Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
712
Views
15
Helpful
2
Replies

ISE Scaling - Private Cloud vs Public Cloud

Arne Bier
VIP
VIP

‎08-29-2022 12:11 AM

Hello,

The Cisco scaling numbers for maximum concurrent sessions for a Dedicated PSN in a fully distributed deployment is 10,000 for Small VM (32 GB RAM, 16 vCPU).

But the same RAM/CPU in AWS (c5.4xlarge) apparently support 40,000 concurrent sessions

Is the I/O layer the only difference, or is the ISE code optimised to run better in AWS?

If I am using a VMWare on-prem ISE PSN, with fast IO storage (i.e. much faster than the single disk SNS-3615) then I want to know whether I can claim the same 40,000 concurrent sessions ?

I monitor the usage of the production ISE nodes and let's say, in a dedicated RADIUS PSN, there is not much going on in terms of CPU and RAM even with 10,000 active sessions on a PSN.  

A better measure of performance should be the rate at which the PSN needs to do work - RADIUS requests per second. And that number is very low too.  

it seems very wasteful to have to allocate 96GB of RAM and 24 CPUs to get the VMWare PSN up to the next level (Medium) when in reality it's doing amazingly well in the Small spec (albeit, theoretically at the MAXIMUM spec)

I would appreciate some real-world feedback on this

0 Helpful
2 Replies 2

hslai
Cisco Employee
Cisco Employee

‎08-29-2022 06:00 PM

Hi Arne:- We received similar feedback and our team is currently updating this doc.

Arne Bier
VIP
VIP

‎09-07-2022 04:36 PM

thanks @hslai - I am about to embark on a large VM deployment and I would appreciate some answers regarding the nature of these numbers.

As mentioned before, I am not deploying SNS-3615 (which use a single rotating disk and have relatively slow IO compared to other storage tiers).

I have seen broadly across most customer environments, that their VMWare Datastores are very fast - mostly due to SSD or very fast RAID arrays. They far exceed the IO throughput and IOPS for an SNS-3615. 

Current customer ISE show-tech reports write speeds of 980MB/s and read speeds of 4.4GB/s

But having said that, I don't see how the AWS environment can handle 4x the sessions with the same CPU and RAM.

The numbers of 10,000 concurrent sessions for a dedicated PSNs means that, even if half the RAM (16GB) were used exclusively to hold 10,000 endpoint records, then each endpoint's data structure would have 1.6MB of memory allocated to it. That's an insane number of memory for a single endpoint. Therefore I am inclined to think that that amount of RAM should be able to accommodate at least double that amount of endpoints.

So the reality might lie somewhere in the middle?  

We're all engineers here and I think I can handle a decent explanation of the facts, please

 

 

Customers Also Viewed These Support Documents