| 15 min read

What is SD-WAN?

SD-WAN is a networking technology that enables you to manage & optimise the connectivity of multiple sites across different network transport services, such across the public internet, MPLS or LTE. Now, next-generation SD-WAN is here, and it uses the cloud to its fullest potential.

15 min read


SD-WAN explained

Organisations continue to adopt SD-WAN in great numbers, attracted by both the technology's potential for streamlining, simplifying and super-charging their networks and by its ability to provide a consistently excellent connectivity experience for all employees, regardless of location.

Enterprises need a new WAN approach

As networks become increasingly more complex and the offload of services to third parties (such as SaaS applications) has become more commonplace, traditional backhaul methods from branches to centralised data centres, complete with robust security applications, have become large drains on bandwidth. With ever increasing bandwidth and QoS requirements fighting often static budgets, many organisations see that a better way to intelligently optimise traffic between locations & trusted cloud-based applications has become more critical than ever.

Network managers look to SD-WAN in order to better:

Support the increasing usage of cloud-based applications and services with a solution that can scale as their demands increase

Enable remote work and collaboration across multiple locations/geographies while ensuring business continuity

Gain more visibility and control of network performance and traffic, as well as offloading support to a managed service

Protect network data from cyber threats and vulnerabilities, ensuring constant compliance


In a recent Magic Quadrant report, Gartner predicted that global demand for SD WAN will continue to flourish, set to grow at a healthy annual rate of 14% until at least 2026. In addition, they forsee that by 2025, at least 50% of new and refresh deployments of enterprise WAN Edge will utilise Secure Access Service Edge (SASE), up from less than 5% in 2020.

SD-WAN meets the requirements of today's enterprises

SD-WAN is a platform that offers flexibility, advanced routing and security options to suit organisations with a wide range of changing requirements. Intelligent and programmable rule-based WAN routing services, encryption and secure segmented WAN architecture, essential and application-aware routing, and a centralised management syustem with API integration all combine to bring far more customisation and flexibility than ever previously possible.

With the increasing offload of critical infrastructure to third-parties, as well as the exponential increases in cyber attacks, it is also critical to build a WAN that can support:

Intrusion Detection and Prevention Services (IDS/IPS)

Cloud-based NGFW

DNS, IP and URL filtering

Anti-malware, Anti-Virus & DDoS protection

Zero Touch Network Access (ZTNA)

Cloud Acces Security Broker (CASB)

Sergio Alonso, our technical client partner, explains below how SD-WAN and SASE have been transforming how providers, and customers have been operating their networks:

How does SD-WAN work?

An SD-WAN works by creating a network of appliances, connected by encrypted tunnels. Each site on the WAN has its own SD-WAN appliance, and all traffic flows through that appliance. Since all appliances are centrally managed, consistent networking policies can be enforced throughout your organisation.

Diagram showing the differences in Application Layers between traditional networks and software-defined networks

An SD-WAN can also identify applications and provide intelligent routing across the entire WAN. Each class of applications receives the appropriate QoS and security policy enforcement, all in accordance with the business case. Secure local internet breakout of IaaS and SaaS application traffic from the branch provides the highest levels of cloud performance while protecting the wider busines from security threats.

An IP VPN is a private network that uses the public internet to connect remote sites or users together. It provides a secure and encrypted connection between two points, allowing data to be transmitted securely over the internet. IP VPNs are typically used to connect remote workers to their company's network, or to connect multiple branch offices together. They are also used to provide secure access to cloud-based applications.

IP VPNs will focus on encrypting internet connections to maintain data confidentiality, while SD-WAN manages WANs using software-defined methods for optimsed traffic routing.

SD-WAN provides centralised control, flexibility, and improved performance across vast geographical distances, adapting to varied traffic types and conditions. In contrast, VPNs focus on encrypting internet connections to maintain data confidentiality, often relying on a single link for data transmission.

The key difference between software-defined wide area networks (SD-WANs) different from Multiprotocol Label Switching (MPLS) is virtualisation.

