VPLS is not Aspirin
If you’re old enough to remember the days when switches were still called bridges and were used to connect multiple sites over WAN links, you’ve probably experienced interesting network meltdowns caused by a single malfunctioning network interface card. Some of you might have had the “privilege” of encountering another somewhat failed attempt at WAN bridging: ATM LAN Emulation (LANE) service (not to mention the “famous” Catalyst 3000 switches with LANE uplink).
It looks like some people decided not to learn from others’ mistakes: years later the bridging-over-WAN idea has resurfaced in the VPLS clothes. While there are legitimate reasons why you’d want to have a bridged connection across the Service Provider network, VPLS should not be used to connect regular remote sites to a central site without on-site routers. You can find several reasons for this claim in the “VPLS: A secure LAN cloud solution for some, not all” I wrote for SearchTelecom.
Your expressed views appear a bit single-sided. Carrier Ethernet (including VPLS) is very often sold as a backbone carriage solution for customers to run their L3 on top. The case of people "just plugging their LAN switches into it" is pretty rare, as Carrier Ethernet typically steals market share from other technologies (P2P links and IP VPNs), and people usually already have routers in place.
The security issues you pointed out for VPLS are more of a corner case then something really prominent, too.
If we could ensure that everyone connected to a VPLS service will deploy CE routers, I'd be extremely happy. Unfortunately, the reality (particularly with mid-sized SPs and SMB customers) tends to go the other way, more so as people are trying to cut costs.
Assuming the customer has deployed CE routers, we're facing a scalability issue as all of them are connected to the same virtual LAN segment, which is not a good idea if you're talking about hundreds of sites.
Here's Heavy Reading's take in 2007 on Verizon's flavor -
Stan Hubbard, Lead Analyst – Heavy Reading
"Verizon Business delivered the goods again in 2007 by demonstrating a strategic commitment to transform the data connectivity services landscape through Ethernet portfolio innovations that address on-demand enterprise needs. Light Reading and Heavy Reading have been particularly impressed by its national VPLS rollout, international expansion activities and plans, and widespread deployment of Ethernet access platforms that extend the benefits of high-performance Ethernet to more customer locations."
Is this just fluff???
Code-E: the real benefit of VPLS isn't that it doesn't require a router it is that it provides the benefits of IP VPN while giving the customer full control over layer 3. For us that means no more issues interacting with customer routing protocols (eg EIGRP in particular), no more modifying static routes and adding new subnets manually for static routed customers and much simpler troubleshooting when something breaks. For the customer it means the ability to run any routing protocol they like, better convergence times than IP VPNs and the ability to segment their network using VLANs over the WAN for different departments or divisions.
As you start to exceed around 100 sites you start to have to think about scalability more as Sundar mentioned but below that level it is just a no-brainer if you need a private network and you can find a service provider that can deliver VPLS to all of your locations.
I know there isn't a ton of blog coverage on service-provider delivered VPLS networks so I thought some of you might enjoy our blog which has a number of posts on VPLS http://www.cavtel.com/business/blog/
Please keep also in mind that the article was written almost a year and a half ago, when some vendors were still promoting VPLS as the next panacea.
Last but definitely not least, it's great to see a Service Provider blog full of useful and accurate information. I could only wish more SPs would be like you.