- See The Difference
- What is Zero Trust The strategy on which Zscaler was built
- How Zscaler Delivers Zero Trust A platform that enforces policy based on context
- Zero Trust Resources Learn its principles, benefits, strategies
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Customer Success Stories Hear first-hand transformation stories
- Analyst Recognition Industry experts weigh in on Zscaler
- See the Zscaler Cloud in Action Traffic processed, malware blocked, and more
- Experience the Difference Get started with zero trust
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Products & Solutions
- Secure Your Users Provide users with seamless, secure, reliable access to applications and data. Secure Your Workloads Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Secure Your OT and IoT Provide zero trust connectivity for OT and IoT devices and secure remote access to OT systems.
- Products Transform your organization with 100% cloud-native services
- Solutions Propel your business with zero trust solutions that secure and connect your resources
![Zscaler workplace enablement]( "Zscaler workplace enablement")
Make hybrid work possibleGet StartedSecure work from anywhere, protect data, and deliver the best experience possible for users
- Industries Our ecosystem of zero trust partners
- Partner Integrations Simplified deployment and management
![Zscaler industry partners]( "Zscaler industry partners")
Secure your ServiceNow DeploymentGet StartedIt’s time to protect your ServiceNow data better and respond to security incidents quicker
- Platform
- Platform Overview Unified platform for transformation
- Capabilities Integrated services, infinitely scalable
![Zscaler transformation]( "Zscaler transformation")
Accelerate your transformationLearn MoreProtect and empower your business by leveraging the platform, process and people skills to accelerate your zero trust initiatives
![Gartner Report]( "Gartner Report")
Gartner Magic Quadrant LeaderRead ReportZscaler: A Leader in the Gartner® Magic Quadrant™ for Security Service Edge (SSE) New Positioned Highest in the Ability to Execute
- Resources
- Content Library Explore topics that will inform your journey
- Blog Perspectives from technology and transformation leaders
- Security Assessment Toolkit Analyze your environment to see where you could be exposed
- Webinars and Demos A first-hand look into important topics
- Executive Insights App Security insights at your fingertips
- Ransomware ROI Calculator Assess the ROI of ransomware risk reduction
- Training and Certifications Engaging learning experiences, live training, and certifications
- Customer Success Center Quickly connect to resources to accelerate your transformation
- Customer Success Stories Hear first-hand transformation stories
![Customer success center]( "Customer success center")
- Security & Threat Analytics Threat dashboards, cloud activity, IoT, and more
- Security Advisories News about security events and protections
- Vulnerability Disclosure Program Webinars, training, demos, and more
- Trust Portal Zscaler cloud status and advisories
![Zscaler resources]( "Zscaler resources")
- Company
- About Zscaler How it began, where it’s going
- Leadership Meet our management team
- Investor Relations News, stock information, and quarterly reports
- Compliance Our adherence to rigorous standards
- ESG Our Environmental, Social, and Governance approach
- Events Upcoming opportunities to meet with Zscaler
- Zenith Ventures Strategic cybersecurity investments
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Media Center News, blogs, events, photos, logos, and other brand assets
- News and Press Zscaler in the news
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Partner Portal Tools and resources for Zscaler partners
- Summit Partner Program Collaborating to ensure customer success
- System Integrators Helping joint customers become cloud-first companies
- Service Providers Delivering an integrated platform of services
- Technology Deep integrations simplify cloud migration
- Partner Inquiry Become a Zscaler partner
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
-
What Is Multiprotocol Label Switching (MPLS)? Multiprotocol label switching (MPLS) is a method of wide area networking (WAN) that routes traffic using labels—not network addresses—to determine the shortest possible path for packet forwarding. It labels each data packet and controls the path it follows rather than sending it from router to router through packet switching. It’s intended to minimize downtime, improve quality of service (QoS), and ensure traffic moves as quickly as possible.
How Does Routing Work in MPLS?
