05/31/17 21:20 PM  

RingCentral Network Requirements and Recommendations

« Go Back


SummaryWhat are the RingCentral Network Requirements and recommendations to improve phone call quality?


The purpose of this article is to provide RingCentral customers with User site network requirements and recommendations to ensure that the RingCentral Unified Communications services operates properly. These requirements include constraints for network capacity, quality of service, firewall configuration, and unsupported devices and configurations.

NOTE: This condensed version contains the same requirements as the Expanded Version of RingCentral Network Requirements and Recommendations article but does not include background on the requirements, their architectural context, or bandwidth calculations.


The following acronyms are used in this document:
ACLAccess Control ListQoSQuality of Service
ALGApplication Layer GatewayRTPReal-time Protocol
DPIDeep Packet InspectionSIPSession Initiation Protocol
DSCPDifferentiated Services Code PointSPIStateful Packet Inspection
EFExpedited ForwardingTCPTransport Control Protocol
IPInternet ProtocolUDPUser Diagram Protocol
ISPInternet Service ProviderVLANVirtual LAN
LANLocal Area NetworkVoIPVoice over IP
NTPNetwork Time ProtocolWANWide-Area Network

Required and Recommended Devices and Configurations

RingCentral requires that the User network supports a minimal set of features to ensure a high-quality VoIP service.
Tested Routers
A set of SMB class WAN routers has been validated to work properly with the RingCentral VoIP service. The list of routers that have been tested can be found at: ringcentral.com/support/qos-router.html. In general, Enterprise class routers support all of the QoS capabilities and configuration options described in the Expanded Version of RingCentral Network Requirements and Recommendations.

QoS / Traffic Prioritization
To ensure reliable media traffic transport through the local network to and from all RingCentral endpoints, routers must support and enable traffic prioritization: routers need to be configured such that VoIP and video traffic are handled with Expedited Forwarding (EF) DSCP 46.

QoS / Bandwidth Management
It is advised to set a minimum guaranteed bandwidth in accordance with the maximum number of expected phone and video calls. The required bandwidth and network link capacities can be calculated according to the procedure provided on the Expanded Version of RingCentral Network Requirements and Recommendations.

If VLANs are supported by network switches, then it is recommended (but not required) to define a VLAN specifically for VoIP and video traffic to logically separate these types of traffic from data traffic. This simplifies management of the unified communications infrastructure.

Unsupported Devices and Configurations

Some types of devices, device settings, and network configurations are not supported by the RingCentral unified communications solution, as they are known to cause continuous or intermittent voice quality issues (high latency, packet loss or jitter).

The following types of device, device configurations, and network configurations are not supported by the RingCentral VoIP solution:
• Load Balancers routing VoIP traffic concurrently across more multiple WAN links
• WAN Accelerators
• Satellite network connections
Use of load balancers can cause out-of-order packet arrival, which can result in intermittent or continuous voice quality issues. Load balancers can also result in interrupted audio streams and SIP messaging due to Session Border Controllers (SBC) state, and NAT TCP sessions state being inconsistent between the customer and RingCentral equipment. WAN accelerators use compression and data duplication to reduce generated traffic. For VoIP, this can lead to packet loss and extra jitter.

For proper support of the RingCentral Unified Communication services, the following device configuration settings may need to be disabled on IP devices (layer 3 devices, routers, firewalls), and Ethernet switches:
• IP devices:
 Session Initiation Protocol Application Layer Gateway (SIP ALG), also referred to as SIP Transformations
 Deep Packet Inspection (DPI),
 Application Layer Access Control
 Stateful Packet Inspection (SPI), also called dynamic packet filtering
 Intrusion Detection/Intrusion Prevention System (IDS/IPS)
 WAN Acceleration

• Ethernet switches:
 Green Ethernet for power saving
 Dynamic ARP inspection

Enabling these device configuration settings may result in intermittent call problems related to phone and call connectivity (phone registration or call feature operation) or excessive voice quality impairments (high latency and jitter).

For some of the functionality mentioned under IP devices (such as DPI), the packets may traverse a separate processing limited engine which may cause the mentioned impairment. The impact on QoS may be minimal when using an advanced networking devices. IDS/IPS may limit packet streams to a certain bandwidth causing intermittent audio issues across multiple calls when the number of calls exceeds a certain volume. Disabling the mentioned functionality in IP devices can be restricted to the listed RingCentral supernets by applying policy-based filtering. 

Firewall Access

The table below indicates the source port and destination port numbers that are, besides a source IP address, entered in signaling, media and auxiliary traffic packets by the RingCentral phone and applications residing in the private network. The designation ‘random’ means that the source port is randomly selected by the host.

There are no separate ports necessary for Busy Lamp Appearance. BLA uses the signaling ports and uses standard SIP NOTIFY packets. It will use whatever ports all the other messages are using (INVITE, BYE, REGISTER, etc.).

It is assumed that a firewall with Network Address Translation functionality resides at the interface between the private network and ISP-WAN. The notions of inbound and outbound are defined relative to a local private network. 

The source (IP address, port number) pair will be translated by the NAT function into a public source (IP address, port number) pair. To allow traffic to be passed from the private network to the ISP-WAN, if not opened by default, the firewall needs to open a set of outbound ports matching the destination ports indicated in the last column of the table.

In a stateful firewall, no inbound ports need to be opened because they are automatically opened upon a reply to outbound traffic initiated by the RingCentral endpoint. NAT entry expiration timeout must be set to larger than 5 minutes since telephones re-register every 5 minutes and between registrations keep-alive messages need to be transferred from RingCentral call servers to telephones. For security reasons, it is advised to use stateful firewalls and TCP session time-out > 300sec

In most stateful firewalls, no inbound ports need to be opened because they are automatically opened upon a reply to outbound traffic initiated by the RingCentral endpoint in the local network. However, tt may still be necessary to open inbound ports on certain stateful firewalls when stateful operation behaves incorrectly (e.g. in some SoHo firewalls).

NAT entry expiration timeout must be set to larger than 5 minutes since IP telephones re-register every 4 minutes (Cisco) or 5 minutes (Polycom).

Traffic TypeProtocolsSource Port NumberDestination Port Number
ProvisioningHTTP/TCP and HTTPS/TCPrandom80 and 443
SignalingSIP/UDP5060-50995090, 5091, 5096, 5097
SignalingSIP/TCP and SIP/TLS/TCP5060-6000, random5090, 5091, 5096, 5097
MediaSRTP/UDP, RTP/UDP, and STUN4000-5000, 8000-8200, 16384-16482, 20000-600005091, 3478-3479, 8801, 20000-64999
Signaling and Media
HTTP/TLS/TCP, STUN/UDP5060, 6182, 8080, 8083*5060, 6182, 8080, 8083
Network Time ServiceNTP/UDPrandom123
Mobile App Data SyncHTTPSrandom443
LDAP Directory ServiceLDAP-SSL/TCPrandom636
*Already in Media Port range

Routers and firewalls usually support an Access Control List (ACL) which can be configured to allow or deny inbound traffic based on source/destination IP address or port numbers produced by remote applications. The following inbound ACL rules may be configured in order to disable certain firewall feature such as Deep Packet Inspection (DPI):

The supernets below are owned and used by RingCentral for unified communication services.

• Avoid use of "any / any" ACL rules to prevent opening too many ports.

NOTE: For detailed information about RingCentral's network requirements and recommendations, you can read the Expanded Version: RingCentral Network Requirements and Recommendations.

Was this information helpful?

Tell us why and what can we do to improve this information