WAN technologies like MPLS and Metro Ethernet are the backbone of modern enterprise connectivity, enabling secure, scalable, and efficient communication between geographically dispersed sites. For the CCNA 200-301 exam, understanding these technologies is crucial because they represent how real-world networks operate beyond simple point-to-point links. This chapter covers the exam objective '3.0 Network Access' and '4.0 IP Connectivity', specifically focusing on WAN technologies and their operational characteristics.
Jump to a section
Imagine you need to send a package from New York to Los Angeles. You could drive directly (a leased line), but that's expensive and inefficient for multiple deliveries. Instead, you use the Interstate Highway System (the service provider's backbone) and a package delivery service like FedEx (the MPLS provider). You drop your package at a local FedEx facility (the customer edge router connected to the provider edge), and FedEx attaches a label with a tracking number (the MPLS label). The package travels through multiple sorting hubs (provider routers) where each hub reads only the label, not the contents, to determine the next hop. The label is swapped at each hub (label switching) until the package reaches the destination facility, which removes the label and delivers it. This allows many customers to share the same highways without interfering, and the provider can offer different service levels (e.g., overnight vs. ground) using different label paths (LSPs). Similarly, Metro Ethernet is like having a dedicated lane on the highway for your company's vehicles, guaranteeing bandwidth and low latency, but still sharing the physical road infrastructure.
What is MPLS?
Multiprotocol Label Switching (MPLS) is a data plane technology that directs data from one network node to the next based on short path labels rather than long network addresses. It operates between Layer 2 and Layer 3, often called Layer 2.5. MPLS was developed to improve speed and scalability in core networks while supporting multiple protocols (IPv4, IPv6, etc.) and traffic engineering.
Why MPLS Exists
Traditional IP routing requires every router to perform a longest-prefix match lookup in the routing table for each packet, which can be slow and complex. MPLS adds a label to each packet, allowing routers to make forwarding decisions by simply swapping labels—a faster, simpler operation. Additionally, MPLS enables services like MPLS VPNs (L3VPN and L2VPN) and Traffic Engineering (TE).
MPLS Architecture and Components
- LSR (Label Switch Router): A router that performs MPLS forwarding. There are three types: - Ingress LSR: The first router that adds a label to an unlabeled packet. - Transit LSR: A core router that swaps labels. - Egress LSR: The last router that removes the label and delivers the IP packet. - LSP (Label Switched Path): The path that a labeled packet takes from ingress to egress. - FEC (Forwarding Equivalence Class): A group of packets that are forwarded the same way (e.g., same destination network). Each FEC is assigned a label. - Label: A 20-bit value in the MPLS header (32 bits total: 20-bit label, 3-bit EXP for QoS, 1-bit bottom of stack, 8-bit TTL).
How MPLS Works Step by Step
Label Distribution: LSRs use LDP (Label Distribution Protocol) to exchange label bindings. LDP runs over UDP (discovery) and TCP (session). Each router assigns a label for each prefix in its routing table and advertises it to neighbors.
Packet Forwarding:
Ingress LSR receives an IP packet, classifies it into an FEC (e.g., destination network 10.1.1.0/24), pushes a label (e.g., 100), and forwards it to the next hop.
Transit LSR receives the labeled packet, looks up the label in its LFIB (Label Forwarding Information Base), swaps the label (e.g., 100 -> 200), and forwards to the next hop.
Egress LSR receives the packet with label 300, pops the label (removes it), and forwards the original IP packet based on the IP routing table.
MPLS Header Fields
Label: 20 bits, value 0-15 reserved, 16-1048575 usable.
EXP: 3 bits, used for QoS (Class of Service).
S (Bottom of Stack): 1 bit, set to 1 if this is the last label in the stack.
TTL: 8 bits, decremented at each hop to prevent loops.
IOS CLI Verification Commands
To verify MPLS operation on a Cisco router:
show mpls ldp neighbor
show mpls ldp bindings
show mpls forwarding-table
show mpls interfacesExample output for show mpls forwarding-table:
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.1.1.0/24 0 Gi0/0 192.168.1.2
17 18 10.2.2.0/24 0 Gi0/1 192.168.2.2
18 No Label 192.168.3.0/24 0 Gi0/2 192.168.3.1The Pop Label means this router is the egress LSR for that prefix.
Metro Ethernet (Metro-E) is a service that uses Ethernet technology to connect customer sites across a metropolitan area. It is often delivered over a service provider's MPLS backbone. Common Metro Ethernet services include: - E-Line: Point-to-point Ethernet connection (like a virtual leased line). - E-LAN: Multipoint-to-multipoint Ethernet LAN (like a VLAN across sites). - E-Tree: Rooted multipoint (one-to-many, e.g., hub-and-spoke).
Metro Ethernet Key Concepts
CE (Customer Edge): Customer router connecting to the provider.
PE (Provider Edge): Provider router that connects to CE.
