nanog mailing list archives
Re: DMVPN via Internet or Private APN
From: William Herrin <bill () herrin us>
Date: Tue, 12 Jan 2021 12:09:29 -0800
On Tue, Jan 12, 2021 at 8:55 AM Sean Kelly <kellysp () gmail com> wrote:
The real debate arrives when it's time to choose a carrier to host the router. I choose to go with a major cell carrier using a "private" APN. It allows me to connect my cell routers to a private layer 2 network and my private IP addresses will be used to provide layer 3 connectivity. I know that there will be outliers that can't use this carrier or cellular at all. These outliers, in my opinion, shouldn't have a majority stake in the overall design. The APN overall cost is low and so is the data plan for the hosted routers. The private APN also eliminates the router as an internet attack vector. I don't believe routers are appropriate security appliances to defend and monitor against network threats.
Hi Sean, You want vendor lock-in on your emergency access path? Are you sure?
Some of my colleagues believe that the flexibility of public cellular access outweighs the security risks.
I think your colleagues are correct. Shoot for an OOB solution that allows you to pick the best technology and vendor for each site you choose to protect. That won't necessarily even be cellular everywhere. Regards, Bill Herrin -- Hire me! https://bill.herrin.us/resume/
Current thread:
- DMVPN via Internet or Private APN Sean Kelly (Jan 12)
- Re: DMVPN via Internet or Private APN Saku Ytti (Jan 12)
- Re: [External] DMVPN via Internet or Private APN Hunter Fuller via NANOG (Jan 12)
- Re: DMVPN via Internet or Private APN Chriztoffer Hansen (Jan 12)
- Re: DMVPN via Internet or Private APN William Herrin (Jan 12)
- <Possible follow-ups>
- Re: DMVPN via Internet or Private APN Joel M Snyder (Jan 13)