HomeGlossaryThe ultimate guide to SD-WAN | 15 min read

The Ultimate guide to SD-WAN

Everything you need to know to get the most out of your SD-WAN solution.

15 min read

An introduction to SD-WAN

Organisations continue to adopt SD-WAN in great numbers, attracted by both the technology's potential for streamlining, simplifying and super-charging their networks and by its ability to provide a consistently excellent connectivity experience for all employees, regardless of location.

Are you thinking of upgrading to SD-WAN? To help our customers get the most out of their networks, we've put together an exhaustive list of key questions, considerations and advantages that you will discover in your journey to adaptive networking.


In a recent Magic Quadrant report, Gartner predicted that global demand for SD WAN will continue to flourish, set to grow at a healthy annual rate of 14% until at least 2026. In addition, they forsee that by 2025, at least 50% of new and refresh deployments of enterprise WAN Edge will utilise Secure Access Service Edge (SASE), up from less than 5% in 2020.

What is SD-WAN?

Software-Defined Wide Area Network (SD-WAN) is a networking technology that enables you to manage and optimise the connectivity of multiple sites across different network transport services, such as across the public internet, MPLS, 4G or 5G. Initially, the service was launched to optimise traffic across MPLS and IP-based connectivity, and while that's key - enterprises need more. Next generation SD-WAN is here, and it's utilising the cloud to its fullest potential.

As a network manager, you might be interested in SD-WAN if you want to:

Support the increasing use of cloud-based applications and services across your organisation

Enable remote work and collaboration across multiple locations/geographies

Gain more visibility and control of your network performance and traffic

Protect your network and data from cyber threats and vulnerabilities

How does an SD-WAN work?

An SD-WAN works by creating a network of appliances, connected by encrypted tunnels. Each site on the WAN has its own SD-WAN appliance, and all traffic flows through that appliance. Since all appliances are centrally managed, consistent networking policies can be enforced throughout your organisation.

An SD-WAN can also identify applications and provide intelligent routing across the entire WAN. Each class of applications receives the appropriate QoS and security policy enforcement, all in accordance with the business case. Secure local internet breakout of IaaS and SaaS application traffic from the branch provides the highest levels of cloud performance while protecting the wider busines from security threats.

An IP VPN is a private network that uses the public internet to connect remote sites or users together. It provides a secure and encrypted connection between two points, allowing data to be transmitted securely over the internet. IP VPNs are typically used to connect remote workers to their company's network, or to connect multiple branch offices together. They are also used to provide secure access to cloud-based applications.

IP VPNs will focus on encrypting internet connections to maintain data confidentiality, while SD-WAN manages WANs using software-defined methods for optimsed traffic routing.

SD-WAN provides centralised control, flexibility, and improved performance across vast geographical distances, adapting to varied traffic types and conditions. In contrast, VPNs focus on encrypting internet connections to maintain data confidentiality, often relying on a single link for data transmission.

The key difference between software-defined wide area networks (SD-WANs) different from Multiprotocol Label Switching (MPLS) is virtualisation.

SD-WAN is a software-based solution that incorporates traditional hardware and runs as a virtual network overlay on top. Conversely, the more traditional MPLS solution takes pre-defined and private routes on the hardware itself.

So who comes out top in the SD WAN v MPLS battle?

Ultimately it depends on your business’ needs. But if you have multiple sites, SD WAN can offer cost-effective flexibility, tighter security, and enhanced performance and control. To find out more about the benefits of SD WAN, keep reading.

What are the benefits of SD-WAN?

SD-WAN has a large number of benefits, which can vary depending on your chosen implementation. Our network managers have highlighted the top 4 advantages of an effective SD-WAN.

SD-WAN can identify applications and their purpose, and allocate security and bandwidth characteristics accordingly. SD-WAN allows you to assign different characteristics to lines via customised policies. The policies define how the network should behave, such as which transport to use for each application, how to prioritise traffic, how to load balance across multiple links, and how to secure your data in transit.

