Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

[Cisco ACS] Memory Utilization limit

Hello,

We have 2 CSACS 1121 with Cisco ACS 5.2.0.26.10

The primary server manages 20000+ authentications per day.

Its memory utilization increases everyday.

It is now at 83%

Is there a limit?

What will happen when memory utilization reach this limit?

What can we do to purge memory utilization? (reboot, service restart...)

Thanks for your help

Patrick

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

[Cisco ACS] Memory Utilization limit

Please make the secondary the log collector. This will help balance the load between the two nodes and you will see the memory utilization decrease.

Thanks

Tarik Admani *Please rate helpful posts*
12 REPLIES

Re: [Cisco ACS] Memory Utilization limit

Hi,

There is a limit of 125 percent that will require a purge, however you need an NSF repository when the db exceeds 30 percent.

Reset doesn't get the data off of it, if the data exceeds this amount the box will have to be reimaged and will become unavailable.

Thanks,

Sent from Cisco Technical Support iPad App

Tarik Admani *Please rate helpful posts*
New Member

Re: [Cisco ACS] Memory Utilization limit

Hi Tarik,

Thanks for your answer.

I think you are talking about Disk Usage

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/viewer_sys_ops.html#wp1068157

In ACS status:

Is memory equal to disk in ACS?

I thought that memory utilization means RAM utilization.

Could you confirm please?

Thanks,

Patrick

[Cisco ACS] Memory Utilization limit

Patrixk you are correct. Is the acs in a distributed deployment or is it a standalone unit?

If standalone then this is to be expected. How many authentications per second does your box see on average?

Tarik Admani *Please rate helpful posts*
New Member

[Cisco ACS] Memory Utilization limit

This is a small ACS deployment as described on http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_deploy.html#wp1104113

ACS manages 2 authentications per second on average.

Patrick

[Cisco ACS] Memory Utilization limit

In your initial.email you mentioned 20k auth per day. Also in your acs deployment is the primary acs also the log collector?

Tarik Admani *Please rate helpful posts*
New Member

[Cisco ACS] Memory Utilization limit

Yes there are 20 k auths per day

Most of them are between 9 AM and 17 PM so ACS received 2 auths per second on average.

I confirm that the primary ACS is also the log collector.

[Cisco ACS] Memory Utilization limit

Please make the secondary the log collector. This will help balance the load between the two nodes and you will see the memory utilization decrease.

Thanks

Tarik Admani *Please rate helpful posts*
New Member

[Cisco ACS] Memory Utilization limit

Thanks for your advice.

I will try as soon as possible

Regards,

Patrick

New Member

Re: [Cisco ACS] Memory Utilization limit

Hi Tarik,

I tested your solution in a test environment.

Memory Utilization decreases on primary.

Memory Utilization increses on secondary.

Is there a limit?

What will happen when memory utilization reach this limit?

What can we do to purge memory utilization? (reboot, service restart...)

Thanks,

Patrick

[Cisco ACS] Memory Utilization limit

How high is the memory utilization on the secondary ACS? Also do you have your load for radius authentications split? Meaning that half of your deployment chooses the primary ACS server as it is first radius target the other half has the secondary ACS server as their first radius target?

I have seen that 80 percent memory utilization is to be expected, here is some documentation regarding performance numbers:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/migration/guide/Migration_Deploy.html#wp1054828

You may want to consider adding another ACS server to your deployment to see if this helps lighten the load if the 80 percent memory utilization becomes a concern. If you calculate all these numbers and something still doesnt add up, you can upgrade to the latest code (5.3 patch 5), if that doesnt help then you can try to open a tac case to see if they can look at, but in my honest opinion with 20k auth per day I am thinking this is expected.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

[Cisco ACS] Memory Utilization limit

I changed log collector on a non-production platform. There are very few authentications on this platform.

Secondary ACS memory utilization is 25%...

Primary ACS memory utilization falls from 27% to 17%.

I didnt split the radius authentications for the moment because I thought ACS is far away from its performance limits.

I have planned to split for other services which will need RADIUS.


I think that I will reconsider this because memory is growing more than expected.

Thanks for all your advices.

Patrick

New Member

admin# sh memorytotal memory:

admin# sh memory
total memory:    1031200 kB
free memory:       16288 kB
cached:           298568 kB
swap-cached:           0 kB
 
Do you know the minimum free memory amount for safe operations? 
·         is this  ACS  running any risks being this abpve?
·         Are there any general clean-up commands that  can be executed to free up memory without jeopardizing operations on the ACS?
 
 
1850
Views
5
Helpful
12
Replies
CreatePlease to create content