メニュー

Expand
Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Voice Client JS and Mobile SDKs’ Network Connectivity Requirements

The following article outlines Twilio’s Voice Client JS and Mobile SDKs’ requirements for network connectivity. It lists the Twilio servers’ ports and IP addresses that the SDKs must be able to reach, and the bandwidth required for quality audio.

Connectivity checklist

  1. Choose the region you will connect to and whitelist Media servers and Signalling servers
  2. If you are using Global Low Latency region, check the requirements
  3. If you have access to Private Interconnect regions, you will need to whitelist these destinations
  4. Ensure you meet the bandwidth requirements
  5. Check the recommendations and best practices
  6. Test your connectivity using this Network Test Tool

Connectivity Overview

Applications using Twilio’s Programmable Voice Client JS or Mobile SDKs require connectivity to Twilio’s infrastructure to be able to place and receive calls. As shown in the diagram below, two types of connections are required, Signalling and Media. The signalling connection is a secure TLS connection that is used for sending and receiving control information to set up calls and the media connection is a secure SRTP (Secure Real-time Transport Protocol) connection that is used to send and receive audio.

Twilio Client Connectivity

Furthermore, Twilio’s Programmable Voice infrastructure is deployed in regions all over the world. By default, the SDKs use Global Low Latency (GLL) to determine the optimal Twilio region to connect to.

Twilio Region Connectivity

Firewall Configuration

In a typical organization network setup, a firewall is used to protect the private network hosts from the Internet. Firewalls are configured with rules to block or allow traffic to and from Internet destinations based on direction, protocol, and IP address.

Twilio Client Firewall and Region Connectivity

To access Twilio, your firewall should allow outgoing TCP and UDP traffic from your applications to Twilio’s infrastructure and allow return traffic in response. Twilio will never initiate a connection to the client applications. Therefore, the firewall should not allow externally initiated connections back into the network.

In the Connectivity Requirements sections that follow, the required destination IP addresses and ports are listed. Your firewall should be configured to allow connectivity to the Media servers and the Signalling gateways corresponding to the SDK you are using.

Voice Media Servers Connectivity Requirements

Your Intranet

Whitelisted destinations

Secure Media (ICE/STUN/SRTP) Region

Protocol

ソース

IP

Source Port †

Destination

IP Ranges

Destination Port Range

Australia (au1)

UDP

ANY

ANY

54.252.254.64 - 54.252.254.12

and

3.104.90.0 - 3.104.90.255

10,000 - 20,000

Brazil (br1)

UDP

ANY

ANY

177.71.206.192 - 177.71.206.255

and

18.228.249.0 - 18.228.249.255

10,000 - 20,000

Ireland (ie1)

UDP

ANY

ANY

54.171.127.192 - 54.171.127.255

and

52.215.127.0 - 52.215.127.255

10,000 - 20,000

Frankfurt (de1)

UDP

ANY

ANY

35.156.191.128 - 35.156.191.255

and

3.122.181.0 - 3.122.181.255

10,000 - 20,000

Japan (jp1)

UDP

ANY

ANY

54.65.63.192 - 54.65.63.25

and

3.112.80.0 - 3.112.80.255

10,000 - 20,000

Singapore (sg1)

UDP

ANY

ANY

54.169.127.128 - 54.169.127.191

and

3.1.77.0 - 3.1.77.255

10,000 - 20,000

US East coast Virginia (us1)

UDP

ANY

ANY

54.172.60.0 - 54.172.61.255

and

34.203.250.0 - 34.203.251.255

10,000 - 20,000

GLL (Global Low Latency)

UDP

ANY

ANY

All IP addresses listed above

10,000 - 20,000

† The SDK will select any available port from the ephemeral range. On most machines, this means the port range 1,024 to 65,535.

Signalling Connectivity Requirements

Signalling requirements differ between Twilio Client JS, Mobile SDKs. The following section provides the connectivity requirements for each of these SDKs.