At the surface level, MPLS functionality turns routers into switches by giving traffic a predetermined path to take based on labels. In this sense, MPLS connections are much stronger and more reliable than traditional packet- or circuit-switched connections.
MPLS allows IP packets to be forwarded at OSI layer 2 (data link) switching level without being passed up to layer 3—the network or routing level. Internet protocol (IP) routing sends traffic on a lengthy path with multiple stops, but with MPLS, traffic is given an MPLS label and sent through a label-switched path (LSP) that’s inserted between the layer 2 and layer 3 headers. With this method, routers need only to interpret the MPLS labels, not the full IP address, of traffic.
There are two types of MPLS routers: label edge routers (LERs) for ingress, which label incoming data; and label switch routers (LSRs) for egress, which send labeled data on its way. There are also intermediate LSRs, which correct the data link on which the packet is being sent, if need be.
These routers combine packets with similar characteristics and place them in the same forwarding equivalence class (FEC) so they can be sent down the same LSP after being given the same label. In a corporate context, this can greatly reduce the types of traffic on a network layer, which helps reduce latency.
What Is MPLS Used For?
MPLS works by creating point-to-point paths that act as circuit-switched connections, but deliver layer 3 IP packets. In this sense, it is best for organizations that have remote branch offices in a large number of widespread locations that need data center access. At least, this was what it was best used for when workers were still going to offices.
Many organizations would run MPLS within a virtual private network (VPN), either to create the aforementioned point-to-point path or for a private LAN service. It provided diversity in that it could be deployed irrespective of what underlying network protocols—ethernet, SDH, ATM, etc.—were being used. The forwarding decision would be unaffected because, again, it only mattered whether the label matched.
What Does MPLS Consist Of?
MPLS has four unique mechanisms that improve connection quality and stability:
- The label: There would be no MPLS without a label attached to each connection.
- Traffic class field: This component prioritizes packets by QoS.
- Bottom-of-stack flag: This tells an egress router that there are no further labels to be put on this connection.
- Time-to-live: This refers to the number of hops data can make before being discarded.
These four subparts make MPLS easier to manage than other less rigid methods of traffic forwarding. It can be likened to tracking a shipment or a package based on a tracking number rather than having to guess, for example, the license plate or VIN of the delivery truck.
Benefits of MPLS
Many consider MPLS to be a slightly older approach that provides an advantage over traditional IP routing, but is struggling against more agile and flexible options such as SD-WAN. Nevertheless, it does have a number of advantages.
Namely, it’s more scalable than packet or circuit switching, offers high levels of performance, reduces network traffic congestion, and has a better end user experience. Plus, it eliminates the need to perform lookups at a routing table at every stop. And, as mentioned earlier, it’s a routing protocol that can be deployed no matter which network protocol your organization uses, which increases flexibility.
How MPLS Networks Work for Cloud Adoption
To enable MPLS to work in the cloud, you can supplement it with a number of technologies, including:
- Virtual routing services: By using a cloud router on top of an MPLS appliance, you can leverage a software-defined network (SDN) to establish MPLS cloud connections.
- Offloading: A direct-to-internet connection enables you to offload web traffic, allowing the MPLS to carry only the traffic heading to the office, unlocking spare capacity.
- SD-WAN: SD-WAN augments MPLS with low-cost broadband internet links or replaces it with internet to base designs on the application and bandwidth needs.
MPLS can become a cloud-enabled technology if you pull the right strings, but as the cloud becomes ubiquitous, MPLS starts to phase itself out due to its legacy architecture. More on this in the next section.
Disadvantages of MPLS
MPLS comes with a number of issues that are accentuated as you adopt remote work and the cloud:
Increased Complexity
Deploying and managing routers at every location is time-consuming, leads to security compromises, and limits your ability to respond to changing needs.
Poor User Experience
Backhauling traffic to centralized security appliances that weren’t designed to handle cloud app demands leave users unproductive and unhappy.
