08-30-2023 11:45 PM
Dears,
As below setup, what's the maximum sessions that can be handled at time. as the below table, it mentioned that if the 3615 working as the dedicated PSN will give 25K however when working as the PAN/Mnt will give 12.5K. So is this setup gives us 12.K overall ?
Thanks and BR;
Solved! Go to Solution.
08-31-2023 12:06 AM
Your understanding is correct. The limitation here is the shared pan/mnt running on a 3615. You have a max capacity of 12.5k active sessions regardless of how many PSNs you run with this hybrid deployment. It does however provide you with n+1 HA for the PSN load allowing you to take a node down for patching or maintenance without sacrificing scale.
It's worth noting that the active session scaling numbers provided in the guide are under a best case scenario testing environment. The noise from the endpoints on the network can impact this. This is the note in the scaling guide.
"below table are derived based on tests under following conditions:
ISE deployments are formed in single datacenter deployed in same region, low latency (less than 5 ms) between the ISE internode communications, dot1xauthentications and accounting events generated by endpoints in the range of 2 to 4 repetitions per day, and majority of the sessions are RADIUS protocols authenticating with local ID providers."
08-31-2023 12:06 AM
Your understanding is correct. The limitation here is the shared pan/mnt running on a 3615. You have a max capacity of 12.5k active sessions regardless of how many PSNs you run with this hybrid deployment. It does however provide you with n+1 HA for the PSN load allowing you to take a node down for patching or maintenance without sacrificing scale.
It's worth noting that the active session scaling numbers provided in the guide are under a best case scenario testing environment. The noise from the endpoints on the network can impact this. This is the note in the scaling guide.
"below table are derived based on tests under following conditions:
ISE deployments are formed in single datacenter deployed in same region, low latency (less than 5 ms) between the ISE internode communications, dot1xauthentications and accounting events generated by endpoints in the range of 2 to 4 repetitions per day, and majority of the sessions are RADIUS protocols authenticating with local ID providers."
08-31-2023 12:19 AM
Thanks alot Damien for your kind support, what's mean by "majority of the sessions are RADIUS protocols authenticating with local ID providers."
"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide