Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
2
Replies

maximum sessions with Appliance SNS 3615

Go to solution
ibrahimbadr4669
Level 1
Level 1

‎08-30-2023 11:45 PM

Dears,

As below setup, what's the maximum sessions that can be handled at time. as the below table, it mentioned that if the 3615 working as the dedicated PSN will give 25K however when working as the PAN/Mnt will give 12.5K. So is this setup gives us 12.K overall ?

ibrahimbadr4669_2-1693464175616.png

ibrahimbadr4669_3-1693464321369.png

Thanks and BR;

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎08-31-2023 12:06 AM

Your understanding is correct. The limitation here is the shared pan/mnt running on a 3615. You have a max capacity of 12.5k active sessions regardless of how many PSNs you run with this hybrid deployment. It does however provide you with n+1 HA for the PSN load allowing you to take a node down for patching or maintenance without sacrificing scale. 

It's worth noting that the active session scaling numbers provided in the guide are under a best case scenario testing environment. The noise from the endpoints on the network can impact this. This is the note in the scaling guide.

"below table are derived based on tests under following conditions:

ISE deployments are formed in single datacenter deployed in same region, low latency (less than 5 ms) between the ISE internode communications, dot1xauthentications and accounting events generated by endpoints in the range of 2 to 4 repetitions per day, and majority of the sessions are RADIUS protocols authenticating with local ID providers."

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎08-31-2023 12:06 AM

Your understanding is correct. The limitation here is the shared pan/mnt running on a 3615. You have a max capacity of 12.5k active sessions regardless of how many PSNs you run with this hybrid deployment. It does however provide you with n+1 HA for the PSN load allowing you to take a node down for patching or maintenance without sacrificing scale. 

It's worth noting that the active session scaling numbers provided in the guide are under a best case scenario testing environment. The noise from the endpoints on the network can impact this. This is the note in the scaling guide.

"below table are derived based on tests under following conditions:

ISE deployments are formed in single datacenter deployed in same region, low latency (less than 5 ms) between the ISE internode communications, dot1xauthentications and accounting events generated by endpoints in the range of 2 to 4 repetitions per day, and majority of the sessions are RADIUS protocols authenticating with local ID providers."

0 Helpful

Go to solution
ibrahimbadr4669
Level 1
Level 1
In response to Damien Miller

‎08-31-2023 12:19 AM

Thanks alot Damien for your kind support, what's mean by "majority of the sessions are RADIUS protocols authenticating with local ID providers."

 

 

"

0 Helpful
Customers Also Viewed These Support Documents