Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2075
Views
5
Helpful
4
Replies

ISE PSN nodes dependancies.

Go to solution
LAN team
Level 1
Level 1

‎10-25-2021 05:41 AM

Hello,

 

We're currently facing an issue with a PSN node with a CPU overusage, we have to reload it almost each days.

It should be a hardware issue or bug issue.

 

Waiting to solve the hardware issue, we want to isolate this node, but when we shut the node or stop application, the other PSN node which belong to the same group node undergo a CPU and memory increase until the first PSN node is fully restarted.

I need to precise, it's not related to an authentication load issue, as it happens even when there's no traffic.

 

1) In my mind, the sync is done between the PAN and the PSN, then I don't understand what happens. 

2) How can we isolate the PSN without any effect on teh second one ?

 

Thank you, 

 

(PS : A same discussion has been already opened but tagged as solved by mistake)

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP
In response to LAN team

‎10-25-2021 02:22 PM

Hi @LAN team ,

 when you said: "1) In my mind, the sync is done between the PAN and the PSN, then I don't understand what happens.", it's true for Global Replication, but PSN to PSN "conversation" exists via Node Group.

 Please double check if PSN2 takes over the PSN1's "role", when PSN1 is shutdown, in other words, (just as an example) if PSN1 has issues with Endpoints reprofiling, when you shutdown PSN1, then all "PSN1's Endpoints" will "talk to" PSN2 and it's probably the reason that PSN2 has a CPU Over Usage.

 

Hope this helps !!!

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎10-25-2021 06:05 AM

@LAN team deregister the PSN having the issues, so it's removed from the cluster to isolate it.

Have you logged a call with TAC regarding the issue? Check to see if the ISE version and patch level has a bug, if so install the latest patch.

0 Helpful

Go to solution
LAN team
Level 1
Level 1
In response to Rob Ingram

‎10-25-2021 08:32 AM

@Rob Ingram  Ok for the deregistration action.

 

But can you explain (if possible ) the behavior : why the second PSN get CPU overusage until the reload of the first one is completed ?

 

PSNissue.png

 

Thank you,

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to LAN team

‎10-25-2021 02:22 PM

Hi @LAN team ,

 when you said: "1) In my mind, the sync is done between the PAN and the PSN, then I don't understand what happens.", it's true for Global Replication, but PSN to PSN "conversation" exists via Node Group.

 Please double check if PSN2 takes over the PSN1's "role", when PSN1 is shutdown, in other words, (just as an example) if PSN1 has issues with Endpoints reprofiling, when you shutdown PSN1, then all "PSN1's Endpoints" will "talk to" PSN2 and it's probably the reason that PSN2 has a CPU Over Usage.

 

Hope this helps !!!

Go to solution
LAN team
Level 1
Level 1
In response to Marcelo Morais

‎10-27-2021 03:22 AM - edited ‎11-12-2021 05:47 AM

Hello Marcelo,

 

You're fully right. We've found the root cause, it was a client device which flooded with incremental MAC (about 20.000). Then when the 1st node was done, the load move to the second one.

 

But as we have opened a high CPU incident to the Cisco TAC, the TAC engineer tell us : "it's bug please update" as usuall... We haven't checked for a external reason. Finaly all is logic.

 

Thank you for your answer.

0 Helpful
Customers Also Viewed These Support Documents