cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

98
Views
0
Helpful
4
Replies
Highlighted
Cisco Employee

ISE PSN behavior concurrent session

If a PSN node exceeds the max concurrent session ,  what would be the behavior for a radius access request

 

Is the request queued up on the PSN   and the response time increases or is the packet dropped  at the PSN .

 

I couldn’t get hold of a doc which explains  what happens if  the concurrent session is exceeded.

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Advisor

Re: ISE PSN behavior concurrent session

Hi,

Watch live session BRKSEC-3432. The engineer did mention that ISE will take
requests but it starts impacting performance. Its not a hard limit at which
ISE starts dropping or queuing requests.

**** remember to rate useful posts
Cisco Employee

Re: ISE PSN behavior concurrent session

20k and 40k limits mentioned in the scaling guide represent maximum amount of sessions stored in the session cache. After limit is reached PSN performs Least Recently Used (LRU) algorithm to remove older sessions.

 

While theoretically to frequent execution of LRU can cause some performance degradation in real life this should not be noticeable. 

 

For the sessions which were removed by LRU some advanced flows may not work in case if those sessions are still alive on NADs (for example Posture Re-assessment)

4 REPLIES 4
Cisco Employee

Re: ISE PSN behavior concurrent session

Technically, the radius requests will be processed but I believe a session cannot be formed in the session directory of the ISE which in turn will result in problems with all the flows like Guest/BYOD/Posture/Profiling etc which lookup a session before proceeding with the flow. It may also increase the load on the PSN, spike CPU and memory since it starts to get a lot of exceptional cases where there will be incoming data for session formation but no way to consume them. Eventually, your PSN will suffer a slow and painful death 😊
Cisco Employee

Re: ISE PSN behavior concurrent session

Thanks,  so that means the PSN queues  up the request  but the session doesn't get created .

 

Does that mean that the numbers for concurrent session for a PSN  platform is derived from  its ability to create a session .

 

for eg :3595 on ISE 2.1+ support 40k concurrent sesson

 

 

Cisco Employee

Re: ISE PSN behavior concurrent session

20k and 40k limits mentioned in the scaling guide represent maximum amount of sessions stored in the session cache. After limit is reached PSN performs Least Recently Used (LRU) algorithm to remove older sessions.

 

While theoretically to frequent execution of LRU can cause some performance degradation in real life this should not be noticeable. 

 

For the sessions which were removed by LRU some advanced flows may not work in case if those sessions are still alive on NADs (for example Posture Re-assessment)

VIP Advisor

Re: ISE PSN behavior concurrent session

Hi,

Watch live session BRKSEC-3432. The engineer did mention that ISE will take
requests but it starts impacting performance. Its not a hard limit at which
ISE starts dropping or queuing requests.

**** remember to rate useful posts