UNI (User Network Interface): The physical port between CE and PE.
EVC (Ethernet Virtual Connection): A logical connection between two or more UNIs.
VLAN Tagging: 802.1Q tags are used to separate different services. The provider may use Q-in-Q (802.1ad) to stack customer VLAN tags over service provider VLAN tags.
How Metro Ethernet Works
The provider creates an EVC that maps to a specific VLAN ID. When a frame arrives at the PE from the CE, the PE adds a service VLAN tag (S-tag) to identify the EVC. The frame is then forwarded across the provider's MPLS backbone (often using MPLS over Ethernet) to the destination PE, which removes the S-tag and delivers the original frame to the destination CE. This is transparent to the customer, who sees a simple Ethernet connection.
Interaction with MPLS
Metro Ethernet services are often delivered over an MPLS backbone using technologies like VPLS (Virtual Private LAN Service) or VPWS (Virtual Private Wire Service). The provider uses MPLS labels to tunnel Ethernet frames across the core. This combines the simplicity of Ethernet with the scalability of MPLS.
Configure LDP Router ID
The first step in enabling MPLS is to configure LDP (Label Distribution Protocol). The router ID is typically the highest loopback IP. Set a loopback interface and enable LDP globally: ``` interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! mpls ldp router-id Loopback0 force ``` The `force` option overrides any existing router ID. Verify with `show mpls ldp discovery`.
Enable MPLS on Interfaces
Enable MPLS on the interfaces that connect to MPLS neighbors (core links). Use the interface configuration command: ``` interface GigabitEthernet0/0 mpls ip ``` This enables MPLS label switching on that interface. Verify with `show mpls interfaces`.
Configure IGP for Label Distribution
MPLS LDP relies on an IGP (OSPF or IS-IS) to distribute routes. Ensure the IGP is running on all MPLS-enabled interfaces. For OSPF: ``` router ospf 1 network 10.0.0.0 0.255.255.255 area 0 ``` LDP uses the IGP next hop to determine label bindings. Without an IGP, LDP will not establish sessions.
Verify LDP Neighbors and Bindings
Check that LDP sessions are established with neighboring LSRs: ``` show mpls ldp neighbor ``` Output should show neighbor IPs and state as 'Operational'. Then check label bindings: ``` show mpls ldp bindings ``` This shows which labels have been assigned to which prefixes.
Verify MPLS Forwarding Table
The LFIB (Label Forwarding Information Base) shows how labeled packets will be forwarded: ``` show mpls forwarding-table ``` Look for local labels (assigned by this router), outgoing labels (to next hop), and the outgoing interface. If a prefix shows 'Pop Label', this router is the egress for that prefix.
Configure Metro Ethernet on PE
For Metro Ethernet, configure a service instance on the PE connecting to the CE. Example for an E-Line service: ``` interface GigabitEthernet0/1.100 encapsulation dot1Q 100 service instance 100 ethernet encapsulation dot1q 100 xconnect 10.0.0.2 100 encapsulation mpls ``` This creates a pseudowire (point-to-point) over MPLS to the remote PE (10.0.0.2) with VC ID 100.
In a typical enterprise network with multiple branch offices, MPLS VPNs are used to connect remote sites to a central data center. For example, a retail chain with 200 stores might contract a service provider to provide MPLS L3VPN connectivity. Each store has a CE router that connects to the provider's PE. The provider handles routing between sites using MPLS labels, allowing the enterprise to have a full-mesh or hub-and-spoke topology without managing their own WAN links. The network engineer at the enterprise only needs to configure a default route on the CE pointing to the PE, and the provider handles the rest. This is cost-effective and scalable.
Another scenario is a financial institution that requires low-latency connections between trading floors. They might use Metro Ethernet E-Line services, which provide dedicated bandwidth and deterministic performance. The provider guarantees a certain CIR (Committed Information Rate) and can prioritize traffic using EXP bits in the MPLS header. Misconfiguration can lead to traffic drops or SLA violations. For example, if the PE is not configured with the correct VLAN encapsulation, frames may be dropped or misdirected.
A common production issue is when the MPLS LDP session goes down due to a routing change or interface failure. This causes all labels to be removed, and traffic will be forwarded using regular IP routing (if the IGP still works) or dropped. Network engineers monitor LDP neighbor states using SNMP and set up alerts. They also use tools like 'ping mpls ipv4' to test LSP connectivity.
On the CCNA 200-301 exam, MPLS and Metro Ethernet appear in the 'Network Access' and 'IP Connectivity' domains. You are expected to understand the basic operation of MPLS, the role of labels, and the difference between LDP and MP-BGP (for VPNs). Key points:
MPLS operates at Layer 2.5: It inserts a shim header between Layer 2 and Layer 3.
Label size: 20 bits, values 0-15 reserved (for special labels like explicit null).
LDP uses UDP for discovery (port 646) and TCP for session (port 646).
