Multiprotocol Label Switching (MPLS) operates at a layer that is generally considered to lie between traditional definitions of layer 2 (data link layer) and layer 3 (network layer), and thus is often referred to as a “layer 2.5” protocol. But the benefits of MPLS come with a price tag of reduced visibility of monitoring and security tools that were not designed to handle “layer 2.5” protocols.
Many network monitoring, analysis, and security tools are either unable to handle or have limitations when working with MPLS traffic. Those tools were designed without thinking about the increasing adoption of MPLS in large organizations’ networks. Thus, the presence of MPLS protocols in the packet streams can restrict and even limit the ability of monitoring and security tools to perform requested (and required) filtering and load balancing tasks.