How many concurrent connections that an ACS server version 4.2 latest patch can handle?
I have about 50 routers and layer-3 switches that autheticate via tacacs+. The AAA server used to be on a Linux machine running open-source tacacs+ built by me. I have a perl script that will log into all 50 devices at the same time to collect statistics. This script is multi-threaded. Everything is working fine so far.
I recently out-sourced the AAA function to a 3rd party company, not by my choice. The 3rd party uses Cisco ACS version 4.2 with the latest patch running on Windows 2003 Enterprise Server with 16GB RAM and quad processors with quad-cores, IBM x3650-M2 hardware. The connectivity between the 3rd party and my company is through a DS-3 connection. Maximum bandwidth over this DS-3 connection is less than 10Mbps at most.
I noticed that for the past 3 months I have multiple failures with this perl script due to authentication failure with the ACS server. If I just run the script again a few routers/switches, there are no issues; however, whenever I started the script to log into 50 devices all at the same time, it will fail. If I made the configuration on all routers/switches to point back to the old open-source tacacs+ server, the issue goes away. The minute I switched back to the
new ACS server, the issue came back. If I modified the script to hit one device at a time, it works fine. I think it is the ACS server can not handle a lot
of AAA requests at the same time.
Does anyone know how many concurrent connections that an ACS 4.2, with latest patches on Windows 2003 Enterprise Server with lot of memory and CPU power, can handle? I can't seem to find this anywhere on Cisco website.
Thanks in advance.
No, Im not saying ACS cannot cope.
Concurrency and latency are very different things. ACS CSTacacs can handle many 100s of simple authentications/authorisations per second with users in the internal database. If 1000s of devices all send traffic in the same instant it would take some seconds to work through the backlog of traffic.
Also, worth considering that a limited number of tasks within ACS (or threads) can actually handle a much greater number of "logins" because they are generally multi-message allowing ACS to keep lots of plates spinning.
If users are in an external databases the latency (per authentication) can increase depending on where the users are (eg Windows AD) and if bad enough can have a serious effect on the overall authentication rate. At which point customers normally turn to load balancing.
If your device timeouts are 20 seconds (totally reasonable) I suggest the issue is more likely to be something else... a bug, perhaps specific to v4.2?
Similar Messages
-
How many concurrent connections can ACS handle at once?
Hi Experts,
Could you please let me know how many concurrent connections ACS can handle at once?
Is there any limitation on it?
Our ACS version is 4.0 (1) build 27.
Thanks in advance for your help and have a nice day!
Regards,
GaborIt depends on many other factors but as far as I know ACS can handle upto 40 Auth request per second*
*Condition Apply
Regards,
~JG
Do rate helpful posts -
How many concurrent connections does WSA S670 appliance support.
Hi All,
Good Day!
We have an issue with our Ironport WSA S670 appliance. We have around 35K users and have access to sites like facebook.com, youtube.com etc.
The issues is that at times certain sites are not accessible via proxy. For example we cannot access youtube.com, google.com etc while we can access msn.com, espn.com etc. Moreover when we try to bypass the proxy and access the sites directly all the sites works just fine.
This issue has been repeating many times and we checked the internet link, proxy etc for any issue. In the meantime the issue gets resolved mysteriously.
The total number of connections at these times are more than 20K. The CPU utilization never goes beyond 15% but the memory is always between 70 to 90% utilized.
What is the maximum number of connections WSA S670 appliance support? Is there any configurable limit for the connections that can be established? Will it cause any issue if a lot of users are watching videos on youtube.
Also the proxy is working in one-armed design. Will that cause any issue?
Please suggest.
