Solved: Re: ISE Interface utilisation design suggestion

dngore · ‎04-17-2018

Hi,

We are working on greenfield ISE project. We will deploy ISE 2.4 on 3595 appliances. 5+2 PSNs behind Load balancer at DC and same setup at DR. Admin and MnT on separate node with HA setup.

Endpoint count is about 200K.

Need suggestion on below points:

1. NIC bonding for Gig0 & 1. Are there any issues or limitations on NIC bonding? Is it best practice to use NIC bonding?

2. Should we use separate interface for profiling other than Gig 0? DHCP, SNMP, NMAP AD probes are in consideration.

Regards,

D.M.Gore

Craig Hyps · ‎04-17-2018

NIC bonding can provide NIC redundancy (not load sharing), so certainly recommended if goal is to survive single upstream switch outage. Recommend be as consistent as possible across nodes so that portal and profiler configs that reference interfaces are consistent and make for easy management and swap.

Separate interfaces can help isolate traffic and in some cases a requirement, such as when SPAN or Netflow probes used, or if wish to leverage Anycast directly on node versus LB VIP.

View solution in original post

Craig Hyps · ‎04-17-2018

NIC bonding can provide NIC redundancy (not load sharing), so certainly recommended if goal is to survive single upstream switch outage. Recommend be as consistent as possible across nodes so that portal and profiler configs that reference interfaces are consistent and make for easy management and swap.

Separate interfaces can help isolate traffic and in some cases a requirement, such as when SPAN or Netflow probes used, or if wish to leverage Anycast directly on node versus LB VIP.