8x8 Community

My Services Express Jitsi as a Service 8x8 Connect 8x8 Work for Web

8x8 Network Best Practices

Updated: 09/26/2024

Navigation

Network Best Practices

Introduction

This document outlines the network best practices and service requirements essential for successful 8x8 and Fuze implementations, ensuring optimal performance, reliability, and quality of service for Unified Communications (UC) services.

Quick References

  • Latency:
    • Target: Less than 150 milliseconds (ms) one-way delay for acceptable call quality.
    • Ideal Target: Less than 100 milliseconds (ms) for optimal call quality.
  • Jitter:
    • Target: Less than 30 milliseconds (ms) of variation in packet arrival times.
    • Ideal Target: Less than 10 milliseconds (ms) for optimal call quality.
  • Packet Loss:
    • Target: Less than 1% packet loss rate.
    • Ideal Target: Zero packet loss for optimal call quality.
  • Delta (Difference in arrival time of RTP packets):
    • Target: Less than 30 milliseconds (ms) delta between consecutive packets.
    • Ideal Target: Consistent delta at 20 milliseconds (ms) for optimal call quality.
  • Clock Drift:
    • Target: Clock drift should not exceed 1 millisecond (ms) per minute.
    • Ideal Target: Clock drift should be negligible, ideally staying within microseconds (µs) per minute.

General Best Practices

  • Avoid Double-NATing
    • Double NATing UC services is problematic due to increased complexity, latency, and NAT traversal issues. It obscures visibility, complicates troubleshooting, and can lead to interoperability and security concerns. It's best to avoid double NATing and opt for single NAT configurations or alternative solutions for NAT traversal.
  • Symmetric Route Paths
    • Ensuring symmetric route paths between UC endpoints and production facilities is vital for maintaining consistent network performance, reliability, and security. Symmetric routing ensures that traffic travels predictably in both directions, minimizing issues such as packet loss, latency, and asymmetric routing. It simplifies troubleshooting, supports optimal performance for real-time communication services, and facilitates uniform enforcement of security policies.
  • Maintain Full-Duplex Communication
    • Maintaining full-duplex communication for UC services is essential for smooth, real-time interactions. It enables simultaneous transmission and reception of data, ensuring seamless conversations without interruptions or delays. This optimizes the performance and user experience of UC services.
  • Avoid Active-Active Load Balancing
    • Active-active load balancing for UC services production traffic should be avoided. This setup, where traffic is evenly distributed across multiple paths, can lead to issues such as out-of-order packet delivery, jitter, and call quality degradation. Additionally, it can complicate network management and troubleshooting processes. Instead, active-passive or intelligent routing mechanisms should be considered to ensure consistent and reliable performance for UC services.
  • Avoid WAN Accelerators
    • Avoid routing UC services production traffic through WAN accelerators. Doing so can introduce latency, packet loss, and jitter, adversely affecting the quality of voice and video calls. If unavoidable, whitelist UC traffic to bypass WAN accelerator interference and ensure optimal performance for UC services.
    Note: Troubleshooting UC services production traffic through a WAN accelerator may require physically removing the WAN accelerator from the traffic path.
  • Quality of Service (QoS)
    • Consider enabling Quality of Service (QoS) enforcement for voice and video aspects of UC services. QoS prioritizes UC traffic, ensuring low latency and minimal packet loss, crucial for maintaining high-quality voice and video calls.
    • If QoS enforcement is in place, conduct packet captures to verify appropriate packet marking for both ingress and egress packets passing through the WAN, following service guidelines.
  • Setup Voice / DATA VLANs
    • Competing network traffic can degrade voice communication. Voice packets may be lost if delayed by other data, leading to broken voice. To prevent this, separate voice onto its own VLAN for better control and priority. Providing clear names to VLAN IDs is recommended (VOICE, DATA).

Recommended Hardware Features

  • Managed Switch or Router
    • The networking device must have GUI or CLI administrative capabilities for configuration. 8x8 advises against connecting non-managed switches or hubs to the network. If a non-managed switch is necessary, ensure that only the data VLAN is configured on the port with appropriate duplex settings to prevent network collisions.
  • Power over Ethernet (PoE)
    • The device must support PoE with sufficient power for all connected IP phones simultaneously (applicable to access-layer switches only).
  • LLDP and LLDP-MED Support
    • Required for edge data switches.
  • VLAN Support
    • The device must support a minimum of two VLANs on all switches (one for voice, one for data) and trunking with 802.1Q VLAN tagging.
  • Quality of Service (QoS)
    • The device must support QoS at layer 2 for edge devices and at layers 3 and 4 for core switches and routers, including queuing, shaping, selective-dropping, DSCP trust, and link-specific policies.
  • High Availability and Advanced Routing (Optional)
    • The device should support protocols such as Rapid Spanning Tree, VTP, BGP, OSPF, HSRP, VRRP, or similar.
  • Auto Negotiation
    • The device should support auto speed and duplex negotiation by default, with the option to manually configure individual port speed and duplex modes as needed.
  • Port Status and Error Reporting
    • The device must provide individual-port speed and duplex mode indication, along with error and traffic statistics, which are essential for troubleshooting.

