8x8 Community

My Services Express Jitsi as a Service 8x8 Connect 8x8 Work for Web

X Series Technical Requirements

Revision History

Change Log
Dec, 14th 2022
The following callstats.io subnets and ports are no longer used as of Jan 2023. Subnets132.226.0.0/26, 168.138.100.0/26, 140.238.129.64/26, 130.61.163.128/26, 158.101.200.64/26, 152.67.22.64/26, 193.122.65.0/26, 168.138.245.192/26, 152.67.146.0/26, 129.159.81.0/26, 158.101.40.128/26
Ports:  UDP 1024 - 65000 (Smart Connectivity Tests)
Oct, 21st 2022
Further clarification on UDP ports 3478-3480 and add recommendation to allow always
Aug, 17th 2022
8x8 Meet Anycast Subnets 13.248.132.124/32, 13.248.142.92/32,76.223.3.109/32,76.223.9.91/32 TCP:443 have been REMOVED. For proper functionality of 8x8 Meet it is recommended to place NO RESTRICTIONS ON OUTBOUND TCP Port 443 (HTTPS) traffic.
Aug, 6th 2022
Add reference that AnyCast DNS Servers are not recommended
June, 22nd 2022
Clarification on when NOT using SRTP for softphone (Work for Desktop/Work for Mobile) TCP Port 5199 is required
June, 8th 2022
Add link to Citrix Integration Documentation/Recommendations
May, 11th 2022
Update Activation ports for Audio Codes to include UDP 5499
May, 4th 2022
Add UK (152.67.137.148/32)  and US (132.226.123.231/32) Customer Experience Subnets
Feb, 14th 2022
Updates to Filtering functions for Subnets
Nov, 30th 2021
Correction/clarification Nomadic 911 is communicating over HTTPS (TCP 443) not HTTP.
Nov, 19th 2021
New Meetings Subnet in Japan. 155.248.191.0/24 UDP 10000. It will go into effect Dec 17th,2021 -- UPDATED
Oct, 14th 2021
Add additional dedicated sections for Contact Center as a Stand-Alone Service
Aug 18th, 2021
Added the following subnet: Canada (SaskTel): 207.195.32.64/27
May 19th, 2021
Removed the following subnets for 8x8 Meetings
  • 13.232.101.208/32
  • 3.0.167.49/32
  • 54.66.154.44/32
  • 35.182.147.109/32
  • 3.122.28.43/32
  • 63.32.210.13/32
  • 35.176.73.125/32
  • 54.233.170.124/32
  • 54.167.244.60/32
  • 18.220.195.182/32
  • 54.214.212.235/32
May 7th, 2021
Add 35.182.82.252/32 and 15.222.42.21/32 for Quality Management as REQUIRED when using the service/application.
April 28th, 2021
Updated Meetings Domains, better clarified required vs optional vs analytics, and removed outdated domains (for Meetings only)
March 18-19th, 2021
  • Add Nomadic 911 Location management information
  • Add bandwidth calculation information
  • SoHo Network Recommendations
  • Add new Subnet range for US West Data Center 216.59.141.0/24
March 9th, 2021
Update Contact Center Mail Server Addresses, minor corrections, and/or clarifications for Contact Center.
Browser and TLS requirements added/updated
CORRECTION in the United States Quality Management SUBNETS  2.35.50.242/32 was corrected to be  52.35.50.242/32
February 22nd, 2021
Additional Clarity on FTP and Email Requirements
February 10th, 2021
8x8 is expanding geo-routing capabilities on April 2nd, 2021. 
  • Montreal: 168.138.74.128/26
  • Toronto: 140.238.129.0/26
  • Cardiff: 129.151.79.0/24
  • Hyderabad: 152.67.181.0/26
January 27th, 2021
For converged networks, a link to recommendation for setting up VLANs for Poly was provided.
January 13th, 2021
Add WorkW WebRTC Ports
November 21st, 2020
8x8 is expanding geo-routing capabilities on January 25, 2021.
  • Amsterdam: 158.101.200.0/26
  • Ashburn: 129.159.80.0/24
  • Sao Paulo: 168.138.245.128/25
  • Frankfurt: 130.61.163.0/25
  • London: 152.67.145.0/24
  • Phoenix: 158.101.41.0/24
Additionally added 8x8's Maestro Gateway IPs (for use when restricting access to your CRM from 8x8).
November 5th, 2020
New Domain Table format with filtering and export capability added
October 26th, 2020
New Subnet Table format with filtering and export capability added
