§ 6 MPLS Forwarding, VPNs, EVPN, SR-MPLS, SRv6, TI-LFA, VXLAN, and Geneve

1. Overview

MPLS decouples forwarding from destination IP lookup by adding a small label stack between Layer 2 and Layer 3. EVPN moves L2 and L3 tenant reachability into BGP, while Segment Routing keeps source-chosen paths without RSVP-TE state on every core router.

2. § 6.1 — MPLS Forwarding

Each MPLS stack entry is 32 bits: a 20-bit label, 3 traffic-class bits, a bottom-of-stack bit, and TTL. Core P routers use the LFIB to push, swap, or pop labels rather than performing a full customer route lookup.

Minimal C Demo — MPLS Label Stack Visualizer

3. § 6.2 — LDP, RSVP-TE, and BGP-LU

LDP distributes labels for IGP reachability, RSVP-TE signals explicit tunnel paths with bandwidth constraints, and BGP-LU carries labeled loopback reachability across AS boundaries.

4. § 6.3 — MPLS L3VPN

An L3VPN uses a VRF per customer on each PE. The RD makes overlapping prefixes unique in MP-BGP; the RT is the import/export policy that decides which VRFs share routes.

• Ingress PE pushes a VPN label for the egress VRF and a transport label for the PE loopback.
• P routers swap only the transport label, so they do not need customer routes.
• PE-CE routing is usually eBGP, static, OSPF, or EIGRP; eBGP scales cleanly.

5. § 6.4 — MPLS L2VPN

VPWS creates a point-to-point pseudowire; VPLS creates a multipoint bridged service and must handle MAC learning plus BUM flooding. EVPN-VPWS and EVPN multipoint services replace much of the older LDP-signaled model.

6. § 6.5 — EVPN

EVPN uses BGP as the control plane for MAC, IP, multicast, multihoming, and L3 prefix state. Type 2 routes advertise MAC/IP bindings and enable ARP suppression; Type 5 routes carry tenant IP prefixes.

7. § 6.6 — Traffic Engineering

RSVP-TE tunnels are computed by CSPF against the TE database, then signaled along an explicit route object. MPLS-FRR pre-signals one-to-one or facility bypass LSPs so a PLR can switch locally in under 50 ms.

8. § 6.7 — SR-MPLS

Segment Routing encodes intent as a SID stack. Prefix-SIDs follow the IGP shortest path to a node, adjacency SIDs force a specific link, and anycast SIDs steer toward the nearest member of a group.

Minimal C Demo — SR SID Stack Walk-through

9. § 6.8 — SRv6

SRv6 represents SIDs as IPv6 addresses, usually split into locator, function, and argument. The SRH carries the segment list; functions such as End.X,End.DT4, and End.DX2 map SRv6 to TE, L3VPN, and L2VPN behaviors.

10. § 6.9 — TI-LFA

TI-LFA precomputes the post-failure repair path and encodes it as a Segment Routing list. That gives link or node protection even when classic LFA has no neighbor satisfying the loop-free inequality.

11. § 6.10 and § 6.11 — VXLAN, Geneve, NVGRE, and STT

VXLAN wraps inner Ethernet in UDP/4789 and identifies tenants with a 24-bit VNI. EVPN replaces flood-and-learn with BGP-distributed MAC/IP, IMET, and prefix routes. Geneve keeps the same overlay idea but adds extensible options for SDN metadata, which is why OVN, NSX-T, and cloud fabrics prefer it.

• VXLAN flood-and-learn uses multicast or head-end replication for BUM traffic.
• Anycast gateway puts the same default gateway IP/MAC on every leaf, avoiding hairpin routing.
• NVGRE and STT are mostly historical compared with VXLAN and Geneve.

12. Interview Prep

• What does PHP do? The penultimate hop pops the transport label so the egress PE avoids one extra label lookup.
• RD vs RT? RD makes overlapping VPN prefixes unique; RT controls which VRFs import or export them.
• Why is EVPN better than VPLS flood learning? BGP advertises MAC/IP and multicast membership, reducing unknown flooding and enabling ARP suppression.
• Prefix-SID vs adjacency-SID? Prefix-SID has global meaning and follows IGP shortest path; adjacency-SID is local to one node and forces one link.
• Why use TI-LFA? It gives topology-independent fast reroute by encoding a repair path with SR SIDs.