What is SD-WAN?
SD-WAN (Software-Defined Wide Area Network) is an overlay network technology that abstracts the underlying WAN transport — MPLS, broadband internet, 4G/5G, or any combination — and applies intelligent, policy-driven path selection at the application layer. Rather than statically routing all traffic down a single circuit, SD-WAN continuously measures path quality (latency, jitter, packet loss) across all available transports and steers each application's traffic down the optimal path in real time. The management plane is centralised in a cloud or on-premises controller, giving network teams a single pane of glass for policy definition, monitoring, and zero-touch provisioning of new sites. SD-WAN does not replace your circuits — it makes them smarter.
SD-WAN vs Traditional MPLS
MPLS has been the backbone of enterprise WANs for two decades. It offers guaranteed QoS, predictable latency, and provider-managed SLAs. But it is expensive, slow to provision (weeks to months), and inflexible when it comes to adding cloud or internet breakout. SD-WAN was designed to address exactly these limitations.
| Criteria | Traditional MPLS | SD-WAN (Broadband) |
|---|
| Cost | High — dedicated circuits, per-Mbps pricing | Low — commodity broadband, pay once for SD-WAN licences |
| Provisioning Time | 4–12 weeks per new site | Days — ship CPE, zero-touch provision via controller |
| Flexibility | Fixed routes, manual changes | Dynamic path steering, policy changes in minutes |
| Resilience | Single circuit — failover via separate backup line | Active-active across multiple transports, sub-second failover |
| Cloud Access | Backhauled via DC — high latency for SaaS | Direct local internet breakout per policy (Office 365, Zoom) |
| Management | Per-device CLI / provider portal | Centralised controller — single pane of glass |
| Best For | Latency-sensitive, compliance-driven environments | Cost-sensitive multi-site, cloud-first organisations |
Cisco vs Fortinet vs Meraki — SD-WAN Comparison
These three vendors dominate the UK enterprise SD-WAN market. Each has a distinct architecture, management model, and sweet spot.
| Feature | Cisco Catalyst SD-WAN (Viptela) | Fortinet SD-WAN | Meraki MX SD-WAN |
|---|
| Controller Model | vManage (cloud or on-prem) | FortiManager / FortiOS native | Meraki Dashboard (cloud-only) |
| Security Integration | Separate — SASE via Cisco Umbrella | Tight — NGFW, IPS, SD-WAN in same FortiGate | Integrated UTM on MX appliance |
| Routing Capability | Full enterprise routing — BGP, OSPF, EIGRP | Strong — BGP, OSPF, SD-WAN policies | Limited — simpler routing suitable for branch |
| Pricing Model | Per-device DNA licensing (Advantage/Premier) | Per-device FortiCare + NGFW bundle | Per-device Meraki licensing (annual) |
| Complexity | High — best operated by CCNP+ engineers | Medium — familiar to Fortinet admins | Low — designed for non-specialist management |
| Best For | Large UK enterprise, existing Cisco estate | Multi-site orgs wanting WAN + firewall convergence | SME and managed service providers, fast rollout |
SD-WAN Deployment Steps for a UK Multi-Site Organisation
A typical SD-WAN deployment for a UK organisation with 5–30 sites follows this phased approach:
Phase 1 — Discovery and Design
Audit existing WAN topology, circuit inventory, routing protocols, and application traffic profiles. Define application policy requirements (which apps get priority, which can use cheaper paths). Select vendor and platform based on existing estate and skills.
Phase 2 — Circuit and Hardware Procurement
Order SD-WAN CPE devices (or validate existing hardware compatibility). Order new broadband circuits where MPLS is being replaced. Allow 4–6 weeks for circuit lead times in the UK — this is typically the longest dependency in the project.
Phase 3 — Lab Build and Policy Definition
Build the SD-WAN controller and configure template policies in a lab environment. Validate zero-touch provisioning, routing policies, application QoS, and failover behaviour before any production cutover.
Phase 4 — Pilot Site Deployment
Deploy to a single low-risk site first. Run SD-WAN in parallel with existing connectivity for 1–2 weeks. Validate application performance, failover times, and monitoring visibility before proceeding to the full rollout.
Phase 5 — Phased Site Rollout
Roll out remaining sites in waves, typically 3–5 per week depending on team capacity. Use zero-touch provisioning where possible — ship pre-registered CPE to sites for local plug-in with no on-site engineer required.
Phase 6 — Monitor, Tune, and Decommission Legacy Circuits
Monitor application SLA metrics in the SD-WAN dashboard for 4–8 weeks post-cutover. Tune QoS policies based on real traffic patterns. Once SD-WAN is stable, decommission legacy MPLS circuits to realise cost savings.
Frequently Asked Questions
What is the difference between SD-WAN and MPLS?
MPLS is a dedicated, provider-managed WAN circuit with guaranteed QoS and predictable latency, but it is expensive and slow to provision. SD-WAN is an overlay that can run on top of any transport — broadband, MPLS, 4G/5G — and applies intelligent path selection based on application policy and real-time link quality measurement. SD-WAN gives you flexibility and cost savings; MPLS gives you deterministic performance. Many organisations run SD-WAN on broadband with MPLS retained as a premium path for latency-sensitive applications like VoIP and trading systems.
Which SD-WAN vendor is best for UK SMEs?
For UK SMEs, Meraki MX and Fortinet SD-WAN are the most common choices. Meraki is simple to manage via the cloud dashboard and requires minimal SD-WAN expertise on-site — ideal for managed service providers or IT teams without dedicated WAN engineers. Fortinet integrates SD-WAN with NGFW in a single FortiGate appliance, making it a strong choice for organisations that want to consolidate security and WAN. Cisco Catalyst SD-WAN suits larger enterprise environments with existing Cisco estates and dedicated network teams.
How long does an SD-WAN deployment take?
A typical UK multi-site SD-WAN deployment takes 8–16 weeks from project kick-off to full cutover, depending on site count and complexity. This includes design and vendor selection (2–4 weeks), hardware procurement and circuit provisioning (2–4 weeks, often the critical path), lab validation and policy definition (2–3 weeks), phased site rollout (2–4 weeks), and post-go-live monitoring and tuning (ongoing). Greenfield deployments with pre-provisioned hardware over existing circuits are significantly faster.
Does SD-WAN replace your existing WAN?
SD-WAN replaces the WAN management and policy layer, not necessarily the physical circuits. Most organisations overlay SD-WAN on top of existing internet broadband and may retain MPLS as a high-quality transport path within the SD-WAN policy engine. Over time, many organisations decommission MPLS as SD-WAN matures, replacing it with dual broadband plus 4G/5G failover at a significantly lower monthly cost. The transition is typically phased over 12–24 months as MPLS contracts expire.
Need Help with an SD-WAN Project?
Our senior network engineers have delivered SD-WAN deployments across Cisco Catalyst, Fortinet, and Meraki for UK organisations of all sizes. Talk to us about your project.
View Network Consultancy →