October 16th, 2020
  • Add callstats ports
  • 66.81.220.0/24: UK Data Center Added
  • 66.81.216.0/24: AU Data Center Added
September 24th, 2020
Change the format of the IP Range table to make it easier to read/use, added new IPs for Quality Management Service.
New 3rd party domain walkme.com added
New 8x8 domain added 8x8cloud.com added
August 17th, 2020
ADD the following SUBNET for Australia 168.138.20.0/25
India had the following CHANGE of SUBNETS 152.67.22.0/26 REPLACED 124.124.82.224/28
November 5th, 2020
New Domain Table format with filtering and export capability added
October 26th, 2020
New Subnet Table format with filtering and export capability added
October 16th, 2020
  • Add callstats ports
  • 66.81.220.0/24: UK Data Center Added
  • 66.81.216.0/24: AU Data Center Added
July 31st, 2020
Added the following Subnets UK: 109.70.59.0/24
Update of 8x8 Meet IP subnets. New Ranges: 
130.61.162.0/24
168.138.245.0/25
152.67.144.0/24
193.122.184.0/24
152.67.21.0/24
158.101.40.0/25
129.146.204.128/27
129.146.205.0/27
129.146.205.96/27
129.146.206.64/27
168.138.111.128/25
130.61.64.185
193.122.11.14
168.138.236.29
168.138.229.53
140.238.95.196
152.67.128.56
193.122.177.113
193.122.167.175
152.67.14.48
152.67.30.22
129.146.227.2
129.146.219.44
168.138.110.244
168.138.110.59
140.238.148.121
140.238.148.27
168.138.216.49
168.138.223.155
158.101.192.6
193.123.38.193
193.122.64.56
158.101.224.215
Update product names to reflect Work for Desktop and Work for Mobile
Remove range 50000-65535 UDP for RTP (Overlap)
July 20th, 2020
Add *.amazonaws.com for storing and downloading Call Center Analytic reports via S3 Signed URLs.
Correction on Softphone Ports, removed 5443.
June 4th, 2020
Added the following Subnets UK: 185.173.48.64/26 and China: 101.227.59.128/27. *.callstats.io moved to 8x8 Core Domains from 3rd Party Domains. Add "Additional Resources" links for customers that are mixing both 8x8 and other Brands owned by 8x8.
Dec, 14th 2022
The following callstats.io subnets and ports are no longer used as of Jan 2023. Subnets132.226.0.0/26, 168.138.100.0/26, 140.238.129.64/26, 130.61.163.128/26, 158.101.200.64/26, 152.67.22.64/26, 193.122.65.0/26, 168.138.245.192/26, 152.67.146.0/26, 129.159.81.0/26, 158.101.40.128/26
Ports:  UDP 1024 - 65000 (Smart Connectivity Tests)
Oct, 21st 2022 Further clarification on UDP ports 3478-3480 and add recommendation to allow always
Aug, 17th 2022 8x8 Meet Anycast Subnets 13.248.132.124/32, 13.248.142.92/32,76.223.3.109/32,76.223.9.91/32 TCP:443 have been REMOVED. For proper functionality of 8x8 Meet it is recommended to place NO RESTRICTIONS ON OUTBOUND TCP Port 443 (HTTPS) traffic.
Aug, 6th 2022 Add reference that AnyCast DNS Servers are not recommended
June, 22nd 2022 Clarification on when NOT using SRTP for softphone (8x8 Work for Desktop/8x8 Work for Mobile) TCP Port 5199 is required
June, 8th 2022 Add link to Citrix Integration Documentation/Recommendations
May, 11th 2022 Update Activation ports for Audio Codes to include UDP 5499
May, 4th 2022 Add UK ( 152.67.137.148/32 )  and US ( 132.226.123.231/32) Customer Experience Subnets
Feb, 14th 2022 Updates to Filtering functions for Subnets
Nov, 30th 2021 Correction/clarification Nomadic 911 is communicating over HTTPS (TCP 443) not HTTP.
Nov, 19th 2021 New Meetings Subnet in Japan. 155.248.191.0/24 UDP 10000. It will go into effect Dec 17th,2021 -- UPDATED
Oct, 14th 2021 Add additional dedicated sections for Contact Center as a Stand-Alone Service
Aug 18th, 2021 Added the following subnet: Canada (SaskTel): 207.195.32.64/27
May 19th, 2021
Removed the following subnets for 8x8 Meetings
  • 13.232.101.208/32
  • 3.0.167.49/32
  • 54.66.154.44/32
  • 35.182.147.109/32
  • 3.122.28.43/32
  • 63.32.210.13/32
  • 35.176.73.125/32
