Version:


Table of Contents

7.2.0
Download PDF
Copy Link

Adaptive FEC

Adaptive Forward Error Correction (FEC) is a WAN remediation technique that dynamically corrects packet loss based on the detected packet loss on the link.

Following is a summary of configuring adaptive FEC:

  1. Define the service that FEC will protect. See Defining a custom service.
  2. Define the FEC mapping to specify how many parity bits are sent based on different packet loss conditions. See Defining FEC mappings.
  3. Enable FEC on both HUB VPN phase 1 interfaces. See Enabling FEC for hub devices.
  4. Enable FEC on both branch VPN tunnels. See Enabling FEC on branch devices .
  5. Create policies for hub and branch devices, and install the policy packages. See Creating policies and installing policy packages.

Defining a custom service

Define the service that FEC will protect. In this example we will define a custom service.

To define a custom service:
  1. Go to Policy & Object > Object Configurations > Firewall Objects > Services.
  2. Click +Create New > Service.
  3. Specify the name of the service, the protocol and the ports, and click OK to save the service.

Defining FEC mappings

Define the FEC mapping to specify how many parity bits are sent based on different packet loss conditions.

To define FEC mappings:
  1. From the Policy & Objects page, use Tools in the banner to select Display Options.
  2. Select CLI Only Objects at the bottom, and click OK.
  3. Expand Object Configurations > CLI Only Objects > CLI Only Objects, and search for FEC.
  4. c. Select fec, and click +Create New. The create vpn ipsec fec pane is displayed.
  5. In the Name box, type dc_fec.
  6. Under mappings, click Create New. The create vpn ipsec fec mapping pane is displayed.
  7. Set the following options, and click OK to create the mapping:

    base 8
    packet-loss-threshold 5
    redundant 2

    The mapping is created.

  8. Under mappings, click Create New again to create another mapping.
  9. Set the following options, and click OK to create the mapping:

    base 5
    packet-loss-threshold 10
    redundant 2
  10. Click OK to save the object with two mappings.

Enabling FEC for hub devices

Enable FEC on both HUB VPN phase 1 interfaces.

To enable FEC for hub devices:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Double-click the ACME SD-WAN Overlay_hub1_ipsec template to open it for editing.
  3. Select VPN1, and click Edit.
  4. Scroll down to and expand Advanced Options.
  5. Enable fec-egress and fec-ingress, and click OK.
  6. Repeat for HUB1-VPN2.

Enabling FEC on branch devices

Enable FEC on both branch VPN tunnels.

To enable FEC on branch devices:
  1. From IPsec Tunnel templates, double-click the ACME SD-WAN Overlay_branch_ipsec template to open it for editing.
  2. Double-click HUB1-VPN1 to open it for editing.
  3. For FEC Health Check, enter HUB1_HC.
  4. Scroll down and expand Advanced Options.
  5. Set the following options, and click OK.

    fec-mapping-profile dc_fec
    fec-egress enable
    rec-ingress enable
  6. Repeat for HUB1-VPN2.

Creating policies and installing policy packages

Create policies for the hub and branch devices for the custom application, and then install the policy packages to the devices.

To create policies and install policy packages:
  1. Create a policy for the HUB policy package:
    1. Go to Policy & Object > Policy Packages > HUB > Firewall Policy, and click +Create New.
    2. Set the following options, and click OK.

      Name Custom App Policy
      Incoming Interface LAN
      Outgoing Interface HUB1

      Pv4 Source Address

      Branch network

      Pv4 Destination Address

      Datacenter LAN1

      Service

      CustomApp-5000

      Action

      Accept

      Advanced Options

      fec enabled

    3. Move this policy under the SLA-HealthCheck policy.
  2. Create a policy for the branches policy package:
    1. Go to Policy & Object > Policy Packages > Branches > Firewall Policy and click +Create New.
    2. Set the following options, and click OK.

      Name Custom App Policy
      Incoming Interface LAN
      Outgoing Interface HUB1

      Pv4 Source Address

      Branch network

      Pv4 Destination Address

      Datacenter LAN1

      Service

      CustomApp-5000

      Action

      Accept

      Advanced Options

      fec enabled

    3. Move this policy under the Direct Internet Access policy.
  3. Install both HUB and Branch policy packages.

Adaptive FEC

Adaptive Forward Error Correction (FEC) is a WAN remediation technique that dynamically corrects packet loss based on the detected packet loss on the link.

