Network Requirements
- Dean Cousin
- Zac Herd
- Stu George
- Zeeshan Nehal (Deactivated)
Hardware Considerations
A standard Igloo system will typically come with a full set of networking equipment to fit the requirements of the system. In the case of an Igloo system being installed into a pre-existing network that cannot be added to by Igloo’s equipment, there are a couple of considerations that will ensure the Igloo operates as best it can.
A standard IMP is fitted with a 1Gbe network port. Many streaming aspects of the Igloo (NDI, Dante, other streaming protocols) can be quite bandwidth-intensive, so 10GbE network infrastructure may be considered to help ensure the smoothest streaming playback.
Some peripherals in an Igloo System utilise the Power over Ethernet standard and, recently with the edition of some 4K NDI PTZ webcams, this can include a requirement for PoE++ network switches.
Firewall Rules
An Igloo media server can be entirely self-contained, though in most cases internet access will be required for system updates, content downloads, web services, etc. There may also be requirements for the media server to communicate with clients on a corporate network, e.g. for NDI streaming. The following table describes ports for common services that are used by an Igloo Media server, as well as the scope.
Explanation of Scopes:
Igloo Network - Network containing the Igloo related hardware i.e. media server, projectors, etc. This can be a separate VLAN, or mixed with a pre-existing network.
Outside - Corporate network or network providing internet access to the Igloo system. Can be behind NAT if only web and software updates are required. For sending OSC messages and / or NDI streams to the Igloo from this network, firewall rules must be in place to allow traffic through.
Inbound / Outbound - Inbound is assumed to be traffic directed at clients on the Igloo network, whereas Outbound is traffic leaving this network. This can be controlled by your gateway firewall, or intermediary security device. Windows Firewall settings on the media server itself should also match where required.
Port | Scope | Description | Source | Endpoint |
|---|---|---|---|---|
TCP 4352 Inbound TCP & UDP 3620 Inbound | Igloo Network | Projector communications and control. | IMP/Media Server | Projectors |
UDP 9000-9020, 10000 Inbound | Igloo Network, Outside (Optional) | OSC Protocol | IMP/Media Server | Tablet |
UDP 5353, 5960 - 65535 Inbound | Igloo Network, Outside (Optional) | NDI Discovery, Messaging and Video Streaming | IMP/Media Server | IMP/Media Server |
TCP 9011 | Igloo Network | Igloo Home | Igloo Home Web client | IMP / Media Server |
TCP 80, 443 | Outside | Street View Service | IMP/Media Server | Internet (Google API) |
TCP 3000 | Igloo Network | Matterport application | IMP/Media Server | IMP/Media Server |
TCP 3001 | Igloo Network | GeoCV application | IMP/Media Server | IMP/Media Server |
UDP 9001, 9010, 10000 | Igloo Network | Igloo Controller Service | Tablet/IOS device running Igloo Touch | IMP/Media Server running Igloo Controller Service |
TCP & UDP 53, 80, 443 Outbound | Outside | DNS, web connectivity and Windows updates | IMP/Media Server | DNS Server(s) |
TCP 80, 443, 8200 Outbound | Outside | GoToMyPC Remote access | IMP/Media Server | GoToMyPC |
TCP & UDP 5938 Outbound | Outside | TeamViewer Remote access | IMP/Media Server | TeamViewer |
UDP 162, 319-320, 2203, 4321, 14336-14600, 4440, 4444, 4455, 5353, 8700-8706, 8800, 8751, 16000-65536 Inbound | Igloo Network | Required if using Dante Audio and Controller. Allows audio routing, clocking, control, monitoring, and related services. See Dante Audio section below for a detailed description of these ports. | Dante Senders (Typically, IMP/Media Server, Dante enabled DSPs) | Dante Receivers |
TCP 6789, 6790 | Igloo Network | Birddog camera WEB GUI using these ports to access the Birddog device configuration page. | Birddog camera | Web GUI/IMP |
UDP 1511 | Igloo Network | Optitrack data port | Optitrack motion capture | Motive Software / IMP |
TCP 27036 Inbound | Igloo Network | TouchOSC Editor. Required for synchronising TouchOSC layouts from the editor to remote devices. | IMP/Media Server Remote devices (tablets, phones etc) | Remote devices (tablets, phones etc) IMP/Media Server |
Note that many of the ports above are localised to a single subnet / security zone (including Dante and NDI multicast traffic). This traffic is only expected to hit the firewall in cases where multicast proxying is configured. By default this is not the case and these ports do not need opening.
A security gateway installed by Igloo will be configured appropriately, and any other requirements can be planned for involving our network and security teams.
Internet Connectivity
As shown in the above table, ports for web connectivity are optional but preferred for Windows Updates, remote support, and general usability. Windows Updates should generally be allowed and installed for security fixes, though a day should be set aside for larger cumulative and feature updates that may require post-install testing.
Other devices may not require internet connectivity; no device in the Igloo system strictly needs it. This is largely up to your own requirements in terms of accessibility and security.
