Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
912
Views
4
Helpful
2
Replies

ISE high load and big impacts after building power outage/restore

Go to solution
jerkessl
Cisco Employee
Cisco Employee

‎05-23-2017 05:18 AM

Hi,

I have a customer which had experienced ISE high load and big impacts after building power outage.

When they restored power, every switch comes up in a synchronized timeframe and load on ISE was critical. Also at each reauthentication the same happened.

Do we have any workaround for that? Like we have for critical « authentication critical recovery delay ».

Something that can throttle interface bring up at switch boot up?


Regards,

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10
In response to kthiruve

‎05-24-2017 08:09 PM

We perform scale testing to validate that all endpoints can be reauthenticated within a few minutes, but certainly is one of the use cases to consider buffer capacity under such extreme cases.  By setting reauth timers via server, it would be possible to return reauth timers that are dispersed by minutes or tens of minutes to reduce a periodic wave that resonates at the same interval.

Craig

View solution in original post

2 Replies 2

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎05-23-2017 03:36 PM

Hi Jeremy,

Please take a look at the ISE best practices suggestions made in the CIsco Live sessions.

There are several things you can do in an enterprise infrastructure. In ISE you can reduce duplicate authentication requests by ignoring it totally, there are best practices around reauth, idle timer etc.

Designing ISE for Scale & High Availability (2017 Berlin)

Thanks

Krishnan

Go to solution
Craig Hyps
Level 10
Level 10
In response to kthiruve

‎05-24-2017 08:09 PM

We perform scale testing to validate that all endpoints can be reauthenticated within a few minutes, but certainly is one of the use cases to consider buffer capacity under such extreme cases.  By setting reauth timers via server, it would be possible to return reauth timers that are dispersed by minutes or tens of minutes to reduce a periodic wave that resonates at the same interval.

Craig

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents