06-30-2018 09:31 AM
Hi,
I have a large implementation of ISE in a distributed model with 2 ISEs for PAN and 2 for MnT and centralized PSNs in multiple regions which will cover a lot of branches.
unfortunately we can't afford a load balancers behind PSNs and we have to configure each NAD for a specific PSN.
when I made the sizing I found that each node will be utilized by 90-95 % , is it Ok or not ?
what is the best utilization percentage for better performance ?
also I'm planning to do N+1 for redundancy , is it a good idea to let 1 node without utilization for only a failover or there is a better way ?
Thanks in advance.
06-30-2018 08:14 PM
Please start with Craig's CiscoLive BRKSEC-3699.
This is not really right or wrong or good/bad ideas but it all depends on your strategy when a PSN overloads or fails.
06-30-2018 08:37 PM
I personally wouldn't be comfortable with it. If you lose a PSN at 90-95% I would expect to over run the nodes where the load moves to.
I think scaling numbers should be taken with a grain of salt. With a stable well tuned environment you might be able to approach 90% of the rating but there are always outliers. You can't always control every endpoint or aspect of the network, designing to 90-95% might make for a temperamental deployment if something acts funny.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide