Your SD-WAN fleet is one of the most instrumented networks on the planet. Every link is scored in real time — latency, jitter, packet loss, MOS, SLA thresholds. Your orchestrator makes path-switching decisions in milliseconds. You have telemetry on everything.
And yet, when your ISP degrades at a BGP peer in Dallas at 6:12pm on a Tuesday, you will spend the next 47 minutes figuring out what the engineer at the company two blocks away already resolved at 6:08pm. They figured out that ISP X's Dallas POP browns out every Tuesday evening from 6 to 9pm. They switched their VoIP traffic to the backup LTE link at 5:45pm. You will not learn this. Your SD-WAN will converge on the same resolution alone, on its own schedule, from scratch.
This is not a telemetry problem. This is not a compute problem. This is a synthesis problem — and SD-WAN, for all its intelligence, has never solved it.
SD-WAN Solved WAN Routing. It Did Not Solve Cross-Fleet Learning.
The SD-WAN market is projected at $12.3B by 2026 (IDC, 2023 SD-WAN Forecast). Gartner reports that 65% of enterprises had deployed SD-WAN by 2025. The deployment wave is real and the operational gains inside each fleet are real: dynamic path selection, application-aware routing, centralized policy enforcement across branch offices.
But "centralized" here means centralized within your organization. Your orchestrator is the center of your network. It has no awareness of the other 40,000 SD-WAN deployments running on the same ISP infrastructure, watching the same BGP events, hitting the same congestion events at the same CDN egress points.
ISP brownouts are inherently shared events. When a BGP peer in Dallas degrades, every customer peering through that POP sees it simultaneously. The learning opportunity is 100% shared. The resolution stays 100% local.
Industry surveys consistently report 45-60 minute MTTR for WAN performance degradation events. That number has not moved meaningfully since SD-WAN replaced legacy MPLS-dominated architectures, because SD-WAN optimized the decision loop inside each fleet — not between them.
The gap you are sitting in: N(N-1)/2 synthesis opportunities between SD-WAN fleets, currently equal to zero.
Why Federated Learning Does Not Close This Gap
Federated learning is the obvious candidate. Each fleet trains locally, gradients aggregate centrally without raw data moving, a global model improves over time. It sounds like exactly the right tool.
It is not, for two reasons.
First, SD-WAN path quality is a real-time operations problem. Path-switching decisions happen in milliseconds. Federated learning operates on training timescales: local training rounds, gradient aggregation across participants, global model update, redistribution. Round-trip latency on that cycle is measured in minutes to hours, not milliseconds. By the time a federated model incorporates tonight's Dallas brownout pattern, the brownout is over.
Second, ISP degradation data is highly non-IID across geographies. Averaging gradients from Dallas ISP peering events with London ISP peering events does not improve path selection in either city. The geographic and topological specificity that makes an outcome useful is exactly what gradient averaging destroys.
What SD-WAN engineers need is not a better model trained on other fleets' data. They need the distilled operational outcome from a fleet that already resolved the same event, routed to them in time to matter.
The QIS Architecture: What Cross-Fleet Learning Actually Requires
The Quadratic Intelligence Swarm protocol, discovered by Christopher Thomas Trevethan, is covered by 39 provisional patents. The architecture is not a product. It is a complete loop — and the breakthrough is the loop itself, not any single component inside it.
Here is how that loop maps to SD-WAN:
1. Raw signal. Your SD-WAN edge is already collecting path telemetry. Nothing changes here.
2. Local processing. Your edge device identifies a degradation event and the resolution action that recovered SLA. You already do this.
3. Distillation. Compress the event to a ~512-byte outcome packet. No raw telemetry. No proprietary topology data. Just the distilled outcome: {isp_asn, peer_city, time_of_day_bucket, degradation_pattern, resolution_action, sla_recovery_ms}. 512 bytes. That is the unit of synthesis.
4. Semantic fingerprinting. Hash the outcome by its semantic identity — ISP, location, traffic class, degradation type — not by organizational identity. Two fleets that have never heard of each other will produce the same fingerprint for the same class of event at the same BGP peer.
5. Routing to relevant peers. Post the outcome packet to the deterministic address defined by its fingerprint. Any routing mechanism that achieves this qualifies: a DHT-based overlay is one approach, but a vector database, a pub/sub broker keyed by semantic hash, or a simple REST API with consistent hashing all satisfy the same requirement. The protocol is transport-agnostic. The requirement is: same fingerprint routes to the same address.
6. Local synthesis. Your SD-WAN queries the address for its current event fingerprint and ingests relevant outcome packets from fleets with matching profiles. The synthesis happens locally, on your hardware, with no raw data from other fleets ever touching your network.
7. New outcomes generated. The synthesis result — your fleet's updated path decision, informed by 200 similar fleets — becomes a new outcome packet and re-enters the loop.
This is why the architecture is the breakthrough. Remove any single step and the loop breaks. The distillation without the fingerprinting is just compression. The fingerprinting without the routing is just labeling. The routing without the synthesis is just storage. The loop is what produces the N(N-1)/2 synthesis paths across all participating fleets.
The Three Elections (As Metaphors)
The QIS architecture raises three questions that every network engineer will ask immediately.
Who decides what makes two SD-WAN degradation events "similar enough" to share outcomes? This is not an algorithmic question — it is an expertise question. The best answer comes from someone who understands BGP peering topology, CDN egress hierarchies, and how ISP brownout patterns differ by region and traffic class. That expertise defines the similarity function. Think of it as hiring the right expert to draw the boundary. The Hiring metaphor.
