Symptom
Symptoms include, but are no limited to the following:
-Authentication step latency on multiple policy evaluation steps.
-High average request latency during times of peak load.
-Authentication request latency does not recover until after the system is reloaded.
-Profiler Queue Full Alarms
Conditions
-Running ISE 2.7 patch 2 or later.
-MAB authentication with unknown endpoints.
-High amounts of Accounting data.
-High amounts of profiling.
Workaround
The only workaround without patching or upgrading the system is to reduce the traffic volume being sent to individual nodes or spread the traffic across additional ISE nodes. A reboot of the system may temporarily alleviate the issue but it may come back within minutes after reloading.
Further Problem Description
A hotpatch is available for this issue through TAC.
Tuning changes have been made to Java to reduce the frequency of Java garbage collection. Garbage collection was found to be consuming the CPU for a higher percentage of the time than intended. This in turn was leading to less time for the core functions of ISE to be running on the CPU leading to performance degradation.
