Skip to main content

Edge Network & Security

Regional Edge Network

PolyScale's Point of Presence (PoP) network overlays multiple locations and cloud providers, a summary of which can be seen below.

Our public endpoints are configured to route application traffic to the nearest PolyScale Point Of Presence (POP), much like a content delivery network.

This is accomplished by pointing your application's database configuration to the hostname psedge.global using the appropriate port. Then, configure your database security group to allow traffic from each of the endpoints in the allow list.

note

Our network is continuously growing based on customer demand. If a specific network provider and/or region is not listed, please contact us and we can deploy a new PoP in a few hours.

caution

In the coming months, we will be replacing the AWS addresses listed below with addresses in the 167.234.37.0/24 block. We strongly suggest you allow-list this range now, so that you will not have any connection issues when the change is made.

PoP LocationSource IP RangeProvider Region
All future AWS (see above note)167.234.37.0/24All AWS
Australia, Sydney54.253.146.174/32AWS ap-southeast-2
Brazil, São Paulo52.67.177.58/32AWS sa-east-1
Germany, Frankfurt3.123.131.88/32AWS eu-central-1
India, Mumbai43.204.39.204/32AWS ap-south-1
Ireland, Dublin46.137.177.235/32AWS eu-west-1
Japan, Tokyo18.176.204.179/32AWS ap-northeast-1
Netherlands, Amsterdam164.92.148.159/32DigitalOcean AMS3
UK, London18.170.103.46/32AWS eu-west-2
UK, London104.248.160.87/32DigitalOcean LON1
USA, Charleston, SC34.139.239.162/32GCP us-east1
USA, Clifton, NJ159.65.242.148/32DigitalOcean NYC3
USA, Los Angeles34.94.9.231/32GCP us-west2
USA, N.Bergen, NJ192.34.63.209/32DigitalOcean NYC1
USA, Portland35.166.204.77/32AWS us-west-2
USA, Richmond54.86.47.86/32AWS us-east-1
Singapore, Jurong West35.198.229.225/32GCP asia-southeast1

See IP Allow List for further details on PolyScale's PoP source IP addresses.

IP Allow List

You can add PolyScale's Point of Presence source IP addresses to your network firewall rules to restrict access to only these sources for the TCP port of the specific database. For example, MySQL uses 3306.

A current list of source IP addresses are listed below. Please note that this list continues to grow as our edge network expands.

"54.86.47.86/32"
"35.166.204.77/32"
"52.67.177.58/32"
"18.170.103.46/32"
"3.123.131.88/32"
"54.253.146.174/32"
"43.204.39.204/32"
"18.176.204.179/32"
"164.92.148.159/32"
"192.34.63.209/32"
"159.65.242.148/32"
"34.94.9.231/32"
"35.198.229.225/32"
"34.139.239.162/32"
"104.248.160.87/32"
"46.137.177.235/32"
"167.234.37.0/24"
tip

This list can also be retrieved by querying the TXT record:

$ dig -t txt allowlist.psedge.global +short

High Availability & Global DNS Failover

PolyScale's global edge network employs a DNS failover policy for all database connection endpoints (i.e. psedge.global). In the unlikely event of a Point of Presence (PoP) outage, PolyScale will automatically flag the region as failed, remove the record from DNS, and route traffic via the next closest PoP.

PolyScale DNS includes multiple regions, so requests will always be served by the region that provides the lowest latency.

caution

If a PoP becomes unavailable due to an outage, new connections are automatically routed to the next closest location. For this reason, it is highly recommended that all PoP source ip addresses be added to your firewall.

Using TLS/SSL with PolyScale

PolyScale supports encrypted connections between clients and the origin database server using the TLS (Transport Layer Security) protocol. TLS/SSL is enabled for connections to PolyScale by default; however, to ensure that a secure connection is used, the client must be configured to both require a secure connection and to verify the supplied server certificate.

Clients can connect to PolyScale using TLS even if the underlying database itself does not support secure connections. In this case only the connection between the client and PolyScale will use TLS.

AWS

VPC Endpoint Services

PolyScale publishes a VPC endpoint service, which enables connectivity to the PolyScale service directly from within a VPC as an endpoint consumer. This configuration utilizes AWS PrivateLink, which ensures that all traffic between PolyScale's endpoint and your database never leaves the Amazon network and effectively provides a direct 10Gps connection per Availability Zone, capable of bursting up to 40Gbps.

VPC Peering

In addition to VPC Endpoint Services, it is also possible to peer your VPC directly with the PolyScale VPC in a specific region. This is similar to consuming an Endpoint Service, except it is also necessary to configure route tables for subnets where your application resides and risks the potential for a CIDR conflict with PolyScale's private subnet ranges (in which case, VPC Peering would not be the correct method for interfacing with PolyScale services).