Ethernet TLS vs. MPLS Pseudowire

Multiprotocol Label Switching (MPLS) is an encapsulation used in high-performance telecommunications networks which directs and carries data from one network node to the next. MPLS makes it easy to create “virtual links” between distant nodes. It can encapsulate packets of various network protocols.

MPLS is a highly scalable, protocol agnostic, data-carrying mechanism. In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the packet itself. This allows one to create end-to-end circuits across any type of transport medium, using any protocol. The primary benefit is to eliminate dependence on a particular Data Link Layer technology, such as ATM, frame relay, SONET or Ethernet, and eliminate the need for multiple Layer 2 networks to satisfy different types of traffic. MPLS belongs to the family of packet-switched networks.

Comparison Matrix

Traditional Ethernet MPLS Virtual Circuit
Guaranteed Bandwidth No Yes
Path Protection No Yes
Next-Hop Security No Yes
Fast Reroute No Yes
Encapsulation Agnostic No Yes
Control-Packet Restrictions Yes No
Circuits Ride Over Public Internet No No
Jumbo Frames Yes Yes
802.1Q Enabled Sometimes Always

Comparison Matrix Details Explained

Guaranteed Bandwidth – Using Resource Reservation Protocol (RSVP), bandwidth on a circuit can be guaranteed to be available for a customer.

Path Protection – VLANs are typically linear. If VLANs are built in a ring topology, highly-unpredictable and antiquated technologies such as Spanning Tree Protocol (STP) must be used. VLANs are not typically built on inter-city circuits. MPLS circuits can use the underlying IGP routing to route around circuit failures.

Next-Hop Security – IGPs can use password protection along each and every hop, as well as LDP/RSVP authentication. Because of these two authentication methods, “Man-in-the-middle Attacks” on the carrier class network would be very difficult to implement.

Fast Reroute – MPLS Traffic Engineering Tunnels (MPLS-TE Tunnels) can be used throughout a core network. These tunnels are highly configurable. One of the great features is MPLS-TE Fast Reroute (MPLS-TE FRR). A primary and backup path are defined when the tunnels are built. Should the primary path fail, MPLS-TE moves the traffic onto the secondary path in SONET-like fail over times, under 50 milliseconds, or 1/20th of a second. Ethernet VLANs using STP fail over times are by default 30 seconds.

Encapsulation Agnostic – As the name implies, MPLS allows carriers to use several different encapsulation types to be very creative in circuit design, thus allowing them to be very price competitive. Traditional Ethernet VLANs are typically confined to Ethernet networks.

Control-Packet Restrictions – Ethernet control plane traffic is not passed from one network to another network unless expressly permitted. For instance, Cisco Discovery Protocol (CDP), Spanning Tree Protocol (STP) and VLAN Trunking Protocol (VTP) packets are not passed by default; they must be configured to be allowed to pass. Additionally, if your circuit goes through multiple different equipment vendors (Cisco, Juniper, Foundry/Brocade, Force 10, etc) these packets may be stripped. MPLS passes all packets indiscriminately; all packets will reach their intended target.

Circuits Ride Over Public Internet – The most common misconception about MPLS is that MPLS services rides over the public Internet. This is almost never the case.

Jumbo Frames – Jumbo frames are available on Ethernet VLAN and MPLS services.

802.1Q Enabled – Traditional Ethernet VLAN private-line services can be configured to allow customers to pass their own 801.1Q tags most of the time. However, this is not enabled by default. As mentioned in the Control-Packet Restrictions, MPLS indiscriminately passes all packets. Therefore, you may pass any 802.1Q tags you choose, all of the time on any circuit that is MPLS from end to end.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.