SD-WAN is a software-based solution that incorporates traditional hardware and runs as a virtual network overlay on top. Conversely, the more traditional MPLS solution takes pre-defined and private routes on the hardware itself.

So who comes out top in the SD WAN v MPLS battle?

Ultimately it depends on your business’ needs. But if you have multiple sites, SD WAN can offer cost-effective flexibility, tighter security, and enhanced performance and control. To find out more about the benefits of SD WAN, keep reading.

What are the benefits of SD-WAN?

Traditional WANs were never designed with the cloud in mind, with modern security requirements increasing latency and impairing application performance. SD-WAN brings with it a multitude of benefits, including:

Cost Benefits
Resilience & flexibility

Mix and match multiple access types to achieve your network's desired resilience. Choose dynamic path selection for load sharing and backup across multiple connection types from a single branch.

Resilience and Flexibility
Reduce costs

Use multiple access types to connect to a site: MPLS, Internet, 3G/4G etc. You can also use lower cost access for low priority traffic, with high priority traffic routed across premium MPLS paths.

Value-added services
Easy to manage

Easily manage all traffic on chosen application from one central point. Zero-touch provisioning at a branch, one CPE device can act as a router, firewall & application performance monitor.

Faster Delivery
Optimised for cloud

Breakout to Internet closer to users to reduce latency to cloud-based services. Optimise performance by managing traffic on chosen apps with thresholds & change traffic patterns.

Easy to Manage
Value added services

Software layer (overlay) on top network connectivity (underlay) can provide value added services, such as security, WAN, optimisation, & analytics. Professional & managed services available.

Optimised for Cloud Performance and SaaS
Faster delivery

Use your existing Internet access enables a much quicker service deployment compared to leased lines. Leverage our geographic footprint and strong interconnections with global ISPs.

Additional benefits include empowering users to better:

Understand how much bandwidth and resources are being consumed by different apps, users and sites, and use this to identify bottlenecks, congestion or ineffeciencies in your network

Measure and monitor availability, latency, jitter, packet loss and throughput of your applications, and assess the impact of network conditions on user experience

Diagnose and isolate any errors in your network, and identify the location of these issues, such as device failures, misconfigurations or network outages

Detect and prevent threats, vulnerabilities and anomolies in your network, and enforce security policies and standards across your network devices and services

SD-WAN challenges

While SD-WAN has many benefits, there can also be implementation challenges. Below, we've listed some of the most common, and how to overcome them:

Picking the right vendor

There are many SD-WAN vendors out there, each with different features, pricing and support options. Look for vendors with industry certifications, such as MEF SD-WAN, that demonstrate their compliance with standards and best practices. Our award-winning SD-WAN platform, industry-leading partnerships with Versa and VMware, and analyst accolades made Colt and ideal choice, regardless of your requirements.

Cloud security concerns

SD-WAN enables you to connect your branches directly to the cloud, but this also exposes your netwok to performance and security risks.  Ensure you implement an SD-WAN solution that leverages application-aware routing, dynamic path selection, and cloud optimisation capabilities. It is highly recommended that you also integrate your SD-WAN with a cloud-based security solution, such as Zscaler.

Making the right diagnostics

SD-WAN is a complex technology that involves multiple layers, vendors and devices, and as such troubleshooting can be complex if you do not have visibility or control over your network. Ensure you use an SD-WAN solution that has built-in monitoring, with reporting tools that can help you identify and resolve issues quickly. Leverage industry standards, such as MEF Service Readiness Testing, to help verify your performance before activation.

GC1-Home-Landing Page-01
Stay secure beyond borders
A guide to SASE implementation

With employees working remotely and critical systems moving to the cloud, traditional network perimeters have exploded and businesses need to stay secure beyond borders to enable success. Download the free guide to discover a guide to SASE implementation, to help you find the right pathway for your business.

Avoid these 3 common mistakes

Despite being a significant development in networking, SD-WAN isn't a miracle cure. Below, we'll go through some important misconceptions to navigate to ensure you get the best experience for your business:

One of the most common misconceptions comes from the idea that SD-WAN means MPLS can be phased out, instead relying on cheaper internet connectivity. The problem is that internet connections are not all like for like, and that MPLS and internet connections should be seen as complementary, not competitive, and while SD-WAN purely over internet can work, it won't in all cases. Many businesses require a connection with a guaranteed quality of service (QoS) that a simple internet connection cannot deliver.