Cheers,
FaizHi Faiz,
There are not any known issues in terms of URLs failing. I would perform a packet capture on the WSA. See my instructions below:
In order to obtain a simultaneous packet capture from the WSA & PC you will need to log into the GUI ->Support and Help -> Packet Capture -> Edit Settings -> Select the radial button No Filter.Please send me a packet capture from the WSA unfiltered. You will need to install wireshark on the PC or laptop you are testing from. It is a good idea to start the wireshark program from the PC first. I would recommend using www.iana.org as a test as it uses only on IP address.
When you have the captures completed I would first look at the WSA packet capture and use the following filter in wireshark http contains "www.iana.org". The various streams of communication will populate in the wireshark display. What you want to focus on is the streams that show the IP of the WSA and the IP of www.iana.org 192.0.32.8. We should see the following when you right mouse click the packet which shows the IP of the WSA going to the destination IP of www.iana.org:
WSA IP -------SYN-----> www.iana.org IP
WSA IP <--SYN/ACK-- www.iana.org IP
WSA IP -------ACK-----> www.iana.org IP
If you see this instead:
WSA IP -------SYN-----> www.iana.org IP
WSA IP -------SYN-----> www.iana.org IP
WSA IP -------SYN-----> www.iana.org IP
WSA IP -------SYN-----> www.iana.org IP
Then you have a problem in your network.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator -
How to find out how many concurrent users using web application?
Hi all,
I have a web application deployed using 9iAS. I am trying to find out how to find out how many concurrent users are using this application at any one time. According to Oracle there is no way to see this information using the enterprise manager interface.
Does anybody out there know how I can find out this information in real time? Failing that, are there any good analysis tools out there that display usage to the minute (all the tools I have found show usage by hour which is not sufficent for my needs).
Any help would be much appreciated,
CarolineI know I haven't heard of any software to do this, but this also sounds like a really hard problem to try and really analyze well.
The trick is, you might "infer" how long a user is using an application based on when cookies are set and when they're set to expire. If that's a long time, though, that could count far more "concurrent" users than are actually there. A user could simply close the application at any time and stop using the application; you can't really detect that because the server isn't "told" when the user closes their browser or goes somewhere else.
A good perl script might be able to read the Apache access log and tell you how many unique IPs asked for a given directory in which various applications are stored in any 5 minute span of time... that could be something like an indicator of "concurrent" users.
If you don't know Perl, I'd suggest getting the O'Reilly & Associates book on Perl and learning it, because the more I think about this, the more this sounds like a textbook example for applying a Perl script. -
Recommended spec can take how many concurrent users
With the following recommended spec from Adobe website, how many concurrent users ?
Flash Media Streaming Server system requirements
OS : Windows Server 2003 SP2 or Windows 2008
H/W Requirements
- 3.2GHz Intel Pentium 4 Processor (dual Intel Xeon or faster recommended)
- 2GB RAM ( 4GB recommended)
- 1Gb Ethernet cardHi,
The number of concurrent users really depends on your setup.
You might want to read the blogpost from the FMS PM on this at: http://blogs.adobe.com/ktowes/2008/08/breaking_1gbps_on_flash_media.html
"I’ve received a lot of requests lately about how much media can be delivered through Flash Media Server (FMS). As you may or may not know, FMS is held to the same limitations as most other streaming or HTTP servers, that is the available bandwidth, disk speed, memory and CPU power on a single server. When we introduced Flash Media Server 3 we increased the performance significantly to allow you to take full advantage of hardware and ultimately help to reduce the total cost of ownership. ........... read on"
Greetz,
Klaasjan -
How many concurrency request can handel in wcf
hi
i have a question :
wcf support how many concurrency request a time ?
for example i have a wcf service and a lot of (10000) client that call the wcf together
thanksI think all your clients will be able to use your WCF Service regardless of Concurrency.
I believe that concurrency is related to the threading of the individual request. Not completely sure about that part though. But, all your clients should be able to access the service regardless of the concurrency. That would be more based on the stress on
your server.
Developing is part of being a developer. -
ASA 5510 - how many concurrent VOIP calls can pass through?
