I have experience of openvpn, ciscos ipsec tunnels and alike but I wonder in what situation one would benefit from using a MPLS instead? If I understand it correctly, MPLS is L2 (but is sometimes referred to as layer 2.5, for unknown reasons to me), and if I understand the difference between the tun and tap drivers for OpenVPN, tap is L2 (ethernet).
I think MPLS in it self is not encrypted, so if we disregard the encryption of an openvpn tunnel - when would it be more suitable using a MPLS tunnel and when would it be more suitable using an Openvpn tunnel?
A secondary question too; I read on a forum somewhere that a proposed solution to connecting two datacentres servers (on one /24 network each using different carriers) was "have your DC transport VLAN" - How would this work? Over what protocol?
MPLS is a carrier protocol with some similar attributes to Frame Relay and ATM. The key difference is where Frame Relay relies on "statical multiplexing," MPLS is more "kin" to ATM as the switch paths are provisioned and dedicated between two points across a MPLS network.
The need to encrypt is generally reduced, like with Frame Relay and ATM, where the traffic "instances" are specifically identified per subscriber throughout its transport across the carrier network.
The MPLS "framework" actually covers multiple legacy technologies, where it is actually an "overlay" technology which can be retrofitted on top of ATM, Frame Relay, TCP/IP as well as others - that's where it's being referred to as a layer 2.5 (its typical implementation can be across Frame Relay, ATM, TCP/IP as well as combinations of).
IPSec and OpenVPN are typically run on top of TCP/IP which may itself run on top of Frame Relay, ATM or even MPLS (which is becoming common as traditional Frame Relay is getting displaced with "MPLS enabled Frame Relay" these days).
Hopefully this helps...
As for your last part... VLAN tagging over TCP/IP may be utilized to provide a "flat" network that spans multiple locations.