We've seen people talking about cost savings of over 40% by moving to SD-WAN and removing or reducing spend on MPLS connectivity, but good quality internet connectivity if often expensive, and prices can vary dramatically by provider. An SD-WAN platform will only be as good as the network beneath it. There will always be demand for both MPLS and Internet for specific connectivity requirements. The question around choosing has to come down to the pros and cons of each, weighed up against the need within the organisation.

Given the similarity of acronyms, it's not surprising that they often get used interchangeably, but while they share a common heritage, they are different technologies which address very different business goals.

Both SD-WAN and SDN start with the separation of the control and data planes, both can be virtualised, and both support Virtual Network Functions (VNFs), but that's where the similarities end. SDN was built to support processes inside a Local Area Network (LAN), whereas SD-WAN focuses more on the external side, complementing existing networks and enabling connections to public clouds without relying purely on MPLS.

SD-WAN sits within the NFV structure and the ability to virtualise network applications is enabled by Universal Customer Premise Equipment (uCPE). Rather than dedicated hardware for each application, uCPE gives network managers access to the latest virtualised services from the widest range of suppliers, all on-demand and under end-user control. Costs are reduced with shared commercial off-the-shelf infrastructure, and standardisation enables processes and skillsets to be optimised and streamlined.

There are a masive range of options in the marketplace for SD-WAN and one size does not fit all. Choosing the right approach will depend on the requirements and resources available to each business, with significant variation between the different approaches on offer, and the work required from the customer end. We've mapped out the different provider options depending on the network approach and how much customer involvement each requires:

The 'do it yourself' model
The DIY approach offers the most control, alongside the biggest risk. It brings the SLA aspect in-house and means enteprises can either select an SD-WAN platform and then find a network to fit, or vice-versa. Enterprises need to be cautious with a DIY approach as it requires having an IP department with the required skills and experience to design and manage their solution internally. Part of this would require keeping the network up and running 24/7, which for some businesses simply isn't suitable.
The OTT model
The OTT players are often those at the leading edge for technology and this can be ideal for those who will take advantage of the newest features. The risk is they may not have full control over the network element and it may rely purely on internet. Network Service Providers will likely take a methodical and more steady approach to SD-WAN as a service, offering a standardised user experience with more control of data flows. Those with a managed service offering require the lowest involvement from a customer, but at the expense of some control that may be useful in other areas.

"There are a lot of different SD-WAN solutions in the market, with different capabilities and different levels of sophistication, as there isn't a widely accepted SD-WAN standard across all service areas. Some of these solutions are very complex to maintain and implement, potentially requiring in-house expertise available 24/7. Enterprises should consider their requirements and carefully evaluate the best solution, whether that's a DIY solution or a fully managed network service."

Peter Coppens, Vice President, Product Portfolio, Colt

Regardless of the approach you choose, a well-architected, well-executed, and delivered network is critical - whether it's based on private or public connectivity. SD-WAN will not cover for a poorly designed network.

What is driving SD-WAN implementation?

With CIOs and network managers in every sector focused on connectivity requirements for the future, now is a good time to focus on three of the biggest drivers of SD-WAN adoption:

Use Case #1: Hybrid work

Conventional working patterns have been replaced with something much more fluid. The hybrid work model looks to be an ongoing fixture, but brings its own challenges and considerations:

Networking challenge

Legacy WAN infrastructure was not built for today's hybrid workforce - the conventional network perimeter no longer applies, and older technologies cannot adapt. Secure, consistent & frictionless user experiences are expected as standard.


SD-WAN works with both MPLS and internet connectivity to deliver universal experiences regardless of location. It doesn't leave you reliant on hardware, and can prioritise critical traffic & latency sensitive services over most efficient routes.

The Colt solution

SD-WAN Remote Access, based on Versa SASE, allows remote access without compromising network security, integrity or performance, and is based on a easy-to-scale, cost-effective pricing model. Discover more about our SD-WAN solution.

