Adaptive FEC
Adaptive Forward Error Correction (FEC) is a WAN remediation technique that dynamically corrects packet loss based on the detected packet loss on the link.
Following is a summary of configuring adaptive FEC:
- Define the service that FEC will protect. See Defining a custom service.
- Define the FEC mapping to specify how many parity bits are sent based on different packet loss conditions. See Defining FEC mappings.
- Enable FEC on both HUB VPN phase 1 interfaces. See Enabling FEC for hub devices.
- Enable FEC on both branch VPN tunnels. See Enabling FEC on branch devices .
- Create policies for hub and branch devices, and install the policy packages. See Creating policies and installing policy packages.
Defining a custom service
Define the service that FEC will protect. In this example we will define a custom service.
To define a custom service:
- Go to Policy & Object > Object Configurations > Firewall Objects > Services.
- Click +Create New > Service.
- Specify the name of the service, the protocol and the ports, and click OK to save the service.
Defining FEC mappings
Define the FEC mapping to specify how many parity bits are sent based on different packet loss conditions.
To define FEC mappings:
- From the Policy & Objects page, use Tools in the banner to select Display Options.
- Select CLI Only Objects at the bottom, and click OK.
- Expand Object Configurations > CLI Only Objects > CLI Only Objects, and search for FEC.
- c. Select fec, and click +Create New. The create vpn ipsec fec pane is displayed.
- In the Name box, type dc_fec.
- Under mappings, click Create New. The create vpn ipsec fec mapping pane is displayed.
- Set the following options, and click OK to create the mapping:
base 8 packet-loss-threshold 5 redundant 2 The mapping is created.
- Under mappings, click Create New again to create another mapping.
- Set the following options, and click OK to create the mapping:
base 5 packet-loss-threshold 10 redundant 2 - Click OK to save the object with two mappings.
Enabling FEC for hub devices
Enable FEC on both HUB VPN phase 1 interfaces.
To enable FEC for hub devices:
- Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
- Double-click the ACME SD-WAN Overlay_hub1_ipsec template to open it for editing.
- Select VPN1, and click Edit.
- Scroll down to and expand Advanced Options.
- Enable fec-egress and fec-ingress, and click OK.
- Repeat for HUB1-VPN2.
Enabling FEC on branch devices
Enable FEC on both branch VPN tunnels.
To enable FEC on branch devices:
- From IPsec Tunnel templates, double-click the ACME SD-WAN Overlay_branch_ipsec template to open it for editing.
- Double-click HUB1-VPN1 to open it for editing.
- For FEC Health Check, enter HUB1_HC.
- Scroll down and expand Advanced Options.
- Set the following options, and click OK.
fec-mapping-profile dc_fec fec-egress enable rec-ingress enable - Repeat for HUB1-VPN2.
Creating policies and installing policy packages
Create policies for the hub and branch devices for the custom application, and then install the policy packages to the devices.
To create policies and install policy packages:
- Create a policy for the HUB policy package:
- Go to Policy & Object > Policy Packages > HUB > Firewall Policy, and click +Create New.
- Set the following options, and click OK.
Name Custom App Policy Incoming Interface LAN Outgoing Interface HUB1 Pv4 Source Address
Branch network
Pv4 Destination Address
Datacenter LAN1
Service
CustomApp-5000
Action
Accept
Advanced Options
fec enabled
- Move this policy under the SLA-HealthCheck policy.
- Create a policy for the branches policy package:
- Go to Policy & Object > Policy Packages > Branches > Firewall Policy and click +Create New.
- Set the following options, and click OK.
Name Custom App Policy Incoming Interface LAN Outgoing Interface HUB1 Pv4 Source Address
Branch network
Pv4 Destination Address
Datacenter LAN1
Service
CustomApp-5000
Action
Accept
Advanced Options
fec enabled
- Move this policy under the Direct Internet Access policy.
- Install both HUB and Branch policy packages.