Scribd
Upload
270 views16 pages

Cs Networkrequirements Liveuproducts

This document outlines the network requirements for LiveU products including ports and IP addresses that need to be accessible. Key requirements include allowing inbound UDP on ports 8601-8606 for receiving video and audio, outbound TCP to hub1.liveu.tv and lu-central.liveu.tv for command and control, and whitelisting LiveU IP addresses from UDP flood protection which could interfere with video streams. Firewalls may need specific ports and domains opened and LiveU support can assist with configuration.

Uploaded by

Diego Piedrabuena
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
270 views16 pages

Cs Networkrequirements Liveuproducts

This document outlines the network requirements for LiveU products including ports and IP addresses that need to be accessible. Key requirements include allowing inbound UDP on ports 8601-8606 for receiving video and audio, outbound TCP to hub1.liveu.tv and lu-central.liveu.tv for command and control, and whitelisting LiveU IP addresses from UDP flood protection which could interfere with video streams. Firewalls may need specific ports and domains opened and LiveU support can assist with configuration.

Uploaded by

Diego Piedrabuena
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Network Requirements - LiveU Products

This document contains the network requirements for LiveU products; all communication is done through the open internet as a
medium.

Products in this document's scope include the following.

• System Schematics
• Port & IP Information
o Device: LU2000/4000 (MMH/Transceiver)
o Device: Video Return Server
o Device: Ingest Servers:
o Device: LU2000/4000 Servers (MMH), LU200e, All devices.
o Device: Any computer used to access LiveU Central.
o Ubuntu Repositories (US only).
o Device: LU200e, LU210, LU220 & LiveU Solo.
o Device: LU200e, LU210, LU220.
o Device: LiveU Solo.
o Device: Solo Portal.
o Device: IFB / Audio Connect
o WebRTC Firewall Rules
o SRT - Secure Reliable Transport
o Thinclient IFB
o List of FQDNs to check Unit connectivity
• Air Control Network requirements
• AIR Control components connectivity/Network requirements

• Servers:
o Multimedia Hub
o Video Return
o Ingest Servers.
• Gateway (DataBridge) Servers.
• LiveU units.
o LU2XX
o LU300/300s
o LU6XX
o LU8XX

The information detailed in this document is relevant for products at version 7.5 and above.

General Note

Organization tools like Fortigate IPS (Intrusion prevention system) https://www.fortinet.com/products/ips can block WSS/HTTPS
traffic towards LiveU Cloud servers ( MMH in cloud ) , or can block the resolving of our servers domain
name https://support.opendns.com/hc/en-us/articles/227988047-Web-Content-Filtering-and-Security. In such case orgspecif anization
IT will need to add our servers domain to the tool white list

System Schematics
Port & IP Information
Device: LU2000/4000 (MMH/Transceiver)

Note
port 18255 & 1935 are the server internal ports .Customer can use any external available port ( in firewall ) and forward the traffic
towards these internal ports . External ports should be added to LiveU configuration (In the case the external ports aren't the same as
the internal ) , LiveU Support can work with you