You can create policies based on various criteria, such as application type, source and destination IP address, port number, protocol, VPN and many more. You can also use templates to apply policies to multiple devices or sites at once, making it easier to manage large, complex networks.

For example, you can assign a high priority to voice and video traffic, and use the best available transport available for them, while assigning low priority to backup traffic, and use the cheapest transport for it. You can also assign different security levels to different lines, and use encryption, authentication, and firewall features to protect your data.

SD-WAN reduces the time and effort to set up customised networks by using a centralised managment system that epowers network administrators to deploy, monitor, and update network devices and policies from a single dashboard. This eliminates the need for manual configuration and troubleshooting at each site, and enables faster and easier network modification.

SD-WAN also reduces the dependency on expensive and complex MPLS links, and allows the use of cheaper and more flexible transport options, such as broadband, LTE and 5G. This remote configuration removes the need to visit data centres in person to configure terminals or replace routers. Compared to building a WAN environment, the man-hours and time required for network management can be significantly reduced.

When using a traditional WAN to access external environments (such as the wider internet) from a closed network, the conventional method of managing access and ensuring security was to go through a centralised gateway, often located at a head office or data centre.

Over recent years, the way we access information has changed. An increase in the number of ways we access information, as well as where we access that information from, has resulted in a drastic increase in the number of gateways required, placing a heavy burden on closed networks. Internet breakout is a way of routing internet-bound traffic directly to the internet from a local branch or remote office, rather than backhauling it to a centralised data centre. This can improve the performance and user experience of critical cloud applications, and reduce the cost and bandwidth consumption of a corporate network.

However, local internet breakout also introduces security challenges, as each breakout point needs to be protected with the same level of security as the corporate data centre, and traditional security appliances are not scalable or cost-effective in this scenario. Many organisations look to cloud security platforms such as Zscaler, a core partner of Colt, to achieve this.

Due to the aforementioned centralised dashboard, burden placed upon information system administrators is greatly reduced. Network analytics provide visibility into the performance and health of your network, applications and users, by collecting and analysing data from various sources, such as routers, switches, firewalls, cloud services and end devices.

Network automation enables you to optimse your network operations, by applying policies, templates and best practices to monitor, configure and troubleshoot your devices and searches.

An effectively planned and implemented SD-WAN puts more tools than ever before in the hands of the network manager. Bringing a virtual layer onto your network can enable you to:

Understand how much bandwidth and resources are being consumed by different apps, users and sites, and use this to identify bottlenecks, congestion or ineffeciencies in your network

Measure and monitor availability, latency, jitter, packet loss and throughput of your applications, and assess the impact of network conditions on user experience

Diagnose and isolate any errors in your network, and identify the location of these issues, such as device failures, misconfigurations or network outages

Detect and prevent threats, vulnerabilities and anomolies in your network, and enforce security policies and standards across your network devices and services

What are the challenges of an SD WAN deployment?

While SD-WAN has many benefits, there can also be implementation challenges. Below, we've listed some of the most common, and how to overcome them:

Picking the right vendor

There are many SD-WAN vendors out there, each with different features, pricing and support options. Look for vendors with industry certifications, such as MEF SD-WAN, that demonstrate their compliance with standards and best practices.

Cloud security concerns

SD-WAN enables you to connect your branches directly to the cloud, but this also exposes your netwok to performance and security risks.  Ensure you implement an SD-WAN solution that leverages application-aware routing, dynamic path selection, and cloud optimisation capabilities. It is highly recommended that you also integrate your SD-WAN with a cloud-based security solution, such as Zscaler.

Making the right diagnostics

SD-WAN is a complex technology that involves multiple layers, vendors and devices, and as such troubleshooting can be complex if you do not have visibility or control over your network. Ensure you use an SD-WAN solution that has built-in monitoring, with reporting tools that can help you identify and resolve issues quickly. Leverage industry standards, such as MEF Service Readiness Testing, to help verify your performance before activation.