Your Intranet

Whitelisted destinations

Protocol

Source IP

Source Port †

Destination

Destination Port

Twilio Client JS

Secure TLS connection to Twilio signalling Gateway

TCP

ANY

ANY

chunderw-gll.twilio.com

443

Secure TLS connection to Twilio signalling Gateway

TCP

ANY

ANY

chunderw-vpc-gll.twilio.com

443

Secure TLS Connection to Twilio Regional Signalling gateways

TCP

ANY

ANY

chunderw-vpc-gll-{region}.twilio.com

{Where region is one of: au1, br1, de1, ie1, jp1, sg1, us1}

443

Secure TLS Insights logging gateway

TCP

ANY

ANY

eventgw.twilio.com

443

Mobile Voice SDKs

Secure TLS connection to Twilio GLL Signalling Gateway

TCP

ANY

ANY

chunderm.gll.twilio.com §

443

(10194 §)

Secure TLS Connection to Twilio Regional Signalling Gateways

TCP

ANY

ANY

chunderm.{region}.gll.twilio.com §

{Where region is one of: au1, br1, de1, ie1, jp1, sg1, us1}

443

(10194 §)

Secure TLS to Insights Gateway

TCP

ANY

ANY

eventgw.twilio.com

443

Secure TLS to Registration Server

TCP

ANY

ANY

ers.twilio.com

443

† The client will select any available port from the ephemeral range. On most machines, this means the port range 1,024 to 65,535.

§ Mobile SDKs versions prior to 3.x require port 10194 instead of 443. If still using pre 3.x version, we recommend you upgrade to the latest version

Private Interconnect Regions

If you have access to private Interconnect connections, you will also be able to use one of the following values

Your Intranet

Whitelisted destinations

Protocol

Source IP

Source Port †

Destination

Destination Port

us1-ix


TCP ANY ANY 208.78.112.64 - 208.78.112.127 443
UDP ANY ANY 208.78.112.64 - 208.78.112.127 10000-2000

us2-ix

TCP

ANY

ANY

67.213.136.64 - 67.213.136.127

443

UDP

ANY

ANY

67.213.136.64 - 67.213.136.127

10000-20000

ie1-ix

TCP

ANY

ANY

185.187.132.64 - 185.187.132.127

443

UDP ANY

ANY

185.187.132.64 - 185.187.132.127

10000-20000

de1-ix

TCP

ANY

ANY

185.194.136.64 - 185.194.136.127

443

UDP ANY

ANY

185.194.136.64 - 185.194.136.127

10000-20000

sg1-ix**

TCP

ANY

ANY

103.75.151.64 - 103.75.151.127

443

UDP ANY

ANY

103.75.151.64 - 103.75.151.127

10000-20000

jp1-ix**

TCP ANY ANY 103.144.142.68 - 103.144.142.69 - 103.144.142.70 443
UDP ANY

ANY

103.144.142.68 - 103.144.142.69 - 103.144.142.70

10000-20000

au1-ix**

TCP

ANY

ANY

103.144.214.68 - 103.144.214.69 - 103.144.214.70

443

UDP ANY

ANY

103.144.214.68 - 103.144.214.69 - 103.144.214.70

10000-20000

† The client will select any available port from the ephemeral range. On most machines, this means the port range 1,024 to 65,535.

** Requires Voice Client JS SDK 1.9.5+

Network Bandwidth Requirements

The following table lists the network requirements to deliver reasonable audio quality.

Bandwidth (Uplink/Downlink)

Opus*: 40kbps / 40kbps

PCMU: 100kbps / 100kbps

Latency (RTT)

< 200ms

jitter

< 30ms

Packet Loss

< 3%

* Opus codec is available from Client JS version 1.7 and Mobile Voice SDKs 3.x

Note, the Opus bandwidth requirements listed above are the default settings for Opus. Opus codec supports bandwidth control by allowing you to specify how much bandwidth it should use. See section recommendations and best practices below for how to configure Opus’ bandwidth requirements.

Global Low Latency Requirements

GLL is an AWS Route53 feature that resolves a hostname to the region with the least latency. This removes the need for the application developer to determine where the end user is connecting from or manually choosing which region to connect to.

