LAB 7 - Packet Duplication | NetworkAcademy.io

In this lab lesson, we are going to see another Cisco SD-WAN feature called Packet Duplication that vEdge routers can use to overcome packet loss and increase the reliability of critical business applications.

What is Packet Duplication ?

Packet Duplication is an SD-WAN feature designed to overcome packet loss in network designs where a WAN edge router has multiple overlay tunnels to the next-hop vEdge router. The feature instructs a WAN edge router to transmit one copy of each packet over multiple IPsec tunnels as illustrated in figure 1. If a packet is lost over the transient path, the receiving vEdge router can use another copy of the same packet received over another tunnel. If no packets are lost, all unnecessary duplicates are silently discarded.

Figure 1. Cisco SD-WAN Packet Duplication Overview

Packet Duplication can be combined with the FEC capability or used as a stand alone feature depending on the use case objectives.

Configuring Packet Duplication

Enabling packet duplication for a specific application is as simple as configuring one command, loss-protection packet-duplication under the data policy rule that matches the application traffic. However, a few details have to be taken into consideration.

There must be at least two overlay tunnels between the sending and the receiving WAN edge router.
We must make sure that the feature is enabled only for well-defined critical traffic and is not put under any match-all rules because it can very quickly exhaust the CPU of a WAN edge router.
We must enable the packet duplication capability in both directions separately.

The initial lab topology

The lab topology that we will use for this lab lesson is shown in figure 2 below. The overlay topology is hub and spoke with vEdge routers 1 and 2 acting as hub and vEdges 3 - 6 being the spokes.

You can see that each spoke router has two overlay tunnels to each of the hub's vEdges. Therefore, the topology has everything we need to enable the packet duplication feature and test it.

Editing the existing data policy

To show the feature, we will configure a new sequence 31 in the data policies that we have created in lab lesson #5 for Application Pinning. The policies are applied as follows:

vSmart# show running-config apply-policy 
apply-policy
 site-list HUB
  data-policy DATA-POLICY-FROM-HUB from-service
 !
 site-list SPOKES
  data-policy DATA-POLICY-TO-SPOKES from-service
 !

In the new seq 31, we will match protocol number 1 (ICMP) and enable the packet duplication capability for that traffic. It is important to enabling the feature in both directions to see the results, so let's first add it to the data policy applied to spokes.

policy
 data-policy DATA-POLICY-TO-SPOKES
  vpn-list VPN2
   sequence 31
    match
     protocol 1
    !
    action accept
     loss-protection packet-duplication
     set
      local-tloc color mpls encap ipsec
   !
   default-action accept
!

Now we have to configure the same sequence in the centralized data policy applied to the hub's vEdges.

policy
 data-policy DATA-POLICY-FROM-HUB
  vpn-list VPN2
   sequence 31
    match
     protocol 1
    !
    action accept
     loss-protection packet-duplication
     set
      local-tloc color mpls encap ipsec
   !
   default-action accept
!

Now depending on the lab environment, if you incur some packet loss between the hub and the spokes in VPN 2, you are going to see that the ICMP traffic won't experience any dropped packet because the Packet Duplication feature works behind the scenes.

A Self-Study Tip If you are practicing the Packet Duplication feature on EVE-NG, you can use a Linux node called NETEM that can simulate links degradation. For example, you can configure a link to experience 3 percent packet loss, 50ms of delay, and so on. You can find a more detailed explanation of how to use the tool in this lesson.

Monitoring Packet Duplication statistics

Once the Packet Duplication capability is configured and enabled on particular traffic, we can monitor the Packet Duplication statistics using the “show tunnel statistics packet-duplication” CLI command on vEdges.

vEdge-1# show tunnel statistics packet-duplication
tunnel stats ipsec 10.10.0.1 10.10.0.2 12366 12346
 pktdup-rx       325
 pktdup-rx-other 0
 pktdup-rx-this  343
 pktdup-tx       250
 pktdup-tx-other 0
 pktdup-capable  true
tunnel stats ipsec 39.3.0.1 39.3.0.2 12366 12346
 pktdup-rx       0
 pktdup-rx-other 343
 pktdup-rx-this  0
 pktdup-tx       0
 pktdup-tx-other 250
 pktdup-capable  true
!

Alternatively, we can monitor the Packet Duplication information on vManage under the following menu Monitor > Network > Applications. If the feature is enabled for any app, vManage will display the Packet Delivery Performance metric as GOOD, MODERATE, or POOR. If the feature is not enabled, the field will display N/A.

Packet Duplication: Key Takeaways

Packet Duplication protects against packet loss at the expense of increased CPU usage;
The feature is protocol-agnostic and works for any transport protocols - TCP, UDP, ICMP, etc.
Works only in designs where the sending vEdge router has at least two overlay tunnels to the receiving vEdge.
Duplicate packets are discarded on the receiver.

Comments

Serg

Sat, 05/28/2022 - 21:43

Hi Ivan. Great explanation.
But there is a question about policy.
* There must be at least two overlay tunnels between the sending and the receiving WAN edge router.
But in policy only MPLS interface is mentioned.

action accept
loss-protection packet-duplication
set
local-tloc color mpls encap ipsec
Is it ok?

fractal90

Thu, 11/02/2023 - 08:38

Should it work when 1 of the channels behind th nat (PAT)?

andres.villegas

Mon, 02/19/2024 - 11:52

Hi Ivan,

is it possible to enable FEC and PKT-DUP for the same service on vsmart? I am using SaaS controllers and when trying to create the data policy, a single match condition can only enable 1 kind of loss correction (FEC adap, FEC always or PKT-DUP) not possible to FEC always and PKT-DUP at the same time. Is there any way in order to recover this?

BR,