled by default. As mentioned in the Control-Packet Restrictions, MPLS indiscriminately passes all packets. Therefore, you may pass any 802.1Q tags you choose, all of the time on any circuit that is MPLS from end to end.


Dennis Ritchie passes away

Dennis Ritchie, also known as dmr, passed away last weekend.

Ritchie was best known as the creator of the C programming language and a key developer of the Unix operating system, and as co-author of the definitive book on C, The C Programming Language, commonly referred to as K&R (in reference to the authors Kernighan and Ritchie).

Ritchie’s invention of C and his role in the development of UNIX alongside Ken Thompson has placed him as an important pioneer of modern computing. The C language is still widely used today in application and operating system development, and its influence is seen in most modern programming languages. UNIX has also been influential, establishing concepts and principles that are now precepts of computing.

Ritchie was elected to the National Academy of Engineering in 1988 for “development of the ‘C’ programming language and for co-development of the UNIX operating system.”

Further reading

UNIX Haters Handbook Anti-Foreword by Dennis Ritchie

Date: Tue, 15 Mar 1994 00:38:07 EST
Subject: anti-foreword

To the contributers to this book:

I have succumbed to the temptation you offered in your preface: I do
write you off as envious malcontents and romantic keepers of memo-
ries. The systems you remember so fondly (TOPS-20, ITS, Multics,
Lisp Machine, Cedar/Mesa, the Dorado) are not just out to pasture,
they are fertilizing it from below.

Your judgments are not keen, they are intoxicated by metaphor. In
the Preface you suffer first from heat, lice, and malnourishment, then
become prisoners in a Gulag. In Chapter 1 you are in turn infected by
a virus, racked by drug addiction, and addled by puffiness of the

Yet your prison without coherent design continues to imprison you.
How can this be, if it has no strong places? The rational prisoner
exploits the weak places, creates order from chaos: instead, collec-
tives like the FSF vindicate their jailers by building cells almost
compatible with the existing ones, albeit with more features. The
journalist with three undergraduate degrees from MIT, the researcher
at Microsoft, and the senior scientist at Apple might volunteer a few
words about the regulations of the prisons to which they have been

Your sense of the possible is in no sense pure: sometimes you want
the same thing you have, but wish you had done it yourselves; other
times you want something different, but can’t seem to get people to
use it; sometimes one wonders why you just don’t shut up and tell
people to buy a PC with Windows or a Mac. No Gulag or lice, just a
future whose intellectual tone and interaction style is set by Sonic the
Hedgehog. You claim to seek progress, but you succeed mainly in

Here is my metaphor: your book is a pudding stuffed with apposite
observations, many well-conceived. Like excrement, it contains
enough undigested nuggets of nutrition to sustain life for some. But
it is not a tasty pie: it reeks too much of contempt and of envy.