The SD-WAN space is a unique combination of risk and opportunity. It’s clearly a risk to the traditional VPN and VLAN service models, the operator services that are based on the models, and the vendors whose equipment is used to deliver the services. It’s an opportunity for startups to rake in some money, for enterprises to save some money, and for operators to create a more infrastructure-agile and future-proof service model. The question is what side of the risk/reward picture will win out.
Right now, the market is in a state of flux. Operators are dabbling in SD-WAN, and every startup knows that if network operators themselves become the dominant conduit for SD-WAN products, the winning vendors will look very different from the winners should enterprises dominate. But “dabbling” is closer to “dominating” alphabetically than in the definitional world. Not only are operators not truly committed to SD-WAN, they’re really not committed to why they should be committed to it.
SD-WAN is an infrastructure-independent way of delivering virtual network services, because it’s a form of overlay technology. Vendors differ in how they position their stuff, whether they use a standard encapsulation approach, a proprietary approach, or don’t strictly encapsulate but still tunnel. In the end, every technology that uses a network service to ride on is an overlay. All overlays have the property of being independent of who’s doing the overlaying, so to speak. For there to be differentiation, you have to create some functional bond between the overlay and underlay, a bond that the network operator can create because they own the network, but that others could not.
Operators aren’t committed to offering any such functional bonding. I contacted two dozen of them over the last six weeks, and what I found was “interest” in the idea of having a symbiotic relationship between an SD-WAN and the underlying network, and “exploration” of benefits in both a service-technical sense and a business/financial sense. It almost appears that operator interest in SD-WAN offerings is more predatory than exploitive. Perhaps by offering SD-WAN they can lance the boil of MSP or enterprise deployments, and in the process weed out a lot of SD-WAN vendors whose initiatives might end up generating some market heat.
It’s really hard to say whether this strategy would work, and almost as hard to say whether operators could establish a meaningful symbiotic strategy if they wanted to. Some of my friends in the space tell me that operators fall into two camps—those who have to defend territory and those who can benefit significantly from breaking down territory boundaries. It’s the latter group who have been most interested in SD-WAN, and obviously running an SD-WAN outside your own territory limits how much you can hope for from symbiotic offerings. The other guy isn’t going to let you tweak his underlay.
What extraterritorial SD-WAN does to is let operators create a seamless VPN connectivity map for buyers whose own geography is way broader than the operator’s own range, and even the range the operator can cover with federation deals with partner carriers. However, some operators say that they’d really rather somebody else did this extension, preferably the enterprises themselves and if necessary the MSPs. The problem they cite is the difficulty in sustaining high connection quality (availability and QoS) with Internet overlays.
Amid all this confusion, it’s not surprising that SD-WAN vendors are themselves a bit at sea. That’s bad, because it’s clear that there’s going to be a shakeout this year, and absent a clear vision of what the market will value, the risk of being a shake-ee is too high for many. What might work?
To me, the clear answer is SD-WAN support for composable IP networks. Market-leading container software Docker imposes one presumptive network model, and market-leading orchestration tool Kubernetes imposes another totally different one. Microservices and component sharing fit differently into each of these, and so do things like cloudbursting or even in-house scaling. Public cloud providers have their own addressing rules, and then there’s serverless and event processing. It’s very easy for an enterprise to get so mired in the simple question of making everything connect like it’s supposed to that they don’t have time for anything else.
One thing in that category that seems a sure winner is a superior system for access control, to apply connectivity rules that govern what IP addresses can connect to what other ones. Forwarding rules are essential to SD-WAN anyway, and having a system that lets you easily control connection policies makes an SD-WAN strategy functionally superior to most VPNs, where doing the same thing with routers is far from easy.
Related to this is address mapping/remapping. SD-WAN is likely to deploy as a VPN, connecting various virtual hosts created with VM or container technology, and also pulling in a public cloud or two or three. Each of these domains has specific rules or practices for addressing, and getting all them to harmonize on a single plan is valuable in itself, and essential if you’re also going to control connectivity as I’ve suggested in my first point.
The management framework, including the GUI and network mapping features, would be critical for both these capabilities. Even more critical is a foundational notion, the notion that the challenge of the future (posed by virtualization) is to create connection/address elasticity that corresponds to the resource and component elasticity that modern cloud and application practices give us. We are building IP networks today based on the same principles that were developed before there was a cloud, or even an Internet, in any real sense.
There are, to be sure, plenty of initiatives in the IETF to modernize IP, but most of them are actually unnecessary and even inappropriate in the near term, because they’d require client software transformation to adopt. What an SD-WAN box could to is, by sitting at the network-to-user boundary, make the network appear to the user to be what it needs to be, and allow the transport network to be what it must be.
Nobody in the SD-WAN space is in the right place on this, so far. That means that even if there’s a market shake-out coming, there’s still a chance to grab on and hold on to the critical market-shaping ideas.