cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3264
Views
15
Helpful
12
Replies

How SCE calculates concurrent sessions?

Hello,

I have a situation where my customer is using an SCE in its service provider network. However the total concurrent sessions reported is not correlate with other vendor device, example like Juniper firewall. The firewall measured the concurrent sessions is about 8-10 times more than the SCE reported. So is the SCE calculates the concurrent sessions differently?

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions

A session doesn't have just one definition.  In the case of TCP, for example, it is obvious.  In case of UDP, a session can be defined by src/dst ip/port and an aging timer.  For a SIP flow, a session is what ends with a "BYE".

Note that the SCE is bundling some flows into a single flow, but only for some particular protocols, like SIP, FTP, H323, MGCP,Skinny,...  For example, for FTP, SCE will bundle the control and the data session into a single session. 

Tom

View solution in original post

12 REPLIES 12
thochris
Cisco Employee

Hello,

What is the command you use to get the number of sessions in the SCE ?

Thomas.

Hi,

Thank you for your reply.

I'm actually not familiar with SCE command line and I do not have access to customer's SCE. But they provided a graph which captured the concurrent sessions. For example when it reads 500k on the graph, the other device captured about 3millions sessions at the same time. Kindly refer the attachment.

Well I see two possibilities here,

Either the definition of session is different between the SCE and the Juniper FW

Or all the traffic going through the FW is not going through the SCE.

Thomas.

Do you know the definition of session for SCE? Does SCE has it's own proprietary formula of measuring the concurrent sessions?

A session doesn't have just one definition.  In the case of TCP, for example, it is obvious.  In case of UDP, a session can be defined by src/dst ip/port and an aging timer.  For a SIP flow, a session is what ends with a "BYE".

Note that the SCE is bundling some flows into a single flow, but only for some particular protocols, like SIP, FTP, H323, MGCP,Skinny,...  For example, for FTP, SCE will bundle the control and the data session into a single session. 

Tom

Thank you for your explanation. Do you have the reference for more details

of SCE's flow bundling?

I don't have such document, but here is a list which should be complete of protocols for which the SCE is bundling flows:
SIP,H323,MGCP,Skinny,Yahoo VoIP over SIP,ICQ VoIP,FTP,RTSP,MS MMS,Primus,PTT,Winphoria ,TFTP and IRC.


Tom

For example, let say an user is browsing a dynamic webpage via http which has multiple connections. So SCE should be able to capture each concurrent sessions rather than just 1 http session by the user, correct? Since http is not in the list where SCE bundles into a single flow/session.

Yes, you will for example see a session for Google Analytics, if it is used by the web site.

Hi,

How about Cisco IPS42xx? Do both Cisco SCE and Cisco IPS42xx calculate the concurrent sessions the same way?

I am not familiar with the IPS42xx, but I doubt so.  The aging timer for UDP sessions will probably not be the same and I would be surprised if the IPS is bundling sessions the same way as the SCE.

Tom

AasimAbdulhay
Beginner

Active subscribers = introduced + Anonymous

Concurrent Session means the current opened session. (using the internet)

i.e if the active is 8k that does not mean all of them have a current session to the internet. They are just connected but not browsing

The firewall deal with this in different way.

Regards

Aasim