Ode to an SD-WAN:
I love your complexity
And lack of deterministic behavior
I need your connectivity
But not new network layers
Only I can comprehend
Your brittleness and insecurity
And in the bitter end
Like ATM fade in obscurity
While SD-WANs are a hot topic currently, in reality, I believe that WANs will ultimately wane and give way to “wide area inter-networks.” SD-WANs are already multi-network use cases (e.g. connecting branch networks to the corporate network). Right now, they are simple overlays, but over time, performance and functionality demands will require them to interact with the underlay network (and other layers).
Thus, SD-WANs are, in fact, internetworks. However, they are “selfish” in nature, which limits their long-term viability.
Here’s why: SD-WANs selfishly can only route to participating next hop gateways (or tunnel terminations). SD-WANs never share their links or gateways with other networks. Multi-hop links, multi-vendor, multi-owner SD-WANs do not exist. Protocols and standards for interworking of SD-WANs (or ANY WANs) with each other or other network layers are largely nonexistent, and nascent at best.
Routers, on the other hand, are not selfish. They think about more than just their links and interfaces. In fact, routers develop optimal loop free paths to every IP address (in ranges) that they can reach. Routers share what they know with each peer.
Another difference? Routers can build maps of link connectivity between routers and networks. SD-WANs can only understand their managed links, with each link connecting one location to another.
Routers interconnect and exchange reachable routes, and self heal. SD-WANs run like applications on top of networks, creating virtual link views. SD-WANs rely on the underlying network for everything, including initialization and self-healing.
Current trends suggest that corporate data centers are increasingly being replaced by outsourcing to third-party, managed data centers in many forms. Unless implemented carefully, SD-WANs can serve as a network bridge, with tunneled connections providing bi-directional open doors that increase the surface area for attacks, and increase the chance of broad based failures and outages.
While promising reduced complexity, SD-WANs may actually increase complexity. Consider Access Control Lists (ACLs). Managing ACLs at the network layer now required coordination between the underlay and overlay networks, which can dramatically complicate access policy definition.
While the intent of SD-WANs is noble, the implementation approximates a flawed version of a router. Instead we should be focusing on creating intelligent internetworking in the next generation of routers. Software IP routers can unleash innovation of IP routing. Routers already provide IPv4, IPv6 internetworks. By extending internetworking to join these two Internets, and by further extending internetworking to reach into private network areas, the concept of WANs will wane, and the age of true internetworking will begin to wax. All that is missing is smart, intelligent, session stateful IP routers.