Indeed, as Rainbow is growing, we must add new IPs, URLs and protocols when adding new servers, location, or features.
In any case of addition, we will update this document 7 days before activating new servers and services to let you time to configure your edge security equipment.
Regarding servers evolution, the following changes must be taken into account for your network configuration:
Removed servers, those servers are no more used and their whitelisting in firewalls can be removed:
- rtc-gra3.openrainbow.com - 51.178.179.103
- rtc-gra4.openrainbow.com - 51.178.179.105
- rtc-lim2.openrainbow.com - 51.68.163.114
- rtc-lim3.openrainbow.com - 51.195.62.144
- turn-lim4.openrainbow.com - 162.19.180.114
- turn-lim3.openrainbow.com - 162.19.180.113
- lb-lim1.openrainbow.com - 162.19.180.117
- lb-lim2.openrainbow.com - 162.19.180.120
- rtc-gra5.openrainbow.com - 178.33.41.118
- rtc-gra6.openrainbow.com - 178.33.41.97
- turn-lim2.openrainbow.com - 51.68.163.115
- turn-lim1.openrainbow.com - 217.182.197.194
- lb-lim0.openrainbow.com - 54.36.108.169, 51.38.111.143, 51.89.55.153
Summary of ports/protocols requirements:
Rainbow Collaboration
The table below gives minimum requirements for deployment of Rainbow as a collaboration solution, without telephony services.
|
Protocol |
Port |
Main use |
Source |
Destination (a) |
|
TCP |
443 |
Signaling, APIs Messaging, filesharing |
All Rainbow clients and applications |
*.openrainbow.com openrainbow.com openrainbow.io |
|
UDP (b) |
3478 |
Audio/video/desktop sharing media |
All Rainbow clients |
*.openrainbow.com |
|
TCP (c) |
5228-5229-5230 |
Android push notif |
Pure wifi Android devices |
Google FCM servers |
|
TCP |
443 |
Apple push not |
Pure wifi iOS devices |
Apple APNS servers |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) the solution can fall back on TCP/443 if the infrastructure does not allow UDP (UDP remains highly recommended for best quality of service for multi-media flows)
(c) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained for FCM connections over ports 5228-5230
Rainbow Hybrid Telephony
The table below gives minimum requirements for deployment of Rainbow on top of an existing customer PBX, providing telephony services and optionally advanced collaboration services.
|
Protocol |
Port |
Main use |
Source |
Destination (a) |
|
TCP |
443 |
Signaling, APIs Messaging, filesharing |
All Rainbow clients and applications WebRTC Gateway PBX |
*.openrainbow.com openrainbow.com openrainbow.io |
|
UDP (b)(c) |
3478 |
Softphony with remote users Audio/video/desktop sharing media for collaboration |
All Rainbow clients WebRTC Gateway |
*.openrainbow.com |
|
TCP (d) |
5228-5229-5230 |
Android push notification |
Rainbow on pure wifi Android devices |
Google FCM servers |
|
TCP |
443 |
Apple push notification |
Rainbow on pure wifi ios devices |
Apple APNS servers |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) the solution can fall back on TCP/443 if the infrastructure does not allow UDP (UDP remains highly recommended for best quality of service for multi-media flows)
(c) the NAT gateway implemented between the WebRTC Gateway and Rainbow must avoid too fast reuse of WAN ports. This can be achieved by implementing a 10mn timeout on NAted connection. See note of section 4.6.1 for details.
(d) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained by firewalls for FCM connections over ports 5228-5230. See section 4.2
Rainbow Hub
The table below gives minimum requirements for deployment of the Rainbow Hub solution. The latter provides cloud telephony services and optionally advanced collaboration services.
|
Protocol |
Destination Port |
Main use |
Source |
Destination (a) |
|
TCP |
443 |
Signaling, APIs Messaging, filesharing |
Rainbow applications
|
*.openrainbow.com openrainbow.com openrainbow.io |
|
UDP |
3478 |
Softphony Audio/video/desktop sharing media |
Rainbow applications
|
*.openrainbow.com |
|
TCP (b) |
5228,5229,5230 |
Android push notif. |
Rainbow on pure wifi Android devices |
Google FCM servers |
|
TCP |
443 |
Apple push notif. |
Rainbow on pure wifi ios devices |
Apple APNS servers |
|
TCP |
5061 |
SIP |
SIP devices |
*.openrainbow.com |
|
TCP |
443 |
Config and APIs |
SIP devices |
*.openrainbow.com |
|
UDP |
30000-44999 |
SRTP media |
SIP devices Rainbow applications (softphony) |
*.openrainbow.com |
|
UDP |
53 |
DNS |
SIP devices |
DNS server |
|
UDP |
123 |
NTP |
SIP devices |
pool.ntp.org |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained for FCM connections over ports 5228-5230
Comments
1 comment
Hi Quentin,
there is a mistake in the note, DNS name of new server 178.33.41.97 must be rtc-gra6.openrainbow.com instead of rtc-gra5.openrainbow.com.
brgds
Andreas
Please sign in to leave a comment.