MPLS IP VPN is the latest standard-based technology to support private networks over MPLS infrastructure. It combines the benefits of various types of IP VPN, yet provides unique Quality-of-service (QoS) feature. Moreover, MPLS network is usually operated by a single provider, the end-to-end performance can be guaranteed.

The fundamental technology of MPLS IP VPN is the use of "label" to contain essential information of an information packet, including its source and destination addresses, unique customer's identity, importance of packet, etc. After an information packet (e.g. IP packet) has entered MPLS network, the first network router will attach a unique label onto the packet, and forward to the next MPLS router towards its destination. Every MPLS router will only examine the MPLS label information and determine the next routing destination, instead of checking IP addresses. This labeling and switching technique can greatly reduce the processing overhead and hence MPLS routing equipment has higher capacity better performance than traditional IP routing equipment. At the last network router, the MPLS label will be stripped off and delivering the original IP packet to the customer end.

Regarding VPN implementation, MPLS also uses the label to identify unique customer VPN identity. Once the customer VPN traffic is entering into the edge MPLS router, it will assign unique MPLS label information according to the physical port of connection. Hence, each customer VPN can only communicate with its own VPN sites, its VPN traffic cannot traverse to other VPNs or vice versa, because the label is controlled by the network provider.

Another important feature of MPLS is the support of Class-of-service (CoS) and Quality-of-service (QoS). CoS means classifying information packets into different classes representing different importance of the packet. QoS means applying different handling to the classified packets to ensure specific quality levels. For example, voice and video packets will normally be classified as "most important", and all MPLS routers will provide highest transmission priority to this class and hence result in lowest transmission delay and best performance for this traffic stream.

The major benefits of MPLS IP VPN can be summarized as follow:

(a) Security
As the label assignment of each customer VPN is done at the incoming port of customer, by physical port identity. Hence, one customer's traffic can never get into another VPN, and even not "touchable" the other customer's VPN port, un-authorized access is protected by the core of the network. The level of security is equal to ATM/FR VPNs which use PVC/DLCI for similar traffic segregation.

(b) Simplicity
In a typical MPLS IP VPN, the connection between customer-end router and provider-end router is by means of a single physical link. All "in & out" traffic of this site is going through this link, and let the MPLS network to do the routing and switching for it. It does not require multiple router WAN ports for multiple site connections in IPLC-type VPN, nor set up multiple virtual circuits in ATM/FR-type VPN. Furthermore, the link bandwidth can be shared for traffic with all other sites, whereas IPLC or ATM/FR virtual circuit bandwidth is usually dedicated to a certain site-to-site pair.

(c) Improved Performance
MPLS IP VPN uses labels to switch packets instead of examining each IP address to route the packet to destination. It has similar performance with ATM network, and out-performed IP-routing networks (e.g. Internet) and Frame Relay networks regarding end-to-end latency and traffic handling capacity. Also, network providers can achieve a better price/performance when deploying MPLS-based equipment, which translates into lower network cost and indirectly lower tariff to end customers.

(d) Improved Availability
Currently MPLS IP VPN networks are usually operated by single providers in different regions of the world. This is due to the fact that interconnection of MPLS networks directly at MPLS layer still has some compatibility and management issues. Global players (note 1) are establishing their own Point-of-presence (POPs) in different countries and offering end-to-end managed MPLS IP VPN service. The network is hence considered as a single network and end-to-end network performance can easily be monitored, fault easily be traced and restored, and service down time can be minimized in case of network failure.

Note 1: CPCNet has also designed, built and operated a cross-border MPLS network in Greater China and Asia region (China, Hong Kong, Taiwan, Singapore, Japan), and offering MPLS IP VPN service named TrueCONNECTTM. The network has been operated over 2 years, now having 16 POPs in total, and will be expanded with new POPs in other countries/cities along with network growth.

(e) Quality-of-Service Feature
As described above, in a MPLS IP VPN, customer traffic (packet) is identified by a MPLS label. The MPLS label will carry another important information to indicate the "class" of the traffic, e.g. voice/video class or data class. The MPLS equipment along the network will be configured to give higher transmission priority to time-critical traffic class, like voice and video applications, and hence maintain the low latency, low packet loss for such applications.