Identity and Policy Control
Reply
Super Contributor
lto
Posts: 20
Registered: ‎03-26-2009
0

IC 6000 max users

Hi,

I have questions about the number of users and sessions an IC can handle.

We are currently using layer 3, as 802.1X is handled by another device. We are also using a couple of ISG 1000 as Infranet Enforcers. To authenticate users, OAC is installed on stations and is using the Windows password. Authentication server is the Active Directory, but we are using LDAP requests and not Kerberos.

 

My questions are:

  • How many new user sessions per second a single IC6000  can accept?
  • How many user sessions a single IC6000 can maintain?
  • What about these numbers in a cluster of 2, 3, or 4 ICs?


We are currently using UAC 2.2 R3. Is this the same for 2.2 R4 or the new 3.0 R1?
I am interested by every info regarding the performance of the IC.

 

Thanks a lot,

Thomas

Juniper Employee
JintsFan
Posts: 29
Registered: ‎01-24-2008
0

Re: IC 6000 max users


  • How many new user sessions per second a single IC6000  can accept?
8 to 10 per second for the average. Less if you have a complex Host Checker policy.
 
  • How many user sessions a single IC6000 can maintain?
20,000

  • What about these numbers in a cluster of 2, 3, or 4 ICs?

 

2 = 20,000 (A/A or A/P)

3 = 30,000 (A/A/A only)

4 = not supported

 

 For A/A or A/A/A you need a load balancer. See the Admin Guide for instructions.

 

  • We are currently using UAC 2.2 R3. Is this the same for 2.2 R4 or the new 3.0 R1?

 

No difference for 2.2r3 or 2.2r4.

3.0 numbers have not been published yet.

 

Super Contributor
lto
Posts: 20
Registered: ‎03-26-2009
0

Re: IC 6000 max users

[ Edited ]

Many thanks for your answer, JintsFan :-)

I guess it will be closer to 10 new session per second as the Host Checker policy we're using is really simple.

 

edit: are these numbers published anywhere on the website? I could not find them, which is why I created a topic on the board.

Message Edited by lto on 03-27-2009 02:39 AM
Juniper Employee
JintsFan
Posts: 29
Registered: ‎01-24-2008
0

Re: IC 6000 max users


lto wrote:

edit: are these numbers published anywhere on the website? I could not find them, which is why I created a topic on the board.


No. They are what JTAC will support.

 

That's why we have JNet. To get out relevant and important (to you) information. Welcome!

 

-Go NY Giants

Super Contributor
lto
Posts: 20
Registered: ‎03-26-2009
0

Re: IC 6000 max users

[ Edited ]

He he, ok. Thanks for your help

 

edit: yay! go Giants (even if I don't really know how they're doing this year, I'm from Europe and this isnot my cup of tea ;-) )

edit2: what about those numbers, but whith a 6500 appliance?

Message Edited by lto on 03-31-2009 02:10 AM
Super Contributor
lto
Posts: 20
Registered: ‎03-26-2009
0

Re: IC 6000 max users

In fact, when you look into it, I will be limited by the number of concurrent IPsec tunnels and source IP users on my firewalls before the max authenticated users on the IC.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.