How does the WSS Agent (WSSA) choose which data center to connect to?

To determine the data center to connect to, WSS Agent sends a request to the Cloud Traffic Controller (CTC) at ctc.threatpulse.com with the egress IP of the client.

The egress IP is then checked against a database for geolocation to determine the 3 closest data centers.

Then, to determine the connection method (TCP or UDP), it send a 1500 byte ICMP packet to the data center. If the response to the ping is received by the WSSA, and it is unregimented, it attempts to establish a connection via UDP. For this reason, it is strongly recommended to allow UDP and ICMP traffic for the clients as well as a PMTU size of 1500 bytes or more.

If the WSSA cannot connect to the first data center option presented by the CTC check for whatever reason, it fails over to the second or third data center options. However, when it fails over to the second or third data center from the CTC check, it will not check for UDP connection capabilities as with the first CTC option and will only attempt to connect via TCP.