Hi all.
I have to much trafic going to “xxxxxx.akamaitechnologies.com”
akamaitechnologies.com is a bunch of streaming servers, file servers and update servers that microsoft, apple, IBM and more are using.
I want to drop all connection from or to “xxxxx.akamaitechnologies.com” how can i do it?
Regards
Guy.
Why would you want people to not access Akamai? They host a LOT of content. Blocking that seems like a fundamentally very, very bad plan.
Agreed -very bad plan! Akamai tend to host otherwise international content - locally, so cost is low and performance is high 
but when your user pays per megabyte, and suddenly his Windows downloads new service pack - how do you explain him, that those hundreds megabytes are accounted correctly, when he just opened facebook page?..
I don’t see how that would be your problem…
when customer says: “I opened one page in facebook, and you billed me $1, wtf?” - it’s definitely you problem, if you don’t want to loose a customer
Well if that customer is not educated enough to know that his computer does stuff without him telling it to do so,
he should not be using one Windows DOES tell the user it has downloaded updates and would like to install them.
Also, I think he would be a lot more pissed if his computer would keep
nagging him that it’s not able to download windows updates. It’s a bit of a chicken/egg problem…
exactly. at that moment it’s way too late to decline downloading, isn’t it? and user cannot ‘upload’ them back to get money back 
you can only know that from WindowsUpdate.log user cannot get to know that windows cannot download something
Security questions aside, there’s the problem of bandwidth consumption by the growing number of applications that frequently check-in to services outside of the corporate network and download content. As the network administrator I want to decide when or if these applications are communicating to the Internet and what is being transmitted. One of the challenges I face comes from common applications downloading updates individually when I would rather download the update once and deploy to all inside the LAN. An application installed on 100 computers, Adobe or Java for example, may get downloaded 100 times if left up to the application. My preference would be to have that file be downloaded exactly one time and be deployed internally, at LAN speed, on the schedule of my choosing (so as not to disrupt the end user). Unfortunately, there is a growing list of applications that are pre-configured to “phone home” and download updates at “their” whim.
Microsoft’s WSUS affords us the opportunity to download updates just once across the Internet link and deploy internally on the LAN.
Our Antivirus solution is configurable to download just once to a server and deploy out to distribution points across our enterprise.
Unfortunately, not all vendors supply an update solution for their applications and 3rd party tools must be utilized or, if you have the personnel, the sneaker net option. This is unfortunate since it means that the updates are being downloaded far more often than necessary which affects the available bandwidth of the Internet and ultimately costs all of us more money.
However you look at it, the person behind the original post has valid concerns. I recommend that you do your best to block as much unknown, unsuspected, unwanted traffic traversing your Internet connection and seek out internal software update tools to better control the environment for the betterment of your end user’s experience with accessing work-related content on the Internet and your company’s network security.
Years later we can see a concern especially with Windows 10.
Is there a way in Mikrotik to block akamai content?
I have a new motel client in a small rural area that only has 8Mbps download. They have 48 rooms and when akamai speaks no one else can use the network.
Can anyone help with this?
Better to use QoS so those downloads are lower priority than normal traffic. Should be easy enough to classify.
Ok.
So how do I identify the traffic? I am guessing once I figure that out I can do what ever I want with it. Right?
I would rather them just do their updating somewhere else, such as when they get home or at their office or whatever.