Power your digital engine with secure SD-WAN

What is driving the next era of cloud? We surveyed 400 IT decision makers and C-level executives, across Europe and Asia. Get all the insights in this exclusive research.

Cutting through the hype: how to ensure you're delivering value

SD-WAN is one of the fastest growing segments of the network infrastructure market. As SD-WAN becomes more widely adopted, the challenge is to cut through the hype and misinformation, and to fully understand how, or even if, SD-WAN is suitable for your business.

We recently asked our customers what they need the most from an SD-WAN solution, and the key features they asked for are cloud-based network and security services, closely followed by a centrally programmable network.

Alongside these features, SD-WAN brings cost benefits, improved flexibility and gives enterprises more control over their WAN. However, the cost aspect can be often overstated, and this brings us to our first misconception.


Introducing SD-WAN means killing off MPLS completely

One of the most common misconceptions comes from the idea that SD-WAN means MPLS can be phased out, instead relying on cheaper internet connectivity. The problem is that internet connections are not all like for like, and that MPLS and internet connections should be seen as complementary, not competitive, and while SD-WAN purely over internet can work, it won't in all cases.

Many businesses require a connection with a guaranteed quality of service (QoS) that a simple internet connection cannot deliver.

We've seen people talking about cost savings of over 40% by moving to SD-WAN and removing or reducing spend on MPLS connectivity, but good quality internet connectivity if often expensive, and prices can vary dramatically by provider. An SD-WAN platform will only be as good as the network beneath it. There will always be demand for both MPLS and Internet for specific connectivity requirements. The question around choosing has to come down to the pros and cons of each, weighed up against the need within the organisation.


All SD-WANs are the same

There are a masive range of options in the marketplace for SD-WAN and one size does not fit all. Choosing the right approach will depend on the requirements and resources available to each business, with significant variation between the different approaches on offer, and the work required from the customer end. We've mapped out the different provider options depending on the network approach and how much customer involvement each requires:

SD-WAN quadrant chart

The DIY approach offers the most control, alongside the biggest risk. It rbings the SLA aspect in-house and means enteprises can either select an SD-WAN platform and then find a network to fit, or vice-versa. Enterprises need to be cautious with a DIY approach as it requires having an IP department with the required skills and experience to design and manage their solution internally. Part of this would require keeping the network up and running 24/7, which for some businesses simply isn't suitable.

The OTT players are often those at the leading edge for technology and this can be ideal for those who will take advantage of the newest features. The risk is they may not have full control over the network element and it may rely purely on internet. Network Service Providers will likely take a methodical and more steady approach to SD-WAN as a service, offering a standardised user experience with more control of data flows. Those with a managed service offering require the lowest involvement from a customer, but at the expense of some control that may be useful in other areas.

"There are a lot of different SD-WAN solutions in the market, with different capabilities and different levels of sophistication, as there isn't a widely accepted SD-WAN standard across all service areas. Some of these solutions are very complex to maintain and implement, potentially requiring in-house expertise available 24/7. Enterprises should consider their requirements and carefully evaluate the best solution, whether that's a DIY solution or a fully managed network service."

Peter Coppens, Vice President, Product Portfolio, Colt

Regardless of the approach you choose, a well-architected, well-executed, and delivered network is critical - whether it's based on private or public connectivity. SD-WAN will not cover for a poorly designed network.


SD-WAN and SDN are more or less the same thing

Given the similarity of acronyms, it's not surprising that they often get used interchangeably, but while they share a common heritage, they are different technologies which address very different business goals.

Both SD-WAN and SDN start with the separation of the control and data planes, both can be virtualised, and both support Virtual Network Functions (VNFs), but that's where the similarities end. SDN was built to support processes inside a Local Area Network (LAN), whereas SD-WAN focuses more on the external side, complementing existing networks and enabling connections to public clouds without relying purely on MPLS.

