Detailed Network Requirements for Highfive Video Conferencing

If you have verified that your network meets Highfive's minimum requirements, but you are encountering connectivity issues or degraded call quality, this article provides more detailed technical requirements and best practices that a network administrator can perform to improve your Highfive experience. 

Important: Please consult with your IT team or network administrator before making any changes to the network settings to ensure you are not violating any organizational or regulatory policies.

Contents

Whitelist the Highfive-Related URLs

Some networks have firewalls, proxies or other rules that require whitelisting Highfive's servers to allow proper communication with the Highfive services.

It is recommended to whitelist Highfive's services by domain. All of the following destinations must be whitelisted for joining a Highfive meeting:

Protocol  Port  Destination Purpose  Static IPs Available 
UDP  5005  *.highfive.com  Meeting Control  No 
TCP  443  *.highfive.com  Meeting Control  No 
HTTP  80  *.highfive.com  Meeting Control  No 
TCP  443  *.highfive.services  Meeting Telemetry  No 
UDP  5005  *.media.highfive.services  Meeting Signaling and Content  Yes 
TCP  5005  *.media.highfive.services  Meeting Signaling and Content  Yes 
TCP  443  *.media.highfive.services  Meeting Signaling and Content  Yes 
TCP  443  dvwx47tzn54nr.cloudfront.net  Geographic Content Delivery  No 
TCP  443  d1hz5g3vh01yrm.cloudfront.net  Geographic Content Delivery  No 
HTTP  80  d1hz5g3vh01yrm.cloudfront.net  Geographic Content Delivery  No 

Whitelisting for Highfive Devices

If you are using Highfive meeting room devices, you must also whitelist the following destinations for the networks where the rooms are located: 

Protocol  Port  Destination  Purpose  Static IPs Available 
TCP  443  *.dolbyvoice.com  Dolby Conference Phone Provisioning  No 
TCP  443  highfive.link  Wireless Screen Sharing  No 
HTTP  80  highfive.link  Wireless Screen Sharing  No 

For Highfive's services, UDP on port 5005 is preferred and results in the best real-time media experience. When UDP port 5005 is not available, TCP port 5005 is used. When TCP port 5005 is not available, TCP port 443 is used. 

IP Ranges

For Highfive's primary media traffic, specific IP address ranges are available for whitelisting and network optimization instead of domains. These can be used when firewall capabilities or security policies do not allow whitelisting, in place of the corresponding domains above:

Protocol  Port  Destinations  Purpose 
UDP  5005  44.232.236.128/26
3.248.243.64/26 
3.24.133.32/27 
3.235.12.0/24
Meeting Signaling and Content 
TCP  5005  44.232.236.128/26
3.248.243.64/26 
3.24.133.32/27 
3.235.12.0/24 
Meeting Signaling and Content 
TCP  443  44.232.236.128/26 
3.248.243.64/26 
3.24.133.32/27 
3.235.12.0/24 
Meeting Signaling and Content 

Note -  The Highfive Meeting Connector and Room Connector do not use the IP address ranges published above. At this time, whitelisting must be done by domain name in order to use these features.  

Check Point Software Technologies Firewall users -  You can search for Highfive and enable all Highfive network traffic without having to explicitly whitelist the domains above. Here is a tool you can use to search Check Point's database for supported applications: Check Point AppWiki.

Enable Flow Control

We recommend enabling flow control for 100 Mbps connections.

Enable QoS

Highfive supports the DSCP tag AF41 for all video, audio and STUN traffic on the LAN. The packets are always tagged with AF41, and enabling QoS support for computers running OS X, Linux, ChromeOS, and for Windows configurations where the client machines are part of a domain, will work as soon as the configuration is complete.

Assign Highfive to a Dedicated VLAN

For simplified setup, consider assigning your Highfive equipment to a dedicated VLAN, and have that VLAN configured with unrestricted access to external services and other devices on the same VLAN.

Highfive does not require that local users be able to directly access our devices: All meeting-related transmissions are direct to the meeting servers.

Having Highfive on a dedicated VLAN means you can keep your existing network configuration and security rules without negatively affecting the network traffic throughput that comes with using a real-time video conferencing service like Highfive.

Resolve Potential Traffic Management Restrictions

Applying the following network recommendations can help to eliminate problems with realtime video conferencing traffic.

Routing Priorities. Wherever possible, set the routing priority for Highfive traffic to real-time in your network.

Traffic-shaping and bandwidth-shaping rules. Set Highfive traffic at the highest available priority to ensure it gets routed most efficiently.

Deep-packet inspection rules and devices (DPI).  Exclude Highfive traffic from passing through any DPI process to help ensure a smooth link between client devices and the meeting servers. DPI devices can interrupt real-time traffic flow in a way that leads to higher latency, data bursts, and more retransmission.

Application Layer Firewalls. If Highfive traffic is being monitored by an application layer firewall, this can harm the real-time traffic needs of video conferencing by adding lag, causing packet timeouts, and contributing to jitter.

Still have questions?

We're here to help

Powered by Zendesk