Hey, guys.
Has anyone accountered the problem, that replication between ISE nodes stops after an unpredictable timeframe ???
This is the result after one day:
I have set up a distributed deployment of ISE nodes, seven in total, split up into two nodes for each service (monitoring, administration, policy and profiling).
Each of the nodes is running in an ESX 5.x environment, ESX itself is running on two hosts (two UCS with lots of ram and CPUs), each node has 8 virtual CPUs and 16GB ram, the virtual harddisks are 750GB and on some nodes even 2000GB .....
This is a testing environment, radius accounting data is sent to the ISEs by a small number of switches only (but production switches, so that I can see profiling of our real clients), no authentication or authorization is done by the ISEs (yet).
Profiling is configured in the following way:
- a single node receives the HTTP probe (via a spanned port of our proxy server) on gig 1 (box does nothing else)
- two nodes listen to the DHCP, DNS, RADIUS and SNMP probes, these two nodes have the policy service enabled also (but do nothing with it)
All nodes run the same version of ISE:
Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.4.120
ADE-OS System Architecture: i386
Copyright (c) 2005-2011 by Cisco Systems, Inc.
All rights reserved.
Hostname: ise-worf
Version information of installed applications
---------------------------------------------
Cisco Identity Services Engine
---------------------------------------------
Version : 1.1.4.218
Build Date : Wed Apr 10 22:20:22 2013
Install Date : Fri May 3 19:16:05 2013
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 1
Install Date : Wed May 29 08:16:58 2013
The database on this deployment contains about 5100 clients at this time:
which is very little compared with the number of the rest of the endpoints that are connected to all the switches that do not send radius-accounting to the ISE deployment yet ....
Anyone has a solution or a clue what to do ???
In this state, ISE seems not capable to handle enterprise environments ....
Btw, backups of the database do not work either, when you have more than 50% diskspace occupied ......
Rgs
Frank
Hey, guys.
Here is a little update, repication is still disabled, but it seems to be getting even worse:
This happens when trying to connect via SSH AND via the vCenter Console window ......
A reboot of the box enabled ssh again, but the application cannot be started again ...
Disk full .... but full with what ???
Replication is disabled, so no new database entries etc. can make the db grow, I guess .. ??
The virtual disk that has been assigned to this vm is the largest size, that vmware can handle:
The only thing I can do now, is to reimage the machine (again).
Sadly, I do not expect things to be any different with the new installed ise, because I have done this three times before already...
At this point I feel the urgent need to throw this whole project onto the dumpster and take another look at ISE when version 3.0 is released, because in this state it is not enterprise scalable software ....
Rgs
Frank