A Lack of Security
When users drop off your network and MPLS VPN, your security policies go blind and risk increases. You need consistent protection no matter how users connect.
What’s more, MPLS doesn’t offer encryption, which is a major issue as operations move toward the cloud. Today, with cloud services driving up organizations' bandwidth demands and many regulations around protecting sensitive data—especially as it’s sent to and from the cloud—MPLS has become more difficult to justify.
MPLS vs. SD-WAN
MPLS labeling can provide advantages over less-refined traffic routing methods of the past, but SD-WAN uses software-defined policies to select the best path to route traffic to the internet, cloud applications, and the data center. This makes it more useful for real-time applications such as UCaaS, VoIP, business intelligence, and so on.
SD-WAN provides simpler provisioning and an increased breadth of traffic engineering configurations due to its software-defined construction. By that same token, SD-WAN offers much improved security over MPLS: software-defined policies established and enforced via the cloud help you secure network traffic wherever it’s coming from or going.
SD-WAN offers a bevy of benefits over MPLS, but to inherit a full, cloud-delivered networking and security stack that provides great experiences and tight security, wherever they are, what you really need is a secure access service edge (SASE).
A SASE Approach
To cope with the evolving challenges of the cloud, many organizations are moving toward cloud-based infrastructure for both networking and security, known as SASE. This framework provides secure access to all applications alongside full visibility and inspection of traffic across all connections.
SASE offers:
Reduced IT costs and complexity
Rather than focusing on a secure perimeter, SASE focuses on entities, such as users. Based on the concept of edge computing—processing of information close to the people and systems that need it—SASE services push security and access close to users. Using your security policies, SASE dynamically allows or denies connections to applications and services.
Fast, seamless user experience
SASE calls for security to be enforced close to what needs securing—instead of sending the user to the security, it sends security to the user. SASE is cloud secure, intelligently managing connections at internet exchanges in real time as well as optimizing connections to cloud applications and services to ensure low latency.
Reduced risk
As a cloud native solution, SASE is designed to address the unique challenges of risk in the new reality of distributed users and applications. A key component of the SASE framework is zero trust network access (ZTNA), which provides mobile users, remote workers, and branch offices with secure application access while eliminating the attack surface and the risk of lateral movement on the network.
Zscaler SD-WAN and SASE
Zscaler leverages a diverse network of partners to help your organization quickly adopt and implement SD-WAN. These partners trust our cloud-based network architecture because it’s built according to Gartner’s vision of SASE, which has been proven to be the optimal framework for cloud-delivered networking and security through SD-WAN.
The Zscaler Zero Trust Exchange™ is a cloud native SASE platform built for performance and scalability. As a globally distributed platform, it ensures users are always a short hop from their applications. Through peering with hundreds of partners in major internet exchanges worldwide, it offers optimal routing, performance, and reliability for your users.
Suggested Resources
-
Zscaler + Network and UCaaS Partners
Visit the webpage -
Secure Work-from-Anywhere
-
Realize the full benefits of SD-WAN
Visit the webpage -
Zscaler + Cisco SD-WAN
Learn more
FAQs
What is meant by label switching?
If a data packet is given an incorrect label, a label-switching router will intercept the connection and send it on the correct data path. This is based mainly on the OSI layer a connection should be on (typically 2 or 3).
How does routing normally work?
There are two typical methods of sending data packets to their destination:
packet switching and circuit switching. Packet switching forwards based on a destination IP address and routing protocols, which involves a high amount of routers and an unfixed data path, which slows transmission. Circuit switching is typically used for telephone connections and sends connections through a fixed data path. However, due to the amount of time it takes for this path to be established, it's inefficient and costly.
Is an MPLS network a “private” network?
MPLS connections are private in that they’re made in a closed-off tunnel and that their data is not exposed to the internet. They establish connections between branch offices and data centers, and they’re often used as base layers for virtual local area networks (VLANs) and VPNs—both of which are private connections in their own right.