One of the main advantages of Cisco SD-WAN is that it can use a mix of any available transports at any location in an active-active fashion. This typically means that organizations wanting to lower costs chose to utilize many Internet links including LTE 4G/5G over expensive leased lines and MPLS circuits. However, we all know that Internet circuits do not have guaranteed quality, and packet loss may occur at any given time. Cisco SD-WAN provides a set of capabilities that protect business-critical applications from packet loss and allows apps to work reliably over the Internet. Fundamentally, there are two different principles used to mitigate the effect of packet loss that suddenly occurs on a transport link:
- The best approach is to move the critical applications off the WAN link that is experiencing packet loss. In Cisco SD-WAN, this can easily be achieved using Application-aware Routing (AAR) policies that we are going to discuss in the next section;
- When AAR is not applicable, for example when a branch has two WAN providers that are lossy at the same time, we can use tools that compensate for the lost packets by trading either bandwidth (when using packet duplication) or CPU cycles (when using FEC) for circuit reliability.
In this lab lesson, we are going to show a data policy action called Forward Error Correction (FEC) that mitigates the effect of packet loss on a given underlay transport link.
What is Forward Error Correction (FEC)?
The Forwarding Error Correction (FEC) feature allows critical applications to work well over unreliable WAN links, usually Internet circuits. The mechanism behind it is borrowed from RAID array logic. For example, in a RAID array, if one disk fails it can be replaced with a new one and the information can be reconstructed based on the metadata stored in a parity disk. The FEC follows the same logic applied to packets instead of disks. For each group of four packets, one "parity packet" is inserted. At the receiver end, if one of the four packets is lost, it can be reconstructed based on the metadata that is stored in the parity packet. It is basically a trade-off between CPU cycles and circuit reliability. The process is illustrated in figure 1.
So in short, the FEC capability protects applications from incurring packet loss on the transient network paths.
FEC Adaptive vs FEC Always
The Forwarding Error Correction capability itself can be configured to work in two different modes:
- FEC always - the forwarding error correction capability can be configured to take place unconditionally. This means that for every group of four packets, one parity packet will be sent across the WAN link at any given moment. This increases the bandwidth consumption of the WAN link by at least 25%. Statistically speaking, if a given underlay transport experiences packet loss only once in a while, keeping the FEC capability always-on may be inefficient and unnecessary.
- FEC adaptive - On the other hand, the forwarding error correction capability can be configured to be dynamically invoked if the SD-WAN fabric detects an amount of packet loss higher than the configured fec-threshold value. As of the current SD-WAN software version 20.6.1, the threshold value can be between 1% and 5% packet loss. If we configure it to be 2 % for example, when the Cisco SD-WAN fabric detects an amount of packet loss higher than 2 percent, it automatically turns FEC on.
Configuring FEC on Cisco SD-WAN
The FEC capability is configured under the action section of a data policy rule. For example, we are going to enable FEC Adaptive on the VoIP applications in VPN2 that we match under sequence 21 in the data policy applied to the spokes (DATA-POLICY-TO-SPOKES). Notice that there is old deprecated CLI syntax to enable FEC (highlighted in yellow) and a new one (highlighted in green). Using the new syntax, we just enter seq 21’s action section and enable the FEC feature as shown in the output below:
vSmart(config)# policy data-policy DATA-POLICY-TO-SPOKES vpn-list VPN2 sequence 21 action accept vSmart(config-action)# ? Possible completions: cflowd Apply cflowd count Count packets/bytes matching this rule dre-optimization Enable DRE optimization log Log this packet header loss-protect (DEPRECATED) Protect data from loss. loss-protection Protect data from loss nat Direct packets to NAT ... ------------------------------------------------------------------------- vSmart(config-action)# loss-protection ? Possible completions: forward-error-correction Enable Forward Error Correction packet-duplication Enable Packet Duplication ------------------------------------------------------------------------- vSmart(config-action)# loss-protection forward-error-correction ? Description: Enable Forward Error Correction Possible completions: adaptive always vSmart(config-action)# loss-protection forward-error-correction adaptive vSmart(config-action)# loss-protection fec-threshold ? Possible completions: <1..5> % vSmart(config-action)# loss-protection fec-threshold 1 vSmart(config-action)# commit and-quit Commit complete.
Now if we look at the data policy part for vpn 2, we are going to see the FEC configuration that we have configured.
Full Content Access is for Registered Users Only (it's FREE)...
- Learn any CCNA, DevNet or Network Automation topic with animated explanation.
- We focus on simplicity. Networking tutorials and examples written in simple, understandable language for beginners.