cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1709
Views
0
Helpful
4
Replies

ISE PSN behavior concurrent session

sandjose
Cisco Employee
Cisco Employee

If a PSN node exceeds the max concurrent session ,  what would be the behavior for a radius access request

 

Is the request queued up on the PSN   and the response time increases or is the packet dropped  at the PSN .

 

I couldn’t get hold of a doc which explains  what happens if  the concurrent session is exceeded.

 

2 Accepted Solutions

Accepted Solutions

Hi,

Watch live session BRKSEC-3432. The engineer did mention that ISE will take
requests but it starts impacting performance. Its not a hard limit at which
ISE starts dropping or queuing requests.

**** remember to rate useful posts

View solution in original post

20k and 40k limits mentioned in the scaling guide represent maximum amount of sessions stored in the session cache. After limit is reached PSN performs Least Recently Used (LRU) algorithm to remove older sessions.

 

While theoretically to frequent execution of LRU can cause some performance degradation in real life this should not be noticeable. 

 

For the sessions which were removed by LRU some advanced flows may not work in case if those sessions are still alive on NADs (for example Posture Re-assessment)

View solution in original post

4 Replies 4

Surendra
Cisco Employee
Cisco Employee
Technically, the radius requests will be processed but I believe a session cannot be formed in the session directory of the ISE which in turn will result in problems with all the flows like Guest/BYOD/Posture/Profiling etc which lookup a session before proceeding with the flow. It may also increase the load on the PSN, spike CPU and memory since it starts to get a lot of exceptional cases where there will be incoming data for session formation but no way to consume them. Eventually, your PSN will suffer a slow and painful death 😊

Thanks,  so that means the PSN queues  up the request  but the session doesn't get created .

 

Does that mean that the numbers for concurrent session for a PSN  platform is derived from  its ability to create a session .

 

for eg :3595 on ISE 2.1+ support 40k concurrent sesson

 

 

20k and 40k limits mentioned in the scaling guide represent maximum amount of sessions stored in the session cache. After limit is reached PSN performs Least Recently Used (LRU) algorithm to remove older sessions.

 

While theoretically to frequent execution of LRU can cause some performance degradation in real life this should not be noticeable. 

 

For the sessions which were removed by LRU some advanced flows may not work in case if those sessions are still alive on NADs (for example Posture Re-assessment)

Hi,

Watch live session BRKSEC-3432. The engineer did mention that ISE will take
requests but it starts impacting performance. Its not a hard limit at which
ISE starts dropping or queuing requests.

**** remember to rate useful posts