Skip to main content
Truefoundry’s globally distributed gateway is deployed across multiple regions and cloud providers to ensure high availability, low latency, and resilience against regional or cloud provider disruptions. The global gateway URL is https://gateway.truefoundry.ai.
gateway.truefoundry.ai is the unified endpoint for both the AI Model Gateway and the MCP Gateway.Whether you are routing LLM inference requests (OpenAI-compatible API, etc.) or connecting to MCP (Model Context Protocol) servers, all traffic goes through the same globally distributed infrastructure. This means MCP Gateway deployments benefit from the same multi-region, multi-cloud availability described on this page.
Architecture diagram showing the Control Plane in Ireland (Europe) managing configuration, with Gateway Planes handling LLM and MCP traffic across 14 global regions connected via NATS

Features

  1. Globally Distributed: Deployed across more than 12 regions around the globe and across 3 multiple cloud providers for maximum availability while minimizing latency.
  2. Automated Failover: All traffic is routed to the nearest gateway for minimum latency. In case of regional downtime, traffic is automatically routed to closest healthy regions ensuring uninterrupted service.
  3. Multi-Cloud Deployment: Distributed across multiple cloud providers to be tolerant to cloud provider-specific disruptions.
  4. Data Encryption: Data is encrypted at rest and in transit.
  5. Compliance: Truefoundry Infrastructure is SOC2, ISO27001, GDPR, and HIPAA compliant

Architecture

The SAAS global deployment follows the same Gateway Plane Architecture used across all Truefoundry deployments. It consists of two key components:
  • Control Plane — Manages all gateway configuration including models, users, teams, virtual accounts, rate-limiting, and routing configs. The SAAS control plane is hosted in Ireland (Europe).
  • Gateway Planes — Stateless, horizontally scalable gateway instances that handle all production traffic (LLM requests, MCP requests, etc.). These are deployed across the regions listed in the Regional Deployments section below.
The gateway planes subscribe to the control plane for configuration updates via NATS and perform all authentication, authorization, rate-limiting, and load-balancing checks in-memory with no external calls in the request path. For a detailed breakdown of the request flow, performance benchmarks, and FAQs, see the Gateway Plane Architecture page.
The specific regions and locations where gateway planes are deployed are subject to change based on Truefoundry’s internal infrastructure needs. Regions may be added, removed, or relocated without prior notice.

Global Deployment

For most use cases, we recommend using the global endpoint which automatically routes to the nearest healthy gateway:
DeploymentGlobal Endpoint
Global (Auto-routed)https://gateway.truefoundry.ai
Using the global URL (https://gateway.truefoundry.ai) is recommended as it automatically routes your requests to the nearest healthy gateway instance based on your geographic location to give you the minimum possible latency.

Regional Deployments

Each of the different gateway regions also have their own URLs as mentioned below. While you can use them for testing, we do not recommend pointing to them in production since they can be changed at any point by us if we are shifting regions or adding new regions.
Please do not use the regional endpoints in production since they are subject to change at any point without notice.We recommend using the global endpoint (https://gateway.truefoundry.ai) for production use. or the region specific endpoint described in the Multi-regional Deployments section.
Physical LocationCloud ProviderRegional Endpoint
North Virginia, United States - (ORF)AWShttps://orf.gateway.truefoundry.ai
Toronto, Canada - (YYZ)GCPhttps://yyz.gateway.truefoundry.ai
San Francisco, United States - (SFO)Azurehttps://sfo.gateway.truefoundry.ai
Dallas, Texas, United States - (DFW)GCPhttps://dfw.gateway.truefoundry.ai
London, United Kingdom - (LHR)AWShttps://lhr.gateway.truefoundry.ai
Madrid, Spain - (MAD)GCPhttps://mad.gateway.truefoundry.ai
Gavle, Sweden - (GVX)Azurehttps://gvx.gateway.truefoundry.ai
Sao Paulo, Brazil - (GRU)GCPhttps://gru.gateway.truefoundry.ai
Cape Town, South Africa - (CPT)AWShttps://cpt.gateway.truefoundry.ai
Doha, Qatar - (DIA)GCPhttps://dia.gateway.truefoundry.ai
Mumbai, India - (BOM)AWShttps://bom.gateway.truefoundry.ai
Singapore, Singapore - (SIN)AWShttps://sin.gateway.truefoundry.ai
Melbourne, Australia - (MEL)AWShttps://mel.gateway.truefoundry.ai
Sydney, Australia - (SYD)AWShttps://syd.gateway.truefoundry.ai

Gateway Metadata

Each SAAS gateway has associated metadata that is automatically added to requests routed through that gateway. The metadata is added with the following keys:
  • tfy_gateway_region
  • tfy_gateway_zone
The current metadata mappings are:
Physical LocationEndpointtfy_gateway_regiontfy_gateway_zone
North Virginia, United Stateshttps://orf.gateway.truefoundry.aiUSORF
Mumbai, Indiahttps://bom.gateway.truefoundry.aiINBOM
Sao Paulo, Brazilhttps://gru.gateway.truefoundry.aiSAGRU
London, United Kingdomhttps://lhr.gateway.truefoundry.aiEULHR
Gavle, Swedenhttps://gvx.gateway.truefoundry.aiEUGVX
Singapore, Singaporehttps://sin.gateway.truefoundry.aiAPSIN
Cape Town, South Africahttps://cpt.gateway.truefoundry.aiAFCPT
Doha, Qatarhttps://dia.gateway.truefoundry.aiUSDIA
San Francisco, United Stateshttps://sfo.gateway.truefoundry.aiUSSFO
Not publicly listedhttps://cle.gateway.truefoundry.aiUSCLE
Not publicly listedhttps://del.gateway.truefoundry.aiINDEL
Dallas, Texas, United Stateshttps://dfw.gateway.truefoundry.aiUSDFW
Madrid, Spainhttps://mad.gateway.truefoundry.aiEUMAD
Toronto, Canadahttps://yyz.gateway.truefoundry.aiCAYYZ
Not publicly listedhttps://cbr.gateway.truefoundry.aiAUCBR

