Hello Team,
One of our customer is using auto PAN failover feature and currently testing few scenarios. As of now the PSN doing the monitoring is in the same datacenter as PAN i.e. Primary PAN being monitored by PSN in primary DC and secondary PAN being monitored by PSN in secondary DC.
As per the initial understanding, it is recommended to have monitoring PSN in the same datacenter. Now in this case if there is a complete DR failure scenario i.e primary datcenter is down then the PSN monitoring the PAN will also be down and auto failover for PAN will not trigger (tested).
Now my question is can we have the PSN in separate datacenter i.e. can the Primary PAN monitoring PSN be in secondary DC and viceversa. If not why? I understand that we could get some false positive if there are some delays/issues in network, however we are talking about polltime of 120 seconds and a hold down time around 12 minutes (5 polls), which makes this highly unrealistic (In that case they will have more issues then just ISE failover).
Looking for a quick answer as customer is in testing window and we have the opportunity to modify, if we can. Thank you
Best Regards,
Rajat Sharma