Expanded Details

Bandwidth Considerations

Challenges

  • Imbalanced internet speeds: Asynchronous internet speeds, common in cable modem connections, can lead to voice quality issues due to insufficient upload bandwidth.
  • Competition for internet resources: Bandwidth contention from other applications or users can degrade VoIP performance.
  • Microbursting: Rapid bursts of data packets can overwhelm network buffers, causing voice quality deterioration.
  • Propagation delay: Long distances between endpoints can introduce significant latency, affecting call quality.
  • Double firewalls: Concurrent firewalls in office environments may impede VoIP traffic flow.
  • Wi-Fi limitations: Wi-Fi connections, while convenient, can suffer from interference and bandwidth constraints.

Factors

  • Local internet usage: Consider the demand from other applications sharing the bandwidth.
  • ISP reliability and oversubscription: Ensure stable peering relationships and minimal oversubscription.
  • Quality of Service implementation: Deploy QoS mechanisms to prioritize VoIP traffic.
  • Connection type: Direct cable connections often offer superior performance compared to Wi-Fi.

Guidelines

  • Single Home User: 30-50Mbps Down / 10Mbps UP (minimum)
  • Small Office (<30 Users): 50Mbps Down / 20Mbps UP
  • Medium Office (31 to 100 Users): 50-100Mbps (synchronous)
  • Large Office (>100 Users): 100 to 500Mbps (synchronous) or consider SDWAN or MPLS.

Additional Notes

Why QoS is Essential Despite Sufficient Bandwidth:
  • Integrating Voice over Internet Protocol (VoIP) into a data network necessitates comprehensive Quality of Service (QoS) implementation across all network switches and routers. Mere augmentation of bandwidth often falls short in ensuring optimal voice quality. Internet link speed, typically the final bottleneck in a data network, does not inherently address issues like jitter, where non-prioritized data can disrupt VoIP packet intervals. With only one default queue available, data networks, initially not engineered for voice traffic, require specialized QoS mechanisms to uphold voice quality standards.

Specific Firewall Configurations for VoIP Environments

Required Ports

  • SIP (Session Initiation Protocol): UDP/TCP 5060, 5061
  • RTP (Real-Time Protocol): UDP 16384-32768 (or specific range used by the VoIP system)
  • RTCP (Real-Time Control Protocol): UDP 16384-32768 (paired with RTP ports)
  • HTTP/HTTPS for signaling and management: TCP 80, 443

Stateful Firewalls

Note: Some non-standard VOIP SIP Trunk and PRI/Analog conversion productions may require additional inbound communication and management, not listed below.
  • For communication sessions originating from VOIP phones, desktop applications, and mobile applications (over WLAN), connections are initiated from the respective devices to our data center.
  • Typically, when these communication sessions pass through a stateful firewall, only specific ports need to be opened outbound, as outlined below.
  • Inbound traffic from 8x8 / Fuze will access the network via ports opened by outbound sessions initiated by VOIP phones and desktop applications.
  • Any inbound troubleshooting protocols, access, or visibility initiated from the VOIP provider will require inbound allowance into the network (e.g., ICMP traffic).
  • The configuration specifics of these protocols may vary based on device, vendor, package, and firmware version.
  • UDP timeouts, SIP/RTP timeouts, and/or Application-Level Gateways (ALGs) may require adjustment to align with VOIP service timeouts indicated below. For confirmation tailored to your exact hardware, revision, and configuration, it's recommended to reach out via support.

NAT Traversal

One-to-One NAT
  • Configure one-to-one NAT for VoIP devices to avoid complications with multiple devices behind a single public IP. This ensures clear and direct routing of VoIP packets.
STUN/TURN Servers
  • Use STUN (Session Traversal Utilities for NAT) and TURN (Traversal Using Relays around NAT) servers to facilitate NAT traversal for VoIP traffic. These servers help in correctly routing traffic through NAT devices.