However, in order for GLL to give accurate results, the intermediate DNS must:

  • Support RFC 7871 - Client Subnet in DNS Queries.
  • Reside in the same region as the Client endpoint. For example, a host in the US configured with a VPN to Europe or configured with a DNS server that resides in Europe will result in connecting that host to Twilio region in Europe

If the intermediate DNS does not support RFC 7871 and the upstream DNS IP address is an Anycast address e.g. 8.8.8.8 then there is no guarantee Route53 will accurately determine the best region to connect to.

How to determine if GLL will work

To determine if your DNS supports GLL, use the dig or nslookup commands as follows:

dig edns-client-sub.net TXT

Or using nslookup

nslookup -type=txt edns-client-sub.net

A DNS server that supports this RFC will have ecs set to True and contains an ecs_payload object:

;; ANSWER SECTION:

edns-client-sub.net. 30 IN TXT "{'ecs_payload':{'family':'1','optcode':'0x08','cc':'US','ip':'34.225.44.0','mask':'24','scope':'0'},'ecs':'True','ts':'1588973397.05','recursive':{'cc':'US','srcip':'208.69.32.67','sport':'11807'}}"

A server that does not support this RFC will have ecs set to False:

;; ANSWER SECTION:

edns-client-sub.net. 0 IN TXT "{'ecs':'False','ts':'1588973475.23','recursive':{'cc':'US','srcip':'76.96.15.65','sport':'54989'}}"

Recommendations and Best Practices

Use a Specific Region

If you have a restrictive network and you specify GLL when connecting to Twilio, all media server IP addresses in all regions must be whitelisted. If you are not operating in all regions, we recommend you specify the region that is closest to your deployment. With this approach, you will only need to whitelist the Media server addresses for the region that you specify.

To select the region, use the following snippet:

Twilio.Device.setup(token, { edge: 'ashburn'});

// Prior to v1.11 the region parameter was used.
// region is now deprecated, use edge
Twilio.Device.setup(token, { region: 'us1'});

// Set the region
Voice.setRegion('us1');

// Then, you can connect or handle the incoming call notification

// Set the region
TwilioVoice.region = "us1"

// Then, you can connect or handle the incoming call notification

See the iOS API documentation for more information

Use Twilio’s Network Traversal Service (NTS) When UDP Ports Cannot be Whitelisted

For best audio quality, your firewall should allow your local hosts to initiate the connection to twilio and send UDP (DTLS/SRTP) traffic to the Twilio Media servers.

However, If your network policy prohibits UDP connectivity, you can utilise Twilio’s Global Network Traversal Service (NTS) to establish media connectivity over TCP or TLS. Please refer to the NTS documentation for a list of TURN servers and ports that will also need to be whitelisted.

Note, using TURN incurs extra charges as per NTS pricing. Refer to Global Network Traversal Service for more information.

Use Opus Codec to Control Bandwidth Requirements

Opus codec has many advantages over PCMU and should be used by your applications. Opus is the default codec for Mobile SDKs.

To use Opus in your web application, use the following snippet initializing device

Twilio.Device.setup(token, { codecPreferences: ['opus', 'pcmu']});

To set a custom bandwidth (16kbps), use the following snippet:

Twilio.Device.setup(token, { codecPreferences: ['opus', 'pcmu'], maxAverageBitrate: 16000} );

Use Twilio’s Private Interconnect for Enhanced Security and Bandwidth Control

Twilio offers several solutions for private and secure connectivity to Twilio. See https://www.twilio.com/interconnect for more details.

Related Topics

Getting started? See all of our Getting started Guides

Check some more of our Best Practices

Read more about Twilio Regions

Check connectivity to Twiliioi using this Network Test Tool

Rate this page:

ヘルプが必要ですか?

誰しもが一度は考える「コーディングって難しい」。そんな時は、お問い合わせフォームから質問してください。 または、Stack Overflow でTwilioタグのついた情報から欲しいものを探してみましょう。