ISE Policy Services node cluster load balancing

jesrobbie · ‎07-13-2012

I see that in reference designs where you have to have a cluster of PSN's they are load balanced. I assume that there is no native clustering then and that an external load balancer is mandatory here?

If this is so, what are the guidelines for sizing the load balancers (ACE)?

Tarik Admani · ‎07-14-2012

The load balancer is optional for networks that have to have one. Typically I have see in the past where you can generate radius server configs in order to prioritize which radius server are at the top and then work your way down and alternating the order from device to device.

If your network needs a load balancer, I have seen a few deployments using ACE.

Here is a good forum that was posted, chyps comments will help you understand how the ise PSNs operate in a node group environment.

https://supportforums.cisco.com/thread/2120118

Thanks,

Tarik Admani

jesrobbie · ‎07-16-2012

Thanks for the link Tariq, I blieve that this tends to support my belief that where a cluster (i.e more than two)

of PSN's are to be deployed for authentication and authorisation purposes then a load balancer is needed. I don't fully understand the issues with profiling described I confess.

Accepting that a LB is required for PSN clusters, th enext obvious question is how to size it? I believe that roughly 125bps is the rule of thumb for traffic between an endpoint and the PSN for authentication and authorisation purposes, so for example to size the potential bandwidth for load balancers in front of a PSN cluster if we calc on 20,000 endpoints:

We have 20,000 x 125 = 2,500,000bps, this is 2,500Kbps, this is 2.5Mbps.

Therefore the entry ACE 4710 with 500Mbps throughput will suffice.

Could someone either verify that approach or offer an alternative please?