Introduction

In the USA it is very common that two-way radio sites have poor connectivity. Traditionally most have use a LTE/cellular router (ie. cradle-points) with various VPN overlays, or even single provider static IP full IPSEC mesh. These solutions are poor at best, and almost unscaleable beyond 10 sites due to the n-1 unique configurations needed to add or delete site.

Newer SDWAN technologies such as Cisco Meraki, have been used, but these are a monthly fee, and do not support multicast. This last point is very important as more and more multicast is being used in the two-way radio world. This had been difficult for many providers as there's no easy way to transport multicast over a LTE soultion. SDWAN VPLS services are able to do this, but again the Meraki doesn't support l2, and those that do, treat multicast as broadcast at layer 2. When additional sites are added, the "noise" of the network (ARP, MDP, IGMP, etc.) is flooded to every site. As more sites grow this grows exponentially.

L3VPN (VRPN) with multicast is really the way to support this. The design presented is focused on small bit rate voip multicast, with a many to many support of sending and receiving multicast. With modern routers it should scale to a hundreds of sites. Fast reroute is not considered here, as the network underlay is the general internet which is not highly available, nor is it needed for a two-way radio network. Network resiliency is provided via normal routing protocols, which even at high scale restore connectivity in under a second.

As this soultion uses BGP with label switching over a DMVPN network, other services may be configured which may ride on this. VPLS, VPRN and Multicast VPRN are presented here.

The inherent separation of customer vs provider services allows running this across multiple customers, all with disparate two-way radio networks. Service Provider here is referring to the two-way radio vendor or VAR, and Customer is their customer or different radio networks. Example: Tom's two-way radio operates a 24 site DMR system for Mcallen, a waste contractor in Mobile, a 4 site Link Capacity Plus system for the City of Gulfport and and Tom's own state wide TETRA system. Each radio site has a router with LTE connectivity, and this connects back to two core routers running in a virtual machine at different data-centers. This network provides the "underlay" of the VPN networks. On each of the routers for Mcallen, they have a L3VPN configured which allows all their sites to talk in their own VPN, Gulfport's LCP system can talk in it's VPN and Tom's on wide area trunked radio system can talk in it's VPN. No VPN to VPN traffic can flow, and IP addresses can even be the same between the base stations in the VPN.

While we could do this as 3 separate networks, without any VPN services, we increase the complexity on Tom's side and now he must monitor one network for each customer, vs. one network for all customers. Network monitoring is simplified as one NMS can monitor the entire network for all customers, vs separate NMS for each network, or typically no network monitoring of anything. The other advantage is during colocation at the same site. If Mcallen, Tom and the City of Gulfport all have a site on the same tower, one router can be used there, with a port for each VPN configured on it going to each base station.

Features / Requirements

• Supported VPN types

• IPv4 Unicast Layer 3 VPN
• IPv4 Multicast Layer 3 VPN
• VPLS
• Site-to-site Ethernet

• PE routers are able to work behind NAT/CGN

Tech Overview