Akamai recently announced an important update regarding the alerting behavior for their Prolexic Routed 3.0 DDoS protection service. Beginning December 1, 2023, Akamai will discontinue automated alerts for Prolexic Routed GRE customers when an individual BGP routing session goes down.
Understanding the Change
Currently, Prolexic Routed 3.0 customers receive immediate automated alerts if any BGP routing session from their edge routers to Akamai’s endpoints goes down. However, given architectural improvements with Prolexic 3.0, Akamai has determined these granular BGP failure alerts are unnecessary.
Prolexic Routed 3.0 leverages patented GRE tunnel technology and extensive path diversity, removing the reliance on any single BGP session. Tunnel probes provide faster internal failure detection. Furthermore, each customer typically has 3+ redundant BGP sessions fanning out across 32+ scrubbing centers worldwide.
In short – a brief BGP routing flap no longer signals a loss of protection capacity.
New Recommended Actions
While automated per-BGP alerts will change, Akamai still provides guidance to ensure optimal reliability:
Do not consider brief single BGP failures as an outage risk
Set BGP timers to 30-second keepalives and 90-second hold-down minimums
Configure redundant regional BGP sessions for resilience
Reach out if a BGP session is down 10+ minutes or multiple sessions simultaneously fail.
Tunnel probes deliver faster path visibility, redundancy provides extensive backup capacity, and Akamai SOC will still escalate urgent routing issues upon request. This shift ultimately reduces unnecessary alerts and administrative overhead while delivering the same leading protection capabilities.
Akamai emphasizes that while tuning the alerting thresholds for the high resilience of Prolexic Routed 3.0, there is no reduction in detection capabilities or traffic mitigation. Customers should verify their BGP configuration adheres to the updated best practice recommendations. Akamai SOC welcomes direct escalation if prolonged or multiple BGP failures are detected at your edges.