Migrating from BT MPLS (IP Connect or BT Connect) to BT SD-WAN is one of the most common WAN transformation projects in the UK. MPLS contracts are expensive and the hub-and-spoke architecture does not suit modern cloud-first organisations. SD-WAN provides local internet breakout, lower circuit costs, multi-path resilience and application-aware routing. However the migration requires careful planning around security, addressing, QoS, application routing and circuit lead times. This page covers the technical differences, migration approaches and common pitfalls in detail.
Use our pricing calculator to model costs for replacing MPLS with SD-WAN across your sites.
Open the BT SD-WAN Pricing Calculator →
MPLS vs SD-WAN: Technical Comparison
| Factor | BT MPLS | BT SD-WAN |
|---|---|---|
| Network topology | Hub-and-spoke or partial mesh via private network | Full mesh overlay via internet + optional private underlay |
| Cloud access | Backhauled through data centre or hub site | Local internet breakout per site (direct to cloud) |
| Circuit types | Leased lines only (EAD/EBD) | Leased line, FTTP, SoGEA, 4G/5G (mixed per site) |
| Branch security | Centralised firewall at hub/data centre | Distributed NGFW on each SD-WAN appliance |
| QoS model | MPLS Class of Service (typically 6 classes) | Application-aware routing with per-app SLA policies |
| Failover | Dual MPLS circuits (expensive) | Active-active across mixed circuit types (cost-effective) |
| Encryption | Private network (no encryption by default) | IPsec encrypted overlay tunnels |
| Visibility | Limited (BT portal for circuit stats) | Full application-level visibility per site |
| Typical per-site cost | £400-£1200/month | £150-£600/month (circuit dependent) |
Migration Approaches
There are three common approaches to migrating from MPLS to SD-WAN. The right choice depends on your risk appetite, the number of sites and whether you can run both services in parallel.
| Approach | Description | Risk | Duration |
|---|---|---|---|
| Parallel run | SD-WAN overlay deployed alongside MPLS. Traffic migrated application by application. MPLS decommissioned once all traffic is verified on SD-WAN. | Low | 3-6 months |
| Site-by-site cutover | Each site is fully migrated before moving to the next. MPLS circuit removed per site after validation. | Medium | 1-3 months |
| Big bang | All sites cut over in a single change window. MPLS decommissioned immediately. | High | 1-2 weeks |
What Changes During Migration
Traffic Routing
On MPLS all branch traffic is routed through the hub site or data centre. On SD-WAN traffic can break out to the internet locally at each branch. This means cloud applications like Microsoft 365 and Salesforce connect directly from the branch rather than being backhauled. The SD-WAN controller manages which applications go direct to internet and which are routed back to the data centre over the overlay.
Security Architecture
MPLS networks typically use a centralised firewall at the hub. When you move to SD-WAN with local internet breakout every branch needs its own security enforcement. This is handled by the SD-WAN appliance (if using Fortinet Advanced or Meraki Advanced Security) or by a cloud security service (Zscaler, Cisco Umbrella, Cloudflare). You must replicate your centralised firewall rules as distributed branch security policies before decommissioning MPLS.
IP Addressing
Branch subnet allocations may change during migration. MPLS networks often use private RFC1918 addressing with centralised DHCP. SD-WAN deployments may require new subnet schemes especially if sites are moving to internet-based underlays. Plan for updates to DHCP scopes, static assignments, DNS records and any IP-based access control lists.
QoS and Application Performance
MPLS provides Class of Service with typically six traffic classes (real-time voice, video, business critical, standard, bulk, best effort). SD-WAN replaces this with application-aware routing. The SD-WAN appliance identifies applications by signature or IP/port and applies per-application SLA policies (preferred path, acceptable latency threshold, failover behaviour). You must map your existing MPLS CoS classes to SD-WAN application policies before cutover.
DNS Resolution
With MPLS branches use centralised DNS servers at the hub. With SD-WAN and local internet breakout DNS resolution should happen locally or via a cloud DNS service (Cisco Umbrella, Cloudflare Gateway). This improves performance for cloud applications but requires updating DNS settings on branch DHCP servers or the SD-WAN appliance.
Monitoring and Management
MPLS monitoring is typically limited to circuit up/down status and bandwidth utilisation via the BT portal. SD-WAN provides much richer visibility: per-application traffic flows, per-link latency/jitter/packet loss, failover events and historical trending. Your operations team will use the SD-WAN vendor portal (FortiManager, Meraki Dashboard, vManage) instead of BT circuit monitoring tools. Update your NOC procedures and alerting destinations accordingly.
Migration Timeline: Typical Milestones
| Phase | Activities | Duration |
|---|---|---|
| Design | Site survey, circuit selection, vendor selection, security policy design, QoS mapping | 2-4 weeks |
| Circuit ordering | Order new underlay circuits (leased lines, FTTP, SoGEA). Leased lines have 60-90 day lead times. | 1-12 weeks |
| Appliance staging | Configure SD-WAN appliances, build templates, test overlay connectivity in lab | 1-2 weeks |
| Pilot sites | Deploy SD-WAN at 2-3 pilot sites. Run parallel with MPLS. Validate application performance. | 2-4 weeks |
| Rollout | Deploy remaining sites in waves. Validate each wave before proceeding. | 2-8 weeks |
| MPLS decommission | Remove MPLS circuits and routers per site after SD-WAN validation period. | Ongoing |
Common Pitfalls
- Circuit lead times — Ordering broadband circuits too late is the single biggest cause of SD-WAN project delays. Leased lines take 60-90 working days. Start orders immediately after design sign-off.
- QoS not replicated — Forgetting to map MPLS CoS classes to SD-WAN application policies. Voice and video traffic will suffer if not prioritised from day one.
- Failover not tested — Not testing failover scenarios before decommissioning MPLS. Simulate primary circuit failure at pilot sites and confirm the SD-WAN appliance switches paths correctly.
- Security gaps — Moving to local internet breakout without deploying branch security. Every site with direct internet access needs firewall, IPS and web filtering at the appliance or in the cloud.
- Over-specifying circuits — Assuming every site needs a leased line. Many branches can run effectively on FTTP or SoGEA at a fraction of the cost. Match the circuit to the site’s actual requirements.
- MPLS contract overlap — BT MPLS contracts have notice periods and early termination charges. Check your contract terms and align the SD-WAN migration timeline with MPLS expiry dates to avoid paying for both services longer than necessary.
Cost Comparison: MPLS vs SD-WAN per Site
One of the primary drivers for MPLS to SD-WAN migration is cost reduction. The savings come from two areas: cheaper underlay circuits and reduced management fees. The table below illustrates typical monthly costs per site for different configurations.
| Site Configuration | MPLS Monthly Cost | SD-WAN Monthly Cost | Estimated Saving |
|---|---|---|---|
| Small branch (10Mbps MPLS vs SoGEA + 4G) | £400-£500 | £100-£180 | 50-70% |
| Medium office (50Mbps MPLS vs FTTP + 4G) | £600-£800 | £150-£250 | 55-70% |
| Large office (100Mbps MPLS vs leased line) | £800-£1200 | £400-£600 | 40-55% |
Actual costs depend on location, contract length and the specific BT commercial terms negotiated. Use our pricing calculator for an accurate per-site estimate.