SD-WAN sits within the NFV structure and the ability to virtualise network applications is enabled by Universal Customer Premise Equipment (uCPE). Rather than dedicated hardware for each application, uCPE gives network managers access to the latest virtualised services from the widest range of suppliers, all on-demand and under end-user control. Costs are reduced with shared commercial off-the-shelf infrastructure, and standardisation enables processes and skillsets to be optimised and streamlined.

What are the three biggest use cases driving SD WAN implementation?

Early SD-WAN uses cases included better network traffic management, provisioning of internet connectivity for branch sites, and setting up one-to-many connections for cloud-based applications. Priorities have moved on, and SD-WAN technology is changing to meet new needs and deliver value in new ways. With CIOs and network managers in every sector focused on connectivity requirements for the future, now is a good time to focus on three of the biggest drivers of SD-WAN adoption.

Use Case #1: Hybrid work

Conventional working patterns have been replaced with something much more fluid. The hybrid work model looks to be an ongoing fixture, but brings its own challenges and considerations:

The networking challenge

Legacy WAN infrastructure was not designed for an age of hybrid workers, picking and choosing the network access method and device that best enables their productivity. The conventional network perimeter, embracing a head office and a tightly defined number of smaller locations, no longer applies, and older technologies cannot adapt to match this change. Today's employees expect consistency in their experience when they access applications and services, and a solution is needed that lets them access resources in a safe, logical and consistent way.

Why SD-WAN is the answer

SD-WAN standardises and unifies the hybrid work experience. Where traditional connectivity struggles with security and performance requirements, SD-WAN is in its element. It works in tandem with MPLS and internet connectivity, delivering a consistent and universal experience regardless of location.

Because it’s software-defined, SD WAN doesn’t leave you reliant on specific hardware or underlying technology. It can save costs by working with existing investments and adapting to match shifting requirements. It is the perfect on-ramp to cloud platforms, leading to quicker, easier access to workloads held off-site. It also can prioritise businesscritical traffic and real-time services over the most efficient route. Packet loss and latency issues that hybrid work might otherwise lead to are resolved. Security functionality can be accessed through SD WAN without deploying added equipment.

How Colt can help

Colt SD-WAN allows network managers to configure single or multiple devices in real-time and provision and orchestrate services on demand. New locations can be turned up in minutes, and additional bandwidth dialled up exactly when and where it is needed. Colt's SD WAN Remote Access is designed to meet secure remote access needs as enterprises move towards a permanently hybrid workforce.

Use Case #2: Multi-cloud deployments

Enterprises are finding that no single cloud provider can meet all their diverse operational requirements. With more and more applications and functions migrating to the cloud, a multi-cloud strategy is proving to be the best and most resilient solution. By distributing cloud-based applications and resources across several public cloud platforms, the possibility of a single point of failure is eliminated, improved availability delivered, and better ways to cope with life's uncertainties provided for.

The networking challenge

Conventional hub-and-spoke network arrangements, designed for a stable world of site-to-site VPN connections and on-premise corporate data centres, just doesn't cut it when it comes to multiple clouds. Older networking methods were not designed to facilitate direct access to cloud resources from a multitude of locations, and yesterday's ways of backhauling data make it difficult to keep that data secure once several cloud platforms are at play. Application performance suffers and bandwidth utilisation is inefficient. Then, there's the sheer volume of variety of traffic that runs over modern enterprise networks. Network managers don't want to endlessly spend more money on adding fresh bandwidth as they struggle to keep multiple clouds performing.

Why SD-WAN is the answer

SD-WAN has emerged as the clear choice for rapidly evolving cloud network models, including multi-cloud. SD-WAN works with existing leased line investments, operating alongside direct internet connections to offer the best possible connectivity for different applications and workloads. The performance degradation from the sheer volume of cloud and application workload traffic is resolved. SD-WAN is both cost-effective for the enterprise and well suited to optimise the user experience. But, of course, not all SD-WAN solutions are equally capable or universal, which means every organisation evaluating SD-WAN must consider all issues from functionality and managment to performance and security, as well as weigh up capital and operating expenses.

