Spoke Phone Network Connectivity Requirements

Overview

The following article outlines Spoke Phone’s mobile and desktop application requirements for network connectivity. It lists Spoke Phone's server ports and IP addresses that the applications must be able to reach and the bandwidth required for quality audio.

 

Within this article:

Connectivity Overview

The Spoke Phone application leverages Twilio’s global super network to provide voice connectivity to customers and users around the world.  In order to function correctly, the Spoke Phone

application (on desktop and mobile) requires connectivity to both Spoke Phone and Twilio’s infrastructure to place and receive calls.

Two types of connections are required - signalling and media. The signalling connections are secure TLS connections that are used for sending and receiving control information to set up calls and the media connection is a secure SRTP (Secure Real-time Transport Protocol) connection that is used to send and receive audio.

Furthermore, Twilio’s Programmable Voice infrastructure is deployed in edges all over the world. 

By default, the Spoke Phone applications use Global Low Latency (GLL) to determine the optimal Twilio edge to connect to. 

To ensure that end users consistently connect to the closest media server, Spoke Phone recommends that they manually specify their closest Edge location in the Spoke Phone application (under Settings → My Call Quality).

 

Network Bandwidth Requirements

The following table lists the network requirements to deliver reasonable audio quality.

Bandwidth (Uplink/Downlink)

100kbps / 100kbps per concurrent call

Latency to nearest edge location (RTT)

< 100ms

Jitter

< 10ms

Packet Loss

< 1%

 

Firewall Configuration

To access Spoke Phone and Twilio, your firewall should allow outgoing TCP and UDP traffic from your applications to both Spoke Phone and Twilio’s infrastructure and allow return traffic in response. Spoke Phone/Twilio will never initiate a connection to the client applications.

Therefore, the firewall should not allow externally initiated connections back into the network.

In the Connectivity Requirements sections that follow, the required destination IP addresses and ports are listed. Your firewall should be configured to allow connectivity to the Media servers and the Signalling gateways corresponding to the Spoke Phone applications you are using.

 

Connectivity Requirements

Signaling Connectivity Requirements

The following section provides the connectivity requirements for the Spoke applications. As both Spoke and Twilio are hosted on AWS, IP addresses for the FQDNs listed below can change over time. Therefore we recommend FQDN based allow lists. 

Note: If your firewall already allows outbound TLS/TCP connections to Port 443 at any destination then the settings in this section are not required.

 

 

 

Your Intranet

Allowed destinations

 

Protocol

Source IP

Source Port †

Destination

Destination Port

Spoke Desktop Client

 

 

 

 

 

Secure TLS Spoke Application Gateway

TCP

ANY

ANY

*.spokephone.com

443

Secure TLS connection to Twilio signalling Gateway

TCP

ANY

ANY

chunderw-gll.twilio.com

443

Secure TLS connection to Twilio signalling Gateway

TCP

ANY

ANY

chunderw-vpc-gll.twilio.com

443

Secure TLS Connection to Twilio Regional Signalling gateways

TCP

ANY

ANY

chunderw-vpc-gll-{region}.twilio.com

{Where region is one of: au1, br1, de1, ie1, jp1, sg1, us1}

443

Secure TLS Insights logging gateway

TCP

ANY

ANY

eventgw.twilio.com

443

Spoke Mobile Client

 

 

 

 

 

Secure TLS Spoke Application Gateway

TCP

ANY

ANY

*.spokephone.com

443

Secure TLS connection to Twilio GLL Signalling Gateway

TCP

ANY

ANY

chunderm.gll.twilio.com

443

Secure TLS Connection to Twilio Regional Signalling Gateways

TCP

ANY

ANY

chunderm.{region}.gll.twilio.com

{Where region is one of: au1, br1, de1, ie1, jp1, sg1, us1}

443

Secure TLS to Insights Gateway

TCP

ANY

ANY

eventgw.twilio.com

443

Secure TLS to Registration Server

TCP

ANY

ANY

ers.twilio.com

443

† The client will select any available port from the ephemeral range. On most machines, this means the port range 1,024 to 65,535.

 

Voice Media Server Connectivity Requirements

The IP address ranges below also require outgoing connectivity (with return traffic) over UDP to port ranges 10,000-60,000.  

 

   

Your Intranet

Allowed destinations

Secure Media (ICE/STUN/SRTP) Edge Locations

Protocol

Source

IP

Source Port †

Destination

IP Ranges (CIDR)

Destination Port Range

sydney (au1)

UDP

ANY

ANY

168.86.128.0/18

54.252.254.64/26

3.104.90.0/24

10,000 - 60,000

são-paulo (br1)

UDP

ANY

ANY

168.86.128.0/18

177.71.206.192/26

18.228.249.0/24

10,000 - 60,000

dublin (ie1)

UDP

ANY

ANY

168.86.128.0/18

54.171.127.192/26

52.215.127.0/24

10,000 - 60,000

frankfurt (de1)

UDP

ANY

ANY

168.86.128.0/18

35.156.191.128/25

3.122.181.0/24

10,000 - 60,000

tokyo (jp1)

UDP

ANY

ANY

168.86.128.0/18

54.65.63.192/26

3.112.80.0/24

10,000 - 60,000

singapore (sg1)

UDP

ANY

ANY

168.86.128.0/18

54.169.127.128/26

3.1.77.0/24

10,000 - 60,000

ashburn (us1)

UDP

ANY

ANY

168.86.128.0/18

54.172.60.0/23

34.203.250.0/23

10,000 - 60,000

roaming (gll)

UDP

ANY

ANY

All IP addresses listed above

10,000 - 60,000

 

Additional Considerations

The following additional network configurations must be carried out:

 

  • Ensure that both the Spoke and Twilio IP addresses and domains are excluded from stateful packet inspection (SPI), or you might experience high UDP or TCP connection times.
  • Your firewall must allow outgoing UDP to the public internet from the machines that will be using Talk, and allow return traffic in response. Spoke is hosted on AWS, and because of this it is not possible to narrow down the IP range. You might see some IP addresses slightly outside the above ranges due to AWS networking.
  • Spoke will not work with MPLS or VPN. Do not allow traffic for the domains and IP addresses listed to run through a VPN.

Once you have allowed connections to all of the above IP addresses and domains for the ports mentioned above (each port needs to access all domains and IP addresses listed) there should be no issues with Zendesk Talk making and receiving calls.

NOTE: Spoke is not compatible with Virtual Desktop Environments.

 

Diagnosing Connectivity Issues.

Specific connectivity issues are not always apparent in the Spoke application.  For example, calls that successfully connect but do not have audio can be due to either faulty headsets on the user’s system OR could be due to outbound UDP traffic being filtered at the firewall.

We recommend using the Twilio network test tool to confirm that traffic is not being filtered:

https://networktest.twilio.com/

Filtered UDP traffic to Twilio’s voice media servers will show as a Fail with Voice Test Call as per below:

 

Was this article helpful?
0 out of 0 found this helpful