Welcome Guest, please Login!

Using Private MPLS-based IP-VPN in Your WAN

By Jay Thompson

Over the past few years, the benefits of private MPLS-based IP-VPNs have been realized by many different users in state and local government, education, and business enterprises. According to a recent International Data Corporation (IDC) survey, over 30% of all enterprises are using IP-VPN today and although the IP-VPN market is maturing, the IDC believes that the use of IP-VPN services will remain an essential part of wide area networks until at least 2016.1

According to Nav Chander, research manager, U.S. Business Network Services program, "The U.S. managed IP-VPN market continues to show remarkable growth across all company size and vertical segments. VPNs are increasingly a critical component of an enterprise's WAN network strategy, and managed VPNs will also enable enterprises to rely on leveraging VPNs as on-ramps to cloud based enterprise and IT software services as enterprises plan to employ private cloud based WAN services and applications in the coming years." 2

What is MPLS?

MPLS (multiprotocol label switching) is a protocol used to improve packet performance and control traffic in the core of the Internet and private IP networks that originated from tag switching methods created by Ipsilon Networks and Cisco Systems in the late 1990s. While it continues to be widely used for that purpose, it has also been adapted for other uses. MPLS encapsulates data packets, adding packet headers that enable a variety of features which are in wide use in business-critical services. MPLS offers a rich set of control and monitoring functions, network security features and enhanced quality of service (QoS). Over the last 5 to 10 years, most service providers have deployed MPLS within their optical core and edge networks to transport and deliver IP and Internet services. This enables their core and edge networks to act much like WAN transport networks of the past, but with a greater level of efficiency.

What is a Private MPLS-Based IP-VPN?

A VPN, virtual private network, links two or more computers together via a local or wide-area network while encapsulating the data and keeping it private. There are several types of VPNs in use today, but in general VPNs can be categorized as either public or private.

Public VPN: A Public VPN, sometimes referred to as a CPE-based VPN, utilizes the public Internet as the core transport backbone. CPE, such as dedicated VPN gateways or routers, create the VPN connections across the public Internet using tunneling and encryption software. This allows remote locations to communicate directly with their headquarter location or other remote sites without the cost of traditional TDM or dedicated private line WAN circuits. At first glance public VPNs seem to be a cost-effective method for building WAN connectivity, however, they do have their downsides. First and foremost, the potential exposure of using the public Internet for business-critical traffic is extremely high. Next, CPE is needed at every site to create the VPN. Lastly, the Internet’s architecture was not designed with business-grade applications in mind, and most service providers do not offer an SLA for their Internet service.

Private VPN: A Private VPN, usually referred to as a MPLS IP-VPN, utilizes a service provider’s private infrastructure as the transport backbone for the VPN. In a private IP-VPN, the service provider’s routers use MPLS to communicate between locations in the network via IP addressing, in a fully meshed configuration which eliminates the old method of using virtual circuits like Frame Relay (PVCs) and ATM (VCIs). Tunneling and encryption of the data traffic is not required for most users because the network is on the provider’s private backbone, not the public Internet. Also, the service provider’s core routers create the VPN, so the enterprise customer does not need any additional hardware to create the VPN connections.

Why Use a Private MPLS-Based IP-VPN?

One of the primary reasons for a move to MPLS-based IP-VPN is the need for a more cost-effective solution that supports voice, video, and data services all with one service. Other major technological and financial drivers are:

  • A fully meshed infrastructure that replaces outdated hub-and-spoke architectures.
  • Any transport can be utilized including private line, ATM, Frame Relay, Ethernet, and private DSL.
  • Class of Service (CoS) provides ability to prioritize applications such as voice and video.
  • Automatic redundancy with fast re-route for sub 50ms restoral of circuits.
  • Reduced complexity, with one platform supporting all traffic, including voice, video and data.

Private MPLS-Based IP-VPN is Cost-Effective
Although MPLS-based IP-VPNs still utilize leased layer 2 transport for access, it is usually more cost-effective than older private-line, Frame Relay, or ATM services. Businesses migrating from older Frame Relay and ATM services do not need, for most service providers, to provision new circuits. Instead, the existing circuits can remain and be re-provisioned for MPLS IP-VPN. This helps enterprises minimize their WAN expenditures without reducing the quality of their network. Another cost benefit is that enterprises can leverage their hardware investments by re-utilizing their existing routers.

Private MPLS-Based IP-VPN Offers Diverse Access Transport Methods
The ability to use any access transport method is a significant advantage for MPLS-based IP-VPNs. Enterprises that need to connect sites in geographically diverse areas do not have to buy a Frame Relay circuit or purchase an ATM circuit at every site. Instead, IP-VPN users can pick the layer 2 transport service that is the most cost-effective or readily available for each location. This is particularly important when it comes to right sizing the WAN connection for branch offices. Large branch offices may require high bandwidth optical Ethernet while a small branch office may only need a private DSL WAN connection. MPLS-based IP-VPNs are “very scalable” and allow the enterprise to pick the layer 2 access methodology that makes the most sense for each individual location. This helps reduce WAN cost of ownership and raises operational efficiencies for the business.

In summary, MPLS-based IP-VPN is a rapidly expanding technology that provides a number of advantages to its users such as scalability, security, redundancy, and operational efficiencies. Although certain limitations exist, they are easily out-weighed with wide industry support, the security of a service provider’s private backbone, and the ability to utilize any transport which all adds up to a cost-effective, secure VPN solution.


  1. IDC 2012: The Role of MPLS in Next-Generation IP/Ethernet Access and Networks
  2. Nav Chander, 2012: U.S. Managed MPLS IP VPN Services 2012–2016 Forecast, DOC # 234847