Use Case #2: Multi-cloud deployments

It is rare that a single cloud provider can meet all of an organisations diverse operational requirements. By distributing cloud-based applications across several platforms, a single-point of failure is removed.

Networking challenge

Older networking methods are not designed to facilitate direct access to cloud resources from a multitude of locations, and previous ways of backhauling data makes it hard to keep that data private. Additioanlly, budgets simply cannot scale with bandwidth demand.


SD-WAN works with existing leased line investments, alongside direct internet connections to offer the best fit for different applications. SD-WAN is bost cost-effective for enterprises and well suited to optimised user experiences, though not all solutions are equal.

The Colt solution

Multi-Cloud is a feature available enabling secure connectivity via Colt's Cloud Gateway, utilising the SDN optimised Colt network for cost-effective, secure, high-performance connectivity into all the leading public cloud platforms, all managed via a single portal.

Use Case #3: WAN simplification

Many organisations' networks have grown piecemeal over time, perhaps through acquisitions or through expansion into fresh geographies. The result is incredible complexity, legacy technologies and multiple vendors, alongside increasing security requirements.

Networking challenge

Amalgamated networks, changing patterns of work and a new type of network edge makes a holistic network view more challenging than ever. Private networking has given way to internet networking, and is far more distributed and virtualised. However, this must still be combined into a coherent strategy.


SD-WAN gives you back control, allowing you to configure multiple devices in real time and on demand. Support the best of all worlds with mature technologies such as MPLS, as well as internet access for multiple cloud platforms, all in a single manageable location, and a single portal to bring it all together.

The Colt solution

Colt is your trusted partner to help navigate a diverse ecosystem, and not all SD-WAN solutions are built the same. Our innovation workshops are designed to fully understand your requirements, your end user goals and your full IT stack. Enquire on our SD-WAN page to get a personalised WAN roadmap built.

Secure Access Service Edge

SASE is a cloud-based framework that seamlessly integrates software-defined wide area networking and Zero Trust security solutions. If you want to learn more about SASE, we've covered it extensively in our SASE Explained guide.

The goal of SASE is to deliver the optimum user experience for cloud-based applications without sacrificing security. With such a variety of options available to accelelerate your digital transformation, comes a broad scope of considerations. We sat down with Colt's Security Product Manager, Mark Bales, who describes how to navigate these solutions below:

GC1-Home-Landing Page-01
Stay secure beyond borders
A guide to SASE implementation

With employees working remotely and critical systems moving to the cloud, traditional network perimeters have exploded and businesses need to stay secure beyond borders to enable success. Download the free guide to discover a guide to SASE implementation, to help you find the right pathway for your business.

Why choose Colt as your partner for SD-WAN?

Organisations around the world choose Colt's award-winning SD-WAN solution to transform their networks. Here are just some of the reasons to choose us as your provider:

A global network footprint

Did you know? Colt connects to more data centres in Europe, Asia & the US than any other provider. With over 32,000 buildings connected in 38 countries, we can deliver a truly global service. Check your availability today.

An industry-leader

Awarded with 'Best SD-WAN Enterprise Service' and 'Innovation - New Service Innovation' in NFV SDN services, as well as analyst recognition such as 'Company of the Year SD-WAN' (Frost & Sullivan) and as a 'visionary' in Gartner's Magic Quadrant.

Move to Universal CPE

We offer a multi-vendor uCPE based on x86 white server infrastructure, offering optimal flexibility. Colt CPE can offer Edge Compute and provides enhanced SD-WAN services.

Choose the best experience

Customer service is at our core, and we've got industry-leading NPS scores to prove it! Choose from a range of professional and managed services to complement our world-class network.

Ready to get started?



Accelerating digital transformation with a best in class SD-WAN solution.

SD WAN Multi-cloud

SD-WAN Multi-Cloud

Bringing together your enterprise network and cloud infrastructure.


Datasheet Hub

Access our full library of technical documentation.


Connectivity Checker

Are you Colt connected? Enter your address and get started.