Solved: Bandwidth to the PAN - with and without a PSN at the remote site.

dazza_johnson · ‎03-30-2017

Hey guys, I'm using the Cisco ISE bandwidth calculator. It looks like the amount of bandwidth used between the remote site and the DC (where the PAN is) is MORE when you have a PSN deployed at the remote site? Is that right!?

Put another way, the amount of traffic between the PSN and the PAN is more than the amount of RADIUS traffic between client and PAN.

I tried a number of options for active endpoints and it was always the same, using a PSN at the remote site uses more bandwidth across the WAN :-|

Any thoughts?

DJ

hslai · ‎03-31-2017

You are correct that the replication and messaging connections using far more bandwidth compared to RADIUS between network devices and ISE PSN. Network devices do not normally contact an ISE PAN.

View solution in original post

hslai · ‎03-31-2017

You are correct that the replication and messaging connections using far more bandwidth compared to RADIUS between network devices and ISE PSN. Network devices do not normally contact an ISE PAN.

dazza_johnson · ‎04-02-2017

Ok cool, certainly changed my mindset. I (incorrectly) assumed that placing PSNs close the the NADs would provide the following benefits:

Reduced authentication latency
Continued operation if centralised PSNs are unreachable (i.e. WAN failure but NADs can reach local PSNs)
Reduced bandwidth consumed

Sounds like 1 and 2 are still valid, but 3 isn't....

Thanks

Darren