ISE (Concurrent Connections)

bepage3 — Thu, 18 Oct 2018 12:35:08 GMT

Has anyone created a chart that breaks this down by version?

How many concurrent connections are supported by ISE deployment? (by ISE version)
1. How many PSNs can a deployment have?
How many concurrent connections are supported by each PSN? (by ISE version)

Re: ISE (Concurrent Connections)

Arne Bier — Thu, 18 Oct 2018 12:49:54 GMT

Have a look at the ISE Community resources page here

https://community.cisco.com/t5/security-documents/ise-community-resources/ta-p/3621621

There is a link to scaling - all the figures are there

What might not be immediately obvious is that in, e.g. ISE 2.4, the SNS-3595 (biggest box) can handle 20,000 concurrent sessions if the PAN and MnT are combined. But if you split PAN and MnT into two separate nodes, then suddenly the same PSN node can handle 40,000 concurrent sessions. I have never understood that - but that is how I understand it to work.

Remember that these figures are not magical numbers or hard limits - they are rounded up numbers from empirical lab testing. And you have to remember that the profile of a PSN's load can never be predicted. You have no idea how many logins per second will hit a PSN. When EAP auths happen, they hammer away with loads of Radius requests until user is finally logged in. But once 20,000 sessions are active, then ISE has to maintain them - and this is probably the memory limit and the logging limit that you're up against. I don't expect that ISE will be doing much at all, if there are not many Radius Accounting requests that will impact the status of those sessions. A session is not something that should cause a server much stress at all - ISE just has to maintain database integrity and log everything nicely.

topic Re: ISE (Concurrent Connections) in Network Access Control

ISE (Concurrent Connections)

Re: ISE (Concurrent Connections)