Protocol Specific Considerations
An Igloo system may depend on much more than basic web traffic, so it is important to take into consideration the type of traffic that will be in common use and how it will impact your network. A simple playback system will not generate much traffic outside of Windows Updates and downloading new content; in this regard the server will behave similarly to a typical client. When content streaming is a requirement, there are some bandwidth and latency requirements to keep in mind, and a network administrator should be involved to make sure there are no adverse effects on your corporate network.
Some protocols such as those used by NDI or Dante devices can be quite noisy in terms of traffic generation, and use up considerable bandwidth on the network. In cases where these devices are placed topologically far away from the Igloo server on a client network, we would recommend implementing traffic segregation e.g. VLANs. This requires L3 capable devices to route traffic correctly to the Igloo server, as well as Multicast routing in order for the mDNS traffic to cross subnet boundaries. A solution such as this would be discussed as part of a network integration consultation.
NDI
NDI is a fairly efficient protocol for streaming high quality video content over a network. This is bandwidth intensive by nature, however; a single NDI stream of a 1080i video source will take up around 100Mbps, and requires a latency of around 14ms to avoid frame dropping; 4k at 60fps can burst up to 350Mbps. It is important to consider how many NDI streams you may have active at a time, and how they are going to traverse your network. It is generally best practice to have clients that need to send NDI streams to the Igloo media server on the local Igloo network, as this reduces the round-trip-time, and also reduces traffic flow across your corporate network.
RTMP
RTMP is a less efficient, though much more easily configurable alternative to NDI streams. Video and audio bitrates can be set independently to match network requirements, and there is control over the codec used to transmit this data. Latency and bandwidth are still important to consider, so the same considerations should be made as in the case of using NDI streams, i.e. how the traffic will traverse your network, how many streams may be active at one time, what the expected latency will be, etc.
Dante Audio
A Dante Audio system is network based, and can sit entirely on the Igloo Network unless external audio sources are required. Bandwidth for an audio stream is typically 6Mbps depending on number of channels and sample size. Dante Audio packets can make use of QoS settings, and publish a guide on these shown below:
Priority | Usage | DSCP Label | Hex | Decimal | Binary |
|---|---|---|---|---|---|
High | Time critical PTP events | CS7 | 0x38 | 56 | 111000 |
Medium | Audio, PTP | EF | 0x2E | 46 | 101110 |
Low | (reserved) | CS1 | 0x08 | 8 | 001000 |
None | Other traffic | BestEffort | 0x00 | 0 | 000000 |
Ports for unicast and multicast Dante audio are included in the port requirements above. A more detailed description of these requirements are as follows:
Ports | Multicast Address | Description | Source | Endpoint |
|---|---|---|---|---|
4321 |
| Dante Audio. | IMP/Media Server | Dante Receiver |
5004 |
| AES67 Audio. | IMP/Media Server | Dante Receiver |
14336-14600 | N/A | Unicast Dante Audio. | IMP/Media Server | Dante Receiver |
5353 | 224.0.0.251 | mDNS and DNS-SD discovery for Dante devices. | Dante Devices | N/A |
9875 | 239.255.255.255 | AES67 discovery for Dante devices. | Dante Devices | N/A |
319-320 | 224.0.1.129 - 224.0.1.132 | Precision Time Protocol (PTP). | Dante Devices | N/A |
9998 | 239.254.3.3 | PTP Logging. | Dante Devices | N/A |
8700-8708 | 224.0.0.230 - 224.0.0.233 | Monitoring traffic. | Dante Devices | N/A |
Source and Endpoint based firewall rules are not quite applicable to multicast traffic. The multicast address itself should be considered the endpoint, as all devices subscribed must be able to see the traffic.
Example iptables rule allowing Dante mDNS on local subnet 192.168.0.0/24:-A INPUT -s 192.168.0.0/24 -d 224.0.0.251 --dport 5353 -j ACCEPT
Support
Remote Access
TeamViewer
TeamViewer is Igloo’s remote support method. We install TeamViewer as a service, which grants easy access to our support team. This is not configured to require a password from our support team unless specifically requested. The following ports are required for TeamViewer access:
TCP/UDP 5938 Outbound (Primary)
TCP 443 Outbound (Failover 1)
TCP 80 Outbound (Failover 2)
It’s also possible for Igloo to use TeamViewer to support when TeamViewer is set in LAN only mode should Igloo support have access to a VPN/relevant firewall connection.
LogMeIn GoToMyPC
GoToMyPC is not the preferred method of remote support, though can be used if required. We have no quick access system as with TeamViewer, so response times may be affected. The following network ports will be required for external support to connect to the system:
TCP 80 Outbound
TCP 443 Outbound
TCP 8200 Outbound
Windows RDP/MSTSC/Quick Assist
Windows Remote desktop connection is a tool that can allow Igloo staff to install software updates, however doesn’t grant the ability to remotely assist users - Windows RDP creates a new session, unlike other comparable tools. Using this should be avoided where possible.
MS Quick Assist, conversley, allows for a solicited connection to the users current session and can be effectively used for remote support over the internet.
Raising a Support Request
Any and all queries should be sent to myadvocate@igloovision.com where a ticket will be raised and one of our support team will be assigned to your case. Tickets can also be raised via the web at myadvocate.igloovision.com.
(c) Igloo Vision Ltd. 2023