In this lab lesson, we are going to see another Cisco SD-WAN feature called Packet Duplication that vEdge routers can use to overcome packet loss and increase the reliability of critical business applications.
What is Packet Duplication ?
Packet Duplication is an SD-WAN feature designed to overcome packet loss in network designs where a WAN edge router has multiple overlay tunnels to the next-hop vEdge router. The feature instructs a WAN edge router to transmit one copy of each packet over multiple IPsec tunnels as illustrated in figure 1. If a packet is lost over the transient path, the receiving vEdge router can use another copy of the same packet received over another tunnel. If no packets are lost, all unnecessary duplicates are silently discarded.
Packet Duplication can be combined with the FEC capability or used as a stand alone feature depending on the use case objectives.
Configuring Packet Duplication
Enabling packet duplication for a specific application is as simple as configuring one command, loss-protection packet-duplication under the data policy rule that matches the application traffic. However, a few details have to be taken into consideration.
- There must be at least two overlay tunnels between the sending and the receiving WAN edge router.
- We must make sure that the feature is enabled only for well-defined critical traffic and is not put under any match-all rules because it can very quickly exhaust the CPU of a WAN edge router.
- We must enable the packet duplication capability in both directions separately.
The initial lab topology
The lab topology that we will use for this lab lesson is shown in figure 2 below. The overlay topology is hub and spoke with vEdge routers 1 and 2 acting as hub and vEdges 3 - 6 being the spokes.
You can see that each spoke router has two overlay tunnels to each of the hub's vEdges. Therefore, the topology has everything we need to enable the packet duplication feature and test it.
Editing the existing data policy
To show the feature, we will configure a new sequence 31 in the data policies that we have created in lab lesson #5 for Application Pinning. The policies are applied as follows:
vSmart# show running-config apply-policy apply-policy site-list HUB data-policy DATA-POLICY-FROM-HUB from-service ! site-list SPOKES data-policy DATA-POLICY-TO-SPOKES from-service !
In the new seq 31, we will match protocol number 1 (ICMP) and enable the packet duplication capability for that traffic. It is important to enabling the feature in both directions to see the results, so let's first add it to the data policy applied to spokes.
policy data-policy DATA-POLICY-TO-SPOKES vpn-list VPN2 sequence 31 match protocol 1 ! action accept loss-protection packet-duplication set local-tloc color mpls encap ipsec ! default-action accept !
Now we have to configure the same sequence in the centralized data policy applied to the hub's vEdges.
policy data-policy DATA-POLICY-FROM-HUB vpn-list VPN2 sequence 31 match protocol 1 ! action accept loss-protection packet-duplication set local-tloc color mpls encap ipsec ! default-action accept !
Now depending on the lab environment, if you incur some packet loss between the hub and the spokes in VPN 2, you are going to see that the ICMP traffic won't experience any dropped packet because the Packet Duplication feature works behind the scenes.
A Self-Study Tip If you are practicing the Packet Duplication feature on EVE-NG, you can use a Linux node called NETEM that can simulate links degradation. For example, you can configure a link to experience 3 percent packet loss, 50ms of delay, and so on. You can find a more detailed explanation of how to use the tool in this lesson.
Monitoring Packet Duplication statistics
Once the Packet Duplication capability is configured and enabled on particular traffic, we can monitor the Packet Duplication statistics using the “show tunnel statistics packet-duplication” CLI command on vEdges.
vEdge-1# show tunnel statistics packet-duplication tunnel stats ipsec 10.10.0.1 10.10.0.2 12366 12346 pktdup-rx 325 pktdup-rx-other 0 pktdup-rx-this 343 pktdup-tx 250 pktdup-tx-other 0 pktdup-capable true tunnel stats ipsec 22.214.171.124 126.96.36.199 12366 12346 pktdup-rx 0 pktdup-rx-other 343 pktdup-rx-this 0 pktdup-tx 0 pktdup-tx-other 250 pktdup-capable true !
Alternatively, we can monitor the Packet Duplication information on vManage under the following menu Monitor > Network > Applications. If the feature is enabled for any app, vManage will display the Packet Delivery Performance metric as GOOD, MODERATE, or POOR. If the feature is not enabled, the field will display N/A.
Packet Duplication: Key Takeaways
- Packet Duplication protects against packet loss at the expense of increased CPU usage;
- The feature is protocol-agnostic and works for any transport protocols - TCP, UDP, ICMP, etc.
- Works only in designs where the sending vEdge router has at least two overlay tunnels to the receiving vEdge.
- Duplicate packets are discarded on the receiver.