08-22-2012 12:29 AM - edited 03-10-2019 07:27 PM
Hello,
We have 2 CSACS 1121 with Cisco ACS 5.2.0.26.10
The primary server manages 20000+ authentications per day.
Its memory utilization increases everyday.
It is now at 83%
Is there a limit?
What will happen when memory utilization reach this limit?
What can we do to purge memory utilization? (reboot, service restart...)
Thanks for your help
Patrick
Solved! Go to Solution.
08-24-2012 03:51 AM
Please make the secondary the log collector. This will help balance the load between the two nodes and you will see the memory utilization decrease.
Thanks
08-22-2012 02:45 AM
Hi,
There is a limit of 125 percent that will require a purge, however you need an NSF repository when the db exceeds 30 percent.
Reset doesn't get the data off of it, if the data exceeds this amount the box will have to be reimaged and will become unavailable.
Thanks,
Sent from Cisco Technical Support iPad App
08-24-2012 12:56 AM
Hi Tarik,
Thanks for your answer.
I think you are talking about Disk Usage
In ACS status:
Is memory equal to disk in ACS?
I thought that memory utilization means RAM utilization.
Could you confirm please?
Thanks,
Patrick
08-24-2012 03:29 AM
Patrixk you are correct. Is the acs in a distributed deployment or is it a standalone unit?
If standalone then this is to be expected. How many authentications per second does your box see on average?
08-24-2012 03:39 AM
This is a small ACS deployment as described on http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_deploy.html#wp1104113
ACS manages 2 authentications per second on average.
Patrick
08-24-2012 03:44 AM
In your initial.email you mentioned 20k auth per day. Also in your acs deployment is the primary acs also the log collector?
08-24-2012 03:49 AM
Yes there are 20 k auths per day
Most of them are between 9 AM and 17 PM so ACS received 2 auths per second on average.
I confirm that the primary ACS is also the log collector.
08-24-2012 03:51 AM
Please make the secondary the log collector. This will help balance the load between the two nodes and you will see the memory utilization decrease.
Thanks
08-24-2012 03:53 AM
Thanks for your advice.
I will try as soon as possible
Regards,
Patrick
08-27-2012 12:35 AM
Hi Tarik,
I tested your solution in a test environment.
Memory Utilization decreases on primary.
Memory Utilization increses on secondary.
Is there a limit?
What will happen when memory utilization reach this limit?
What can we do to purge memory utilization? (reboot, service restart...)
Thanks,
Patrick
08-27-2012 06:20 AM
How high is the memory utilization on the secondary ACS? Also do you have your load for radius authentications split? Meaning that half of your deployment chooses the primary ACS server as it is first radius target the other half has the secondary ACS server as their first radius target?
I have seen that 80 percent memory utilization is to be expected, here is some documentation regarding performance numbers:
You may want to consider adding another ACS server to your deployment to see if this helps lighten the load if the 80 percent memory utilization becomes a concern. If you calculate all these numbers and something still doesnt add up, you can upgrade to the latest code (5.3 patch 5), if that doesnt help then you can try to open a tac case to see if they can look at, but in my honest opinion with 20k auth per day I am thinking this is expected.
Thanks,
Tarik Admani
*Please rate helpful posts*
08-27-2012 08:28 AM
I changed log collector on a non-production platform. There are very few authentications on this platform.
Secondary ACS memory utilization is 25%...
Primary ACS memory utilization falls from 27% to 17%.
I didnt split the radius authentications for the moment because I thought ACS is far away from its performance limits.
I have planned to split for other services which will need RADIUS.
I think that I will reconsider this because memory is growing more than expected.
Thanks for all your advices.
Patrick
06-05-2014 01:31 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide