RingCentral Network Requirements and Recommendations

« Go Back

Article

 
SummaryHow do I set up my network to get the best VoIP experience with RingCentral?
Details
 

Introduction

The purpose of this article is to provide RingCentral customers with User site network requirements and recommendations to ensure that the RingCentral Unified Communications services operates properly. These requirements include constraints for network capacity, quality of service, firewall configuration, and unsupported devices and configurations. This condensed version contains the same requirements as the expanded version of the RingCentral Network Requirements and Recommendations article but does not include background on the requirements, their architectural context, or bandwidth calculations.
 

Acronyms

The following acronyms are used in this document:
 
ACLAccess Control ListQoSQuality of Service
ALGApplication Layer GatewayRTPReal-time Protocol
DPIDeep Packet InspectionSIPSession Initiation Protocol
DSCPDifferentiated Services Code PointSPIStateful Packet Inspection
EFExpedited ForwardingTCPTransport Control Protocol
IPInternet ProtocolUDPUser Diagram Protocol
ISPInternet Service ProviderVLANVirtual LAN
LANLocal Area NetworkVoIPVoice over IP
NTPNetwork Time ProtocolWANWide-Area Network
 

Required and Recommended Devices and Configurations

RingCentral requires that the User network supports a minimal set of features to ensure a high-quality VoIP service.
 
Tested Routers
A set of WAN routers has been validated to work properly with the RingCentral VoIP service. The list of recommended routers that have been tested can be found at: ringcentral.com/support/qos-router.html. Other firewalls and routers have not been tested in an end-to-end RingCentral VoIP solution and may or may not work properly.

QoS / Traffic Prioritization
For the reliable transport of media traffic, User routers must support and enable traffic prioritization: routers need to be configured such that VoIP and video traffic are handled with Expedited Forwarding (EF) DSCP 46.

QoS / Bandwidth Management
It is advised to set a minimum guaranteed bandwidth in accordance with the maximum number of expected phone and video calls. The required bandwidth and network link capacities can be calculated according to the procedure provided in RingCentral Network Requirements and Recommendations - Expanded version.

VLANs
If VLANs are supported by network switches, then it is recommended (but not required) to define a VLAN specifically for VoIP and video traffic to logically separate these types of traffic from data traffic. This simplifies management of the unified communications infrastructure.
 

Unsupported Devices and Configurations

Some types of device, device configurations, and network configurations are not supported by the RingCentral VoIP solution, as they are known to cause continuous or intermittent voice quality issues.

Unsupported Devices and Configurations

RingCentral does not support the use of any of the following devices or network configurations to provide VoIP or video service:
• Load Balancers routing VoIP traffic concurrently across more multiple WAN links
• WAN Accelerators
 

Device Configurations

For proper support of the RingCentral Unified Communications Service, the following device settings may need to be disabled on routers, firewalls, and Ethernet switches.

• Router and Firewalls:
 Session Initiation Protocol Application Layer Gateway (SIP ALG)
 Deep Packet Inspection (DPI)
 Stateful Packet Inspection (SPI)
 WAN Acceleration
 SIP Transformation on SonicWall Security Appliance
• Ethernet Switches: Green Ethernet for power saving

NOTE: Disabling the router and firewall functionality can be restricted to the RingCentral addresses provided in the next section.
 

Firewall Control

The table below indicates the source port and destination port numbers that are, besides a source IP address, entered in signaling, media and auxiliary traffic packets by the RingCentral phone and applications residing in the private network. The designation ‘random’ means that the source port is randomly selected by the host.

For the next considerations, it is assumed that a firewall with Network Address Translation functionality resides at the interface between the private network and ISP-WAN. The notions of inbound and outbound are defined relative to a local private network. 

The source (IP address, port number) pair will be translated by the NAT function into a public source (IP address, port number) pair. To allow traffic to be passed from the private network to the ISP-WAN, if not opened by default, the firewall needs to open a set of outbound ports matching the destination ports indicated in the last column of the table.

In a stateful firewall, no inbound ports need to be opened because they are automatically opened upon a reply to outbound traffic. NAT entry expiration timeout must be set to larger than 5 minutes since telephones re-register every 5 minutes and between registrations keep-alive messages need to be transferred from RingCentral call servers to telephones.

For security reasons, it is advised to avoid use of non-stateful firewalls.
 
Traffic TypeProtocolsSource Port NumberDestination Port Number
ProvisioningHTTP/TCP and HTTPS/TCPrandom80 and 443
SignalingSIP/UDP5060-50995090, 5091, 5096, 5097
SignalingSIP/TCP and SIP/TLS/TCP5060-6000, random5090, 5091, 5096, 5097
MediaSRTP/UDP, RTP/UDP, and STUN4000-5000, 8000-8200, 16384-16482, 20000-600005091, 3478-3479, 8801, 20000-64999
WebRTCHTTP/TLS/TCP, STUN/UDP5060, 6182, 8080, 8083*5060, 6182, 8080, 8083
Network Time ServiceNTP/UDPrandom123
Mobile App Data SyncHTTPSrandom443
LDAP Directory ServiceLDAP-SSL/TCPrandom636
*Already in Media Port range

Routers and firewalls usually supports an Access Control List (ACL) which can be configured to allow or deny inbound traffic based on source/destination IP address or port numbers produced by remote applications. The following inbound ACL rules may be configured in order to disable certain firewall feature such as Deep Packet Inspection (DPI):
 
• For inbound traffic, the ACL must be set to the following RingCentral originating source IP address ranges:
    104.245.56.0/21, 185.23.248.0/22, 199.68.212.0/22, 199.255.120.0/22, 103.44.68.0/24

• Use of “any / any” ACL rules must be avoided to prevent opening too many ports.

NOTE: You can download a .pdf copy of this document at https://netstorage.ringcentral.com/guides/network_condensed.pdf


 
Ranking
Was this information helpful?
Yes
No
Somewhat

Tell us why and what can we do to improve this information