diff --git a/tech_docs/networking/sdwan_primer.md b/tech_docs/networking/sdwan_primer.md
new file mode 100644
index 0000000..01cd98b
--- /dev/null
+++ b/tech_docs/networking/sdwan_primer.md
@@ -0,0 +1,125 @@
+Here’s the **20% of SD-WAN that covers 80% of what you need to know**, with a focus on **practical knowledge for senior network roles** and seamless integration with your IPSec expertise:
+
+---
+
+### **SD-WAN Crash Course: The 20% That Matters**  
+**Goal:** Understand **core SD-WAN concepts**, how they differ from traditional WAN, and how they integrate with IPSec.
+
+---
+
+## **1. SD-WAN vs Traditional WAN**  
+| **Feature**          | **Traditional WAN (MPLS/VPN)** | **SD-WAN** |
+|----------------------|-------------------------------|------------|
+| **Cost**             | Expensive (MPLS circuits)      | Cheaper (uses Internet + broadband) |
+| **Agility**          | Manual config changes         | Centralized, automated policies |
+| **Performance**      | Predictable but rigid         | Dynamic path selection (jitter/loss-aware) |
+| **Security**         | Relies on IPSec/MPLS          | Built-in encryption (IPSec, TLS) |
+| **Topology**         | Hub-and-spoke                 | Any-to-any, mesh |
+
+**Key Takeaway:**  
+- SD-WAN **decouples control plane from hardware**, allowing dynamic traffic routing over **any transport (MPLS, LTE, broadband)**.
+
+---
+
+## **2. SD-WAN Core Components**  
+### **(1) Edge Devices (CPE)**  
+- **e.g., Cisco vEdge, FortiGate, VeloCloud**  
+- Sit at branch offices, apply policies, and encrypt traffic.  
+
+### **(2) Orchestrator (Controller)**  
+- **e.g., Cisco vManage, VMware Orchestrator**  
+- **Centralized policy management** (no CLI needed!).  
+
+### **(3) Overlay Tunnels**  
+- **Encrypted tunnels** (IPSec, GRE, DTLS) between edges.  
+- Uses **TLOC (Transport Locator)** = Public IP + Color (e.g., `INET`, `MPLS`).  
+
+### **(4) Underlay Transport**  
+- **Any WAN link**: MPLS, Internet, LTE, 5G.  
+
+---
+
+## **3. How SD-WAN Works (The 80% You Need)**  
+### **(1) Path Selection**  
+- **Dynamic multi-path steering**: Chooses best path based on:  
+  - **Application SLA** (e.g., VoIP → low latency).  
+  - **Real-time metrics** (jitter, packet loss, latency).  
+
+**Example Policy:**  
+```plaintext
+IF (Application == VoIP) AND (Latency > 50ms) → SWITCH to backup link  
+```
+
+### **(2) Zero-Touch Provisioning (ZTP)**  
+- Plug in a device → auto-configures via orchestrator.  
+
+### **(3) Application-Aware Routing**  
+- **DPI (Deep Packet Inspection)** identifies apps (e.g., Teams, SAP).  
+- **QoS prioritization** (VoIP > YouTube).  
+
+### **(4) Security Integration**  
+- **IPSec for all overlays** (mandatory for Internet links).  
+- **Cloud-based firewalls** (e.g., FortiGate, Zscaler).  
+
+---
+
+## **4. SD-WAN + IPSec Integration**  
+- **SD-WAN uses IPSec for secure tunnels** but adds:  
+  - **Automated key rotation** (no manual PSK updates).  
+  - **Tunnel bonding** (combines multiple links for throughput).  
+
+**Key Difference:**  
+- Traditional IPSec VPN = **static tunnels**.  
+- SD-WAN IPSec = **dynamic, SLA-driven tunnels**.  
+
+---
+
+## **5. SD-WAN Troubleshooting (Top 5 Issues)**  
+| **Issue**                     | **Debug Command**                     | **Fix** |
+|-------------------------------|--------------------------------------|---------|
+| **Tunnels not coming up**     | `show sdwan tunnel` (Cisco)          | Check underlay reachability |
+| **Poor VoIP quality**         | `show sdwan app-route stats`         | Adjust SLA thresholds |
+| **Orchestrator sync failure** | `show sdwan control connections`     | Verify certs/connectivity |
+| **Traffic taking wrong path** | `show sdwan policy-service-path`     | Fix application-aware rules |
+| **High latency on backup**    | `show sdwan interface`               | Enable FEC (Forward Error Correction) |
+
+---
+
+## **6. SD-WAN vs. DMVPN (Common Interview Qs)**  
+**Q: When would you use SD-WAN over DMVPN?**  
+- **SD-WAN**: When you need **application-aware routing + centralized management**.  
+- **DMVPN**: When you need **scalable IPSec tunnels but don’t need SaaS optimization**.  
+
+**Q: Can SD-WAN replace IPSec?**  
+- **No!** SD-WAN **uses** IPSec for encryption but adds intelligence on top.  
+
+---
+
+## **7. Lab Practice (Quick Wins)**  
+1. **Simulate link failure** in GNS3/EVE-NG → Watch SD-WAN switch paths.  
+2. **Prioritize VoIP traffic** over YouTube.  
+3. **Break the orchestrator** → Observe fallback to local policies.  
+
+**CLI Examples (Cisco Viptela):**  
+```bash
+show sdwan control connections  # Check orchestrator status  
+show sdwan app-route stats      # Verify path selection  
+clear sdwan tunnel              # Force tunnel re-establishment  
+```
+
+---
+
+## **8. Interview Cheat Sheet**  
+✅ **SD-WAN = Automation + Application-Aware Routing + Multiple Underlays**.  
+✅ **IPSec is still used, but dynamically managed**.  
+✅ **Key metrics: Jitter (<30ms), Latency (<150ms), Packet Loss (<1%)**.  
+✅ **Orchestrator is the brain; edges are the muscle**.  
+
+---
+
+### **Where to Go Next?**  
+1. **Deep dive into your vendor’s SD-WAN** (Cisco, Fortinet, VMware).  
+2. **Learn cloud-integrated SD-WAN** (AWS Transit Gateway, Azure Virtual WAN).  
+3. **Study real-world designs** (e.g., "How SD-WAN replaces MPLS").  
+
+Need a **deep dive on a specific SD-WAN vendor** or **mock scenarios**? Let me know! 🚀
\ No newline at end of file