  • 54.233.170.124/32
  • 54.167.244.60/32
  • 18.220.195.182/32
  • 54.214.212.235/32
May 7th, 2021 Add 35.182.82.252/32 and 15.222.42.21/32 for Quality Management as required when using the service/application.
April 28th, 2021 Updated Meetings Domains, better clarified required vs optional vs analytics, and removed outdated domains (for Meetings only)
March 18-19th, 2021
  • Add Nomadic 911 Location management information
  • Add bandwidth calculation information
  • SoHo Network Recommendations
  • Add new Subnet range for US West Data Center 216.59.141.0/24
March 9th, 2021
Update Contact Center Mail Server Addresses, minor corrections, and/or clarifications for Contact Center.
Browser and TLS requirements added/updated
CORRECTION in the United States Quality Management SUBNETS  2.35.50.242/32 was corrected to be  52.35.50.242/32
February 22nd, 2021 Additional Clarity on FTP and Email Requirements
February 10th, 2021 8x8 is expanding geo-routing capabilities on April 2nd, 2021. 
  • Montreal: 168.138.74.128/26
  • Toronto: 140.238.129.0/26
  • Cardiff: 129.151.79.0/24
  • Hyderabad: 152.67.181.0/26
January 27th, 2021 For converged networks, a link to recommendation for setting up VLANs for Poly was provided.
January 13th, 2021 Add WorkW WebRTC Ports
November 21st, 2020
8x8 is expanding geo-routing capabilities on January 25, 2021.
  • Amsterdam: 158.101.200.0/26
  • Ashburn: 129.159.80.0/24
  • Sao Paulo: 168.138.245.128/25
  • Frankfurt: 130.61.163.0/25
  • London: 152.67.145.0/24
  • Phoenix: 158.101.41.0/24
Additionally added 8x8's Maestro Gateway IPs (for use when restricting access to your CRM from 8x8).
November 5th, 2020 New Domain Table format with filtering and export capability added
October 26th, 2020 New Subnet Table format with filtering and export capability added
October 16th, 2020
  • Add callstats ports
  • 66.81.220.0/24: UK Data Center Added
  • 66.81.216.0/24: AU Data Center Added
September 24th, 2020
Change the format of the IP Range table to make it easier to read/use, added new IPs for Quality Management Service.
New 3rd party domain walkme.com added
New 8x8 domain added 8x8cloud.com added
August 17th, 2020
ADD the following SUBNET for Australia 168.138.20.0/25
India had the following CHANGE of SUBNETS 152.67.22.0/26 REPLACED 124.124.82.224/28
November 5th, 2020 New Domain Table format with filtering and export capability added
October 26th, 2020 New Subnet Table format with filtering and export capability added
October 16th, 2020
  • Add callstats ports
  • 66.81.220.0/24: UK Data Center Added
  • 66.81.216.0/24: AU Data Center Added
July 31st, 2020
Added the following Subnets UK: 109.70.59.0/24
Update of 8x8 Meet IP subnets. New Ranges: 
130.61.162.0/24
168.138.245.0/25
152.67.144.0/24
193.122.184.0/24
152.67.21.0/24
158.101.40.0/25
129.146.204.128/27
129.146.205.0/27
129.146.205.96/27
129.146.206.64/27
168.138.111.128/25
130.61.64.185
193.122.11.14
168.138.236.29
168.138.229.53
140.238.95.196
152.67.128.56
193.122.177.113
193.122.167.175
152.67.14.48
152.67.30.22
129.146.227.2
129.146.219.44
168.138.110.244
168.138.110.59
140.238.148.121
140.238.148.27
168.138.216.49
168.138.223.155
158.101.192.6
193.123.38.193
193.122.64.56
158.101.224.215
Update product names to reflect 8x8 Work for Desktop and 8x8 Work for Mobile
Remove range 50000-65535 UDP for RTP (Overlap)
July 20th, 2020
Add *.amazonaws.com for storing and downloading Call Center Analytic reports via S3 Signed URLs.
Correction on Softphone Ports, removed 5443.
June 4th, 2020 Added the following Subnets UK: 185.173.48.64/26 and China: 101.227.59.128/27. *.callstats.io moved to 8x8 Core Domains from 3rd Party Domains. Add "Additional Resources" links for customers that are mixing both 8x8 and other Brands owned by 8x8.

