Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1927
Views
0
Helpful
4
Replies

ISE PSN behavior concurrent session

Go to solution
sandjose
Cisco Employee
Cisco Employee

‎07-17-2019 09:04 AM

If a PSN node exceeds the max concurrent session ,  what would be the behavior for a radius access request

 

Is the request queued up on the PSN   and the response time increases or is the packet dropped  at the PSN .

 

I couldn’t get hold of a doc which explains  what happens if  the concurrent session is exceeded.

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎07-17-2019 09:27 AM

Hi,

Watch live session BRKSEC-3432. The engineer did mention that ISE will take
requests but it starts impacting performance. Its not a hard limit at which
ISE starts dropping or queuing requests.

**** remember to rate useful posts

View solution in original post

0 Helpful

Go to solution
Serhii Kucherenko
Cisco Employee
Cisco Employee
In response to sandjose

‎07-17-2019 11:52 AM

20k and 40k limits mentioned in the scaling guide represent maximum amount of sessions stored in the session cache. After limit is reached PSN performs Least Recently Used (LRU) algorithm to remove older sessions.

 

While theoretically to frequent execution of LRU can cause some performance degradation in real life this should not be noticeable. 

 

For the sessions which were removed by LRU some advanced flows may not work in case if those sessions are still alive on NADs (for example Posture Re-assessment)

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎07-17-2019 09:13 AM

Technically, the radius requests will be processed but I believe a session cannot be formed in the session directory of the ISE which in turn will result in problems with all the flows like Guest/BYOD/Posture/Profiling etc which lookup a session before proceeding with the flow. It may also increase the load on the PSN, spike CPU and memory since it starts to get a lot of exceptional cases where there will be incoming data for session formation but no way to consume them. Eventually, your PSN will suffer a slow and painful death 😊
0 Helpful

Go to solution
sandjose
Cisco Employee
Cisco Employee
In response to Surendra

‎07-17-2019 09:21 AM

Thanks,  so that means the PSN queues  up the request  but the session doesn't get created .

 

Does that mean that the numbers for concurrent session for a PSN  platform is derived from  its ability to create a session .

 

for eg :3595 on ISE 2.1+ support 40k concurrent sesson

 

 

0 Helpful

Go to solution
Serhii Kucherenko
Cisco Employee
Cisco Employee
In response to sandjose

‎07-17-2019 11:52 AM

20k and 40k limits mentioned in the scaling guide represent maximum amount of sessions stored in the session cache. After limit is reached PSN performs Least Recently Used (LRU) algorithm to remove older sessions.

 

While theoretically to frequent execution of LRU can cause some performance degradation in real life this should not be noticeable. 

 

For the sessions which were removed by LRU some advanced flows may not work in case if those sessions are still alive on NADs (for example Posture Re-assessment)

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎07-17-2019 09:27 AM

Hi,

Watch live session BRKSEC-3432. The engineer did mention that ISE will take
requests but it starts impacting performance. Its not a hard limit at which
ISE starts dropping or queuing requests.

**** remember to rate useful posts
0 Helpful
Customers Also Viewed These Support Documents