MPLS Operation

How Forwarding Equivalence Classes (FECs), labels, and Label Switched Paths (LSPs) work.

Introduction: Inside the MPLS Engine

We've established that Multi-Protocol Label Switching (MPLS) is a high-performance networking technology that forwards traffic using simple labels instead of complex IP addresses. This is like a high-tech postal service that uses color-coded stickers (labels) for sorting mail instead of having every worker read the full, detailed address on every letter. This fundamental shift allows core network routers to forward packets at incredible speeds using specialized hardware.

But how does this system actually work? How do routers know which sticker to put on a packet? How do they agree on what each sticker means? And what exactly happens to that sticker as the packet travels through the network? This page will deconstruct the inner workings of the MPLS forwarding plane. We will follow the journey of a single packet from start to finish, exploring the three fundamental concepts that make MPLS possible: Forwarding Equivalence Classes (FECs), the Label Distribution Protocol (LDP), and the core label operations of Push, Swap, and Pop.

Forwarding Equivalence Class (FEC): Sorting the Mail

Before a single label can be applied, the network must first decide how to group packets. In MPLS, a group of packets that are to be treated the same way is called a Forwarding Equivalence Class (FEC). All packets belonging to the same FEC will be assigned the same label at the network entry point and will travel along the exact same path.

Analogy: The Destination City Bin. Imagine the first post office (the Ingress Router). When it receives millions of letters, it does not treat each one individually. Instead, it sorts them into bins based on their destination city. All letters going to San Francisco go into one bin, all letters to New York into another, and so on. This "destination city bin" is the FEC. The router makes one complex decision per bin, not per letter.

How is a FEC Determined?

The criteria for grouping packets into a FEC are flexible, but by far the most common method is grouping based on the destination IP network prefix.

Example of FEC Classification

An Ingress LER receives three packets:

Packet 1: Destination $198.51.100.50$
Packet 2: Destination $203.0.113.10$
Packet 3: Destination $198.51.100.99$

The router's routing table (learned via BGP or an IGP) indicates that the network $198.51.100.0/24$ is reachable via one path, and the network $203.0.113.0/24$ is reachable via another. The router will therefore classify them as follows:

Packets 1 and 3 are both destined for the $198.51.100.0/24$ network. They are grouped into FEC-A.
Packet 2 is destined for the $203.0.113.0/24$ network. It is grouped into FEC-B.

From this point forward, the core of the MPLS network no longer cares about the individual IP addresses. It only cares about "FEC-A" and "FEC-B". This initial classification is the only complex, Layer 3 routing decision made in the entire MPLS domain.

Labels and the MPLS Header: The Sticker

Once a packet is classified into a FEC, it gets its "sticker": the MPLS label. This label is not part of the original IP packet. It is a new, 32-bit (4-byte) header that is inserted, or "shimmed," between the Layer 2 (e.g., Ethernet) header and the Layer 3 (IP) header.

Anatomy of the MPLS Header

The 32-bit MPLS header contains four distinct fields:

Field	Size (bits)	Description
Label Value	20	The main identifier, the "sticker number" itself. A 20-bit field allows for over 1 million possible labels.
Experimental (EXP) Bits	3	Primarily used for Quality of Service (QoS). These bits can be used to mark the priority of the packet.
Bottom of Stack (S)	1	Used in advanced scenarios (like MPLS VPNs) where multiple labels can be "stacked." This bit is set to 1 on the very last label in the stack.
Time-To-Live (TTL)	8	A loop-prevention mechanism. It is copied from the IP header when the label is pushed, and decremented at each LSR. If it reaches 0, the packet is discarded.

Local Significance: It is absolutely crucial to understand that a label value is only locally significant. This means the label only has meaning on a single link between two adjacent routers. A label of `100` might mean "send to Router B" on the link from A to B, but on the link from B to C, that same label value `100` could mean something completely different, or be unused. The routers renegotiate the label for the FEC at every hop.

LDP and LSPs: Planning the Express Route

So, how do all the routers in the network agree on which labels to use? This is managed by the Label Distribution Protocol (LDP). LDP is a dedicated protocol that runs between MPLS routers to automatically exchange information about FECs and the labels they want to assign to them. This collective agreement creates the end-to-end tunnel, the Label Switched Path (LSP).

Analogy: The Inter-Office Memo. Before any mail can be sent on the express route, the postmasters of all the offices along the route must communicate. The postmaster in San Francisco sends a memo to the one in Denver: "For all London-bound mail, please use a 'Blue 101' sticker and send it to me." The Denver postmaster then sends a memo to the one in Chicago: "For all London-bound mail, please use a 'Red 202' sticker and send it to me." This chain of memos establishes the sticker-swapping plan for the entire route.

The LDP Process: A Step-by-Step Example

The label distribution process for a given destination (FEC) actually works its way backward from the destination towards the source.

Egress LER Starts: The Egress LER, which is directly connected to the destination network (our FEC), recognizes this from its own routing table. Because it is the final stop, it knows it will need to perform a final IP lookup to deliver the packet. It allocates a special implicit label for itself (Label 3, representing an instruction to pop the label) and conceptually announces this to its neighbor, P2.
P2 Creates a Label: Router P2 receives the advertisement from the Egress LER. It now knows it has a valid path to the FEC. P2 generates its own local label for this FEC, let's say `Label 300`. It installs this in its own forwarding table: "If I receive a packet with Label 300, I should remove it and forward the packet to the Egress LER." It then advertises this new mapping: (FEC, Label 300), to its neighbor, P1.
P1 Creates a Label: Router P1 receives the advertisement from P2. It knows it has a valid path to the FEC via P2. P1 generates its own local label, say `Label 200`. It installs this in its table: "If I receive a packet with Label 200, I must swap it with Label 300 and forward it to P2." P1 then advertises its own mapping: (FEC, Label 200), to its neighbor, the Ingress LER.
Ingress LER is Ready: The Ingress LER receives the advertisement from P1. It now has a label to use for all packets belonging to this FEC. It installs a rule: "For any packet belonging to this FEC, push Label 200 onto it and forward it to P1."

At the end of this process, a complete, end-to-end Label Switched Path (LSP) has been created. Every router along the path knows exactly what to do with a packet for that FEC.

Core MPLS Forwarding Operations

The life of a packet in an MPLS network is defined by three fundamental operations:

PUSH

Adding a new label (or a stack of labels) to an IP packet. This is performed by the Ingress LER.

SWAP

Replacing the incoming top-level label with a new outgoing label. This is performed by the core LSRs.

POP

Removing the top-level label from a packet. This is performed by the Egress LER (or the one before it).

A Packet's Full Journey

Let's trace our packet from the earlier example through the LSP we just created:

At the Ingress LER: An IP packet arrives destined for the FEC. The router performs an IP lookup, classifies it, and sees that it needs to use Label 200 and forward to P1. It performs a PUSH operation, adding the MPLS header with label 200.
At Router P1: The packet arrives with label 200. P1 doesn't look at the IP header. It looks only at the label. Its forwarding table says: "Incoming label 200 means outgoing label 300, forward to P2." It performs a SWAP operation, replacing label 200 with 300.
At Router P2: The packet arrives with label 300. P2 looks at its table: "Incoming label 300 means pop the label and forward to Egress LER." It performs a POP operation, removing the MPLS header entirely. (This is an optimization called Penultimate Hop Popping, where the final swap-and-pop is done one hop early).
At the Egress LER: A plain IP packet arrives. The Egress LER performs a final IP lookup and delivers the packet to its ultimate destination network. The packet has successfully crossed the entire MPLS domain without any of the core routers ever looking at its IP header.