Do you need to score or weight outcomes? No. When 200 similar fleets have deposited the same resolution pattern for the same ISP/city/traffic-class combination, the math surfaces it automatically. The aggregate frequency of the outcome across matching fingerprints is the intelligence. There is no reputation layer, no scoring mechanism, no added weighting scheme. The outcomes are the votes. The Math metaphor.
Which networks will SD-WAN teams actually use? The ones where the similarity function is well-defined and the outcomes are relevant. Networks that route irrelevant packets — because the similarity definitions are too broad or misconfigured — get abandoned. Fleets migrate toward the network where the fingerprints match and the outcomes are actionable. Natural selection across competing networks. The Darwinism metaphor.
These are not engineering specifications. They are descriptions of what happens when the architecture runs at scale.
Implementation Sketch
import hashlib
import json
from dataclasses import dataclass, field
from typing import Dict, List, Optional
@dataclass
class SDWANOutcomePacket:
isp_asn: int
peer_city: str
traffic_class: str # "voip" | "video" | "bulk"
degradation_pattern: str # "latency_spike" | "packet_loss" | "jitter"
resolution_action: str # "failover_to_lte" | "qos_reprioritize" | "path_change"
sla_recovery_ms: int
time_of_day_bucket: str # "morning_peak" | "evening_peak" | "overnight"
outcome_hash: str = field(init=False)
def __post_init__(self):
self.outcome_hash = self._compute_hash()
def _compute_hash(self) -> str:
# Fingerprint by semantic identity — NOT by organization
semantic_key = {
"isp_asn": self.isp_asn,
"peer_city": self.peer_city,
"traffic_class": self.traffic_class,
"degradation_pattern": self.degradation_pattern,
"time_of_day_bucket": self.time_of_day_bucket,
}
raw = json.dumps(semantic_key, sort_keys=True).encode()
return hashlib.sha256(raw).hexdigest()
class SDWANOutcomeRouter:
"""
Routes SD-WAN outcome packets by semantic fingerprint.
In production, the store maps to a DHT overlay, vector DB,
or any mechanism that routes to a deterministic address.
The protocol is transport-agnostic — this class abstracts the interface.
"""
def __init__(self):
self._store: Dict[str, List[SDWANOutcomePacket]] = {}
def deposit_outcome(self, packet: SDWANOutcomePacket) -> str:
key = packet.outcome_hash
if key not in self._store:
self._store[key] = []
self._store[key].append(packet)
return key
def query_similar(self, packet: SDWANOutcomePacket) -> List[SDWANOutcomePacket]:
"""
Returns all deposited outcomes matching this packet's semantic fingerprint.
Your fleet synthesizes locally — no raw data from other fleets required.
"""
key = packet.outcome_hash
return self._store.get(key, [])
def synthesis_count(self, packet: SDWANOutcomePacket) -> int:
return len(self.query_similar(packet))
# Example: Dallas ISP brownout, Tuesday evening, VoIP degradation
event = SDWANOutcomePacket(
isp_asn=7922,
peer_city="dallas",
traffic_class="voip",
degradation_pattern="latency_spike",
resolution_action="failover_to_lte",
sla_recovery_ms=340,
time_of_day_bucket="evening_peak",
)
router = SDWANOutcomeRouter()
router.deposit_outcome(event)
similar = router.query_similar(event)
print(f"Similar outcomes from peer fleets: {len(similar)}")
# At scale: 200+ matching outcomes means your path decision
# is informed before your SLA timer starts counting.
The fingerprint is computed from semantic fields only. Two fleets that have never communicated will produce the same hash for the same class of event. That is what enables routing without identity disclosure.
How the Approaches Compare
| Dimension | Central AIOps | Federated Learning | QIS Outcome Routing |
|---|---|---|---|
| Learning scope | Single-org telemetry | Multi-org, gradient-averaged | Multi-org, outcome-precise |
| Real-time ops latency | Low (local) | High (training round-trips) | Low (outcome query, no training cycle) |
| Privacy model | Centralized data aggregation | Raw data stays local | Distilled outcomes only, no raw data |
| Cross-org learning | None | Gradient approximation | Direct outcome synthesis |
| ISP brownout MTTR | 45-60 min (industry baseline) | Unchanged (wrong timescale) | Reducible — peer outcomes arrive before local convergence |
| Scales with N | Linear cost | Gradient averaging degrades with non-IID data | N(N-1)/2 synthesis paths, value grows with N |
The SD-WAN Orchestrator You Have Is Already the Edge
You do not need to rebuild your stack. The telemetry collection, the degradation detection, the resolution logging — your orchestrator already does all of it. The QIS architecture inserts between the resolution event and the archive: distill, fingerprint, route, query, synthesize.
The SD-WAN orchestrator you run today can become the edge of a global cross-fleet intelligence network without changing what data leaves your infrastructure. The outcome packet carries no topology, no IP space, no organizational identity. It carries the distilled answer to the question every SD-WAN engineer is silently asking at 6:12pm on a Tuesday in Dallas: has anyone else seen this, and what worked?
QIS is covered by 39 provisional patents filed by Christopher Thomas Trevethan. The architecture is protocol-agnostic — any mechanism that routes outcome packets to deterministic addresses defined by semantic similarity qualifies. The complete loop is the discovery.
QIS — Quadratic Intelligence Swarm — was discovered by Christopher Thomas Trevethan.
Top comments (0)