https://community.cisco.com/t5/network-access-control/ise-policy-services-node-cluster-load-balancing/m-p/2001524#M186917 <HTML><HEAD></HEAD><BODY><P>The load balancer is optional for networks that have to have one. Typically I have see in the past where you can generate radius server configs in order to prioritize which radius server are at the top and then work your way down and alternating the order from device to device. </P><P></P><P>If your network needs a load balancer, I have seen a few deployments using ACE. </P><P></P><P>Here is a good forum that was posted, chyps comments will help you understand how the ise PSNs operate in a node group environment.</P><P></P><P><A class="jive-link-external-small" href="https://community.cisco.com/thread/2120118">https://supportforums.cisco.com/thread/2120118</A></P><P></P><P>Thanks,</P><P>Tarik Admani</P></BODY></HTML> Sun, 15 Jul 2012 05:34:33 GMT Tarik Admani 2012-07-15T05:34:33Z https://community.cisco.com/t5/network-access-control/ise-policy-services-node-cluster-load-balancing/m-p/2001523#M186892 <P>I see that in reference designs where you have to have a cluster of PSN's they are load balanced. I assume that there is no native clustering then and that an external load balancer is mandatory here?</P><P>If this is so, what are the guidelines for sizing the load balancers (ACE)?</P> Mon, 11 Mar 2019 02:17:49 GMT https://community.cisco.com/t5/network-access-control/ise-policy-services-node-cluster-load-balancing/m-p/2001523#M186892 jesrobbie 2019-03-11T02:17:49Z https://community.cisco.com/t5/network-access-control/ise-policy-services-node-cluster-load-balancing/m-p/2001524#M186917 <HTML><HEAD></HEAD><BODY><P>The load balancer is optional for networks that have to have one. Typically I have see in the past where you can generate radius server configs in order to prioritize which radius server are at the top and then work your way down and alternating the order from device to device. </P><P></P><P>If your network needs a load balancer, I have seen a few deployments using ACE. </P><P></P><P>Here is a good forum that was posted, chyps comments will help you understand how the ise PSNs operate in a node group environment.</P><P></P><P><A class="jive-link-external-small" href="https://community.cisco.com/thread/2120118">https://supportforums.cisco.com/thread/2120118</A></P><P></P><P>Thanks,</P><P>Tarik Admani</P></BODY></HTML> Sun, 15 Jul 2012 05:34:33 GMT https://community.cisco.com/t5/network-access-control/ise-policy-services-node-cluster-load-balancing/m-p/2001524#M186917 Tarik Admani 2012-07-15T05:34:33Z https://community.cisco.com/t5/network-access-control/ise-policy-services-node-cluster-load-balancing/m-p/2001525#M186957 <HTML><HEAD></HEAD><BODY><P>Thanks for the link Tariq, I blieve that this tends to support my belief that where a cluster (i.e more than two)</P><P>of PSN's are to be deployed for authentication and authorisation purposes then a load balancer is needed. I don't fully understand the issues with profiling described I confess.</P><P></P><P>Accepting that a LB is required for PSN clusters, th enext obvious question is how to size it? I believe that roughly 125bps is the rule of thumb for traffic between an endpoint and the PSN for authentication and authorisation purposes, so for example to size the potential bandwidth for load balancers in front of a PSN cluster if we calc on 20,000 endpoints:</P><P></P><P>We have 20,000 x 125 = 2,500,000bps, this is 2,500Kbps, this is 2.5Mbps. </P><P></P><P>Therefore the entry ACE 4710 with 500Mbps throughput will suffice.</P><P></P><P>Could someone either verify that approach or offer an alternative please?</P></BODY></HTML> Mon, 16 Jul 2012 08:21:25 GMT https://community.cisco.com/t5/network-access-control/ise-policy-services-node-cluster-load-balancing/m-p/2001525#M186957 jesrobbie 2012-07-16T08:21:25Z