What Is SD-WAN and How Does It Work?

What Is SD-WAN?

SD-WAN stands for Software-Defined Wide Area Network. It is an approach to managing the wide area network (WAN) — the connections that link your offices, cloud services and remote workers — using software running on cloud-based controllers rather than hardware-based configuration at each individual site.

In traditional WAN architecture, each router and network device is configured independently. Changing how traffic is routed requires logging into individual devices at each site and making manual configuration changes. In an SD-WAN architecture, the routing logic is defined centrally in software and pushed to all sites automatically. Add a new traffic policy, change a routing rule or add a new office, and the change propagates to all locations through the centralised platform.

SD-WAN also adds intelligence that traditional routers lack. Rather than statically routing traffic down a fixed path, an SD-WAN device monitors the real-time performance of all available connections — measuring latency, packet loss and jitter — and routes each type of traffic down the path that is performing best at that moment. A video conference that needs low latency takes a different path than a background backup transfer that can tolerate higher latency but needs bulk bandwidth.

How SD-WAN Works: The Key Components

Customer Premises Equipment (CPE)

At each business location, an SD-WAN device — sometimes called a CPE or SD-WAN edge device — sits between the local network and the WAN connections. This device terminates your internet circuits (leased line, FTTP, 4G), monitors their performance in real time and forwards traffic according to the policies defined in the central management platform.

SD-WAN Controller / Orchestrator

The SD-WAN controller is the centralised management plane — typically hosted in the cloud by the SD-WAN vendor. It is where you define traffic policies, routing rules, security settings and QoS priorities. Changes made here are distributed to all SD-WAN devices across all sites automatically. Most SD-WAN platforms provide a web-based management dashboard showing the real-time status of all connections and sites.

Transport-Independent Connectivity

One of SD-WAN's key characteristics is that it is transport-independent — it can work with any combination of WAN connections: leased lines, FTTP, FTTC broadband, 4G, 5G, MPLS. The SD-WAN device treats them all as potential paths and selects the best one for each traffic type based on current performance measurements.

What Problems Does SD-WAN Solve?

Multi-Site Network Management Complexity

For businesses with multiple offices, managing individual routers at each site is operationally expensive. SD-WAN centralises configuration management — a single administrator can manage the WAN architecture for 10 sites from a single dashboard. Zero-touch provisioning (ZTP) allows new sites to be deployed by shipping a pre-configured device that calls home to the controller and self-configures on first boot, without requiring an on-site engineer.

Reliability and Failover

Traditional routers implement basic failover — if the primary circuit fails, traffic switches to the secondary. SD-WAN provides more sophisticated, proactive failover: it continuously monitors all circuits and can detect degraded performance (increased packet loss or latency) before a circuit fails completely, rerouting sensitive traffic proactively. For VoIP calls, this means a call continues seamlessly even as the primary connection degrades, rather than dropping at the point of failure.

Application-Aware Routing

SD-WAN platforms identify specific applications in traffic flows — Microsoft 365, Salesforce, Zoom, general web browsing — and route each application according to its specific requirements. A real-time video call gets the lowest-latency path; a cloud backup gets the cheapest available path; Microsoft 365 traffic may be routed directly to the internet at each site rather than backhauling through a central data centre.

Replacing or Supplementing MPLS

Historically, multi-site businesses used MPLS (Multi-Protocol Label Switching) circuits to connect offices — a private, managed network technology that provided reliable, prioritised traffic between sites at a significant cost premium. SD-WAN can replicate many of the benefits of MPLS using encrypted tunnels across cheaper public internet connections, and adds capabilities (application awareness, multi-path) that MPLS lacks. Many businesses use SD-WAN as a migration path from MPLS to internet-based WAN, reducing costs while maintaining or improving performance.

SD-WAN vs Traditional WAN Router

The table below summarises the key differences for UK businesses comparing SD-WAN to traditional router-based WAN architecture:

• Configuration management: SD-WAN — centralised, policy-driven, cloud-managed. Traditional — per-device, manual, CLI or web interface.
• Failover: SD-WAN — sub-second proactive failover based on continuous performance monitoring. Traditional — reactive, triggered on link-down event only.
• Application routing: SD-WAN — application-aware, route based on real-time performance per application. Traditional — static routes without application visibility.
• Multi-site deployment: SD-WAN — zero-touch provisioning, consistent policies across all sites. Traditional — manual configuration per site, inconsistent policy enforcement.
• Cost: SD-WAN — monthly subscription for software plus hardware CPE. Traditional — hardware-only cost, no ongoing software fee.

Is SD-WAN Right for Your Business?

SD-WAN typically makes most sense for businesses that meet one or more of the following criteria:

• Multiple offices or sites — the centralised management benefit scales with number of locations
• Heavy cloud application usage — application-aware routing for Microsoft 365, CRM and video conferencing delivers measurable performance improvements
• Current MPLS cost is significant — SD-WAN over internet connections typically achieves 30–50% cost reduction versus equivalent MPLS capacity
• VoIP quality problems — SD-WAN's proactive failover and QoS capabilities are well-suited to protecting voice quality
• Current WAN management is fragmented across multiple site-level routers with no centralised visibility

For single-site businesses with a single leased line or broadband connection, SD-WAN adds complexity and cost that is generally not justified — a quality managed firewall with good QoS capabilities is sufficient. SD-WAN becomes compelling from approximately three connected locations upwards.

SD-WAN Options for UK Businesses

The main SD-WAN platforms used by UK SMEs are:

• Cisco Meraki MX: Cloud-managed, strong integration with Meraki switching and wireless. Good for businesses already using Meraki network equipment.
• Fortinet Secure SD-WAN: Security-first approach, integrating SD-WAN with next-generation firewall functionality. Strong for businesses where security is a primary consideration.
• Palo Alto Prisma SD-WAN: Enterprise-grade, strong application identification capabilities. More commonly seen in larger SME and enterprise deployments.
• Aryaka / Cato Networks: Fully managed SD-WAN as a service — provider manages the hardware, software and underlying network, which suits businesses without in-house network expertise.

AMVIA designs and manages SD-WAN deployments for UK businesses, typically working with Cisco Meraki or Fortinet depending on the client's existing infrastructure and requirements.

Typical SD-WAN Costs for UK SMEs

SD-WAN pricing has two components: the hardware (CPE device at each site) and the software subscription (the controller and management platform). As indicative 2026 figures:

• Hardware: approximately £400–£1,500 per site depending on throughput requirements and vendor
• Software subscription: approximately £50–£150 per site per month depending on platform and feature set
• WAN circuits: your existing leased line, FTTP or broadband costs — SD-WAN does not replace these, it manages them

For a three-site business migrating from MPLS, total SD-WAN cost over three years is typically 30–50% lower than the equivalent MPLS circuit costs, while providing better performance visibility and easier management.