Re: DMVPN via Internet or Private APN

I offer a question to help me settle an internal debate. As a network
engineer for a large enterprise, do you choose ISP flexibility or ISP
security when you build an OOB network?

Flexibility. (will not joke about immense problem of including the words "ISP" and "security" in same sentence, unless accompanied by the phrase "complete and total absence of" as well)

My particular area of concentration the last decade or so has been large multi-national WANs. I've been fortunate enough to see entire waves of deployment and redeployment, which has added a thick layer of scarring.

One of the lessons that I take away from these deployments is that anything which is not pure "Internet" IP must be avoided, because if it doesn't bite you in the *ss on day 1, it will on day 1,000 or 10,000.

Providers love to deliver a customized service, and in small deployments (such as connecting offices within a metropolitan area) I can see the value. But whether the provider is creating lock-in (sinister conspiracy theory) or just wants to give you a better service (optimistic world view theory), it *always* ends up being a problem sooner or later.

I can pull a dozen anecdotes out where this happened and cost between $ and $$$$ to deal with, but my long-term experience is that the more vanilla the pipe, the better off you will be in the long run especially as the clock ticks past years and years.

There are certainly issues with having multiple contracts, and the overhead of handling hundreds of semi-overlapping and slightly different bills and contact points is not to be dismissed lightly; it is a BIG deal especially for larger organizations with high internal costs for administrative overhead. Providers also claim better pricing on big contracts, but rarely is this true, because of the sharp and continuous drop in costs for Internet worldwide.

Go with vanilla. It's easier to pour syrup and nuts on top than it is to dig out those disgusting frozen marshmallow chunks from the rocky road someone committed to.