Objects > SD-WAN Link Management > Error Correction Profile
Table of Contents
10.1
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device Setup Ace
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Objects > SD-WAN Link Management > Error Correction Profile
If your SD-WAN traffic includes an application
that is sensitive to packet loss or corruption, such as audio, VoIP,
or video conferencing, you can apply either Forward Error Correction
(FEC) or packet duplication as a means of error correction. With
FEC, the receiving firewall (decoder) can recover lost or corrupted packets
by employing parity bits that the encoder embeds in an application
flow. Packet duplication is an alternative method of error correction,
in which an application session is duplicated from one tunnel to
a second tunnel. Both methods require additional bandwidth and CPU
overhead; therefore, apply FEC or packet duplication only to applications
that can benefit from such a method. To employ one of these methods,
create an Error Correction Profile and reference it in an SD-WAN
policy rule for specific applications.
(You must also specify which interfaces are available for the
firewall to select for error correction by indicating in an SD-WAN Interface
Profile that interfaces are Eligible for Error
Correction Profile interface selection.)
Error Correction Profile Settings | |
---|---|
Name | Add a descriptive name for the Error Correction
Profile using a maximum of 31 alphanumeric characters. |
Shared | Select to make the Error Correction Profile
available to all device groups on Panorama and to every virtual
system on a multi-vsys hub or branch to which you push the configuration. |
Disable override | Select to prevent administrators from overriding
the settings of this Error Correction Profile in device groups that
inherit the profile. (Disable override is
unavailable if Shared is selected.) |
Activation Threshold (Packet Loss %) | When packet loss exceeds this percentage,
FEC or packet duplication is activated for the configured applications
in the SD-WAN policy rule where the Error Correction Profile is
applied. Range is 1 to 99; default is 2. |
Forward Error Correction / Packet Duplication | Select whether to employ forward error correction
(FEC) or packet duplication. Packet duplication requires even more
resources than FEC. |
Packet Loss Correction Ratio | (Forward Error Correction only)
Ratio of parity bits to data packets. The higher the ratio of parity
bits to data packets that the encoder sends to the decoder, the
higher the probability that the decoder can repair packet loss.
However a higher ratio requires more redundancy and therefore more
bandwidth overhead, which is a trade-off for achieving error correction.
Select one of the predefined ratios:
The parity ratio
applies to the encoding firewall’s outgoing traffic. For example,
if the hub parity ratio is 50% and the branch parity ratio is 20%,
the hub will receive a ratio of 20% and the branch will receive
a ratio of 50%. |
Recovery Duration (ms) | Maximum number of milliseconds that the
receiving firewall (decoder) can spend performing packet recovery
on lost data packets using the parity packets it received; range
is 1 to 5,000; default is 1,000. The firewall immediately
sends data packets it receives to the destination. During the recovery
duration for a block of data, the firewall performs packet recovery
for any lost data packets. When the recovery duration expires, the
associated parity bits for that block are discarded. The encoder
sends the Recovery Duration value to the decoder; the Recovery Duration
setting on the decoder has no impact. |