Edge Network & Security
Regional Edge Network
PolyScale's Point of Presence (PoP) network overlays multiple locations and cloud providers, a summary of which can be seen below.
Our public endpoints are configured to route application traffic to the nearest PolyScale Point Of Presence (POP), much like a content delivery network.
This is accomplished by pointing your application's database configuration to the hostname psedge.global using the appropriate port. Then, configure your database security group to allow traffic from each of the endpoints in the allow list.
Our network is continuously growing based on customer demand. If a specific network provider and/or region is not listed, please contact us and we can deploy a new PoP in a few hours.
In the coming months, we will be replacing the AWS addresses listed below with addresses in the 167.234.37.0/24 block. We strongly suggest you allow-list this range now, so that you will not have any connection issues when the change is made.
| PoP Location | Source IP Range | Provider Region |
|---|---|---|
| Australia, Sydney | 54.253.146.174/32 | AWS ap-southeast-2 |
| Brazil, São Paulo | 52.67.177.58/32 | AWS sa-east-1 |
| Germany, Frankfurt | 3.123.131.88/32 | AWS eu-central-1 |
| India, Mumbai | 43.204.39.204/32 | AWS ap-south-1 |
| Japan, Tokyo | 18.176.204.179/32 | AWS ap-northeast-1 |
| Netherlands, Amsterdam | 188.166.116.116/32 | DigitalOcean AMS3 |
| UK, London | 18.170.103.46/32 | AWS eu-west-2 |
| UK, London | 104.248.160.87/32 | DigitalOcean LON1 |
| USA, Charleston, SC | 34.139.239.162/32 | GCP us-east1 |
| USA, Clifton, NJ | 157.245.221.214/32 | DigitalOcean NYC3 |
| USA, Los Angeles | 34.94.9.231/32 | GCP us-west2 |
| USA, N.Bergen, NJ | 159.223.168.177/32 | DigitalOcean NYC1 |
| USA, Portland | 35.166.204.77/32 | AWS us-west-2 |
| USA, Richmond | 54.86.47.86/32 | AWS us-east-1 |
| Singapore, Jurong West | 35.198.229.225/32 | GCP asia-southeast1 |
| All future AWS (see above note) | 167.234.37.0/24 | All AWS |
See IP Allow List for further details on PolyScale's PoP source IP addresses.
IP Allow List
You can add PolyScale's Point of Presence source IP addresses to your network firewall rules to restrict access to only these sources for the TCP port of the specific database. For example, MySQL uses 3306.
A current list of source IP addresses are listed below. Please note that this list continues to grow as our edge network expands.
"167.234.37.0/24"
"3.123.131.88/32"
"54.86.47.86/32"
"18.176.204.179/32"
"18.170.103.46/32"
"104.248.160.87/32"
"35.166.204.77/32"
"54.253.146.174/32"
"52.67.177.58/32"
"43.204.39.204/32"
"157.245.221.214/32"
"159.223.168.177/32"
"188.166.116.116/32"
"34.94.9.231/32"
"35.198.229.225/32"
"34.139.239.162/32"
This list can also be retrieved by querying the TXT record:
$ dig -t txt allowlist.psedge.global +short
High Availability & Global DNS Failover
PolyScale's global edge network employs a DNS failover policy for all database connection endpoints (i.e. psedge.global). In the unlikely event of a Point of Presence (PoP) outage, PolyScale will automatically flag the region as failed, remove the record from DNS, and route traffic via the next closest PoP.
PolyScale DNS includes multiple regions, so requests will always be served by the region that provides the lowest latency.
If a PoP becomes unavailable due to an outage, new connections are automatically routed to the next closest location. For this reason, it is highly recommended that all PoP source ip addresses be added to your firewall.
Using TLS/SSL with PolyScale
PolyScale supports encrypted connections between clients and the origin database server using the TLS (Transport Layer Security) protocol. TLS/SSL is enabled for connections to PolyScale by default; however, to ensure that a secure connection is used, the client must be configured to both require a secure connection and to verify the supplied server certificate.
Clients can connect to PolyScale using TLS even if the underlying database itself does not support secure connections. In this case only the connection between the client and PolyScale will use TLS.
AWS
VPC Endpoint Services
PolyScale publishes a VPC endpoint service, which enables connectivity to the PolyScale service directly from within a VPC as an endpoint consumer. This configuration utilizes AWS PrivateLink, which ensures that all traffic between PolyScale's endpoint and your database never leaves the Amazon network and effectively provides a direct 10Gps connection per Availability Zone, capable of bursting up to 40Gbps.
VPC Peering
In addition to VPC Endpoint Services, it is also possible to peer your VPC directly with the PolyScale VPC in a specific region. This is similar to consuming an Endpoint Service, except it is also necessary to configure route tables for subnets where your application resides and risks the potential for a CIDR conflict with PolyScale's private subnet ranges (in which case, VPC Peering would not be the correct method for interfacing with PolyScale services).