This is a pretty simple setup. Akamai will provide the details needed to complete this. Below is a template that you can use and edit the names and make whatever necessary changes you need.
There are two important settings you need to do.
1. MSS of 1436 on all ISP(Carrier)/Uplink Interfaces
2. MSS of 1360 on all Appliances that have Site-to-Site VPN Tunnels
*NO MSS adjustments needed for the GRE Tunnels
For setting # 2 above, for me, it’s typically a Cisco ASA with VPN Tunnels. The command you need is a global command:
sysopt connection tcpmss 1360
One last setting you might also want to do and these are for GRE Tunnels:
1. Set keepalive to “keepalive 30 3”
2. Set hold-queue’s to “hold-queue 1024 in” and “hold-queue 1024 out”
#####Definitions:
IP Prefix 1 to protect: {PREFIX 1} AKAMAI Site1 tunnel destination: {SITE1 TUNNEL DEST} AKAMAI Site1 tunnel IP: {SITE1 TUNNEL IP} AKAMAI Site2 destination: {SITE2 TUNNEL DEST} AKAMAI Site2 IP: {SITE2 TUNNEL IP} ISP1 peer IP: {ISP1 PEER IP} ISP1 ASN: {ISP1 ASN} Customer ASN: {CUST ASN} AKAMAI Site1 peer IP: {AKAMAI SITE1 PEER IP} AKAMAI Site2 peer IP: {AKAMAI SITE2 PEER IP}
#####Example Cisco configurations:
interface Tunnel1 description GRE-to-Akamai-1 ip address 255.255.255.254 keepalive 30 3 tunnel source FastEthernet0/1 tunnel destination hold-queue 1024 in hold-queue 1024 out interface Tunnel2 description GRE-to-Akamai-2 ip address 255.255.255.254 keepalive 30 3 tunnel source FastEthernet0/1 tunnel destination hold-queue 1024 in hold-queue 1024 out interface Tunnel3 description GRE-to-Akamai-3 ip address 255.255.255.254 keepalive 30 3 tunnel source FastEthernet0/1 tunnel destination hold-queue 1024 in hold-queue 1024 out interface FastEthernet0/1 description Internet connection to ISP 1 ip address 202.155.220.42 255.255.255.252 ip tcp adjust-mss 1436 router bgp no synchronization bgp log-neighbor-changes network mask 255.255.255.0 neighbor Carrier1 peer-group neighbor Carrier1 remote-as neighbor Carrier1 description xxxxxx- neighbor Carrier1 password *************************** neighbor Carrier1 version 4 neighbor Carrier1 send-community neighbor Carrier1 prefix-list CUST-subnet out neighbor Akamai peer-group neighbor Akamai remote-as 32787 neighbor Akamai description Akamai-32787 neighbor Akamai password *************************** neighbor Akamai version 4 neighbor Akamai send-community neighbor Akamai prefix-list deny-all in neighbor Akamai prefix-list deny-all out neighbor Akamai route-map Akamai -out out neighbor peer-group Akamai neighbor description GRE1-to- Akamai - SITE1 neighbor peer-group Akamai neighbor description GRE2-to- Akamai - SITE2 neighbor peer-group Akamai neighbor description GRE3-to- Akamai – SITE3 neighbor peer-group Carrier1 neighbor description Carrier1-Primary-uplink no auto-summary ip classless ip route 0.0.0.0 0.0.0.0 ip route 255.255.255.0 Null0 201 ip prefix-list deny-all seq 5 deny 0.0.0.0/0 le 32 ip prefix-list Akamai-out seq 5 permit ip prefix-list Akamai-suppress seq 5 deny ip prefix-list CUST-subnet seq 10 permit route-map Akamai-out permit 10 match ip address prefix-list Akamai-out
#####To Activate Akamai Protection:
router bgp no neighbor Carrier1 prefix-list CUST-subnet out neighbor Carrier1 prefix-list Akamai-suppress out no neighbor Akamai prefix-list deny-all out
clear ip bgp soft out
clear ip bgp peer-group Akamai soft out
#####To Deactivate Akamai Protection:
router bgp no neighbor Carrier1 prefix-list Akamai-suppress out neighbor Carrier1 prefix-list CUST-subnet out neighbor Akamai prefix-list deny-all out
clear ip bgp soft out
clear ip bgp peer-group Akamai soft out