Hey there! Emmanuel Corels back again, on behalf of Emmanuel Corels Creatives. If you’ve ventured into the realms of OSPF and BGP already, you might be looking for something to supercharge your network’s performance and flexibility. MPLS (Multiprotocol Label Switching) could be your next big leap. It’s the technology that helps many large-scale service providers (and even enterprises) move traffic faster and more efficiently, while enabling sophisticated services like VPLS and traffic engineering.
Let’s see what it’s all about in the MikroTik world.
What Is MPLS, Really?
Think of MPLS as a middle ground between Layer 2 (Ethernet switching) and Layer 3 (IP routing). Instead of routing packets solely based on IP addresses, MPLS slaps a label on packets. Each router (or switch) forwards traffic based on that label, usually at higher speeds and with more straightforward lookups than typical routing. This is often referred to as Label Switching.
In practice, MPLS can:
- Provide faster forwarding in certain scenarios, because once labeled, the next routers don’t need to do full IP lookups.
- Help you build VPNs at Layer 2 or 3 (like VPLS for bridging multiple sites together, or L3VPN for isolated VRFs).
- Enable traffic engineering, so you can pick specific paths for certain traffic or ensure certain bandwidth constraints are honored.
Core MPLS Concepts
- LSR (Label Switching Router): A router that supports MPLS and can push, swap, or pop labels.
- LDP (Label Distribution Protocol): Protocol that neighbors use to exchange label mapping info. When your MikroTik forms an LDP adjacency, it learns how to label certain destinations.
- Label: A short identifier used by MPLS to route packets internally. Once the label is no longer needed (like at the edge of the MPLS domain), it’s popped.
- Penultimate Hop Popping: The second-to-last router in an MPLS path often removes the label so the last router gets a normal IP packet (this is to simplify the final routing step).
Enabling MPLS on MikroTik
Step one is turning on MPLS and LDP on the interfaces that you want to participate in label switching—usually the “core” or “backbone” links between your routers.
In WinBox, head to MPLS → Interfaces. Or in the CLI, something like:
/mpls interface add interface=ether2 mpls-mtu=1530
/mpls interface add interface=ether3 mpls-mtu=1530
You can set mpls-mtu to a slightly larger value if you plan to push multiple labels or do VPLS. Some folks might also tweak the overall L2 MTU on their physical interfaces.
Next, enable LDP:
/mpls ldp set enabled=yes transport-address=<router's loopback or some stable IP>
If you prefer to set up LDP in a more granular way, go to MPLS → LDP → Neighbors in WinBox. The transport address is often your loopback IP so that your LDP sessions remain stable even if physical interfaces go down.
Forming LDP Neighbors
When two routers have LDP enabled on interfaces that share a subnet, they’ll try to form an LDP adjacency. Check under MPLS → LDP → Neighbors in WinBox, or use:
/mpls ldp neighbor print
You want to see your remote router’s IP appear with a state like “Operational” or “Established.” If that’s not happening, check:
- IP connectivity on that interface
- Firewall (don’t block TCP/UDP ports used by LDP—646 by default)
- Matching subnets (both sides must be in the same network)
Once neighbors are formed, label mappings start populating. Each router tells the other, “For destination X, use this label Y.”
Checking Label Bindings
To see which prefixes are labeled, do:
/mpls ldp binding print
You might see entries with a local label, a remote label, and the prefix or FEC (Forwarding Equivalence Class) they represent. This indicates how traffic for that prefix is label-switched across the MPLS domain.
MPLS Use Cases
1. Faster Core Forwarding
Once your core routers all speak MPLS and exchange labels, traffic crossing the core can be forwarded by labels instead of IP lookups, sometimes giving performance benefits. Practically, today’s routers are very fast with IP, too, so the speed difference may not be huge—but MPLS is still the standard in many large networks.
2. VPLS (Virtual Private LAN Service)
Imagine bridging multiple remote sites as if they’re all in the same Layer 2 domain. VPLS does exactly that, riding on top of MPLS labels instead of IP-based bridging. Each site sees a single broadcast domain, perfect for shared subnets or services that rely on broadcast at Layer 2.
- You’d enable VPLS in Interfaces → VPLS.
- Configure a BGP or LDP-based VPLS to establish pseudo-wires between each site.
- Each site acts like a big switch port bridging their local LAN into the VPLS domain.
3. L3VPN or VRFs
If you need to isolate IP subnets for multiple customers or internal departments, you can use MPLS-based L3VPN. Each VRF is like a separate routing table, carried across the MPLS backbone. The advantage is that you’re not bridging at Layer 2—each VRF is contained, and you can do better route control. This is often used by ISPs to provide “IP VPN” services.
Traffic Engineering and RSVP-TE
MPLS Traffic Engineering (TE) uses protocols like RSVP-TE to reserve bandwidth or pick specific paths. In MikroTik, TE is somewhat limited compared to big vendor solutions, but you can still experiment with:
- Explicit Paths: Telling your routers which path to follow in the core for certain traffic.
- Resource Reservation: Attempting to allocate a certain bandwidth to a path.
This can get advanced quickly, and is more typical in large service provider environments.
Common Pitfalls
- MTU Issues: MPLS adds extra bytes for the label. If you’re not careful, you might cause fragmentation or dropped packets if your core can’t handle the overhead. Usually you raise the L2 MTU to account for the label.
- Firewall: Make sure you allow LDP traffic (TCP 646) or you won’t form adjacency. Also watch your filters if you’re bridging or doing VPLS.
- Mixed RouterOS Versions: MPLS and LDP features can differ slightly between major releases. Keep your routers on consistent, recent versions if possible.
- Label Collision: Typically LDP manages label spaces automatically, so collisions are rare—but if you try to do fancy static label config, you could cause confusion.
Verifying Traffic Flows
If you suspect your traffic is going over labels, do a quick check:
/mpls forwarding-table print
You’ll see how packets are being labeled or unlabeled as they enter or exit. Tools like Torch can also reveal if traffic is MPLS-labeled, though you’ll want to check on the underlying interfaces.
MPLS and Your Network Future
MPLS might look intimidating at first, but it’s incredibly powerful once you get comfortable with it. It’s not only about speed—it’s about building advanced Layer 2/3 services that scale well, especially if you’re an ISP, large enterprise, or if you need to unify multiple sites under a single bridging or routing domain.
Take it step by step:
- Enable MPLS on a small test core link.
- Verify LDP neighbors.
- Check label bindings.
- Then maybe spin up a small VPLS or L3VPN lab to see how it works.
Before long, you’ll be labeling your traffic like a pro.
Wrapping Up
MPLS is a huge topic—what we’ve covered here barely scratches the surface. You can keep going with advanced topics like Route Reflectors for BGP-based VPLS, MPLS TE for complex traffic engineering, or L3VPN scenarios for multi-tenant networks. But the basics remain the same: establish LDP neighbors, handle your MTUs properly, and let MPLS do the heavy lifting.
As always, I’m rooting for your continued MikroTik success. If you get stuck in label-land or want to share your fancy MPLS setups, you know where to find me. Happy routing—and labeling!
Lovingly explained by
Emmanuel Corels – Admin, Emmanuel Corels Creatives
