Guest

Preview Tool

Cisco Bug: CSCuw41269 - PSN01 is down/ PSN02 slow response causing iPEP dropping the session

Last Modified

Jun 09, 2016

Products (1)

  • Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

1.2(1.906)

Description (partial)

Symptom:
-- Http Sessions are not getting redirected.

Conditions:
-- ASA ----- IPN ----- PSN01
                           ----- PSN02

-- Tuning timers on iPEP as 2 secs and 1 retry before is fails over to PSN02.
Which means if ASA sends AAA request it receives a response after 4 seconds. (while PSN01 is down).
But the interim update packet from ASA is arriving on iPEP within 2 seconds.
There is no way to achieve that quick failover on IPEP.

The order is like this:
T+0 Secs ASA sends Accounting Start request
T+2 Secs ASA sends Accounting Interim update request
T+4 Secs iPEP responds to Accounting request
T+6 Secs iPEP responds to Interim update request.

The issue here is iPEP is not processing the Interim update till it finishes processing the initial Accounting request.
Hence though there are sufficient details about the client, the http sessions are not getting redirected (dropped with jetty errors).
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.