Indeed, as Rainbow is growing, we must add new IPs, URLs and protocols when adding new servers, location, or features.
In any case of addition, we will update this document 7 days before activating new servers and services to let you time to configure your edge security equipment.
Note: Network changes planned in the coming weeks
New load balancers to be activated 2023-04-20, please update your firewalls and proxies if needed (these IPs belong to the existing Rainbow NA (North America) range: 135.148.197.0/26):
- 135.148.197.14/32
- 135.148.197.15/32
- 135.148.197.16/32
- 135.148.197.17/32
- 135.148.197.18/32
- 135.148.197.19/32
Deprecation warning, those servers will be released after 2023-05-03, do not use them statically (e.g. in WebRTC gateway config):
- turn-lim1.openrainbow.com - 217.182.197.194
- turn-lim2.openrainbow.com - 51.68.163.115
- lb-lim0.openrainbow.com - 54.36.108.169, 51.38.111.143, 51.89.55.153
Summary of ports/protocols requirements:
Rainbow Collaboration
The table below gives minimum requirements for deployment of Rainbow as a collaboration solution, without telephony services.
Protocol |
Port |
Main use |
Source |
Destination (a) |
TCP |
443 |
Signaling, APIs Messaging, filesharing |
All Rainbow clients and applications |
*.openrainbow.com openrainbow.com openrainbow.io |
UDP (b) |
3478 |
Audio/video/desktop sharing media |
All Rainbow clients |
*.openrainbow.com |
TCP (c) |
5228-5229-5230 |
Android push notif |
Pure wifi Android devices |
Google FCM servers |
TCP |
443 |
Apple push not |
Pure wifi iOS devices |
Apple APNS servers |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) the solution can fall back on TCP/443 if the infrastructure does not allow UDP (UDP remains highly recommended for best quality of service for multi-media flows)
(c) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained for FCM connections over ports 5228-5230
Rainbow Hybrid Telephony
The table below gives minimum requirements for deployment of Rainbow on top of an existing customer PBX, providing telephony services and optionally advanced collaboration services.
Protocol |
Port |
Main use |
Source |
Destination (a) |
TCP |
443 |
Signaling, APIs Messaging, filesharing |
All Rainbow clients and applications WebRTC Gateway PBX |
*.openrainbow.com openrainbow.com openrainbow.io |
UDP (b)(c) |
3478 |
Softphony with remote users Audio/video/desktop sharing media for collaboration |
All Rainbow clients WebRTC Gateway |
*.openrainbow.com |
TCP (d) |
5228-5229-5230 |
Android push notification |
Rainbow on pure wifi Android devices |
Google FCM servers |
TCP |
443 |
Apple push notification |
Rainbow on pure wifi ios devices |
Apple APNS servers |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) the solution can fall back on TCP/443 if the infrastructure does not allow UDP (UDP remains highly recommended for best quality of service for multi-media flows)
(c) the NAT gateway implemented between the WebRTC Gateway and Rainbow must avoid too fast reuse of WAN ports. This can be achieved by implementing a 10mn timeout on NAted connection. See note of section 4.6.1 for details.
(d) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained by firewalls for FCM connections over ports 5228-5230. See section 4.2
Rainbow Hub
The table below gives minimum requirements for deployment of the Rainbow Hub solution. The latter provides cloud telephony services and optionally advanced collaboration services.
Protocol |
Destination Port |
Main use |
Source |
Destination (a) |
TCP |
443 |
Signaling, APIs Messaging, filesharing |
Rainbow applications
|
*.openrainbow.com openrainbow.com openrainbow.io |
UDP |
3478 |
Softphony Audio/video/desktop sharing media |
Rainbow applications
|
*.openrainbow.com |
TCP (b) |
5228,5229,5230 |
Android push notif. |
Rainbow on pure wifi Android devices |
Google FCM servers |
TCP |
443 |
Apple push notif. |
Rainbow on pure wifi ios devices |
Apple APNS servers |
TCP |
5061 |
SIP |
SIP devices |
*.openrainbow.com |
TCP |
443 |
Config and APIs |
SIP devices |
*.openrainbow.com |
UDP |
30000-44999 |
SRTP media |
SIP devices Rainbow applications (softphony) |
*.openrainbow.com |
UDP |
53 |
DNS |
SIP devices |
DNS server |
UDP |
123 |
NTP |
SIP devices |
pool.ntp.org |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained for FCM connections over ports 5228-5230
Comments
1 comment
Hi Quentin,
there is a mistake in the note, DNS name of new server 178.33.41.97 must be rtc-gra6.openrainbow.com instead of rtc-gra5.openrainbow.com.
brgds
Andreas
Article is closed for comments.