cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

304
Views
0
Helpful
6
Replies
Cisco Employee

2.6 Scalability for pxGrid

Hi,

 

In the installation guide for 2.4, we had clear numbers on how many pxgrid nodes etc were supported per deployment model. For 2.6 this does not seem to be listed. Is this information available anywhere?

(See pictures below)

 

Regards

Gert

2.4:

Screenshot 2019-04-10 at 12.14.40.png

 

2.6:

Screenshot 2019-04-10 at 12.15.18.png

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Engager

Re: 2.6 Scalability for pxGrid

If you want to support 50k endpoints then you have to use 3695 nodes, or a dedicated deployment with more 3655 nodes.

 

In a standalone 1-2 node deployment you can scale to a max of 50k endpoints with two 3695's.  You could host all personas on these and have 50k HA support.  You can also run pxgrid on both of these in a limited deployment, ~30 total connections.  

 


In a hybrid deployment between 3 and 7 nodes, you can still only scale to 50k endpoints with 3695's. 

 

In the hyrbid scenario, you would have 2x 3695 doing pan/mnt functions, then could have 2 x 3655 dedicated PSN's which handle 50k endpoints each (still limited to 50k total for deployment), and 2 x 3615 pxgrid nodes for HA.  It's unlikey you need larger pxgrid nodes, I noticed scaling are still missing for 3600's pxgrid scale but a 3615 will support a lot of pxgrid v2 connections. In this deployment you could have the pxgrid handled by pan/mnt still and support about 160 pxgrid v2 connections. 

6 REPLIES 6

Re: 2.6 Scalability for pxGrid

Please verify this slides http://cs.co/BRKSEC-3432

 

Maximum dedicated pxGrid node is 4 & maximum subscribers per pxGrid node is 200

 

-Aravind

-Aravind
Cisco Employee

Re: 2.6 Scalability for pxGrid

Thanks for the quick reply.

We are aiming to support up to 50k endpoints in an SDA setup, hence the reason for needing pxGrid.
Looking at the following slide, that does seem to leave us with 2 options:


* Option 1: Medium deployment on the 3695 appliances. But this 4* does seem to indicate that we would need 4 pxGrid nodes, leaving only 1 PSN.
Or is it sufficient to use 2 pxGrid nodes in this deployment, leaving 3 PSNs.
* Option 2: Distributed deployment on the 3655 appliances. Would it be ok to go for 2 x PAN, 2 x Mnt, 2 x pxGrid and 2 x PSN?

Regards
Gert

[cid:image001.png@01D4EFA6.21458200]
VIP Engager

Re: 2.6 Scalability for pxGrid

If you want to support 50k endpoints then you have to use 3695 nodes, or a dedicated deployment with more 3655 nodes.

 

In a standalone 1-2 node deployment you can scale to a max of 50k endpoints with two 3695's.  You could host all personas on these and have 50k HA support.  You can also run pxgrid on both of these in a limited deployment, ~30 total connections.  

 


In a hybrid deployment between 3 and 7 nodes, you can still only scale to 50k endpoints with 3695's. 

 

In the hyrbid scenario, you would have 2x 3695 doing pan/mnt functions, then could have 2 x 3655 dedicated PSN's which handle 50k endpoints each (still limited to 50k total for deployment), and 2 x 3615 pxgrid nodes for HA.  It's unlikey you need larger pxgrid nodes, I noticed scaling are still missing for 3600's pxgrid scale but a 3615 will support a lot of pxgrid v2 connections. In this deployment you could have the pxgrid handled by pan/mnt still and support about 160 pxgrid v2 connections. 

Cisco Employee

Re: 2.6 Scalability for pxGrid

Thanks for the reply.
Is there documentation on the limitations for pxGrid that you refer to: 30 pxgrid connections vs 160?
Any plans to get this on the public installation guides? We want to make sure we can reference these numbers to customers instead of relying on CL slides.
Thanks!
Gert

VIP Engager

Re: 2.6 Scalability for pxGrid

The 30 and 160 reference are the pxgrid v2 scaling we had in 2.4 on standalone and hybrid deployments, the numbers haven't been directly provided for 2.6.  It's possible that pxgrid could scale beyond what 2.4 did with the introduction of high resource nodes, but for now the same can be used. 
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148

pxGrid v2 Scaling per Deployment

 

Deployment Type Platform Max PSNs Max PXGs Max pxGrid Subscribers: Shared PAN+MNT+PXG Max pxGrid Subscribers: Dedicated PSN/PXG
Standalone All personas on same node

2 nodes redundant

3515 0 0 20 N/A
3595 0 0 30 N/A
Medium

PAN+MnT+PXG on same node and dedicated PSNs  
-OR-

PAN+MnT and dedicated PSN & PXG

Minimum 4 nodes redundant

3515 as PAN+MNT/PXG 5* 2* 140 400
3595 as PAN+MNT/PXG 5* 2* 160 400
3595 as PAN+MNT/PXG 5* 3* 160 600
Dedicated All personas on dedicated nodes

Minimum 6 nodes redundant

3595 as PAN and MNT 50 4 N/A 800
3595 as PAN and Large MNT 50 4 N/A 800

 

 

 

Highlighted
Cisco Employee

Re: 2.6 Scalability for pxGrid

Thanks Damien. Much appreciated.
Regards
Gert