This is a pretty simple setup. Akamai will provide the details needed to complete this. Below is a template that you can use and edit the names and make whatever necessary changes you need.
There are two important settings you need to do.
1. MSS of 1436 on all ISP(Carrier)/Uplink Interfaces
2. MSS of 1360 on all Appliances that have Site-to-Site VPN Tunnels
*NO MSS adjustments needed for the GRE Tunnels
For setting # 2 above, for me, it’s typically a Cisco ASA with VPN Tunnels. The command you need is a global command:
sysopt connection tcpmss 1360
One last setting you might also want to do and these are for GRE Tunnels:
1. Set keepalive to “keepalive 30 3”
2. Set hold-queue’s to “hold-queue 1024 in” and “hold-queue 1024 out”
#####Definitions:
IP Prefix 1 to protect: {PREFIX 1}
AKAMAI Site1 tunnel destination: {SITE1 TUNNEL DEST}
AKAMAI Site1 tunnel IP: {SITE1 TUNNEL IP}
AKAMAI Site2 destination: {SITE2 TUNNEL DEST}
AKAMAI Site2 IP: {SITE2 TUNNEL IP}
ISP1 peer IP: {ISP1 PEER IP}
ISP1 ASN: {ISP1 ASN}
Customer ASN: {CUST ASN}
AKAMAI Site1 peer IP: {AKAMAI SITE1 PEER IP}
AKAMAI Site2 peer IP: {AKAMAI SITE2 PEER IP}
#####Example Cisco configurations:
interface Tunnel1
description GRE-to-Akamai-1
ip address 255.255.255.254
keepalive 30 3
tunnel source FastEthernet0/1
tunnel destination
hold-queue 1024 in
hold-queue 1024 out
interface Tunnel2
description GRE-to-Akamai-2
ip address 255.255.255.254
keepalive 30 3
tunnel source FastEthernet0/1
tunnel destination
hold-queue 1024 in
hold-queue 1024 out
interface Tunnel3
description GRE-to-Akamai-3
ip address 255.255.255.254
keepalive 30 3
tunnel source FastEthernet0/1
tunnel destination
hold-queue 1024 in
hold-queue 1024 out
interface FastEthernet0/1
description Internet connection to ISP 1
ip address 202.155.220.42 255.255.255.252
ip tcp adjust-mss 1436
router bgp
no synchronization
bgp log-neighbor-changes
network mask 255.255.255.0
neighbor Carrier1 peer-group
neighbor Carrier1 remote-as
neighbor Carrier1 description xxxxxx-
neighbor Carrier1 password ***************************
neighbor Carrier1 version 4
neighbor Carrier1 send-community
neighbor Carrier1 prefix-list CUST-subnet out
neighbor Akamai peer-group
neighbor Akamai remote-as 32787
neighbor Akamai description Akamai-32787
neighbor Akamai password ***************************
neighbor Akamai version 4
neighbor Akamai send-community
neighbor Akamai prefix-list deny-all in
neighbor Akamai prefix-list deny-all out
neighbor Akamai route-map Akamai -out out
neighbor peer-group Akamai
neighbor description GRE1-to- Akamai - SITE1
neighbor peer-group Akamai
neighbor description GRE2-to- Akamai - SITE2
neighbor peer-group Akamai
neighbor description GRE3-to- Akamai – SITE3
neighbor peer-group Carrier1
neighbor description Carrier1-Primary-uplink
no auto-summary
ip classless
ip route 0.0.0.0 0.0.0.0
ip route 255.255.255.0 Null0 201
ip prefix-list deny-all seq 5 deny 0.0.0.0/0 le 32
ip prefix-list Akamai-out seq 5 permit
ip prefix-list Akamai-suppress seq 5 deny
ip prefix-list CUST-subnet seq 10 permit
route-map Akamai-out permit 10
match ip address prefix-list Akamai-out
#####To Activate Akamai Protection:
router bgp no neighbor Carrier1 prefix-list CUST-subnet out neighbor Carrier1 prefix-list Akamai-suppress out no neighbor Akamai prefix-list deny-all out
clear ip bgp soft out
clear ip bgp peer-group Akamai soft out
#####To Deactivate Akamai Protection:
router bgp no neighbor Carrier1 prefix-list Akamai-suppress out neighbor Carrier1 prefix-list CUST-subnet out neighbor Akamai prefix-list deny-all out
clear ip bgp soft out
clear ip bgp peer-group Akamai soft out