Protocol Ports Source/Destination Required/Optional Comments


Incoming video and audio from any LiveU device
Inbound UDP 8601-8606 Anywhere Required
Note: If these ports are not available, LiveU support
can work with you to use others
Used for session initialization when using the LiveU
& Panasonic solution where select camera models
Inbound TCP 8601-8606 Anywhere Optional can stream directly to your LU2000. If you plan to
trial or use the Panasonic solution, these ports are
required
Inbound UDP 8609-8615 Anywhere Optional Used with the IFB feature available on LiveU units
Used for video and audio delivery from a Panasonic
camera that supports direct LiveU streaming. If you
Inbound UDP 8620-8667 Anywhere Optional
plan to trial or use the Panasonic solution, these ports
are required
1935 is used for RTMP to see the video preview
in LiveU Matrix. 18255 is used for HTTP delivery of
Anywhere shared files from your LU2000 to your computer.
Optional
Inbound TCP 1935, 18255 Both are highly recommended.
(but recommended)
(see purpose)
Note: if these ports are not available, LiveU Support
can work with you to use other ports
“Failsafe” - if for any reason the MMH can’t reach the
main HUB, units will still be able to select channels
and start streaming from the unit GUI
Optional
Inbound TCP 10022 Anywhere
(but recommended)
As of V7.0 and above, each MMH has a local HUB
that the unit can connect to it if there is no connection
to the main HUB
rsync.liveu.tv
Required
873, 1873, Allows remote update of MMH servers through
Outbound TCP (34.211.59.49) (for software
22222 LiveU Central
updates)
(52.38.193.171)
lu-central.liveu.tv
Used by the LU2000 server to communicate
80, 443, (54.83.195.191)
Outbound TCP Required configuration details to LUC. Required to allow for
8543
6.0+ features to be recognized and available
(18.208.108.178)
The LU2000 must be able to reach a DNS server
Your organization’s
Outbound DNS DNS server (or Required
Any DNS, either internal or external to your network,
4.2.2.2)
is acceptable
hub1.liveu.tv
Command and Control protocol.
80, 443, (23.21.58.175)
Outbound TCP Required Note: if your firewall already allows all outbound
10020 hub2.liveu.tv
sessions, you will not need to open any explicit ports
(46.137.77.107)
LiveU’s support tool allows for the remote upgrade of
the LU2000 and diagnosis and debugs when
medic.liveu.tv necessary. While optional, without this access, LiveU
(54.247.127.242) Optional cannot offer the same level of support on your
Outbound TCP 8400-8600
medic2.liveu.tv (but recommended) LU2000
(54.83.47.114)
Note: if your firewall already allows all outbound
sessions, you will not need to open any explicit ports
Optional Used only if your LU2000 will be a LiveU
Outbound UDP 9000-9099 Anywhere
(but recommended) Multipoint distributor
If your firewall offers any form of UDP flood or
Special:
attack prevention, the IP address of your LU2000
Any UDP
needs to be whitelisted to disable this feature for this
Inbound UDP flood or Anywhere Required
IP. The video and audio stream is a long-running,
attack
high bandwidth stream of UDP packets and such
protection
features will interfere with receiving that stream
* The default base port is set to 15700 but maybe be
Required changed via the Central management platform. Note:
Inbound UDP 15700 * Anywhere
(for IP Pipe) if changed, the firewall settings need to be changed as
well
hub1.liveu.tv
(23.21.58.175) Optional Port 10,000 TCP to hub1.liveu.tv, and hub2.liveu.tv -
Outbound TCP 10000
hub2.liveu.tv (but recommended) is optional - for connectivity testing
(46.137.77.107)

Device: Video Return Server

Protocol Ports Source/Destination Required/Optional Comments


Used for RTP base port:
Inbound 18000-
Anywhere Required • Hardcoded to 2 instances.
UDP 18049
• Each instance uses up to 25 ports.

18255 is used for M-JPEG to see the video preview in


Anywhere Optional
Inbound LiveU Central. Opening this port is highly
18255 (but
TCP recommended. Note: if these ports are not available, LiveU
(see purpose) recommended)
Support can work with you to use other ports
“Failsafe” - if for any reason the MMH can’t reach the
main HUB, units will still be able to select channels and
Optional start streaming from the unit GUI.
Inbound
10022 Anywhere (but
TCP
recommended) As of V7.0 and above, each MMH has a local HUB that the
unit can connect to it if there is no connection to the main
HUB.
rsync.liveu.tv
Outbound 873, 1873, Required Allows remote update of MMH servers through LiveU
(34.211.59.49)
TCP 22222 (for updates) Central
(52.38.193.171)
lu-central.liveu.tv
Used by the Video Return server to communicate
Outbound 80, 443, (54.83.195.191)
Required configuration details to LUC. Required to allow for 6.0+
TCP 8543
features to be recognized and available
(18.208.108.178)
Your organization’s The Video Return server must be able to reach a DNS
Outbound
DNS server (or Required server. Any DNS, either internal or external to your
DNS
4.2.2.2) network, is acceptable
hub1.liveu.tv
Command and Control protocol.
Outbound 80, 443, (23.21.58.175)
Required Note: if your firewall already allows all outbound
TCP 10020 hub2.liveu.tv
sessions, you will not need to open any explicit ports
(46.137.77.107)
If your firewall offers any form of UDP flood or attack
Special:
prevention, the IP address of your Video Return server
Any UDP
Inbound needs to be whitelisted to disable this feature for this IP.
flood or Anywhere Required
UDP The video and audio stream is a long-running, high
attack
bandwidth stream of UDP packets, and such features will
protection
interfere with receiving that stream.

