Build a Better VPN with MPLS

Setting up a virtual private network (VPN) can present trade-offs in terms of cost, performance, complexity and flexibility. The first VPNs used leased lines, which were highly secure and fast but expensive and static. Then Internet VPNs emerged as a means to provide more cost-effective and dynamic connectivity using the public Internet. Encryption provided the necessary security.

However, VPNs that relied upon the “best effort” delivery mechanism of the Internet could not meet Quality of Service (QoS) requirements. Organizations that needed more predictable performance turned to tunneling VPNs, which set up secure, end-to-end connections for each session. Still, tunneling VPNs tend to be complex and costly, and are still subject to Internet delays and congestion.

VPNs based upon Multi-Protocol Label Switching (MPLS) often prove to be the best of all worlds. MPLS VPNs can be set up over service provider backbones without the need for tunneling or encryption. They can ensure QoS by prioritizing data packets and creating “self-healing” networks that automatically re-route traffic around failed links as needed.

In a generic IP network, it’s every packet for itself. Delivery of data is on a first-come, first-served basis, with a “hop by hop” routing process that endeavors to determine the shortest path to a given packet’s destination. That’s fine for e-mail and Web page requests, but doesn’t provide for the QoS demands of applications like Voice over IP (VoIP).

MPLS was developed to add the traffic engineering capabilities of traditional Frame Relay and ATM networks to IP-based networks. MPLS sets up virtual data paths called Label Switched Paths that create a kind of “virtual circuit” for data to travel along. It improves network performance by eliminating the need for an IP route look-up and enables packets to be given priority based upon application performance metrics.

With MPLS, edge routers tag IP packets with “labels” that specify the route the data should travel and its priority. From there, MPLS-compliant devices simply look at the label information to move a packet along to its destination.


MPLS brings clear benefits to VPN technology. The traffic engineering capabilities of MPLS automatically establish and maintain a tunnel across the Internet backbone connecting the entry and exit point. It also provides a range of services to meet QoS, security and any-to-any connectivity requirements.

MPLS VPNs provide a common infrastructure for the delivery of a variety of data services. New services can be added simply by changing the way labels are assigned to packets.

Multimedia services are obvious candidates for MPLS VPNs, which can ensure the QoS needed for the distribution of voice, video and data. Intra-office voice calls can be delivered over an MPLS VPN, with potentially huge savings in carrier long-distance charges. The MPLS VPN can also be used to set up video conferencing, thus saving time and travel costs.

The high-speed data transfer rates of MPLS VPNs provide sufficient performance to connect branch offices, dealers and suppliers to back-office applications. MPLS VPNs can also be used to set up remote access solutions — mobile employees simply use dial-up Internet accounts to access the MPLS VPN from any location.

In short, MPLS VPNs provide a cost-effective solution for high-performance networking across geographically dispersed locations. They eliminate many of the trade-offs associated with traditional IP-based VPNs, enabling the secure, reliable delivery of a wide range of data services.