Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1167
Views
0
Helpful
2
Replies

ISE Loopback interface utilization

NeWGuy1109
Level 1
Level 1

‎10-06-2022 04:04 AM

I have a Cisco ISE Instance which is being monitored by SolarWinds.

SolarWinds consistently reports that the loopback interface of ISE is on high utilization..this has been the case for past 3 months.

Is this expected behavior ? 

Labels:
0 Helpful
2 Replies 2

NeWGuy1109
Level 1
Level 1

‎11-02-2022 06:17 AM

any insight on this pls ?

0 Helpful

srigovi2
Cisco Employee
Cisco Employee

‎11-08-2022 02:53 AM - edited ‎11-08-2022 02:54 AM

Hi, 

What is loopback and what is its purpose?

A loopback interface is a logical interface.
This means that it is not related to any hardware "feature" (cable connections, speed, duplex, etc.).
It can be configured with an IP address like a normal physical interface. It is always up.

Purpose: As I've said, it is not related to any hardware feature or problem, so it is always reachable since there is at least one physical interface up and running on the device (and obviously a route to it).

So, if you are having high utilization in that port, then there may be 2 scenarios as below:


Scenario 1:
As per scenario 1, you are pointing out all AAA service traffic in authenticator devices (switches, routers, and WLC) to the loopback interface, as well as device management traffic (SSH access to ISE) using this loopback interface. This may be the cause of the high volume of traffic. If it is true, then you can load-share the traffic by pointing the AAA traffic to the interface IP rather than the loopback IP.
You can use Network Interface Card (NIC) bonding or NIC teaming on the interface IP for high availability. Then redirect that traffic to that NIC teaming interface. This makes only management traffic in the loopback interface. So it will reduce the volume of traffic in the loopback interface.
 

Scenario 2:

If you are not using the loopback IP interface in AAA service and only management traffic is handled by the loopback interface,
Please check how much traffic is showing in SolarWinds and check the in/out the traffic of the ISE interface using CLI mode. And at what time is it showing high utilization?
Based on the above checking, we may find that the high traffic issue in ISE or SolarWinds monitoring tools is showing incorrect traffic utilization.

 

If you find my reply solved your question or issue, kindly click the 'Accept as Solution button and vote it as helpful.
You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco Endpoint Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.

0 Helpful
Customers Also Viewed These Support Documents