Hi all,
I wonder how many concurrent VOIP calls can handle Cisco ASA 5510, any idea?
Geghamhi Gegham,
Basically what the values of 50,000 and 130000 connections indicate are lab values tested with 80% TCP and 20% udp traffic. (according to table a-2 in the doc below)
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/specs.html#wp1170941
RTP is udp traffic but in case of an asa and considering a customer scenario what happens is...
1 voip call = 1 control connection (h323,sip,sccp) + 2 or 4 rtp connections
-so a call will in total easily consume 5 or more connections depending on control connections you have set up .
-also this number differs depending on if the call is voice only or video.
So to simply answer your questions...
1>the number of connections that a call consumes depends on the above factors.
2>Also there is no hard number on the number of calls an asa can handle because this depends on the controls you use ...including nat and inspections.
Thanks,
Karthik -
How many concurrent users on a FMS?
We want to stream live Town Hall meetings with the majority
of the users viewing it from our inTRAnet. 320x240, 30fps, Dual 2.8
GHz, 4 GB widows server. Anybody with similiar setup using FIMS to
service 200 or 500 concurrent users? We have two campuses and I
need to know if I will need to spec a second server if we get above
a certain number. How many concurrent users can I supprot with the
above configuration? ThanksFMS should be able to handle your 500 clients with no problem
using the configuration you mentioned (some of my apps routinely
see many times more than that on a similar server). I use a
slightly beefier processor in my boxes though... quad core
Kentsfield Xeon / 4GB ram.
That said, also make sure you have enough throughput at your
NIC to handle the traffic. At 500 concurrent clients, a low
bandwidth stream of 300kbps puts you at about 150Mbps, so you'll
want to run the numbers before you commit to a single serves in
case you can't get enough network juice to a single box. -
How many concurrent users are allowed for an Azure Virtual Machine?
How many concurrent users are allowed for an Azure Virtual Machine?
Please share the details with the Azure VM size. Currently I have Standard VM of size D13(4 cores, 28GB RAM)Hi SanPSK,
Thanks for posting here.
I suggest you to check this article for Azure VM size
https://msdn.microsoft.com/en-us/library/azure/dn197896.aspx
For the concurrent users on VM - A maximum of 2 concurrent connections are supported, unless the server is configured as a Remote Desktop Services session host.
Girish Prajwal -
How do I connect to a terminal server with my mac book pro
How do I connect to a terminal server with my mac book pro
Use the Remote Desktop icon on the tray and make sure to use the Fully Qualified Domain Name (FQDN) on the 'name of server' field. If that does not work then use the IP address to connect.
-
How many concurrent VPN client sessions available for cisco 2621XM?
I have cisco router 2621XM with IOS c2600-advipservicesk9-mz.124-11.T4.
I want to know, how many concurrent VPN client sessions can be available in this image.here is the configuration on PIX,
group-policy DfltGrpPolicy attributes
wins-server value 10.0.0.67 10.0.0.68
dns-server value 10.0.0.67 10.0.0.68
vpn-simultaneous-logins 20
vpn-idle-timeout 5
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-acl
default-domain value mydomain.com
address-pools value vpnpool group-policy DfltGrpPolicy attributes
wins-server value 10.0.0.67 10.0.0.68
dns-server value 10.0.0.67 10.0.0.68
vpn-simultaneous-logins 20
vpn-idle-timeout 5
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-acl
default-domain value want-want.com
address-pools value vpnpool -
How many Voice connections can cisco 2821 support?
Good day.
I have a cisco 2821 with EVM slot, NME-X slot and two HWIC slots. I have 4 port FXOs on the two HWIC slots. The EM-HDA-8FXS module on the EVM slot can handle 8 FXS connections. Please i would like to know if there is an EVM module that can do FXO connections and also how many voice connections can this router handle in total. Can the EM-HDA-8FXS module handle both FXS and FXO connections?