Firewall Rules

Access Control Lists (ACLs)
  • Create specific ACLs: Define ACLs that explicitly allow VoIP traffic while denying unnecessary traffic. This minimizes the attack surface and enhances security.
  • Prioritize VoIP traffic: Use ACLs to prioritize VoIP traffic over less critical data traffic.
TCP / UDP Timeouts
  • Port shuffling indicates that the assigned NAT ports are changing frequently. This is due to session time out on the firewall or router in use. For most business class firewalls this can be modified by changing the UDP timeout for non-SIP over TLS (non-SRTP) devices. In cases where SIP over TLS (SRTP) is in use, the TCP time out should be modified.
  • These settings should be modified to match the registration timers on the phones, which call out to register every 11 minutes, or 660 seconds.

Monitoring and Maintenance

  • Regular Monitoring
    • Implement continuous monitoring of network performance and UC service quality using tools that can provide real-time alerts and historical analysis. Key metrics to monitor include latency, jitter, packet loss, and call quality.
  • Periodic Audits
    • Conduct regular network and security audits to identify and rectify potential vulnerabilities, misconfigurations, and performance bottlenecks.
  • Capacity Planning
    • Regularly review network capacity and performance to anticipate future needs and plan for upgrades. Ensure that bandwidth, hardware, and configurations can handle expected growth in UC traffic.
  • Incident Response Plan
    • Develop and maintain an incident response plan to address potential network and UC service disruptions. Ensure the plan includes procedures for rapid identification, containment, and resolution of issues.

Network Redundancy and Failover

  • Redundant Links
    • Implement redundant network links to ensure high availability and minimize downtime. Use diverse paths for primary and backup connections to prevent single points of failure.
  • Redundant Hardware
    • Deploy redundant hardware components such as switches, routers, and firewalls to enhance network resilience. Ensure that critical devices have failover capabilities to maintain continuity in case of hardware failure.
  • Automatic Failover
    • Configure automatic failover mechanisms to detect link or hardware failures and switch to backup systems seamlessly. This helps maintain uninterrupted UC services during outages.
  • Geographical Redundancy
    • For larger deployments, consider geographical redundancy by having duplicate data centers or cloud services in different locations. This can provide additional protection against regional outages and disasters.

Remote User Considerations

  • VPN Access
    • Ensure remote users can securely access UC services via Virtual Private Networks (VPNs). Use strong encryption and authentication methods to protect traffic between remote users and the corporate network.
  • Bandwidth Management
    • Monitor and manage bandwidth for remote users to ensure they receive sufficient resources for high-quality UC services. Implement QoS policies that prioritize UC traffic over less critical applications.
  • Endpoint Configuration
    • Provide standardized configuration guidelines for remote endpoints to ensure compatibility and optimal performance. Regularly update and patch remote devices to maintain security and functionality.
  • Support for Home Networks
    • Offer support and troubleshooting for common home network issues that remote users may encounter, such as Wi-Fi interference, router configurations, and ISP limitations.

Disaster Recovery Planning

  • Backup Configurations
    • Maintain regular backups of all network device configurations, including switches, routers, and firewalls. Store these backups in secure, offsite locations for quick recovery in case of data loss.
  • Recovery Procedures
    • Develop and document detailed recovery procedures for various disaster scenarios, including hardware failures, network outages, and data breaches. Ensure these procedures are tested and updated regularly.
  • Communication Plan
    • Establish a communication plan to notify stakeholders and users during a disaster. Include contact information for key personnel, steps for initiating recovery processes, and methods for providing status updates.
  • Regular Drills
    • Conduct regular disaster recovery drills to ensure all team members are familiar with recovery procedures and can respond quickly and effectively in a real disaster situation. Use the results of these drills to improve the disaster recovery plan.