How Colt can help

Colt's SD-WAN Multi-Cloud is a feature available on Colt's award-winning SD-WAN service enabling direct, reliable and secure connectivity towards multiple clouds via Colt's Cloud Gateway. It utilises the SDN-optimised Colt network to provide high performance, inexpensive, and secure cloud connectivity directly into all the leading public cloud platforms while offering a single cohesive view of the enterprise network, tying together WAN sites and cloud infrastructure, all easily viewed and managed via the Colt SD-WAN portal.

Use Case #3: WAN simplification

Many organisations face the need to simplify their WAN infrastructure. Their networks have grown over time, perhaps through mergers and acquisitions, or perhaps through expansion into new geographies in search of fresh growth. The result is an incredibly complex picture, featuring lots of legacy elements and the solutions of multiple vendors patched on top of each other. Network managers have a battle on their hands to control all of that, as well as maintain network security. The ongoing migration of essential functions into the cloud has made the job tougher still.

The networking challenge

Different networking solutions from different eras and different stages of corporate growth can add up to a mess; a complex ecosystem that is hard to manage and troubleshoot even with a large IT team. You can add to that the impact of changing patterns of work and the emergence of a new type of network edge, centred around the employee and the applications they rely on. Older centralised WAN arrangements can’t handle this and visibility across the network is impossible. Gone are the days when you had to simply protect your own data centre and the end-points that were attached to it. Now, everything is far more distributed and virtualised with IaaS and SaaS and native cloud applications to look after. Private networking has given way to internet networking, cloud, connectivity and security, and all need to be considered together as part of a coherent strategy.

Why SD-WAN is the answer

SD WAN will resolve complexity as well as set you up to address both current market opportunities and future ones. With simplification comes the agility and visibility you need. With SD WAN you can support the best of all worlds and gain better visibility across your network, whether that’s mature technologies like MPLS or as well as internet access for multiple public cloud platforms, all in one manageable place. SD WAN gives you back control, allowing you to configure single or multiple devices in real time. It means network services can be used, provisioned, and orchestrated in real time and on demand.

How Colt can help

With today’s WAN challenges you need a partner who will take you on a journey. They need to understand your business if they’re going to help you to transform it and get the most out of connectivity in a way that meets your objectives. SD-WAN can benefit different organisations in different ways depending on their needs. Colt is the perfect trusted provider to help navigate a diverse ecosystem, able to talk independently about a whole range of access options and technologies that leverage our world-leading single fabric network. Our Innovation Workshops are designed to fully understand your requirements, your end user goals and your full IT stack – helping build a solution that is truly fit for purpose.

How SASE integrates into effective SD-WAN deployments

In a recent Magic Quadrant™ report, Gartner® predicted that global demand for SD WAN will continue to flourish, set to grow at a healthy annual rate of 14% until at least 2026.

In addition, they foresee that by 2025 at least 50% of new and refresh deployments of enterprise WAN edge will utilise Secure Access Service Edge (SASE), up from less than 5% in 2020 – a technology which builds on the benefits of SD WAN with a focus on network security.

The acronym, coined by Gartner, refers to a transformational security service framework where network and cloud-based security converge. SASE’s popularity is connected to the help it provides for those needing to protect essential data spread across multiple cloud platforms. It is also proving critical when employees need to connect safely to applications from anywhere and on a range of devices.


Now organisations are faced with a choice between acquiring and deploying their secure SD WAN solution or turning to a managed services partner to deliver these technologies. More important than their route is ensuring that they stay on pace while leaders enjoy the benefits of new and improved approaches to secure networking. For those already on the road towards a secure SD WAN set-up, 2023 is the year to take it to the next level and take advantage of new developments. For those stalling, it’s time to take action.

To find out more about how SASE can successfully be achieved throughout your network, take a look at our guide to secure SD-WAN below - Powering your digital engine.


Power your digital engine with secure SD-WAN

What is driving the next era of cloud? We surveyed 400 IT decision makers and C-level executives, across Europe and Asia. Get all the insights in this exclusive research.