Overview

This document provides a comprehensive guide to the network requirements necessary to enable 8x8 X Series services (Including Unified Communications, Contact Center Applications, 8x8 Work for Desktop and 8x8 Work for Mobile, UCaaS clients, Video Meetings, and current hardware offerings).
Note: This document should supersede any other documentation that references IPs, Subnets, or Ports used by 8x8.

Applies To

  • X Series Platforms
  • Technical Requirements

Abbreviations

Abbreviation Meaning
8x8 8x8, Inc.
ALG Application Layer Gateway
DNS Domain Name System
DPI Deep Packet Inspection
DSCP Differentiated Services Code Point
EF Expedited Forwarding
FTPS FTP Secure (FTP over TLS)
GTM Global Traffic Manager (8x8 DNS)
HTTPs HyperText Transfer Protocol (Secure) 
IMAP Internet Message Access Protocol
IP Internet Protocol
KB Knowledge Base System
LAN Local Area Network
LDAPs Lightweight Directory Access Protocol (Secure)
NTP Network Time Protocol
POP3 Post Office Protocol version 3
QoS Quality of Service
SIPs Session Initiation Protocol (Secure)
SPI Stateful Packet Inspection
sRTP (Secure) Real-Time Protocol
TCP Transport Control Protocol
TLS Transport Layer Security
UDP User Datagram Protocol
CC 8x8 Contact Center
VLAN Virtual Local Area Network
8x8 Work for Desktop 8x8 Work for Desktop Application (8x8 UC Client for desktop)
8x8 Work for Mobile 8x8 Work for Mobile Application (8x8 UC Client for mobile devices)
WAN Wide Area Network
ZTP Poly Zero Touch Provisioning

Terminology

The following terms are essential in understanding your network requirements for 8x8:
  • Jitter: A measure of the time interval between data packets as they reach their destination. A low degree of jitter indicates a relatively steady stream of data packets.
  • Packet loss: Data, such as a VoIP transmission, is sent over the Internet in the form of packets. Packet loss occurs when some of these packets do not arrive at their destination. For each packet loss, a small amount of speech is cut out. If the degree of packet loss is high, conversation audio can sound very choppy, delayed, or unclear.
  • MOS score: The higher your MOS score, the better your VoIP experience will be. A MOS score is measured on a scale of 1 to 5, in which 5 represents the best possible call quality, and 1 represents the worst possible call quality. The range is subjective and based on normative data collected from experimental trials.

Firewall Guidelines

With regards to Firewall guidelines, It is advisable to either exempt 8x8 traffic from Deep Packet Inspection (DPI) and Intrusion Protection or ensure that appliances performing these operations can inspect the traffic without inducing measurable delay.

Default Recommendations

DNS

When using a Voice Only VLAN (a Virtual LAN with only Hard Phones, and no computers on it), 8x8 recommends that you set the 8x8 GTMs, 8.28.0.9 and 192.84.18.11 as the Primary and Secondary DNS servers in the VLANs DHCP Scope. An alternate option is to implement conditional forwarding of 8x8.com and packet8.net on your local DNS servers to 8.28.0.9 and 192.84.18.11, which are 8x8's DNS servers. It is not recommended to set conditional forwarding on your Data VLAN, and/or if you have only one network. If your network only consists of a single LAN (you are not using VLANs), 8x8 can set the DNS of your hard phones to the GTMs. This ensures proper Geo Routing of your 8x8 traffic to the closest 8x8 data center for each location. 
8x8 UCasS 8x8 Work for Mobile and 8x8 Work for Desktop Clients use the 8x8 GTMs directly (with a fallback of the local DNS); thus, no additional work is needed to ensure proper routing of the traffic for UCaaS Clients.
8x8 does not recommend the use of DNS servers that make use of AnyCast, as the Geo Location can be unpredictable.

NTP

8x8's recommendation for NTP is to allow the default NTP setting of pool.ntp.org through the firewall. If your internal security requirements do not allow for external NTP, our advice is to use Option 42 in your DHCP scope to override the NTP setting to an NTP server of your choice. Should you not have an internal NTP server, use ntp2.packet8.net.

SIP-Application Level Gateway (ALG)

By default, 8x8 enables SRTP, which supersedes SIP-ALG functionality for a list of equipment that supports SRTP see our list of SRTP Compatible Equipment. 8x8 recommends for NON-SRTP Users that SIP-ALG be disabled on all your Layer 3 Network equipment, as SIP-ALG can cause issues with SIP messages. Please review and test to ensure that disabling SIP-ALG on your networking equipment will not impact other existing services on their network. For more information on SIP-ALG and possible solutions for disabling, see Disabling SIP-ALG in Your Router or Firewall.
SIP-ALG (Application Level Gateway) is a feature in which the layer three network equipment can manipulate the payload section of a SIP Packet to change the private addressing to be public address. As the phone or 8x8 Work for Desktop/8x8 Work for Mobile is not aware of the public address, all payload information references private addressing. Edge devices attempt to correct this by opening all SIP packets and manipulating the payload (body) of the packets by replacing private addresses with the public IP of the edge device and the Natted port. Unfortunately, many devices do not adequately manipulate these packets causing them to be invalid or contain incorrect information. For this reason, 8x8 recommends that this function be disabled for non-SRTP users.