Requirements

Below are Network considerations and recommendations that customers should review and adapt as appropriate, as they may not ally to all installations.
Parameters Requirements
Poly Zero Touch Provisioning (ZTP) Allow Poly Zero Touch Provisioning, alternative options can be found in Setting Up ZTP Override.
TLS TLS 1.2 / 1.3 support is mandatory.
Wiring At least Cat 5 (preferably Cat 6) wiring for networking devices, and IP phones that use a wired connection.
WiFi Strong and consistent WiFi connection for networking devices, and IP phones that use WiFi.
PoE (recommended) See Device Manufacturer Data Sheets.
Packet loss 0% packet loss
Jitter <20 ms jitter
Network latency <100 ms latency to 8x8 data centers. VoIP services are known to work even in higher latency conditions up to 150-200 milliseconds. However, this must be maintained consistently with no packet loss.
Bandwidth requirement
Voice UCaaS and CCaaS:
  • G711 Codec: 90 kbps symmetric/call 
  • G722 Codec: 90 kbps symmetric/call (UC Calls Only)
  • G729 Codec: 35 kbps symmetric/call 
  • CCaaS add an additional 30kbps symmetric/call
Video Meetings Upstream:
  • Up to 3Mbps for video
  • 40kbps for audio
Video Meetings Downstream:
  • 2.5 Mbps for "On Stage" video in high quality
  • At least 500kbps for one incoming stream at the lowest quality
  • 200kbps per thumbnail stream (excluding on-stage)
  • 40kbps for audio
Downstream max bandwidth in a conference of n people would be 2.5Mbps + (n-2)*200kbps + 40kbps
Make sure you have 50% of your available bandwidth free to accommodate any spike in usage. Always assume that at least 35% of your users are on call at any time. However, depending on your company's use case, you may have a higher percentage. 
Note: When setting up devices to use an uncompressed voice CODEC, enable both G.711a law and G.711μ law capabilities available on the device. This prevents call quality loss by eliminating transcoding of international VoIP calls. This has no impact on bandwidth requirements, as either choice uses 80 Kbps per call. Transcoding does increase latency. 
To estimate the network bandwidth required to support a VoIP station:
  1. Choose the CODECs you plan to deploy in your network.
  2. Multiply each CODEC's bandwidth requirements by the number of simultaneous calls the network must support. For example, if you are using a G.711a/μ CODEC, and you need to support 100 simultaneous calls, then multiply 90 Kbits per second by 100 calls to calculate that you need 8.79 Mbps of symmetrical transmit-and-receive bandwidth to support the estimated call volume.
  3. Add the bandwidth required to support VoIP traffic to the bandwidth required to support your existing network traffic.
When calculating total network load, be sure to include all applications that use the network, especially applications with high bandwidth requirements (such as video conferencing).
Contact Center hardware requirements
  •  Agents require a personal computer and a high-speed Internet connection capable of running currently supported browsers.
  • If an agent uses a Voice over IP (VoIP) softphone provided by 8x8, then the agent's computer and Internet connection must consistently perform well while processing all other desktop applications required for the agent's tasks.
  • Agent screens must support a resolution of no less than 1200 x 900 pixels. If available, a higher screen resolution is recommended.
SoHo (small office/home office) suggestions For information on setting up SoHo networks see SoHo Networking Design Best Practices.

Considerations

Parameters Considerations
If running a converged network for voice and data
Configure VLANs to separate the traffic. Ensure that the Phone VLAN has the following DNS and NTP in its DHCP scope:
  • Use 8x8 DNS (Global Traffic Managers) servers 192.84.18.11 and 8.28.0.9 
  • Use 8x8 NTP server ntp2.packet8.net
Note: The recommended DNS does not resolve any other domain except 8x8.com and packet8.net. For more information on Poly and VLANs see Poly Devices VLAN Recommendations.
DHCP scope Ensure that there are no rules specified to force any provisioning server or NTP server to deviate from default 8x8 values. For provisioning servers, you must disable Option 66/160.
Maximum Transmission Unit (MTU) The network must support an MTU of 1500 bytes per packet. The MTU is the size of the largest protocol data unit that the layer can pass onwards. This is for Non-SRTP Communications only.
WAN failover We highly recommend that you use dual WAN connections in a failover state by using WAN link redundancy (Active / Standby). Dual WAN connections in load balancing (Active / Active) may not be supported due to the multiple ways to implement, speak to your 8x8 engineer for supported options and/or recommendations.
VPN use cases If your remote users or Internet egress use a VPN tunnel, make sure that the 8x8 traffic does not traverse it. Consider a Split Tunnel to have local Internet egress for 8x8 traffic. In addition, split DNS to resolve 8x8 domain queries locally. Speak to your 8x8 engineer for more information.
Internet Access Requirements
  • All 8x8 UC and Contact Center agents, supervisors, and administrators must have high-speed Internet access. Examples of high-speed Internet include DSL, Cable, or most corporate LANs.
  • Although 8x8 UC and Contact Center can interoperate with high-speed satellite connections, the round-trip transmission delay inherent in all satellite connections is likely to result in an undesirable degradation in performance.
  • Note: Dial-up Internet connections are not supported.
NAT Requirements
  • 8x8 UC and Contact Center works with typical default stateful inspection firewall settings.
  • 8x8 Contact Center requires standard NAT with any VoIP Application Layer Gateway (ALG) address fix up features disabled when using a softphone.
  • The 8x8 Contact Center browser and VoIP phone sessions periodically generate activity to keep stateful inspection ports open.
  • 8x8 Contact Center Agents using Counterpath software-based softphones (such as eyeBeam) may need to configure any firewall products (for example, Windows firewall, Symantec, or Trend Micro) to allow the softphones to receive calls.