Penultimate Hop Popping (PHP): The penultimate router (second to last) pops the label before sending to the egress, so the egress does not need to do a label lookup. This is why you see 'Pop Label' in the forwarding table.
Common wrong answers: 1. 'MPLS uses IP routing tables for forwarding' – Incorrect; MPLS uses LFIB, not the routing table. 2. 'LDP uses only TCP' – Incorrect; it uses UDP for discovery and TCP for session. 3. 'Metro Ethernet is Layer 3' – Incorrect; it is Layer 2 (Ethernet). 4. 'MPLS can only carry IPv4' – Incorrect; it is multiprotocol.
Calculation traps: None directly, but you may be asked to identify the label field size (20 bits). Remember that the total MPLS header is 32 bits (4 bytes).
Decision rule: If a question asks about forwarding in an MPLS network, think 'label switching' not 'IP routing'. For Metro Ethernet, think 'Layer 2 connectivity over a WAN'.
MPLS operates at Layer 2.5, adding a 32-bit shim header with a 20-bit label.
LDP uses UDP (discovery) and TCP (session) on port 646.
Penultimate Hop Popping (PHP) occurs when the penultimate router pops the label before the egress.
The LFIB (Label Forwarding Information Base) is used for MPLS forwarding, not the IP routing table.
Metro Ethernet services include E-Line (point-to-point), E-LAN (multipoint), and E-Tree (hub-and-spoke).
In Metro Ethernet, the UNI is the interface between CE and PE.
MPLS supports multiple protocols including IPv4, IPv6, and Ethernet.
These come up on the exam all the time. Here's how to tell them apart.
MPLS L3VPN
Operates at Layer 3: CE and PE exchange routes.
Customer sees a routed WAN connection.
Scales to many sites with route reflectors.
PE routers maintain separate VRF tables.
Customer IP addresses can overlap with other customers.
MPLS L2VPN (VPWS/VPLS)
Operates at Layer 2: CE and PE are on the same Ethernet segment.
Customer sees a transparent Ethernet link (E-Line) or LAN (E-LAN).
Scales well for point-to-point, but multipoint requires VPLS.
PE routers use pseudowires or VPLS instances.
Customer IP addressing is independent; no overlapping issues.
Mistake
MPLS is a Layer 3 technology like IP routing.
Correct
MPLS is a Layer 2.5 technology that uses labels to forward packets, not IP addresses. The forwarding decision is based on the label, not the destination IP.
Many confuse MPLS with routing because it is often used with IP, but the forwarding mechanism is fundamentally different.
Mistake
LDP sessions are established using only TCP.
Correct
LDP uses UDP for neighbor discovery (hello messages) and TCP for session establishment and label exchange. Both are on port 646.
Candidates often remember TCP for the session but forget the UDP discovery phase.
Mistake
The egress LSR always pops the label.
Correct
In PHP, the penultimate hop pops the label, not the egress. The egress LSR receives an IP packet, not a labeled packet.
This is a common trick on the exam; many assume the egress removes the label.
Mistake
Metro Ethernet is a Layer 3 VPN service.
Correct
Metro Ethernet provides Layer 2 connectivity, meaning the customer sees an Ethernet link. The provider may use MPLS in the core, but the service is Layer 2.
Because MPLS is often associated with Layer 3 VPNs, candidates mistakenly think Metro Ethernet is also Layer 3.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Traditional IP routing uses longest-prefix matching in the routing table to forward packets. MPLS uses label switching: a short fixed-length label is added to the packet, and routers forward based on the label using the LFIB. MPLS is faster and supports traffic engineering and VPNs.
The CCNA 200-301 exam covers MPLS concepts but not detailed configuration. You should understand the components (LSR, LSP, label), how LDP works, and the role of MPLS in VPNs. Configuration is more relevant for CCNP.
A pseudowire is an emulated point-to-point connection over a packet-switched network (like MPLS). It carries Layer 2 frames (Ethernet, PPP, etc.) across the MPLS backbone. In Metro Ethernet, a pseudowire is used for E-Line services.
E-Line is a point-to-point Ethernet connection (like a leased line). E-LAN is a multipoint-to-multipoint service (like a VLAN). E-LAN allows multiple sites to communicate directly, while E-Line connects only two sites.
MPLS uses the 3-bit EXP field in the label header to mark packets with a Class of Service (CoS). This allows routers to apply different queuing and scheduling policies. The EXP field can be used to match IP DSCP values.
The Bottom-of-Stack (S) bit indicates whether this label is the last label in the MPLS label stack. If S=1, it is the bottom label; if S=0, there are more labels below. This is used for MPLS VPNs where multiple labels are stacked.
Yes, MPLS is multiprotocol. It can carry IPv6, IPv4, Ethernet frames, etc. For IPv6, LDP distributes labels for IPv6 prefixes, or 6PE/6VPE techniques are used.
You've just covered WAN Technologies — MPLS and Metro-E — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?