It's a complex problem that hasn't even been formulated properly yet.
For example, every existing solution touts "security" and yet completely mangles the difference between authentication and encryption.
Authentication is important - you don't want random servers or users to enroll on your network, and you want good tools to rotate and manage secrets.
Encryption isn't important unless you care about state-level actors sniffing your traffic at the backbone. (And if you care about that then you already have your own datacenter.)
Meanwhile encrypting all network traffic is a huge performance penalty. (Orders of magnitude for some valid use cases.)
For example, every existing solution touts "security" and yet completely mangles the difference between authentication and encryption.
Authentication is important - you don't want random servers or users to enroll on your network, and you want good tools to rotate and manage secrets.
Encryption isn't important unless you care about state-level actors sniffing your traffic at the backbone. (And if you care about that then you already have your own datacenter.)
Meanwhile encrypting all network traffic is a huge performance penalty. (Orders of magnitude for some valid use cases.)