Overview
The following article outlines Spoke’s mobile and desktop application requirements for network connectivity. It lists Spoke's server ports and IP addresses that the applications must be able to reach and the bandwidth required for quality audio.
Within this article:
Connectivity Overview
The Spoke application leverages Twilio’s global super network to provide voice connectivity to customers and users around the world. In order to function correctly, the Spoke
application (on desktop and mobile) requires connectivity to both Spoke and Twilio’s infrastructure to place and receive calls.
Two types of connections are required - signalling and media. The signalling connections are secure TLS connections that are used for sending and receiving control information to set up calls and the media connection is a secure SRTP (Secure Real-time Transport Protocol) connection that is used to send and receive audio.
Furthermore, Twilio’s Programmable Voice infrastructure is deployed in edges all over the world.
By default, the Spoke applications use Global Low Latency (GLL) to determine the optimal Twilio edge to connect to.
To ensure that end users consistently connect to the closest media server, Spoke recommends that they manually specify their closest Edge location in the Spoke application (under Settings → My Call Quality).
Network Bandwidth Requirements
The following table lists the network requirements to deliver reasonable audio quality.
| Bandwidth (Uplink/Downlink) | 100kbps / 100kbps per concurrent call |
| Latency to nearest edge location (RTT) | < 100ms |
| Jitter | < 10ms |
| Packet Loss | < 1% |
Firewall Configuration
To access Spoke and Twilio, your firewall should allow outgoing TCP and UDP traffic from your applications to both Spoke and Twilio’s infrastructure and allow return traffic in response. Spoke/Twilio will never initiate a connection to the client applications.
Therefore, the firewall should not allow externally initiated connections back into the network.
In the Connectivity Requirements sections that follow, the required destination IP addresses and ports are listed. Your firewall should be configured to allow connectivity to the Media servers and the Signaling gateways corresponding to the Spoke applications you are using.
Connectivity Requirements
Signaling Connectivity Requirements
The following section provides the connectivity requirements for the Spoke applications. As both Spoke and Twilio are hosted on AWS, IP addresses for the FQDNs listed below can change over time. Therefore we recommend FQDN based allow lists.
Note: If your firewall already allows outbound TLS/TCP connections to Port 443 at any destination then the settings in this section are not required.
| Your Intranet | Allowed destinations | ||||
| Protocol | Source IP | Source Port † | Destination | Destination Port | |
| Spoke Desktop Client | |||||
| Secure TLS Spoke Application Gateway | TCP | ANY | ANY | *.spokephone.com | 443 |
| Secure TLS connection to Twilio signalling Gateway | TCP | ANY | ANY | chunderw-gll.twilio.com | 443 |
| Secure TLS connection to Twilio signalling Gateway | TCP | ANY | ANY | chunderw-vpc-gll.twilio.com | 443 |
| Secure TLS Connection to Twilio Regional Signalling gateways | TCP | ANY | ANY |
chunderw-vpc-gll-{region}.twilio.com {Where region is one of: au1, br1, de1, ie1, jp1, sg1, us1} |
443 |
| Secure TLS Insights logging gateway | TCP | ANY | ANY | eventgw.twilio.com | 443 |
| Spoke Mobile Client | |||||
| Secure TLS Spoke Application Gateway | TCP | ANY | ANY | *.spokephone.com | 443 |
| Secure TLS connection to Twilio GLL Signalling Gateway | TCP | ANY | ANY | chunderm.gll.twilio.com | 443 |
| Secure TLS Connection to Twilio Regional Signalling Gateways | TCP | ANY | ANY |
chunderm.{region}.gll.twilio.com {Where region is one of: au1, br1, de1, ie1, jp1, sg1, us1} |
443 |
| Secure TLS to Insights Gateway | TCP | ANY | ANY | eventgw.twilio.com | 443 |
| Secure TLS to Registration Server | TCP | ANY | ANY | ers.twilio.com | 443 |
† The client will select any available port from the ephemeral range. On most machines, this means the port range 1,024 to 65,535.
Voice Media Server Connectivity Requirements
The IP address ranges below also require outgoing connectivity (with return traffic) over UDP to port ranges 10,000-60,000.
| Your Intranet | Allowed destinations | ||||
| Secure Media (ICE/STUN/SRTP) Edge Locations | Protocol |
Source IP |
Source Port † |
Destination IP Ranges (CIDR) |
Destination Port Range |
| sydney (au1) | UDP | ANY | ANY |
168.86.128.0/18 54.252.254.64/26 3.104.90.0/24 |
10,000 - 60,000 |
| são-paulo (br1) | UDP | ANY | ANY |
168.86.128.0/18 177.71.206.192/26 18.228.249.0/24 |
10,000 - 60,000 |
| dublin (ie1) | UDP | ANY | ANY |
168.86.128.0/18 54.171.127.192/26 52.215.127.0/24 |
10,000 - 60,000 |
| frankfurt (de1) | UDP | ANY | ANY |
168.86.128.0/18 35.156.191.128/25 3.122.181.0/24 |
10,000 - 60,000 |
| tokyo (jp1) | UDP | ANY | ANY |
168.86.128.0/18 54.65.63.192/26 3.112.80.0/24 |
10,000 - 60,000 |
| singapore (sg1) | UDP | ANY | ANY |
168.86.128.0/18 54.169.127.128/26 3.1.77.0/24 |
10,000 - 60,000 |
| ashburn (us1) | UDP | ANY | ANY |
168.86.128.0/18 54.172.60.0/23 34.203.250.0/23 |
10,000 - 60,000 |
| roaming (gll) | UDP | ANY | ANY | All IP addresses listed above | 10,000 - 60,000 |
Additional Considerations
The following additional network configurations must be carried out:
- Ensure that both the Spoke and Twilio IP addresses and domains are excluded from stateful packet inspection (SPI), or you might experience high UDP or TCP connection times.
- Your firewall must allow outgoing UDP to the public internet from the machines that will be using Talk, and allow return traffic in response. Spoke is hosted on AWS, and because of this it is not possible to narrow down the IP range. You might see some IP addresses slightly outside the above ranges due to AWS networking.
- Spoke will not work with MPLS or VPN. Do not allow traffic for the domains and IP addresses listed to run through a VPN.
Once you have allowed connections to all of the above IP addresses and domains for the ports mentioned above (each port needs to access all domains and IP addresses listed) there should be no issues with Spoke making and receiving calls.
NOTE: Spoke is not compatible with Virtual Desktop Environments.
Spoke Enlighten Connectivity Requirements
The following table lists the network requirements for Spoke Enlighten.
| Protocol | Source IP | Source Port † | Destination | Destination Port | |
| Enlighten Manager Console | |||||
| Secure TLS Enlighten Application Gateway | TCP | ANY | ANY | *.youspoke.app | 443 |
| Secure Enlighten Data IP's | TCP | ANY | ANY |
172.64.149.246/24 104.18.38.10/24 |
443 |
Diagnosing Connectivity Issues.
Specific connectivity issues are not always apparent in the Spoke application. For example, calls that successfully connect but do not have audio can be due to either faulty headsets on the user’s system OR could be due to outbound UDP traffic being filtered at the firewall.
We recommend using the below network test tool to confirm that traffic is not being filtered or blocked:
https://networktest.spokephone.com?invite=69fb7f8d7ee03093b6e79d54
Filtered UDP traffic to voice media servers will show as a Fail with Voice Test Call as per below: