Testing a BGP+routing scheme

To complete the connection process, you must conduct a test switchover of the traffic of all resources in the Customer's protected subnet to Kaspersky DDoS Protection Scrubbing Centers.

Prerequisites for conducting a test switchover

• For testing purposes, it is recommended to select a time interval during which the load on the Protected resources is minimal.
• The pre-sales support engineer involved in the connection process must be notified about the Customer's intention to conduct a test switchover at least 3 days in advance of the desired test date.
• The pre-sales support engineer involved in the connection process must also be notified about the Customer's intention to conduct load testing.
• Prior to testing, it is recommended to coordinate the test plan on the Customer side and record it in the document titled "Test Plan and Testing Protocol".

To switch traffic of Protected resources to the protection route:

• Set export/import filters to deny transmission/receipt of announcements from the provider:

  export Deny_Any

  import Deny_Any

• Remove export/import filters denying transmission/receipt of announcements from Kaspersky DDoS Protection:

  export your_network_filter

  import default_route/PBR

To switch traffic of Protected resources to the original route:

• Set export/import filters to deny transmission/receipt of announcements from Kaspersky DDoS Protection:

  export Deny_Any

  import Deny_Any

• Remove export/import filters denying transmission/receipt of announcements from the provider.

In Always on mode, traffic of resources in the protected subnet is not switched over to the original route.