Configuring Always-On KDP-IP and On-Demand KDP-IP schemes
Change the DNS A record to the IP address issued by Kaspersky DDoS Protection. It requires you to block the original IP address of the Protected resource (to prevent an attack on the original IP address that would bypass the Kaspersky DDoS Protection System) and reduce the TTL for the DNS A record.
Routing is a method suitable for any resources that have non-HTTP(S) services, and involves setting up GRE tunnels or physical junctions between Scrubbing Centers and the site of the Protected resource, and configuring BGP peering. If the Customer has their own AS and PI addresses, the Customer's PI network is routed through Scrubbing Centers. If the Customer does not have their own AS and PI addresses, a private AS number and IP addresses from the Kaspersky DDoS Protection pool are issued to the Customer for switchover by changing the DNS A record. Traffic is delivered without any modifications.
On-Demand KDP-IP scheme
The Customer receives a KDP IP address. When an attack is detected and a notification from KDP Technical Support is received, the Customer independently redirects traffic to the Scrubbing Centers by changing the DNS A record of the Protected Resource.
Always-On KDP-IP scheme
The Customer receives a KDP IP address. Received IP address is assigned to the Customer's hardware, and the Customer announces the address to the KDP-configured GRE tunnel. No additional actions are required from the Customer during the attack.
