One of the main advantages of Cisco SD-WAN is that it can use a mix of any available transports at any location in an active-active fashion. This typically means that organizations wanting to lower costs chose to utilize many Internet links including LTE 4G/5G over expensive leased lines and MPLS circuits. However, we all know that Internet circuits do not have guaranteed quality, and packet loss may occur at any given time. Cisco SD-WAN provides a set of capabilities that protect business-critical applications from packet loss and allows apps to work reliably over the Internet. Fundamentally, there are two different principles used to mitigate the effect of packet loss that suddenly occurs on a transport link:

  • The best approach is to move the critical applications off the WAN link that is experiencing packet loss. In Cisco SD-WAN, this can easily be achieved using Application-aware Routing (AAR) policies that we are going to discuss in the next section;
  • When AAR is not applicable, for example when a branch has two WAN providers that are lossy at the same time, we can use tools that compensate for the lost packets by trading either bandwidth (when using packet duplication) or CPU cycles (when using FEC) for circuit reliability.

In this lab lesson, we are going to show a data policy action called Forward Error Correction (FEC) that mitigates the effect of packet loss on a given underlay transport link.

What is Forward Error Correction (FEC)?

The Forwarding Error Correction (FEC) feature allows critical applications to work well over unreliable WAN links, usually Internet circuits. The mechanism behind it is borrowed from RAID array logic. For example, in a RAID array, if one disk fails it can be replaced with a new one and the information can be reconstructed based on the metadata stored in a parity disk. The FEC follows the same logic applied to packets instead of disks. For each group of four packets, one "parity packet" is inserted. At the receiver end, if one of the four packets is lost, it can be reconstructed based on the metadata that is stored in the parity packet. It is basically a trade-off between CPU cycles and circuit reliability. The process is illustrated in figure 1.

Forwarding Error Correction Overview
Figure 1. Forwarding Error Correction Overview

So in short, the FEC capability protects applications from incurring packet loss on the transient network paths. 

FEC Adaptive vs FEC Always

The Forwarding Error Correction capability itself can be configured to work in two different modes: 

  • FEC always - the forwarding error correction capability can be configured to take place unconditionally. This means that for every group of four packets, one parity packet will be sent across the WAN link at any given moment. This increases the bandwidth consumption of the WAN link by at least 25%. Statistically speaking, if a given underlay transport experiences packet loss only once in a while, keeping the FEC capability always-on may be inefficient and unnecessary.
  • FEC adaptive - On the other hand, the forwarding error correction capability can be configured to be dynamically invoked if the SD-WAN fabric detects an amount of packet loss higher than the configured fec-threshold value. As of the current SD-WAN software version 20.6.1, the threshold value can be between 1% and 5% packet loss. If we configure it to be 2 % for example, when the Cisco SD-WAN fabric detects an amount of packet loss higher than 2 percent, it automatically turns FEC on. 

Configuring FEC on Cisco SD-WAN 

The FEC capability is configured under the action section of a data policy rule. For example, we are going to enable FEC Adaptive on the VoIP applications in VPN2 that we match under sequence 21 in the data policy applied to the spokes (DATA-POLICY-TO-SPOKES). Notice that there is old deprecated CLI syntax to enable FEC (highlighted in yellow) and a new one (highlighted in green). Using the new syntax, we just enter seq 21’s action section and enable the FEC feature as shown in the output below:

vSmart(config)# policy data-policy DATA-POLICY-TO-SPOKES vpn-list VPN2 sequence 21 action accept
vSmart(config-action)# ?
Possible completions:
  cflowd               Apply cflowd
  count                Count packets/bytes matching this rule
  dre-optimization     Enable DRE optimization
  log                  Log this packet header
  loss-protect         (DEPRECATED) Protect data from loss.
  loss-protection      Protect data from loss
  nat                  Direct packets to NAT
vSmart(config-action)# loss-protection ?
Possible completions:
  forward-error-correction   Enable Forward Error Correction
  packet-duplication         Enable Packet Duplication
vSmart(config-action)# loss-protection forward-error-correction ?
Description: Enable Forward Error Correction
Possible completions:
  adaptive  always              
vSmart(config-action)# loss-protection forward-error-correction adaptive 
vSmart(config-action)# loss-protection fec-threshold ?
Possible completions:
  <1..5> %                    
vSmart(config-action)# loss-protection fec-threshold 1 
vSmart(config-action)# commit and-quit
Commit complete.

Now if we look at the data policy part for vpn 2, we are going to see the FEC configuration that we have configured. 

Full Content Access is for Registered Users Only (it's FREE)...

  • Learn any CCNA, DevNet or Network Automation topic with animated explanation.
  • We focus on simplicity. Networking tutorials and examples written in simple, understandable language for beginners.