Multi-regional Deployments

Multi-regional endpoints automatically route your requests to the closest healthy gateway within a specific geographic region. If all regional locations are unavailable, traffic is routed to the designated fallback regions.
RegionMulti-regional EndpointPrimary LocationsFallback Locations
United Stateshttps://us.gateway.truefoundry.aiNorth Virginia (ORF), San Francisco (SFO), Dallas (DFW)Toronto, Canada (YYZ)
Europehttps://eu.gateway.truefoundry.aiLondon (LHR), Madrid (MAD), Gavle (GVX)Doha, Qatar (DIA)
Australiahttps://au.gateway.truefoundry.aiSydney (SYD), Melbourne (MEL)Singapore (SIN)

Gateway Status Monitoring

Check Gateway Status

To track the status of each gateway deployment and receive real-time updates on service availability, visit our status page: Gateway Status Page: status.truefoundry.com You can expand the AI Gateway section to see per-region uptime:
AI Gateway expanded view showing per-region uptime for each gateway deployment

Subscribe to Status Updates

Stay informed about gateway availability by subscribing to status notifications:
  1. Visit the Gateway Status Page
  2. Click the Get Updates button in the top right
  3. Choose your preferred notification method:
    • Email notifications
    • RSS Feed
    • On a custom webhook
Truefoundry status page with the Get Updates button highlighted in the top right

Connecting Your Models or MCP Servers to the Gateway

When you use the SAAS gateway to proxy requests to models or MCP servers hosted within your own infrastructure (e.g. inside a VPC), the gateway needs a network path to reach those endpoints. Depending on your security requirements and infrastructure setup, there are several approaches to establish this connectivity.

Option 1: Reverse Tunnel Agent

Instead of exposing your model or MCP server publicly, you can run cloudflared inside your infrastructure and establish an outbound tunnel to a Truefoundry-managed public domain. This avoids opening inbound ports while still allowing the gateway to reach your private services.
This is only available as part of our higher tier enterprise plans.
Setup flow
  1. Raise a request with the Truefoundry team with the following details:
    • private_service_url: The URL of the private service that hosts your MCP server or model. You can also setup a load balancer in front of multiple MCP servers or models to route traffic as needed. Eg - For an mcp server running within the same kubernetes cluster as cloudflared, it would be something like http://mcp-server.default.svc.cluster.local:8080.
  2. Truefoundry shares the following with you:
    • public_domain - The public domain that you can use to access your private service. For example <tenant-name>.private-endpoints.truefoundry.ai.
    • auth_token - The token that you can use to run cloudflared in your environment.
  3. Run cloudflared in your environment: 
    cloudflared tunnel run --token <auth_token>
  4. You can now create the remote MCP server using https://<tenant-name>.private-endpoints.truefoundry.ai/mcp. For detailed MCP server setup instructions, see Getting started with MCP servers.
For organizations that require fully private network connectivity with no public internet exposure, you can establish a Private Link connection between the Truefoundry gateway and your VPC. This creates a private, direct network path that never traverses the public internet.
Private Link connections are region-specific. You will need to set up a Private Link in each cloud region where you need private connectivity to the gateway. Refer to the Regional Deployments table above to identify the regions and cloud providers available, then contact the Truefoundry team to get the specific service endpoint names for your selected regions.This is only available as part of our higher tier enterprise plans.
GCP Private Service Connect enables private connectivity from your VPC to the Truefoundry gateway.Prerequisites:
  • A GCP project with a VPC in a supported gateway region
  • Appropriate IAM permissions to create Private Service Connect endpoints
Steps:
  1. Contact the Truefoundry team to get the Service Attachment URI for your desired region.
  2. In the GCP Console, navigate to Network Services → Private Service Connect.
  3. Click Create Endpoint and select Published service.
  4. Enter the service attachment URI provided by Truefoundry.
  5. Select the VPC network and subnetwork where your model or MCP server is running.
  6. Assign an internal IP address for the endpoint.
  7. Create the endpoint and wait for the connection to be accepted by Truefoundry.
  8. Use the assigned internal IP address or configure a DNS entry to route traffic through the Private Service Connect endpoint.
# Verify connectivity from within your VPC
curl -X GET "http://<internal-ip>/health"
Tradeoffs:
  • Most secure option — traffic never leaves the cloud provider’s private network.
  • Requires setup in each region where you need connectivity.
  • Involves coordination with the Truefoundry team for service endpoint provisioning.
  • May incur additional cloud provider charges for Private Link / Private Service Connect endpoints and data transfer.

Option 3: Self-Host the Gateway

If none of the above options meet your requirements, you can self-host the Truefoundry gateway plane within your own infrastructure. In this setup, the gateway runs inside your VPC and has direct network access to your models and MCP servers — eliminating any need for public exposure or cross-network connectivity. Read more about self-hosting the gateway plane.