02-25-2019 07:52 AM - edited 03-08-2019 07:14 PM
In the ISE installation guide, it states that ISE Large VM cannot be used as PAN, PSN or PxGrid. Is it a hard restriction (system will check and prevent such configuration?) or just a suggestion? I am planning to have a 6-node design where all 6 nodes are VM Large based on SNS3695. PAN and PSN will be designated on Large VM. Is it a supported design?
"The Large memory size is only for use as a performance-enhanced MnT node. You cannot use the Large VM as a PAN, PSN, or pxGrid node."
Solved! Go to Solution.
02-25-2019 08:00 AM - edited 02-25-2019 09:36 AM
It sounds like you are reading the ISE 2.4 guide, or there is a typo in the 2.6 guide, link what you were reading and we can clear it up. Using a large VM for all roles is supported in 2.6 and in standalone (1-2 nodes), or hybrid (PAN/MNT same nodes, 7 nodes max), with scale up to 50,000 active endpoints.
It would probably be wise to use 6 or 8x3655 appliances. This for example would have peak support for 200k active, and 100k if half the PSN's failed. 50k active per 3655 PSN in a dedicated deployment.
2xPAN
2x MNT
4x PSN - 200k total, 100k HA
optional, use 2 3655 PSN
2x PSN - 100k total, 50k HA
02-25-2019 08:00 AM - edited 02-25-2019 09:36 AM
It sounds like you are reading the ISE 2.4 guide, or there is a typo in the 2.6 guide, link what you were reading and we can clear it up. Using a large VM for all roles is supported in 2.6 and in standalone (1-2 nodes), or hybrid (PAN/MNT same nodes, 7 nodes max), with scale up to 50,000 active endpoints.
It would probably be wise to use 6 or 8x3655 appliances. This for example would have peak support for 200k active, and 100k if half the PSN's failed. 50k active per 3655 PSN in a dedicated deployment.
2xPAN
2x MNT
4x PSN - 200k total, 100k HA
optional, use 2 3655 PSN
2x PSN - 100k total, 50k HA
02-25-2019 09:24 AM
08-15-2019 04:40 AM
Hi @Jason Kunst and @Damien Miller
Apologies for digging this subject up again.
If I understand Damien's point, running LARGE VM on any persona is technically OK because the software will run and not complain about it. And Cisco TAC should hopefully have no issues supporting a non-MnT node deployed as a VM LARGE?
It was always my understanding that throwing more RAM and CPU at the MnT made sense because this persona could benefit from it. My question is, what benefit would a PAN node get if it had 256GB RAM? It doesn't change any of the hard limits of 2 million endpoints, right? In my opinion, this RAM would be wasted (or at best, used by Linux as a cache of some sort). And what significance does more RAM and CPU have for a PSN?
I would never want to stop anyone buying LARGE VM licenses if they can afford it :-) I am more interested in what effect it has on the different Personas.
thanks in advance
08-15-2019 04:57 AM
08-15-2019 09:06 AM
08-21-2019 07:43 AM
Large VM which essentially had more resources, was introduced to improve the MnT performance. We clearly mentioned that this can be used as an MnT node only since we did not qualify the other personas on the large VM. Hence not recommended.
but having said that, you can still allocate more resources to your PAN and PSN nodes other than the standard available.
the equivalent of large VM is the new 3695 appliances which can run any of the personas today.
with 2.4 patch 9, on 3695 as PAN and MnT , the max concurrent sessions supported is 500k sessions. there were some code changes done to achieve 2 M in 2.6 hence we dont recommend scaling beyond 2.4 scaling numbers.
Nidhi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide