Indeed, as Rainbow is growing, we must add new IPs, URLs and protocols when adding new servers, location, or features.
In any case of addition, we will update this document 7 days before activating new servers and services to let you time to configure your edge security equipment.
Note: Network changes planned in the coming weeks
New conference servers activated since Tuesday, June 27, please update your firewalls and proxies if needed:
- 158.177.103.120/32
- 158.177.103.124/32
New load balancers are deployed to cope with increasing Rainbow traffic and will be used to connect users, PBXs and SIP devices to rainbow, please update your firewalls and proxies if needed. Deployment is finalized since Friday, July 7.
- 178.32.125.32/32
- 178.32.125.46/32
- 178.32.125.56/32
- 178.32.125.107/32
- 178.32.125.135/32
- 178.32.125.149/32
- 178.32.125.161/32
- 178.32.125.168/32
- 178.32.125.241/32
- 178.32.126.16/32
- 178.32.126.70/32
- 178.32.126.94/32
- 178.32.126.97/32
- 178.32.126.147/32
- 178.32.126.196/32
- 178.32.126.210/32
- 178.32.126.211/32
- 178.32.126.251/32
- 178.32.127.14/32
- 178.32.127.42/32
- 178.32.127.143/32
- 178.32.127.144/32
- 178.32.127.183/32
- 178.33.40.217/32
Summary of ports/protocols requirements:
Rainbow Collaboration
The table below gives minimum requirements for deployment of Rainbow as a collaboration solution, without telephony services.
|
Protocol |
Port |
Main use |
Source |
Destination (a) |
|
TCP |
443 |
Signaling, APIs Messaging, filesharing |
All Rainbow clients and applications |
*.openrainbow.com openrainbow.com openrainbow.io |
|
UDP (b) |
3478 |
Audio/video/desktop sharing media |
All Rainbow clients |
*.openrainbow.com |
|
TCP (c) |
5228-5229-5230 |
Android push notif |
Pure wifi Android devices |
Google FCM servers |
|
TCP |
443 |
Apple push not |
Pure wifi iOS devices |
Apple APNS servers |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) the solution can fall back on TCP/443 if the infrastructure does not allow UDP (UDP remains highly recommended for best quality of service for multi-media flows)
(c) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained for FCM connections over ports 5228-5230
Rainbow Hybrid Telephony
The table below gives minimum requirements for deployment of Rainbow on top of an existing customer PBX, providing telephony services and optionally advanced collaboration services.
|
Protocol |
Port |
Main use |
Source |
Destination (a) |
|
TCP |
443 |
Signaling, APIs Messaging, filesharing |
All Rainbow clients and applications WebRTC Gateway PBX |
*.openrainbow.com openrainbow.com openrainbow.io |
|
UDP (b)(c) |
3478 |
Softphony with remote users Audio/video/desktop sharing media for collaboration |
All Rainbow clients WebRTC Gateway |
*.openrainbow.com |
|
TCP (d) |
5228-5229-5230 |
Android push notification |
Rainbow on pure wifi Android devices |
Google FCM servers |
|
TCP |
443 |
Apple push notification |
Rainbow on pure wifi ios devices |
Apple APNS servers |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) the solution can fall back on TCP/443 if the infrastructure does not allow UDP (UDP remains highly recommended for best quality of service for multi-media flows)
(c) the NAT gateway implemented between the WebRTC Gateway and Rainbow must avoid too fast reuse of WAN ports. This can be achieved by implementing a 10mn timeout on NAted connection. See note of section 4.6.1 for details.
(d) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained by firewalls for FCM connections over ports 5228-5230. See section 4.2
Rainbow Hub
The table below gives minimum requirements for deployment of the Rainbow Hub solution. The latter provides cloud telephony services and optionally advanced collaboration services.
|
Protocol |
Destination Port |
Main use |
Source |
Destination (a) |
|
TCP |
443 |
Signaling, APIs Messaging, filesharing |
Rainbow applications
|
*.openrainbow.com openrainbow.com openrainbow.io |
|
UDP |
3478 |
Softphony Audio/video/desktop sharing media |
Rainbow applications
|
*.openrainbow.com |
|
TCP (b) |
5228,5229,5230 |
Android push notif. |
Rainbow on pure wifi Android devices |
Google FCM servers |
|
TCP |
443 |
Apple push notif. |
Rainbow on pure wifi ios devices |
Apple APNS servers |
|
TCP |
5061 |
SIP |
SIP devices |
*.openrainbow.com |
|
TCP |
443 |
Config and APIs |
SIP devices |
*.openrainbow.com |
|
UDP |
30000-44999 |
SRTP media |
SIP devices Rainbow applications (softphony) |
*.openrainbow.com |
|
UDP |
53 |
DNS |
SIP devices |
DNS server |
|
UDP |
123 |
NTP |
SIP devices |
pool.ntp.org |
(a) details on FQDN and IP addresses of Rainbow servers are provided in section 5
(b) Google requires that if the network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), a 30 minute or larger timeout is maintained for FCM connections over ports 5228-5230
Comments
1 comment
Hi Quentin,
there is a mistake in the note, DNS name of new server 178.33.41.97 must be rtc-gra6.openrainbow.com instead of rtc-gra5.openrainbow.com.
brgds
Andreas
Article is closed for comments.