If you have verified that your network meets Highfive's minimum requirements, but you are encountering connectivity issues or degraded call quality, this article provides more detailed technical requirements and best practices that a network administrator can perform to improve your Highfive experience.
Important: Please consult with your IT team or network administrator before making any changes to the network settings to ensure you are not violating any organizational or regulatory policies.
Table of Contents
- Enable Flow Control
- Whitelist the Highfive-Related URLs
- Enable QoS
- Assign Highfive to a Dedicated VLAN
- Resolve Potential Traffic Management Restrictions
We recommend enabling flow control for 100 Mbps connections.
Some networks have proxies or rules that require whitelisting one or more of the following addresses and ports to allow proper communication with the Highfive service:
- *.highfive.com (HTTP 80, TCP 443, UDP 5005), for Highfive Meeting Control
- *.highfive.services (TCP 443), for Highfive Meeting Content and Telemetry Data
- *.media.highfive.services (TCP 443, UDP 5005), for Highfive Meeting Signaling
- *.dolbyvoice.com (TCP 443), for Dolby conference phone provisioning
- highfive.link (HTTP 80, TCP 443), for Highfive wireless screen sharing
- dvwx47tzn54nr.cloudfront.net (TCP 443), our CDN
- d1hz5g3vh01yrm.cloudfront.net (HTTP 80, TCP 443), our update CDN
Check Point Software Technologies Firewall users - You can search for Highfive and enable all Highfive network traffic without having to explicitly whitelist the domains above. Here is a tool you can use to search Check Point's database for supported applications: Check Point AppWiki
Highfive supports the DSCP tag AF41 for all video, audio and STUN traffic on the LAN. The packets are always tagged with AF41, and enabling QoS support for computers running OS X, Linux, ChromeOS, and for Windows configurations where the client machines are part of a domain, will work as soon as the configuration is complete.
For simplified setup, consider assigning your Highfive equipment to a dedicated VLAN, and have that VLAN configured with unrestricted access to external services and other devices on the same VLAN.
- Highfive does not require that local users be able to directly access our devices: All meeting-related transmissions are directly with the meeting servers.
Having Highfive on a dedicated VLAN means you can keep your existing network configuration and security rules without negatively affecting the network traffic throughput that comes with using a real-time video conferencing service like Highfive.
Applying the following network recommendations can help to eliminate problems with realtime video conferencing traffic.
- Routing Priorities. Wherever possible, set the routing priority for Highfive traffic to real time in your network.
- Traffic-shaping and bandwidth-shaping rules. Set Highfive traffic at the highest available priority to ensure it gets routed most efficiently.
- Deep-packet inspection rules and devices (DPI). Exclude Highfive traffic from passing through any DPI process to help ensure a smooth link between client devices and the meeting servers. DPI devices can interrupt real-time traffic flow in a way that leads to higher latency, data bursts, and more retransmission.
- Application Layer Firewalls. If Highfive traffic is being monitored by an application layer firewall, this can harm the real-time traffic needs of video conferencing by adding lag, causing packet timeouts, and contributing to jitter.