Introduction
Natter is an interactive experience that uses two third party providers to power our service: Agora and Twilio. We recommend engagement with your IT team to determine any whitelisting activity that may need to take place ahead of your first event. Given the normalization of video communications, WebSocket technology and the UDP traffic protocol in recent years, for most customers, no action will be necessary.
However, failing to whitelist where it is needed may cause video connectivity issues with other users, a lack of connectivity at all with the platform, higher than expected latency or degraded video quality. The sections below outline how to whitelist both providers and perform confirmatory testing to validate.
Confirmatory Testing
Natter Support is available to support your IT team in undertaking confirmatory testing. A member of the Natter team (team@natter.co) will join you whilst testing to provide support and guidance.
Video Provider 1: Agora
We recommend IT teams whitelist Agora video services across all your enterprise firewall and any office/home-based VPNs to minimise the potential for technical issues.
With reference to the whitelisting guidance provided by Agora at the URL link below, Natter uses two Agora products, where Video SDK powers a video service and Signalling SDK powers our Chat service.
Where your enterprise firewall or VPN provider requires defined IP addresses to whitelist, you may be able to use Agora's Cloud Proxy Service (available here). Discuss your requirement here with your Natter Support Representative.
Video SDK (Web) Requirements
The following domains must be whitelisted:
.agora.io
.edge.agora.io
.sd-rtn.com
.edge.sd-rtn.com
Where the ports are as follows:
Destination Ports | Port Type | Operation |
80; 443; 3433; 4700 - 5000; 5668; 5669; 6080; 6443; 8667; 9667; 30011 - 30013 (Media Push, required) | TCP | Allow |
3478; 4700 - 5000 | UDP | Allow |
Signalling SDK (Web) Requirements
The following domains must be whitelisted:
.edge.agora.io
.edge.sd-rtn.com
web-1.ap.sd-rtn.com
web-2.ap.sd-rtn.com
ap-web-1.agora.io
ap-web-2.agora.io
webcollector-rtm.agora.io
logservice-rtm.agora.io
rtm.statscollector.sd-rtn.com
rtm.logservice.sd-rtn.com
Where the ports are as follows:
Destination Ports | Port Type | Operation |
443; 6443; 9591; 9593; 9601 | TCP | Allow |
View Agora's Documentation
The guidance provided above is intended as a summary. Click on the black button below to access Agora's guidance to understand any further requirements that may be necessary:
Video Provider 2: Twilio
Twilio is a US-listed (NASDAQ: TWLO) multimedia communications infrastructure provider with rigorous compliance certifications, including ISO 27001, 2017, 2018, SOC 2 Type 2 and CSA membership (here; https://www.twilio.com/en-us/security).
Natter uses Twilio’s Peer to Peer (P2P) Video product, where media is encrypted end-to-end (E2EE) using WebRTC security protocols. Twilio does not mediate the media exchange, which takes place through direct communication between the participants. To enhance security, Twilio does not intercept the media and hence cannot record or transcode or make it interoperate with other RTC services.
Set out below is a list of IP address ranges and protocols used to communicate with Twilio’s cloud, that can be used to configure your firewall or VPN to enable communication. At this time, Twilio Media Servers only support IPv4 addressing.
Signalling communication
Where the port and protocol for each is 443 WSS:
Region ID | Location | Host Name |
gll | Global Low Latency (default) | global.vss.twilio.com |
au1 | Australia | au1.vss.twilio.com |
br1 | Brazil | br1.vss.twilio.com |
de1 | Germany | de1.vss.twilio.com |
ie1 | Ireland | ie1.vss.twilio.com |
ind1 | India | in1.vss.twilio.com |
jp1 | Japan | jp1.vss.twilio.com |
sg1 | Singapore | sg1.vss.twilio.com |
us1 | US East Coast (Virginia) | us1.vss.twilio.com |
us2 | US West Coast (Oregon) | us2.vss.twilio.com |
Media Services
Ports used: 10,000 - 60,000 UDP/SRTP/SRTCP or TLS/443 or UDP/3478:
Region ID | Location | Server IPv4 Address Range |
au1 | Australia | 13.210.2.128/27 (13.210.2.128 - 13.210.2.159) 54.252.254.64/26 (54.252.254.64 - 54.252.254.127) 3.25.42.128/25 (3.25.42.128 - 3.25.42.255) |
br1 | Brazil | 18.231.105.32/27 (18.231.105.32 - 18.231.105.63) 177.71.206.192/26 (177.71.206.192 - 177.71.206.255) 18.230.125.0/25 (18.230.125.0 - 18.230.125.127) |
de1 | Germany | 52.59.186.0/27 (52.59.186.0 - 52.59.186.31) 18.195.48.224/27 (18.195.48.224 - 18.195.48.255) 18.156.18.128/25 (18.156.18.128 - 18.156.18.255) |
ie1 | Ireland | 52.215.253.0/26 (52.215.253.0 - 52.215.253.63) 54.171.127.192/26 (54.171.127.192 - 54.171.127.255) 52.215.127.0/24 (52.215.127.0 - 52.215.127.255) 3.249.63.128/25 (3.249.63.128 - 3.249.63.255) |
ind1 | India | 52.66.193.96/27 (52.66.193.96 - 52.66.193.127) 52.66.194.0/26 (52.66.194.0 - 52.66.194.63) 3.7.35.128/25 (3.7.35.128 - 3.7.35.255) |
jp1 | Japan | 13.115.244.0/27 (13.115.244.0 - 13.115.244.31) 54.65.63.192/26 (54.65.63.192 - 54.65.63.255) 18.180.220.128/25 (18.180.220.128 - 18.180.220.255) |
sg1 | Singapore | 13.229.255.0/27 (13.229.255.0 - 13.229.255.31) 54.169.127.128/26 (54.169.127.128 - 54.169.127.191) 18.141.157.128/25 (18.141.157.128 - 18.141.157.255) |
us1 | US East Coast (Virginia) | 34.203.254.0/24 (34.203.254.0 - 34.203.254.255) 54.172.60.0/23 (54.172.60.0 - 54.172.61.255) 34.203.250.0/23 (34.203.250.0 - 34.203.251.255) 3.235.111.128/25 (3.235.111.128 - 3.235.111.255) |
us2 | US West Coast (Oregon) | 34.216.110.128/27 (34.216.110.128 - 34.216.110.159) 54.244.51.0/24 (54.244.51.0 - 54.244.51.255) 44.234.69.0/25 (44.234.69.0 - 44.234.69.127) |
Additional Connectivity Requirements
Host Name | Port and Protocol |
sdkgw.us1.twilio.com | 443 WSS |
View Twilio's Documentation
Click on the black button below to access Twilio's guidance: