cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6619
Views
13
Helpful
1
Replies

ISE Node Groups?

dazza_johnson
Level 5
Level 5

Hi guys, I have two ISE nodes that serve the guest portal (CWA using Cisco WLCs). I have policy rules that says 'if request comes from ISE node x, redirect to guest URL https://nodex' which in turn resolves to the IP of ISE node x. I then have similar rules for ISE node y.

I am NOT using load balancers. Is it advisable to have these two ISE nodes in an ISE Node Group? The information on ISE node groups, and I'm being kind here, is sketchy. I would like to know if ISE Node Groups is something Cisco normally advise for such a deployment, and what exactly it brings to the table.

Thoughts?

DJ

1 Accepted Solution

Accepted Solutions

paul
Level 10
Level 10

If the PSNs are in the same location I always set them up in the node group, load balancer or not.  Here is a nice description from the admin guide:

"When two or more Policy Service nodes (PSNs) are connected to the same high-speed Local Area Network (LAN), we recommend that you place them in the same node group. This design optimizes the replication of endpoint profiling data by retaining less significant attributes local to the group and reducing the information that is replicated to the remote nodes in the network. Node group members also check on the availability of peer group members. If the group detects that a member has failed, it attempts to reset and recover all URL-redirected sessions on the failed node."


In 2.3, MAR cache sync was also added to node group members.


View solution in original post

1 Reply 1

paul
Level 10
Level 10

If the PSNs are in the same location I always set them up in the node group, load balancer or not.  Here is a nice description from the admin guide:

"When two or more Policy Service nodes (PSNs) are connected to the same high-speed Local Area Network (LAN), we recommend that you place them in the same node group. This design optimizes the replication of endpoint profiling data by retaining less significant attributes local to the group and reducing the information that is replicated to the remote nodes in the network. Node group members also check on the availability of peer group members. If the group detects that a member has failed, it attempts to reset and recover all URL-redirected sessions on the failed node."


In 2.3, MAR cache sync was also added to node group members.