Firewall Rules

Our recommendation is to create an OUTBOUND Policy "Internal to 8x8" rule in your firewall. This is a highly secure action as it is only opening outbound traffic towards a known destination (8x8 data centers). The list of 8x8 subnets (or Domains) is later in the document.
We recommend setting firewall session timers as follows to prevent premature NAT session changes that can cause de-registration, intermittent one-way audio, and phones not to pick up or ring when using certain firewalls: 
  • UDP session timer: 660 seconds 
  • TCP session timer (TLS connections only, port 5443): 300 - 700 seconds

Application and Browser-Based Interfaces

All 8x8 services are deployed within the IP address spaces listed in this document and identified by one of the domains listed in this document. Outbound requests made to these ranges on port 80 (HTTP) will be redirected to port 443 (HTTPS) and customers should allow both outbound ports to the IP/Domains.
To ensure the utmost security as you use your 8x8 services, beginning February 28, 2021, access to the 8x8 Configuration Manager for Contact Center, Agent Desktop, along with API calls to these systems, will require up-to-date web browsers or libraries compliant with TLS 1.2 or better:
The following browsers have been verified by 8x8 QA to support the changes occurring February 28, 2021:
  • Google Chrome version 70 or later
  • Mozilla Firefox version 48 or later
  • Microsoft Edge (any)
  • Apple Safari version 9 or later
You can also click here to test your current browser’s security standard compatibility.

Proxy Server

8x8 only supports using a proxy for TCP port 80 and 443 (HTTP/HTTPS) traffic, all other traffic (Video and Audio) should bypass your proxy. 8x8 has made every attempt to ensure that 8x8 Work for Desktop application will respect the proxy settings of the system 8x8 Work for Desktop is running on. 8x8's web applications (Contact Center Agent Interface, Configuration managers, Analytics, and so forth) are, by nature, proxy aware and will respect the proxy setting of the system/browser.

Physical Instruments

For all approved telephony devices (endpoints), Outbound requests made via HTTP over TLS (HTTPS) on port TCP 443 to all 8x8 domains listed in the Domains section of this document without restriction to specific IP address ranges.
Provisioning Note: Poly devices can make use of Poly Zero Touch Provisioning (ZTP) and Poly PDMS service. Each of these services require HTTPS traffic to be allowed to Poly. For more details see Whitelist Zero Touch Provisioning Services for Obihai and Poly Devices. Device Access to Poly’s IPs is not required for 8x8 services, it will assist/speed deployment for new devices.

Citrix

Customers using 8x8 Work for Desktop should refer to Citrix VDI Integration with 8x8 Work for Desktop & Web for more details.

Network Considerations and Recommendations

Below are Network considerations and recommendations that customers should review and adapt as appropriate, as they may not ally to all installations.

Requirements

Parameters Requirements
Poly Zero Touch Provisioning (ZTP) Allow Poly Zero Touch Provisioning, alternative options can be found in Setting Up ZTP Override.
TLS TLS 1.2 support is mandatory.
Wiring At least Cat 5 (preferably Cat 6) wiring for networking devices, and IP phones that use a wired connection.
WiFi Strong and consistent WiFi connection for networking devices, and IP phones that use WiFi.
PoE (recommended) See Device Manufacturer Data Sheets.
Packet loss 0% packet loss
Jitter <20 ms jitter
Network latency <100 ms latency to 8x8 data centers. VoIP services are known to work even in higher latency conditions up to 150-200 milliseconds. However, this must be maintained consistently with no packet loss.
Bandwidth requirement
Voice UCaaS and CCaaS:
  • G711 Codec: 90 kbps symmetric/call 
  • G722 Codec: 90 kbps symmetric/call (UC Calls Only)
  • G729 Codec: 35 kbps symmetric/call 
  • CCaaS add an additional 30kbps symmetric/call
Video Meetings Upstream:
  • Up to 3Mbps for video
  • 40kbps for audio
Video Meetings Downstream:
  • 2.5 Mbps for "On Stage" video in high quality
  • At least 500kbps for one incoming stream at the lowest quality
  • 200kbps per thumbnail stream (excluding on-stage)
  • 40kbps for audio
Downstream max bandwidth in a conference of n people would be 2.5Mbps + (n-2)*200kbps + 40kbps
Make sure you have 50% of your available bandwidth free to accommodate any spike in usage. Always assume that at least 35% of your users are on call at any time. However, depending on your company's use case, you may have a higher percentage. 
Note: When setting up devices to use an uncompressed voice CODEC, enable both G.711a law and G.711μ law capabilities available on the device. This prevents call quality loss by eliminating transcoding of international VoIP calls. This has no impact on bandwidth requirements, as either choice uses 80 Kbps per call. Transcoding does increase latency. 
To estimate the network bandwidth required to support a VoIP station:
  1. Choose the CODECs you plan to deploy in your network.
  2. Multiply each CODEC's bandwidth requirements by the number of simultaneous calls the network must support. For example, if you are using a G.711a/μ CODEC, and you need to support 100 simultaneous calls, then multiply 90 Kbits per second by 100 calls to calculate that you need 8.79 Mbps of symmetrical transmit-and-receive bandwidth to support the estimated call volume.
  3. Add the bandwidth required to support VoIP traffic to the bandwidth required to support your existing network traffic.
When calculating total network load, be sure to include all applications that use the network, especially applications with high bandwidth requirements (such as video conferencing).
Contact Center hardware requirements
  •  Agents require a personal computer and a high-speed Internet connection capable of running currently supported browsers.
  • If an agent uses a Voice over IP (VoIP) softphone provided by 8x8, then the agent's computer and Internet connection must consistently perform well while processing all other desktop applications required for the agent's tasks.
  • Agent screens must support a resolution of no less than 1200 x 900 pixels. If available, a higher screen resolution is recommended.
SoHo (small office/home office) suggestions For information on setting up SoHo networks see SoHo Networking Design Best Practices.