Device: Ingest Servers:

Protocol Ports Source/Destination Required/Optional Comments


Port 18255 is used to see the video preview and thumbnails on the
Ingest Portal in LiveU Central.
Opening this port, both locally and in the firewall, is a must for
seeing the files.

To open the port locally via the command line:


Inbound
18255 Anywhere Required
TCP
• open the port: sudo iptables -I INPUT -p tcp -m tcp --
dport 18255 -j ACCEPT
• switch to root user: sudo su
• save the rules: iptables-save > /etc/iptables/rules.v4
• go back to liveu user: exit

Device: LU2000/4000 Servers (MMH), LU200e, All devices.


Protocol Ports Source/Destination Required/Optional Comments
52.204.145.164

52.21.44.60

52.6.93.126
Outbound 80, 443, These IP addresses are used for High Availability
Required
TCP 8543 52.70.108.25 Load Balancing

52.72.46.113
54.209.189.230

104.196.13.7

Device: Any computer used to access LiveU Central.

Protocol Ports Source/Destination Required/Optional Comments


lu-central.liveu.tv
The portal software is delivered over HTTPS via
Outbound 80, 443, (54.83.195.191)
Required port 8543. Ports 80 and 443 just redirect you to the
TCP 8543
portal
(18.208.108.178)
Optional
Outbound The external and/or internal IP Video preview delivered by your LU2000 to your
1935 (but
TCP of your LU2000 workstation viewing LiveU Matrix
recommended)
Optional
Outbound The external and/or internal IP File downloads delivered from your LU2000 to your
18255 (but
TCP of your LU2000 workstation via LiveU Central
recommended)

Ubuntu Repositories (US only).


URL Ports IP's Comments
91.189.88.149
91.189.88.152
91.189.88.161
us.archive.ubuntu.com 80, 443
91.189.88.162
91.189.91.23
91.189.91.26

Device: LU200e, LU210, LU220 & LiveU Solo.

Protocol Ports Source/Destination Required/Optional Comments


When using the LU200e encoder on a private network to reach
your LU2000 remotely, the encoder requires some outbound
lu-central.liveu.tv
connections. If your firewall allows all outbound connections,
Outbound 443, (54.83.195.191)
Required you do not need to do anything further. If your firewall does not
TCP 8543
allow all outbound connections, the unit needs to reach lu-
(18.208.108.178)
central.liveu.tv for command communication. Besides, it requires
the outbound connections below.
hub1.liveu.tv
80, (23.21.58.175)
Outbound
443, Required Command and Control protocol
TCP
10020 hub2.liveu.tv
(46.137.77.107)
medic.liveu.tv
(54.247.127.242) Optional
Outbound 8400- File downloads delivered from your LU2000 to your workstation
(but
TCP 8600 via LiveU Central
medic2.liveu.tv recommended)
(54.83.47.114)
Device: LU200e, LU210, LU220.

Protocol Ports Source/Destination Required/Optional Comments


8601- LiveU MMH servers can be configured to use the most
Outbound 8608, External IP of your available ranges for UDP traffic. This call-out represents our
Required
UDP 9000- LU2000 defaults for MMH servers, Virtual servers, and MultiPoint
9010 cloud servers.

Device: LiveU Solo.

