Detailed Network Requirements for Highfive Video Conferencing

 

If you have verified that your network meets Highfive's minimum requirements, but you are encountering connectivity issues or degraded call quality, this article provides more detailed technical requirements and best practices that a network administrator can perform to improve your Highfive experience.

 

Important: Please consult with your IT team or network administrator before making any changes to the network settings to ensure you are not violating any organizational or regulatory policies.

 

 

Table of Contents

 

 

Whitelist the Highfive-Related URLs

 

Some networks have firewalls, proxies or other rules that require whitelisting Highfive's servers to allow proper communication with the Highfive services.

 

It is recommended to whitelist Highfive's services by domain. All of the following destinations must be whitelisted for joining a Highfive meeting:

 

 Protocol   Port   Destination   Purpose   Static IPs Available 
 UDP   5005   *.highfive.com   Meeting Control   No 
 TCP   443   *.highfive.com   Meeting Control   No 
 HTTP   80   *.highfive.com   Meeting Control   No 
 TCP   443   *.highfive.services   Meeting Telemetry   No 
 UDP   5005   *.media.highfive.services   Meeting Signaling and Content   Yes 
 TCP   5005   *.media.highfive.services   Meeting Signaling and Content   Yes 
 TCP   443   *.media.highfive.services   Meeting Signaling and Content   Yes 
 TCP   443   dvwx47tzn54nr.cloudfront.net   Geographic Content Delivery   No 
 TCP   443   d1hz5g3vh01yrm.cloudfront.net   Geographic Content Delivery   No 
 HTTP   80   d1hz5g3vh01yrm.cloudfront.net   Geographic Content Delivery   No 

 

If you are using Highfive meeting room devices, you must also whitelist the following destinations for the networks where the rooms are located:

 

 Protocol   Port   Destination   Purpose   Static IPs Available 
 TCP   443   *.dolbyvoice.com   Dolby Conference Phone Provisioning   No 
 TCP   443   highfive.link   Wireless Screen Sharing   No 
 HTTP   80   highfive.link   Wireless Screen Sharing   No 

 

 

For Highfive's services, UDP on port 5005 is preferred and results in the best real-time media experience. When UDP port 5005 is not available, TCP port 5005 is used. When TCP port 5005 is not available, TCP port 443 is used.

 

For Highfive's primary media traffic, specific IP address ranges are available for whitelisting and network optimization instead of domains. These can be used when firewall capabilities or security policies do not allow whitelisting, in place of the corresponding domains above:

 

 Protocol   Port      Destinations   Purpose 
 UDP   5005 
  • 44.232.236.128/26 
  • 3.248.243.64/26 
  • 3.24.133.32/27 
  • 3.235.12.0/24 
 Meeting Signaling and Content 
 TCP   5005 
  • 44.232.236.128/26 
  • 3.248.243.64/26 
  • 3.24.133.32/27 
  • 3.235.12.0/24 
 Meeting Signaling and Content 
 TCP   443 
  • 44.232.236.128/26 
  • 3.248.243.64/26 
  • 3.24.133.32/27 
  • 3.235.12.0/24 
 Meeting Signaling and Content 

 

Note - The Highfive Meeting Connector and Room Connector do not use the IP address ranges published above. At this time, whitelisting must be done by domain name in order to use these features. 

 

Check Point Software Technologies Firewall users - You can search for Highfive and enable all Highfive network traffic without having to explicitly whitelist the domains above. Here is a tool you can use to search Check Point's database for supported applications: Check Point AppWiki

 

 

Enable Flow Control

 

We recommend enabling flow control for 100 Mbps connections.

 

 

Enable QoS

 

Highfive supports the DSCP tag AF41 for all video, audio and STUN traffic on the LAN. The packets are always tagged with AF41, and enabling QoS support for computers running OS X, Linux, ChromeOS, and for Windows configurations where the client machines are part of a domain, will work as soon as the configuration is complete.

 

 

Assign Highfive to a Dedicated VLAN

 

For simplified setup, consider assigning your Highfive equipment to a dedicated VLAN, and have that VLAN configured with unrestricted access to external services and other devices on the same VLAN.

  • Highfive does not require that local users be able to directly access our devices: All meeting-related transmissions are directly with the meeting servers.

Having Highfive on a dedicated VLAN means you can keep your existing network configuration and security rules without negatively affecting the network traffic throughput that comes with using a real-time video conferencing service like Highfive.

 

 

Resolve Potential Traffic Management Restrictions

 

Applying the following network recommendations can help to eliminate problems with realtime video conferencing traffic.

  • Routing Priorities. Wherever possible, set the routing priority for Highfive traffic to real time in your network.
  • Traffic-shaping and bandwidth-shaping rules. Set Highfive traffic at the highest available priority to ensure it gets routed most efficiently.
  • Deep-packet inspection rules and devices (DPI). Exclude Highfive traffic from passing through any DPI process to help ensure a smooth link between client devices and the meeting servers. DPI devices can interrupt real-time traffic flow in a way that leads to higher latency, data bursts, and more retransmission.
  • Application Layer Firewalls. If Highfive traffic is being monitored by an application layer firewall, this can harm the real-time traffic needs of video conferencing by adding lag, causing packet timeouts, and contributing to jitter.

 

Brian Huynh -

Still have questions?

We're here to help

Powered by Zendesk