What Are Rainbow Network Requirements?

Updated December 20, 2022 14:04

Important: Should you use this document to configure firewalls and proxies, please subscribe to updates on the helpcenter.
Indeed, as Rainbow is growing, we must add new IPs, URLs and protocols when adding new servers, location, or features.
In any case of addition, we will update this document 7 days before activating new servers and services to let you time to configure your edge security equipment.

Note: Main changes in Rainbow Network requirements edition 25 are highlighted in green in the document.

Regarding servers evolution, the following changes must be taken into account for your network configuration:

Removed servers, those servers are no more used and their whitelisting in firewalls can be removed:

rtc-gra3.openrainbow.com - 51.178.179.103
rtc-gra4.openrainbow.com - 51.178.179.105
rtc-lim2.openrainbow.com - 51.68.163.114
rtc-lim3.openrainbow.com - 51.195.62.144

New servers to be activated after 2023-01-11, please update your firewalls if needed:

turn-lim4.openrainbow.com - 162.19.180.114
turn-lim3.openrainbow.com - 162.19.180.113
lb-lim1.openrainbow.com - 162.19.180.117
lb-lim2.openrainbow.com - 162.19.180.120
rtc-gra5.openrainbow.com - 178.33.41.118
rtc-gra6.openrainbow.com - 178.33.41.97

Deprecation warning, those servers will be released after 2023-01-18, do not use them statically (eg in WRG config):

turn-lim2.openrainbow.com - 51.68.163.115
turn-lim1.openrainbow.com - 217.182.197.194
lb-lim0.openrainbow.com - 54.36.108.169, 51.38.111.143, 51.89.55.153

Summary of ports/protocols requirements:

Rainbow Collaboration

The table below gives minimum requirements for deployment of Rainbow as a collaboration solution, without telephony services.

Protocol	Port	Main use	Source	Destination ^(a)
TCP	443	Signaling, APIs Messaging, filesharing	All Rainbow clients and applications	*.openrainbow.com openrainbow.com openrainbow.io
UDP ^(b)	3478	Audio/video/desktop sharing media	All Rainbow clients	*.openrainbow.com
TCP ^(c)	5228-5229-5230	Android push notif	Pure wifi Android devices	Google FCM servers
TCP	443	Apple push not	Pure wifi iOS devices	Apple APNS servers

(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5

(b) the solution can fall back on TCP/443 if the infrastructure does not allow UDP (UDP remains highly recommended for best quality of service for multi-media flows)

(c) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained for FCM connections over ports 5228-5230

Rainbow Hybrid Telephony

The table below gives minimum requirements for deployment of Rainbow on top of an existing customer PBX, providing telephony services and optionally advanced collaboration services.

Protocol	Port	Main use	Source	Destination ^(a)
TCP	443	Signaling, APIs Messaging, filesharing	All Rainbow clients and applications WebRTC Gateway PBX	*.openrainbow.com openrainbow.com openrainbow.io
UDP ^(b)(c)	3478	Softphony with remote users Audio/video/desktop sharing media for collaboration	All Rainbow clients WebRTC Gateway	*.openrainbow.com
TCP ^(d)	5228-5229-5230	Android push notification	Rainbow on pure wifi Android devices	Google FCM servers
TCP	443	Apple push notification	Rainbow on pure wifi ios devices	Apple APNS servers

(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5

(b) the solution can fall back on TCP/443 if the infrastructure does not allow UDP (UDP remains highly recommended for best quality of service for multi-media flows)

(c) the NAT gateway implemented between the WebRTC Gateway and Rainbow must avoid too fast reuse of WAN ports. This can be achieved by implementing a 10mn timeout on NAted connection. See note of section 4.6.1 for details.

(d) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained by firewalls for FCM connections over ports 5228-5230. See section 4.2

Rainbow Hub

The table below gives minimum requirements for deployment of the Rainbow Hub solution. The latter provides cloud telephony services and optionally advanced collaboration services.

Protocol	Destination Port	Main use	Source	Destination ^(a)
TCP	443	Signaling, APIs Messaging, filesharing	Rainbow applications	*.openrainbow.com openrainbow.com openrainbow.io
UDP	3478	Softphony Audio/video/desktop sharing media	Rainbow applications	*.openrainbow.com
TCP ^(b)	5228,5229,5230	Android push notif.	Rainbow on pure wifi Android devices	Google FCM servers
TCP	443	Apple push notif.	Rainbow on pure wifi ios devices	Apple APNS servers
TCP	5061	SIP	SIP devices	*.openrainbow.com
TCP	443	Config and APIs	SIP devices	*.openrainbow.com
UDP	30000-44999	SRTP media	SIP devices Rainbow applications (softphony)	*.openrainbow.com
UDP	53	DNS	SIP devices	DNS server
UDP	123	NTP	SIP devices	pool.ntp.org

(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5

(b) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained for FCM connections over ports 5228-5230

HDS_Rainbow Network Requirements - 2021-11-03 - Ed21.pdf
900 KB Download
Rainbow Network Requirements - 2022-12-01 - Ed25.pdf
1000 KB Download

Comments

1 comment

Andreas HEISE

December 16, 2022 14:38
Hi Quentin,

there is a mistake in the note, DNS name of new server 178.33.41.97 must be rtc-gra6.openrainbow.com instead of rtc-gra5.openrainbow.com.

brgds

Andreas
1

Comment actions Permalink

Please sign in to leave a comment.

How likely are you to recommend our Help Center to your colleagues?

Change language :

Search the Help Center

Browse the Knowledge Base

What Are Rainbow Network Requirements?

Summary of ports/protocols requirements:

Rainbow Collaboration

Rainbow Hybrid Telephony

Rainbow Hub

Comments

Still can't find what you need?

Contact Us

Ask the Community