ISE Sizing and Utilization

john5 · ‎06-30-2018

Hi,

I have a large implementation of ISE in a distributed model with 2 ISEs for PAN and 2 for MnT and centralized PSNs in multiple regions which will cover a lot of branches.

unfortunately we can't afford a load balancers behind PSNs and we have to configure each NAD for a specific PSN.

when I made the sizing I found that each node will be utilized by 90-95 % , is it Ok or not ?

what is the best utilization percentage for better performance ?

also I'm planning to do N+1 for redundancy , is it a good idea to let 1 node without utilization for only a failover or there is a better way ?

Thanks in advance.

hslai · ‎06-30-2018

Please start with Craig's CiscoLive BRKSEC-3699.

This is not really right or wrong or good/bad ideas but it all depends on your strategy when a PSN overloads or fails.

Damien Miller · ‎06-30-2018

I personally wouldn't be comfortable with it. If you lose a PSN at 90-95% I would expect to over run the nodes where the load moves to.

I think scaling numbers should be taken with a grain of salt. With a stable well tuned environment you might be able to approach 90% of the rating but there are always outliers. You can't always control every endpoint or aspect of the network, designing to 90-95% might make for a temperamental deployment if something acts funny.