You are here: Diagnostics > Pexip Infinity port usage

Pexip Infinity port usage

The diagrams and tables below show the ports used when the Management Node and Conferencing Node connect to other devices.

Note that in all Pexip Infinity deployment scenarios:

  • All Pexip nodes must be fully routable to each other (full mesh) in both directions. This means that the Management Node must be able to reach every Conferencing Node, and each Conferencing Node must be able to reach every other Conferencing Node.
  • Any internal firewalls must be configured to allow UDP port 500 and traffic using IP protocol 50 (ESP) in both directions between all Pexip nodes.
  • There cannot be a NAT between any Pexip nodes.

Management Node

Inbound

Protocol Source‑Port Dest‑Port Description Device
TCP <any> 22 SSH * SSH client
TCP <any> 80 HTTP * Web browser / API interface
TCP <any> 443 HTTPS Web browser / API interface
UDP <any> 161 SNMP ‡ SNMP server
UDP 500 500 ISAKMP (IPsec) Conferencing Node
ESP n/a n/a IPsec / IP Protocol 50 Conferencing Node

Outbound

Protocol Source‑Port Dest‑Port Description Device
TCP/UDP 55000–65535 53 DNS DNS server
TCP 55000–65535 389 / 636 LDAP ‡ LDAP server
TCP 55000–65535 443 HTTPS vCenter Server and any ESXi host on which workers may be deployed *
TCP 55000–65535 443 HTTPS Pexip Licensing server (pexip.flexnetoperations.com, 64.14.29.85) *
TCP 55000–65535 443 HTTPS ‡ Incident reporting server (acr.pexip.com)
TCP 55000–65535 443 HTTPS ‡ Usage statistics (api.keen.io) *
UDP 123, 55000–65535 123 NTP NTP server
UDP <any> 161 † SNMP ‡ SNMP NMS
UDP 500 500 ISAKMP (IPsec) Conferencing Node
UDP † 55000–65535 514 † Syslog ‡ Syslog server
ESP n/a n/a IPsec / IP Protocol 50 Conferencing Node

* Only required if you want to allow administrative access via this port.

† Configurable by the administrator.

‡ Only applies if the relevant feature is configured.

Note also that the ephemeral port range (55000–65535) is subject to change.

Management Node port usage

Conferencing Nodes

Inbound

Protocol Source‑Port Dest‑Port Description Device
TCP <any> 22 SSH * SSH client
TCP <any> 80 HTTP * Web browser / API interface / Lync / Skype for Business system (for conference avatar)
TCP <any> 443 HTTPS Web browser/ API interface / Infinity Connect Mobile client
TCP <any> 1720 H.323 (H.225 signaling) Endpoint / call control system
TCP <any> 5060 SIP Endpoint / call control system
UDP ‡ <any> 5060 SIP Endpoint / call control system
TCP <any> 5061 SIP/TLS Endpoint / call control system
TCP <any> 33000–39999 ** H.323 (Q.931/H.245 signaling) Endpoint / call control system
TCP/UDP <any> 40000–49999 ** RTP / RTCP / RDP / DTLS / RTMP / STUN / TURN Endpoint / call control system / Lync / Skype for Business system / Infinity Connect ††
UDP <any> 161 SNMP ‡ SNMP server
UDP 500 500 ISAKMP (IPsec) Management Node / Conferencing Node
UDP <any> 1719 H.323 (RAS signaling) Endpoint / call control system
ESP n/a n/a IPsec / IP Protocol 50 Management Node / Conferencing Node

Outbound

Protocol Source‑Port Dest‑Port Description Device
TCP/UDP 55000–65535 53 DNS DNS server
TCP 55000–65535 443 HTTPS ‡ Incident reporting server (acr.pexip.com)
TCP 33000–39999 ** 1720 H.323 (H.225 signaling) Endpoint / call control system
TCP/UDP 33000–39999 ** 5060 SIP Endpoint / call control system
TCP 33000–39999 ** 5061 SIP/TLS Endpoint / call control system
TCP 33000–39999 ** <any> H.323 (Q.931/H.245 signaling) Endpoint / call control system
TCP/UDP 40000–49999 ** <any> RTP / RTCP / RDP / DTLS / RTMP / STUN / TURN Endpoint / call control system / Lync / Skype for Business system / Infinity Connect ††
TCP 40000–49999 ** 1935 RTMP RTMP streaming server
UDP 123, 55000–65535 123 NTP NTP server
UDP <any> 161 † SNMP ‡ SNMP NMS
UDP 500 500 ISAKMP (IPsec) Management Node / Conferencing Node
UDP † 55000–65535 514 † Syslog ‡ Syslog server
UDP 33000–39999 ** 1719 H.323 (RAS signaling) Endpoint / Call control system
UDP 40000–49999 ** 3478 † STUN / TURN STUN / TURN server
ESP n/a n/a IPsec / IP Protocol 50 Management Node / Conferencing Node

* Only required if you want to allow administrative access via this port.

† Configurable by the administrator.

** Configurable via the Media port range start/end and Signaling port range start/end options (see About global settings).

†† Infinity Connect web, mobile and desktop (installable) clients

‡ Only applies if the relevant feature is configured.

Note also that:

  • ICE calls allocate 4 ports per media line/stream.
  • The ephemeral port range (55000–65535) is subject to change.

Conferencing Node port usage