Protocol Ports Source/Destination Required/Optional Comments


Outbound Solo uses cloud resources to receive the UDP-based LRT stream and these resources come from a large pool of
UDP redundant possible destinations, including many IPs and ports.

Device: Solo Portal.

Protocol Ports Source/Destination Required/Optional Comments


107.22.247.170
Outbound TCP 8543 Required
54.225.169.111
54.235.167.20
Outbound TCP 80, 443 Required
204.236.238.140

Device: IFB / Audio Connect

If you restrict outbound traffic in firewalls, you will need to have the following open:
• Outbound port 5061 TLS/TCP, ports 15000 – 16500 RTP/UDP
• US customers: Outbound hostname ifb-us-01.liveu.tv (IP 34.232.180.93)
• EU customers: Outbound hostname ifb-eu-01.liveu.tv (IP 99.81.196.221)
• HKG customers: Outbound hostname ifb-hkg-01.liveu.tv (IP 18.163.90.145)

WebRTC Firewall Rules

Purpose Direction Source Protocol Port Destination Remarks


The same port should be
configured in VR /MMH via
WebRTC Signaling
the server GUI
port Port
“preview IP port” per MMH/VR server
Inbound <any> TCP MMH/VR server
from the range: 18100
web-client (thin- - 18199
in the case of 1:1 NAT or
client)
server with external IP you
can use port 443
*Can be limited to the
Google STUN Outbound <any> UDP 19302 Any* Google STUN URL
http://stun.l.google.com
129.159.69.138 - US
East - Ashburn (active)

193.122.181.232 - US
East - Ashburn (future)

130.61.8.103 -
Frankfurt (active)

158.101.180.199 -
* Can be limited to LiveU
Frankfurt (future)
STUN/TURN URL.
LiveU STUN/TURN
link.globalconnect.liveu.tv
infrastructure control 158.101.73.17 -
Outbound <any> UDP 3478
port. Will be used Tokyo (active)
Geo-location based,
from version 9.0
failovers can happen for
129.146.234.254 - US
improved availability
west - Pheonix (future)

168.138.111.21 -
Sydney

152.67.27.136 -
Mumbai

129.151.37.59 - Sao
Paolo
129.159.69.138 - US
East - Ashburn (active)

193.122.181.232 - US
East - Ashburn (future)

130.61.8.103 -
Frankfurt (active)

158.101.180.199 -
* Can be limited to LiveU
Frankfurt (future)
STUN/TURN URL.
LiveU STUN/TURN
link.globalconnect.liveu.tv
Relay media. Will 158.101.73.17 -
Outbound <any> UDP 49152-65535
be used from version Tokyo (active)
Geo-location based,
9.0
failovers can happen for
129.146.234.254 - US
improved availability
west - Pheonix (future)

168.138.111.21 -
Sydney (future)

152.67.27.136 -
Mumbai (future)

129.151.37.59 - Sao
Paolo (future)

SRT - Secure Reliable Transport

Purpose Direction Source Protocol Port Destination Remarks


SRT - Secure Reliable Transport Inbound / Outbound <any> UDP 7000-7999 Any*

Thinclient IFB

For thinclient IFB , organization should allow (under assumption thinclient is located inside the organization):

Purpose Direction Source Protocol Port Destination Remarks


IFB WSS
Outbound TCP 8089 TCP traffic (output )toward port 8089 asterisks servers Ips
signaling
RTP media 15000- UDP traffic (output ) towards random ports range : 15000-
Outbound UDP
traffic 16500 16500 asterisk servers IPs

List of FQDNs to check Unit connectivity

• List to use ping mechanism: INTERNET_REACHABILITY_SERVERS = 8.8.8.8, 8.8.4.4, 1.1.1.1


• List to use wget mechanism( Fallback of ping): ADDRESSES_FOR_CONNECTIVITY_CHECK_WGET = ( "lu-
central.liveu.tv", 80 )

Air Control Network requirements


AIR Control components connectivity/Network requirements

You might also like