Hello Nanog's I offer a question to help me settle an internal debate. As a network engineer for a large enterprise, do you choose ISP flexibility or ISP security when you build an OOB network? I was tasked to create an OOB network for my company. Realistically it would only be deployed to 25% of the companies sites as they are considered important enough to justify the cost. The design is simple enough. Hub and spoke using cellular routers. DMVPN will carry data from the spoke to the hub. The real debate arrives when it's time to choose a carrier to host the router. I choose to go with a major cell carrier using a "private" APN. It allows me to connect my cell routers to a private layer 2 network and my private IP addresses will be used to provide layer 3 connectivity. I know that there will be outliers that can't use this carrier or cellular at all. These outliers, in my opinion, shouldn't have a majority stake in the overall design. The APN overall cost is low and so is the data plan for the hosted routers. The private APN also eliminates the router as an internet attack vector. I don't believe routers are appropriate security appliances to defend and monitor against network threats. Some of my colleagues believe that the flexibility of public cellular access outweighs the security risks. The cellular internet will provide us with a solution for more of the outliers than a private APN. I don't agree with this philosophy even though it's not "technically" wrong. I am interested in a broader range of opinion and technical reasoning. Nanog member KELLYSP