Comcast is Signaling a Sea Change in the SD-WAN Space

Comcast has started to push in earnest at business services with SD-WAN, and they’re far from the only play in the space.  In fact, one question that’s now being raised in the space is whether the future of SD-WAN will be tied more to service providers than to CPE products bought directly by enterprises, or by managed service providers.  That question is also extending to the broader area of vCPE, which ties in then with NFV.  Service-provider SD-WAN is also a means of linking SDN services to the user, and even linking enterprise management systems with WAN services.

There are a lot of ways of offering business services, and the one that’s dominated for decades is the “virtual private network” (VPN) at Level 3 or the “virtual LAN” or VLAN at Level 2.  Both these service types have been deployed largely by adding features to native routers and switches (respectively) that allow network segmentation.  These “device-plus” features provide low overhead, but they also impact the native behavior of the protocol layer they work at, and that can create cost, compatibility, and management issues.

SD-WAN is an overlay technology, meaning that it’s created on top of L2/L3 (usually the latter) network services.  The nodes of the service provider’s networks see SD-WAN as traffic, just like all other traffic, and that’s true even where SD-WAN is overlaid on VPN/VLAN services.  Many SD-WAN services extend traditional VPN/VLAN services by spreading a new network layer on top of both VPN/VLAN and Internet services.

Service providers like the telcos have had mixed views of SD-WAN from the first.  Yes, it could offer an opportunity to create business services at any scale, to leverage Internet availability and pricing, and to unify connectivity between large sites and small sites, even portable sites.  The problem is that SD-WAN services can be deployed by MSPs and the users themselves, over telco Internet services, and so cannibalize to at least a degree the traditional “virtual-private” LAN and network/WAN business.  Comcast isn’t an incumbent in VPN/VLAN services so they have no reason to hold back.  In fact, they could in theory offer SD-WANs that span the globe by riding on competitive Internet services.

Once you have a bunch of telcos who face SD-WAN cannibalization from competitors like Comcast, from MSPs, and even from enterprises rolling their own VPNs, you pose the question of whether it’s better, if you’re going to lose VPN/VLAN business, to lose it to your own SD-WAN or to someone else’s.  Obviously it is, at least once it’s clear that the market is aware of the SD-WAN alternative.  That could mean that all the network operators will get into the SD-WAN space for competitive reasons alone.

If network operators decide, as Comcast has, to compete in the SD-WAN space, it makes little sense for them to squabble about in the dirt on pricing alone.  They would want to differentiate, and one good way to do that (again, a way Comcast has used) is by linking their SD-WAN service to underlying network features, which most often will mean QoS control, but also likely includes management capability.  That promotes a cooperative model of SD-WAN to replace the overlay model.  To understand how that works, you’d have to look at the SD-WAN service from the outside.

A service like SD-WAN has the natural capacity to abstract, meaning that it separates service-level behavior from the resource commitments that actually provide connectivity.  An SD-WAN service looks like an IP VPN, without any of the stuff like MPLS that makes VPNs complicated, and regardless of whether IP/MPLS or Internet (or any other) transport is used.  You can provide service-level management features, you can do traffic prioritization and application acceleration, and it’s all part of the same “service”, and it’s the same whatever site you happen to be talking about.  This uniformity is a lot more valuable than you might think at a time when businesses spend on the average about 2.7 times as much on network support as they do on network equipment.

The general trend in SD-WAN has been to add on features like application acceleration and prioritization, and those additions beg a connection to network services that would offer variable QoS.  An SD-WAN service with that traffic-expediting combination is a natural partner to operator features.   The management benefits of SD-WAN can also be tied to management of the underlying WAN services, which is a benefit both in user-managed and managed service provider applications.

SD-WAN prioritization features are also a camel’s nose for NFV’s virtual CPE (vCPE) model.  A unified service vision at the management level means it’s easier to integrate other features without adding undue complexity, and so it encourages buyers to think in modular feature terms, playing into the vCPE marketing proposition.  If operators could promote an SD-WAN model that relied on elastic cloud-hosted features for vCPE rather than a general-purpose premises box as is the rule today, they could end up with a service model that neither MSPs nor direct buyers of SD-WAN could easily replicate.  Since linking their SD-WAN service to network prioritization features is also something that third parties can’t do easily, this can create a truly unique offering.  Differentiation at last!

Of course, everyone jumps on differentiation, so all this adds up to the possibility, or probability, that SD-WAN will be increasingly dominated by network operators who exploit network features under the covers to differentiate themselves.  That’s been clear for some time, and it’s why the players in the crowded SD-WAN startup market are trying so hard to elevate themselves out of the pack.  There will be perhaps four or five that will be bought, and four or five times that number exist already.

There is little or no growth opportunity for business VPNs that require carrier Ethernet access and MPLS.  Big sites of big companies are about it, and in any business total addressable market (TAM) is everything.  Add that truth to the two differentiating paths of SD-WAN for network operators (linkage to network services including SDN and linkage to NFV hosting of features) and you have the story that will dominate the future of SD-WAN.  Which means that every SD-WAN startup had better understand how to tell that story or they’ll have no exit.

In the second half of 2018 we’ll probably start to see the signs of this in the SD-WAN space, with fire-sale M&A followed by outright “lost-funding” exits.  There are way too many players in the space to sustain when the market is going to focus on selling to network operators, and startups have only a limited opportunity to prepare for that kind of SD-WAN business.  There’s only one hope for them to avoid this musical-chairs game, and it’s government.

No, not government market, though that does present an opportunity.  Regulators, if they were to allow for settlement and paid prioritization on the Internet, would create an SD-WAN underlayment that anyone could exploit.  That would keep SD-WAN an open opportunity and prevent the constriction in opportunity to network operators that will drive consolidation.  The question is whether it could happen fast enough.  Even in the US, where regulatory changes have been in the wind since January, it will almost surely take more than six months to get something new in place.  Elsewhere it could be even longer, and operators like Comcast aren’t waiting.  If the big operators get control of SD-WAN before regulatory changes gel, it will be too late for most of the SD-WAN players.  So, if you are one, you might want to start prepping for an operator-dominated future right now, or you may run out of runway.