Considerations

Parameters Considerations
If running a converged network for voice and data
Configure VLANs to separate the traffic. Ensure that the Phone VLAN has the following DNS and NTP in its DHCP scope:
  • Use 8x8 DNS (Global Traffic Managers) servers 192.84.18.11 and 8.28.0.9 
  • Use 8x8 NTP server ntp2.packet8.net
Note: The recommended DNS does not resolve any other domain except 8x8.com and packet8.net. For more information on Poly and VLANs see Poly Devices VLAN Recommendations.
DHCP scope Ensure that there are no rules specified to force any provisioning server or NTP server to deviate from default 8x8 values. For provisioning servers, you must disable Option 66/160.
Maximum Transmission Unit (MTU) The network must support an MTU of 1500 bytes per packet. The MTU is the size of the largest protocol data unit that the layer can pass onwards. This is for Non-SRTP Communications only.
WAN failover We highly recommend that you use dual WAN connections in a failover state by using WAN link redundancy (Active / Standby). Dual WAN connections in load balancing (Active / Active) may not be supported due to the multiple ways to implement, speak to your 8x8 engineer for supported options and/or recommendations.
VPN use cases If your remote users or Internet egress use a VPN tunnel, make sure that the 8x8 traffic does not traverse it. Consider a Split Tunnel to have local Internet egress for 8x8 traffic. In addition, split DNS to resolve 8x8 domain queries locally. Speak to your 8x8 engineer for more information.
Internet Access Requirements
  • All 8x8 UC and Contact Center agents, supervisors, and administrators must have high-speed Internet access. Examples of high-speed Internet include DSL, Cable, or most corporate LANs.
  • Although 8x8 UC and Contact Center can interoperate with high-speed satellite connections, the round-trip transmission delay inherent in all satellite connections is likely to result in an undesirable degradation in performance.
  • Note: Dial-up Internet connections are not supported.
NAT Requirements
  • 8x8 UC and Contact Center works with typical default stateful inspection firewall settings.
  • 8x8 Contact Center requires standard NAT with any VoIP Application Layer Gateway (ALG) address fix up features disabled when using a softphone.
  • The 8x8 Contact Center browser and VoIP phone sessions periodically generate activity to keep stateful inspection ports open.
  • 8x8 Contact Center Agents using Counterpath software-based softphones (such as eyeBeam) may need to configure any firewall products (for example, Windows firewall, Symantec, or Trend Micro) to allow the softphones to receive calls.

QoS / Priority

The basic approach of handling QoS for 8x8 traffic within your network is by DSCP markings as provided by the applications and approved devices. When configuring QoS, on circuits that support QoS, external to your network 8x8's recommendation is to identify 8x8 traffic based on source/destination network, (i.e., not by DSCP markings, ports, channels, etc.). RTP will make up 90+% of your traffic. That way, any of your traffic that is sourced/destined to any of the 8x8 networks should be treated with the highest priority.
If the majority of your users are on Wi-Fi rather than Ethernet, make sure you follow the best practices in Wi-Fi deployment to ensure plenty of coverage.
8x8 Meetings does not currently mark the meetings traffic; our recommendation is to set priority (EF) on the predictable port of UDP 10000.

8x8 DSCP / CoS Values Applied

Endpoint Type Traffic Type / Application COS Value (Decimal) DSCP (Decimal) Name
Windows / Non-Admin Voice Media - Real-Time CS7 DSCP 56  
Windows / Non-Admin SIP Signalling CS5 DSCP 40  
Windows / Admin Voice Media - Real-Time EF DSCP 46 Expedited Forwarding
Windows / Admin SIP Signalling AF31 DSCP 26 Assured Forwarding
Mac / iOS Voice Media - Real-Time EF DSCP 46 Expedited Forwarding
Mac / iOS SIP Signalling AF31 DSCP 26 Assured Forwarding
Android Voice Media - Real-Time EF DSCP 46 Expedited Forwarding
Android SIP Signalling AF31 DSCP 26 Assured Forwarding
Poly Voice Media - Real-Time EF DSCP 46 Expedited Forwarding
Poly SIP Signalling AF31 DSCP 26 Assured Forwarding