Following is a summary of configuring adaptive FEC:

  1. Define the service that FEC will protect. See Defining a custom service.
  2. Define the FEC mapping to specify how many parity bits are sent based on different packet loss conditions. See Defining FEC mappings.
  3. Enable FEC on both HUB VPN phase 1 interfaces. See Enabling FEC for hub devices.
  4. Enable FEC on both branch VPN tunnels. See Enabling FEC on branch devices .
  5. Create policies for hub and branch devices, and install the policy packages. See Creating policies and installing policy packages.

Defining a custom service

Define the service that FEC will protect. In this example we will define a custom service.

To define a custom service:
  1. Go to Policy & Object > Object Configurations > Firewall Objects > Services.
  2. Click +Create New > Service.
  3. Specify the name of the service, the protocol and the ports, and click OK to save the service.

Defining FEC mappings

Define the FEC mapping to specify how many parity bits are sent based on different packet loss conditions.

To define FEC mappings:
  1. From the Policy & Objects page, use Tools in the banner to select Display Options.
  2. Select CLI Only Objects at the bottom, and click OK.
  3. Expand Object Configurations > CLI Only Objects > CLI Only Objects, and search for FEC.
  4. c. Select fec, and click +Create New. The create vpn ipsec fec pane is displayed.
  5. In the Name box, type dc_fec.
  6. Under mappings, click Create New. The create vpn ipsec fec mapping pane is displayed.
  7. Set the following options, and click OK to create the mapping:

    base 8
    packet-loss-threshold 5
    redundant 2

    The mapping is created.

  8. Under mappings, click Create New again to create another mapping.
  9. Set the following options, and click OK to create the mapping:

    base 5
    packet-loss-threshold 10
    redundant 2
  10. Click OK to save the object with two mappings.

Enabling FEC for hub devices

Enable FEC on both HUB VPN phase 1 interfaces.

To enable FEC for hub devices:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Double-click the ACME SD-WAN Overlay_hub1_ipsec template to open it for editing.
  3. Select VPN1, and click Edit.
  4. Scroll down to and expand Advanced Options.
  5. Enable fec-egress and fec-ingress, and click OK.
  6. Repeat for HUB1-VPN2.

Enabling FEC on branch devices

Enable FEC on both branch VPN tunnels.

To enable FEC on branch devices:
  1. From IPsec Tunnel templates, double-click the ACME SD-WAN Overlay_branch_ipsec template to open it for editing.
  2. Double-click HUB1-VPN1 to open it for editing.
  3. For FEC Health Check, enter HUB1_HC.
  4. Scroll down and expand Advanced Options.
  5. Set the following options, and click OK.

    fec-mapping-profile dc_fec
    fec-egress enable
    rec-ingress enable
  6. Repeat for HUB1-VPN2.

Creating policies and installing policy packages

Create policies for the hub and branch devices for the custom application, and then install the policy packages to the devices.

To create policies and install policy packages:
  1. Create a policy for the HUB policy package:
    1. Go to Policy & Object > Policy Packages > HUB > Firewall Policy, and click +Create New.
    2. Set the following options, and click OK.

      Name Custom App Policy
      Incoming Interface LAN
      Outgoing Interface HUB1

      Pv4 Source Address

      Branch network

      Pv4 Destination Address

      Datacenter LAN1

      Service

      CustomApp-5000

      Action

      Accept

      Advanced Options

      fec enabled

    3. Move this policy under the SLA-HealthCheck policy.
  2. Create a policy for the branches policy package:
    1. Go to Policy & Object > Policy Packages > Branches > Firewall Policy and click +Create New.
    2. Set the following options, and click OK.

      Name Custom App Policy
      Incoming Interface LAN
      Outgoing Interface HUB1

      Pv4 Source Address

      Branch network

      Pv4 Destination Address

      Datacenter LAN1

      Service

      CustomApp-5000

      Action

      Accept

      Advanced Options

      fec enabled

    3. Move this policy under the Direct Internet Access policy.
  3. Install both HUB and Branch policy packages.