DMVPN via Internet or Private APN

• Previous message (by thread): DMVPN via Internet or Private APN
• Next message (by thread): Just a heads up, apparently Ubiquiti had a breach.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I offer a question to help me settle an internal debate. As a network
> engineer for a large enterprise, do you choose ISP flexibility or ISP
> security when you build an OOB network? 

Flexibility.  (will not joke about immense problem of including the 
words "ISP" and "security" in same sentence, unless accompanied by the 
phrase "complete and total absence of" as well)

My particular area of concentration the last decade or so has been large 
multi-national WANs.  I've been fortunate enough to see entire waves of 
deployment and redeployment, which has added a thick layer of scarring.

One of the lessons that I take away from these deployments is that 
anything which is not pure "Internet" IP must be avoided, because if it 
doesn't bite you in the *ss on day 1, it will on day 1,000 or 10,000.

Providers love to deliver a customized service, and in small deployments 
(such as connecting offices within a metropolitan area) I can see the 
value.  But whether the provider is creating lock-in (sinister 
conspiracy theory) or just wants to give you a better service 
(optimistic world view theory), it *always* ends up being a problem 
sooner or later.

I can pull a dozen anecdotes out where this happened and cost between $ 
and $$$$ to deal with, but my long-term experience is that the more 
vanilla the pipe, the better off you will be in the long run especially 
as the clock ticks past years and years.

There are certainly issues with having multiple contracts, and the 
overhead of handling hundreds of semi-overlapping and slightly different 
bills and contact points is not to be dismissed lightly; it is a BIG 
deal especially for larger organizations with high internal costs for 
administrative overhead.  Providers also claim better pricing on big 
contracts, but rarely is this true, because of the sharp and continuous 
drop in costs for Internet worldwide.

Go with vanilla.  It's easier to pour syrup and nuts on top than it is 
to dig out those disgusting frozen marshmallow chunks from the rocky 
road someone committed to.


jms

-- 
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One       Phone: +1 520 324 0494
jms at Opus1.COM                http://www.opus1.com/jms

• Previous message (by thread): DMVPN via Internet or Private APN
• Next message (by thread): Just a heads up, apparently Ubiquiti had a breach.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]