Hope someone can help me out. My deadline has already passed.
Regards,
Obinna.Hi, already replied to this in the appropriate forum.
Please do not open duplicate threads. -
How many max connections opened do you have?
Hello!
I've read so many answers to these questions that, i don't really know what is the correct one. So, i would like to know what do you have. Here they are:
1- How many max connections per torrent do you have set up?
2- How many max opened connections do you have in mldonkey (or similar)?
Thanks!
Last edited by dienadel (2007-03-08 08:25:36)AFAIK it's arround (total connections):
- <5 for RTC
- <100 for slow ADSL
- <500 for medium ADSL
- ~1000 for high-speed ADSL (and max on Windows lol) ; went up to over 1500, without positive change.
I use rtorrent & have a limit of <100 connections per torrent (4 leechers max per torrent so they get something) -
How many concurrent requests can WAS support?
Hi all,
I want to know what is the maximum number of concurrent users/requests that can WAS6.4(latest pack) support? We are looking at around 40,000 concurrent users.. Is this feasible? If yes what is the max possible?
Regards,
Harsh
PS: Would appreciate a prompt response:)Hi Harsh,
I was just reading those notes that Alexander found as well and I would have to agree with him the that webdispatcher could handle the 10,000. However you have to remember that if you are running a BSP or other application located on a WAS server you have the constraints there as well.
Now I've just done some load testing with some stress tools.
500 concurrent connections on a Linux server dual processor 4 GB RAM and I started to see some major performance problems. Any higher and the system or at least the apps would have started to hang I think.
So with 40,000 connections even with loadbalancing and application instances you are going to need some major hadware to handle the connections.
Now back to your other questions.
The WAS and the R/3 are built on the BC level, which means the basic connections are made at that level and effected by these parameters. With a 640 Java Stack only then you have the J2EE engine only in which case the BC level is basically not there at least not like the ABAP level.
Now if you have a single JSP page deployed on your J2EE and not making any RFC calls to your backend then you only have to worry about the dispatcher connections. However, from my understanding if you make those RFC calls then you have the connections of the backend to worry about as well.
Now if you can gives a bit more detail of what the connections (all these 40,000 are doing) then perhaps we can come up with some alternatives that will help out.
As for being intimidated, don't be, I'm learning this from searching as we go along as well -
Connection Pooling: how many active connections?
Hi, everybody.
I have a very simple question about connection pooling...
How many active connections should a database see once a connection pool has been opened?
I mean, it should see only one connection (the pool itself) at any time, or the number of "logical" active connections in that moment?
Thanks for any answer.Sorry...
This is the wrong forum, I posted again my question in the JDBC Forum...
Maybe you are looking for
-
Scroll down/up functionality in a jMenu?
What i mean is a jMenu similar to that of internet explorer's Favorites menu. When you have a ton of favorites you get a little arrow pointing down or up depending on where you are in the menu. Is it possible to implement something similar in java wi
-
I am unable to sign into my account through Adobe Elements 12. I can sign in on Adobe's website, and through Revel online, and through my smartphone, however when I try to sign in through Adobe Elements 12 directly, the hourglass never stops turning,
-
I am using a Mac mini 2009 with 2 GB Ram Mac OS 10.5.8 It looks like there are two options to upgrade my Mac. 1. upgrade the Ram from 2 GB to 4 GB 2. replace the internal hard drive with SSD I just want to improve the overall performance. Which one w
-
Can a 9i form call MS Word/Excel on a client PC without the need of using a third party JAVA-COM bridge jacob.jar and jacob.dll on jinitiator? The current recommendation is to use include jacob.dll in jinitiator/bin. As we have several clients workin
-
VBAP-ANZSN not getting updated when writing serial number to order
Hey ABAP, i got some Problem with serial numbers. We have a rental process, where user gives in serial number at time of delivery. Since we need to create orders based on original order, we need to take the serialnumber from the delivery and write it