This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
In a hybrid deployment with 3695 as PAN & MnT, a PSN based on the 3655 would support up to 50,000 concurrent sessions, or just 25,000 sessions?
Looking at the ISE PSN Performance table on the ISE Performance & Scale page, for the 3655 appliance, it states 25,000 sessions for a hybrid deployment and 50,000 for fully distributed.
So, based on this, one might think the answer to the above question is 25,000 for the one PSN.
However, I am suspecting the intention with the text in the performance & scale page was to say 25,000 sessions for a hybrid deployment with a 3655 based PAN & MnT appliance, not 3695.
Could someone please confirm, though?
Solved! Go to Solution.
I am aware of the upper cap imposed by the PAN & MnT in a hybrid model.
And I understand that, beyond the 1 x 3655 PSN one would add, the total concurrent session limit for the entire deployment remains 50,000 irrespective of how many more PSN's one would introduce (up to 5).
What I was after, though, was confirmation for the meaning of 25,000 max concurrent sessions for a 3655 in a hybrid deployment, as mentioned in the ISE performance and scale page.
And, if I read your response correctly, you are confirming this 25,000 limit for the 3655 in a hybrid deployment does not apply for the case when the PAN & MnT node is a 3695 (i.e. the limit for the 3655 is 50,000 in that case).
In fact, I did look into that before asking the question here but, unless I missed it, this particular piece of information - i.e. concurrent session limit for 3655 appliance acting as a dedicated PSN when part of a hybrid deployment with 3695 as PAN & MnT - is not mentioned in the presentation.
At the same time, the section on the ISE scale and performance page does seem to present that information explicitly (albeit, incorrectly, as suspected and based on the response from Damien).
with a hybrid deployment, the number of concurrent session supported in same as what is supported in standalone.
we clearly mention it in table.
Can you please a screenshot of what is not clear so that we can fix it ?
As mentioned here already, the issue is the ISE performance and scale page shows only 25,000 max concurrent sessions for a 3655 appliance (as a dedicated PSN), if part of a hybrid deployment (please see below screenshot).
And I think that information is misleading, as the 25,000 sessions limit for this case is not driven by the PSN appliance model (i.e. 3655 appliance, in our case), but by the limit of a hybrid deployment, which is typically 25,000 sessions.
And I say "typically" to mean where the PAN & MnT node in that hybrid deployment is a 3655 appliance.
If the PAN & MnT node were to be a 3695 model, however, the max concurrent sessions for the entire deployment goes up to 50,000 sessions and that could be handled by a single 3655 appliance acting as a dedicated PSN (strictly from a session capacity perspective, and not considering redundancy or authc's per second, etc.).
My suggestion is to edit the text associated with that 25,000 to mention the limit comes from the deployment model (i.e. hybrid) and specific appliance model for the PAN & MnT node (i.e. 3655); also, it should mention that, for a hybrid deployment, if the PAN & MnT node is 3695, the appliance sessions limit for the 3655 (again, acting as PSN in that deployment) becomes 50,000.
I hope this clarifies the matter.