SD-WAN for multi-site UK businesses: what it is and when to switch from MPLS

What MPLS is and why so many businesses are still on it

MPLS – Multiprotocol Label Switching – is a carrier-managed private network technology. Traffic between your sites travels over the provider's own infrastructure rather than the public internet. Routing decisions are made at the edge of the network based on pre-defined labels, which makes the path predictable and performance consistent. There's no contention with other internet traffic, latency is stable and quality of service can be guaranteed end to end.

For the mid-2000s to mid-2010s, this was exactly what multi-site businesses needed. Applications lived in on-premise data centres. Site-to-site connectivity was the core requirement. MPLS delivered it reliably, and IT teams built their infrastructure around it.

The problem is the commercial model. MPLS circuits typically cost five to ten times as much as an equivalent broadband connection. Contracts run for three to five years. Provisioning a new site can take weeks or months, depending on the carrier. And because MPLS was designed for data-centre-centric traffic, it handles cloud applications poorly – traffic to Microsoft 365, Salesforce or a cloud ERP often has to route back through the data centre before it can reach the internet, adding latency where it doesn't need to exist.

Many businesses are still on MPLS not because it's the right fit, but because they're part-way through a long contract signed before their cloud workloads became significant. Contract expiry is where the calculus changes.

What SD-WAN is and how it actually works

SD-WAN – Software-Defined Wide Area Network – separates the network control logic from the underlying physical connections. Instead of traffic following a fixed path across a carrier's private network, a software layer sits across multiple connections – broadband, 4G/5G, or MPLS – and routes traffic dynamically based on policy.

In practice, this means the SD-WAN platform can make real-time decisions: send Teams video over the broadband circuit because it has sufficient capacity; route the ERP database traffic over the more stable connection; fail over to 4G if the primary link drops. These decisions happen automatically, based on rules you define, without manual intervention.

The key distinction from traditional WAN is that SD-WAN isn't tied to a specific type of connectivity. You can run it over cheap broadband circuits, over 5G, over MPLS or over any combination. The intelligence sits in the software, not the physical network. This is what makes it significantly cheaper and far more flexible than a pure MPLS deployment – you can choose lower-cost underlying connections and let the SD-WAN layer manage reliability.

For cloud-heavy businesses, SD-WAN also enables direct internet breakout: cloud traffic goes straight from the branch to the internet, rather than hairpinning back through the data centre first. The practical effect is measurably better performance for cloud applications at every site.

What SD-WAN delivers for multi-site businesses

Lower connectivity costs. Running SD-WAN over broadband rather than dedicated MPLS circuits is the primary cost driver. The savings depend on your current MPLS spend, but for a business with five to twenty sites, the reduction in circuit costs typically funds the SD-WAN platform itself and leaves a meaningful saving on top.

Faster site provisioning. Adding a new site to an MPLS network can take weeks or months – the carrier needs to provision the circuit, and you're dependent on their delivery timeline. With SD-WAN over broadband, a new site can be live in days. For businesses that open locations regularly – retail rollouts, hotel groups, branch offices – this matters operationally.

Resilience without the cost of redundant MPLS. SD-WAN can use multiple connections simultaneously (active/active) or as automatic failover. Connecting a site with two broadband circuits – one primary, one backup – is substantially cheaper than duplicating MPLS circuits for the same resilience. The SD-WAN layer handles failover automatically, often without users noticing a link has switched.

Centralised visibility and management. A single management interface gives you visibility across every site – link status, traffic volumes, application performance, policy compliance. For IT teams managing ten or twenty sites from a central team, this matters. Problems are visible before users report them, and configuration changes can be pushed to all sites simultaneously.

Better cloud application performance. Direct internet breakout from each site – routing cloud traffic straight to the internet rather than through the data centre – improves latency for every cloud application your users rely on. For businesses that have moved their productivity tools, ERP and CRM to cloud platforms, this is often the most immediately noticeable change.

When MPLS still makes sense

SD-WAN isn't the right answer for every organisation. There are legitimate cases where MPLS remains the better choice.

If your business has very specific latency requirements – real-time voice, industrial control systems, financial trading infrastructure – and you need guaranteed, contractually backed performance, MPLS provides that in a way broadband-backed SD-WAN cannot. Broadband is best-effort by design. SD-WAN can manage across multiple connections intelligently, but it can't make a congested broadband circuit perform like a private one.

Some financial services and healthcare organisations have data sovereignty or regulatory requirements that make private-network routing a hard requirement rather than a preference. In these cases, SD-WAN over public internet connectivity may not satisfy compliance obligations without additional controls, and MPLS – or SD-WAN with an MPLS underlay – remains the appropriate architecture.

Businesses where predictable performance is genuinely non-negotiable and cost is a secondary concern may simply find MPLS less work. If the existing setup is working well and the contract economics are acceptable, there's no compelling reason to change.

For most multi-site UK businesses, though, these exceptions don't apply. The shift of applications to cloud has fundamentally changed what the WAN needs to do, and MPLS was designed for a different set of requirements.

How to evaluate the switch: contract timing and the commercial case

The most common and sensible trigger for moving to SD-WAN is MPLS contract expiry. Three-to-five year MPLS contracts mean that for many businesses, the signing date precedes their current cloud workload profile by several years. If you signed in 2021 and your team has migrated to Microsoft 365, adopted a cloud ERP and added two new sites since then, you're running infrastructure that was specified for a different operating environment.

If you're approaching contract expiry – or already out of contract and rolling over – this is the point to reassess. The commercial case typically rests on three numbers: what you're paying for MPLS circuits today, what equivalent SD-WAN-over-broadband connectivity would cost, and what the transition involves. In most cases the arithmetic is straightforward.

The evaluation should also account for what you're not getting from MPLS: the inability to provision sites quickly, the lack of centralised visibility, the performance degradation on cloud applications. These have operational costs that don't show up as line items but are real.

Businesses that are mid-contract have a different calculation. Breaking an MPLS contract early typically involves termination charges. Whether those charges are outweighed by the savings and operational improvements depends on the specific contract terms and how far through the term you are. It's worth modelling, but most businesses in this position wait for the natural break point.

Managed SD-WAN: how most businesses deploy it

Most UK businesses don't have a dedicated network engineering team. Running SD-WAN in-house – managing the platform, monitoring link performance, handling firmware updates, troubleshooting connectivity issues at remote sites – requires expertise that most IT teams either don't have or don't want to invest in for a single infrastructure layer.

Managed SD-WAN is the practical answer. The provider manages the hardware at each site, the SD-WAN platform, the underlying connectivity contracts and day-to-day operations. Your IT team gets the visibility and control they need through the management interface, without carrying the operational burden of running the network.

Security is an important part of the managed service conversation. SD-WAN over the public internet expands the attack surface relative to a private MPLS network. SASE – Secure Access Service Edge – integrates network security functions (firewall, web filtering, zero trust access) with the SD-WAN fabric, so security is applied consistently at every site and for every user, regardless of where they're connecting from. A well-specified managed SD-WAN deployment includes this from the outset rather than treating security as an afterthought.

When evaluating managed SD-WAN providers, the questions worth asking are: who manages the underlying connectivity contracts, what SLAs apply to link performance and fault resolution, how is security handled across the fabric, and what visibility do you get as the customer? The answers vary significantly between providers, and the managed service wrapper matters as much as the technology underneath it.