8x8 Outbound Datacenter Ports

Traffic Requiring Outbound Connections from within the customer network to the 8x8 Cloud.
Traffic Source & Purpose
Applies To
Protocols
Destination Ports
Device 
  • Provisioning
  • Configuration
  • Software Update
All Certified Physical Phones & ATAs
  • HTTP
  • HTTPS
TCP 80, 443
Device
Secure SIP Signalling
All Certified Physical Phones & ATAs
SIPS
(Secure SIP)
TCP 5443
Device
Corporate Directory
Certified Physical Phones
LDAPS
TCP 636
Device
Network Time
All Certified Physical Phones & ATAs
NTP
  • UDP
  • TCP 123
Can be provided locally via DHCP Option 42
Device
Domain Name System
All Certified Physical Phones & ATAs
DNS
  • UDP 53
  • TCP 53
Can be provided locally via DHCP Option
Device
SIP Signalling
All Certified Physical Phones & ATAs
SIP
  • UDP 5199,5299,5399
Device
SIP Activation
All Certified Physical Phones & ATAs
SIP
  • UDP 5060 (Phones and ATAs except Audio Codes)
  • UDP 5499 (Audio Codes ONLY)
Softphone Application & Browser
  • Authorization
  • Messaging
  • Presence
  • Configuration
  • Administration
  • Reporting
  • Quality Management
  • Microservices
  • 8x8 Work for Desktop & 8x8 Work for Mobile
  • {{vocm}}
  • Analytics
  • Contact Center Agent, Supervisor
  • Quality mgmt
HTTPS
TCP 443
Softphone Application
Secure SIP Signalling (Default)
  • 8x8 Work for Desktop
  • 8x8 Work for Mobile
SIPS
(Secure SIP)
TCP: 5401
Softphone Application
SIP Signalling (When SRTP is Disabled this port is required. If you are using SRTP, the default setting, it is optional)
  • 8x8 Work for Desktop
  • 8x8 Work for Mobile
SIP
 
TCP: 5199
Real-Time Audio
Voice Call Audio
  • Physical Phones
  • 8x8 Work for Desktop & 8x8 Work for Mobile
SRTP
(Secure RTP)
  • UDP 24000 - 30999 
  • UDP 38000 - 44999
  • UDP 50000 - 65535
  • UDP 52000 - 58999
Real-Time Audio
  • WorkW
  • WebRTC
  • UDP 20000 - 40000
8x8 Meet

 
  • 8x8 Work for Desktop
  • 8x8 Work for Mobile
  • Browser
  • HTTPS
  • RTP / WebRTC
  • RTP / WebRTC
  • TCP 443
  • UDP/TCP 443
  • UDP 10000

Optional Services

Applications Requiring Outbound Connections

The following are optional items that may not be required. Consult your 8x8 team to validate whether these scenarios are applicable to your specific use cases.
Traffic Source & Purpose
Applies To
Protocols
Destination Ports 
Nomadic 911 Location Management Location Manager Application (also referred to as ERS Server communications) HTTPS
  • TCP 443
  • Domain: lm.911.intrado.com
  • Domain: lm20.911.intrado.com
  • IP: 208.71.176.31
  • IP: 208.71.179.31
  • IP: 208.71.176.58
  • IP: 208.71.179.58
Nomadic 911 Location Management Physical Phone (also referred to as HELD Server communications) HTTPS
  • TCP 443
  • Domain: lis.911.intrado.com
  • Domain: service.911.intrado.com
  • IP: 208.71.179.32
  • IP: 208.71.176.32
  • IP: 208.71.176.55
  • IP: 208.71.179.55
Quality Management Screen Recording
Streaming screens
Screen Recording Client in Quality Management
HTTPS
TCP 443
VCC FTPS Call Recording Download
Downloads of contact center call recordings using FTP over TLS (FTPS).
FTPS
Note: FTPS is not the same as SFTP (SSH Based).
  • Control Connection: 
    • TCP: 21 Explicit
    • TCP: 2121 Explicit
    • TCP: 990 Implicit
  • Data XFER Ports: UDP:30000-30999
 8x8 Contact Center Platform URL Guide  
Bria Softphone
Standalone contact center softphone
  • SIP
  • RTP
  • UDP: 5060 Default
  • UDP: 5061 Alternate/Optional
  • UDP High Ports (1024 - 65535)
Zoiper Softphone
Standalone contact center softphone
  • SIP
  • RTP
  • UDP 5060, 5061
  • UDP High Ports (32000 - 65535)
Network Utility*
  • Media Tests
  • Fragmentation Test
  • BufferBloat Test
  • NAT Test
Network Assessment
*8x8's recommendation is to always allow these ports
  • RTP
  • STUN
  • TURN
  • UDP 3478-3480
Wavecell API
Video API
  • HTTP
  • HTTPS
  • WSS
  • UDP 10000 - 20000
SIP Trunks / TIE Trunks
 
