Re: DMVPN via Internet or Private APN

[William Herrin <bill () herrin us>]

On Tue, Jan 12, 2021 at 8:55 AM Sean Kelly <kellysp () gmail com> wrote:
> The real debate arrives when it's time to choose a carrier to host the
> router. I choose to go with a major cell carrier using a "private"
> APN. It allows me to connect my cell routers to a private layer 2
> network and my private IP addresses will be used to provide layer 3
> connectivity. I know that there will be outliers that can't use this
> carrier or cellular at all. These outliers, in my opinion, shouldn't
> have a majority stake in the overall design. The APN overall cost is
> low and so is the data plan for the hosted routers. The private APN
> also eliminates the router as an internet attack vector. I don't
> believe routers are appropriate security appliances to defend and
> monitor against network threats.

Hi Sean,

You want vendor lock-in on your emergency access path? Are you sure?

> Some of my colleagues believe that the flexibility of public cellular
> access outweighs the security risks.

I think your colleagues are correct. Shoot for an OOB solution that
allows you to pick the best technology and vendor for each site you
choose to protect. That won't necessarily even be cellular everywhere.

Regards,
Bill Herrin


-- 
Hire me! https://bill.herrin.us/resume/