  • SIPs Signalling
  • sRTP
 See customized Statement of Work for the unique implementation

Applications Requiring Incoming Connections

Traffic Source & Purpose
Destination Ports
 Source IPs
Contact Center Email
POP3/IMAP email access
  • For POP3 email support, enable port TCP 110.
  • For POP3 SSL, enable port TCP 995.
  • For IMAP email support, enable port TCP 143.
  • For IMAP SSL, enable port TCP 993.
  • For SMTP email support, enable port TCP 25.
  • For SMTP TLS email support, enable port TCP 587.
  • For SMTP SSL email support, enable port TCP 465.
Note: custom ports can be configured.
  • US-West: 8.21.164.0/24 
  • US-East: 8.28.3.0/24
  • Brazil: 168.90.173.112/28
  • Canada: 142.165.219.0/24
  • Europe2: 217.163.57.0/24
  • Europe3: 109.70.58.0/24
  • Hong Kong: 103.252.162.0/24
  • Australia: 103.239.164.0/24
  • Bell Canada: 50.100.15.0/24
SIP Trunks
  • SIPs Signaling
  • sRTP
 See customized Statement of Work for the unique implementation.

8x8 Datacenter IP Ranges & Domains

Note: In the process of connecting to Secure HTTP servers and setting up TLS connections, the certificates used in the connections will be validated by the issuing authority. Ensure you allow access to any/all issuing authorities.
Provisioning Note: Poly devices can make use of Poly Zero Touch Provisioning (ZTP) and Poly PDMS service. Each of these services require HTTPS traffic to be allowed to Poly. For more details see Whitelist Zero Touch Provisioning Services for Obihai and Poly Devices. Device Access to Poly’s IPs is not required for 8x8 services, it will speed deployment for new devices.

IP Ranges

Below is a list of IP Ranges that are used by 8x8 products and applications. Access Control List (ACL) and Quality of Service (QoS) flags indicate if the subnet should be included in your ACL and/or QoS Lists. There is an export option at the top of the list. When a Port range of * is referenced it refers to All Ports listed above in the  Data Center Ports  section.

Domains

Below is a list of domains that are used by 8x8 products and applications. There is an export option at the top of the list. When a Port Used range of * is referenced it refers to All Ports listed above in the Data Center Ports section.

Contact Center as a Stand Alone Service

When using Contact Center as a stand-alone service (not using 8x8 UC as a voice path/answering point). If you are using 8x8's XCaaS services, this section does not apply.
Computer hardware
  • Agents require a personal computer and a high-speed Internet connection capable of running Microsoft Internet Explorer 11, Firefox, or Chrome quickly when accessing popular search sites such as Google and Yahoo.
  • If an agent uses a Voice over IP (VoIP) softphone provided by 8x8, then the agent's computer and Internet connection must consistently perform well while processing all other desktop applications required for the agent's tasks.
  • Agent screens must support a resolution of no less than 1200 x 900 pixels. If available, a higher screen resolution is recommended.
Firewall and Network Address Translation (NAT) Requirements
  • 8x8 Contact Center works with typical default stateful inspection firewall settings.
  • 8x8 Contact Center requires standard NAT with any VoIP Application Layer Gateway (ALG) address fix up features disabled.
  • The 8x8 Contact Center browser and VoIP phone sessions periodically generate activity to keep stateful inspection ports open.
  • For organizations with restrictive firewall settings, 8x8 Contact Center recommends stateful inspection to open the following ports automatically when needed:
  • Agent browser sessions use TCP ports 80 and 443.
  • VoIP softphones use UDP port 5060, plus UDP ports in the range of 10000-35000.
  • The Collaborate feature uses TCP port 5907.
  • Downloading call recordings through FTPS clients uses TCP port 21 and TCP ports in the range of 30000-30999.
  • Agents using Counterpath software-based softphones (such as eyeBeam) may need to configure any firewall products (for example, Windows firewall, Symantec, or Trend Micro) to allow the softphones to receive calls.

Additional Resources

The following resources are intended for customers who are using Jitsi, Wavecell, or other companies/brands owned by 8x8 outside of their 8x8 resources/applications. 
The following resources are intended for customers who are using 8x8 Voice + Microsoft Teams. There are no 8x8 specific network requirements for these users. The Teams applications (mobile, desktop, browser) and any Teams-certified phones communicate directly with Microsoft and do not communicate directly with 8x8.