QoS/Priority (8x8 DSCP / CoS Values Applied)

Endpoint Type Traffic Type / Application COS Value (Decimal) DSCP (Decimal) Name
Windows / Non-Admin Voice Media - Real-Time CS7 DSCP 56  
Windows / Non-Admin SIP Signalling CS5 DSCP 40  
Windows / Admin Voice Media - Real-Time EF DSCP 46 Expedited Forwarding
Windows / Admin SIP Signalling AF31 DSCP 26 Assured Forwarding
Mac / iOS Voice Media - Real-Time EF DSCP 46 Expedited Forwarding
Mac / iOS SIP Signalling AF31 DSCP 26 Assured Forwarding
Android Voice Media - Real-Time EF DSCP 46 Expedited Forwarding
Android SIP Signalling AF31 DSCP 26 Assured Forwarding
Poly Voice Media - Real-Time EF DSCP 46 Expedited Forwarding
Poly SIP Signalling AF31 DSCP 26 Assured Forwarding

8x8 Outbound Datacenter Ports

Traffic Source & Purpose Applies To Protocols Destination Ports
Provisioning, Configuration, Software Update All Certified Physical Phones & ATAs HTTP, HTTPS TCP 80, 443
Secure SIP Signalling All Certified Physical Phones & ATAs SIPS (Secure SIP) TCP 5443
Corporate Directory Certified Physical Phones LDAPS TCP 636
Network Time All Certified Physical Phones & ATAs NTP UDP, TCP 123
Can be provided locally via DHCP Option 42
Domain Name System All Certified Physical Phones & ATAs DNS UDP 53, TCP 53
Can be provided locally via DHCP Option
SIP Signalling All Certified Physical Phones & ATAs SIP UDP 5199, 5299, 5399
SIP Activation All Certified Physical Phones & ATAs SIP UDP 5060 (Phones and ATAs except Audio Codes)
UDP 5499 (Audio Codes ONLY)
Authorization, Messaging, Presence, Configuration, Administration, Reporting, Quality Management, Microservices 8x8 Work for Desktop & 8x8 Work for Mobile, {{vocm}}, Analytics, Contact Center Agent, Supervisor, Quality mgmt HTTPS TCP 443
Secure SIP Signalling (Default) 8x8 Work for Desktop, 8x8 Work for Mobile SIPS (Secure SIP) TCP 5401
SIP Signalling (When SRTP is Disabled this port is required. If you are using SRTP, the default setting, it is optional) 8x8 Work for Desktop, 8x8 Work for Mobile SIP TCP 5199
Real-Time Audio, Voice Call Audio Physical Phones, 8x8 Work for Desktop & 8x8 Work for Mobile SRTP (Secure RTP) UDP 24000 - 30999
UDP 38000 - 44999
UDP 50000 - 65535
UDP 52000 - 58999
Real-Time Audio WorkW, WebRTC UDP 20000 - 40000
8x8 Meet 8x8 Work for Desktop, 8x8 Work for Mobile, Browser HTTPS, RTP / WebRTC TCP 443
UDP/TCP 443
UDP 10000

Applications Requiring Outbound Connections

Traffic Source & Purpose Applies To Protocols Destination Ports
Nomadic 911 Location Management (Location Manager Application) Location Manager Application (also referred to as ERS Server communications) HTTPS TCP 443
Domain: lm.911.intrado.com
Domain: lm20.911.intrado.com
IP: 208.71.176.31
IP: 208.71.179.31
IP: 208.71.176.58
IP: 208.71.179.58
Nomadic 911 Location Management (Physical Phone) Physical Phone (also referred to as HELD Server communications) HTTPS TCP 443
Domain: lis.911.intrado.com
Domain: lm20.911.intrado.com
IP: 208.71.179.32
IP: 208.71.176.32
IP: 208.71.176.58
IP: 208.71.179.58
Quality Management Screen Recording (Streaming screens) Screen Recording Client in Quality Management HTTPS TCP 443
VCC FTPS Call Recording Download (Downloads of contact center call recordings using FTP over TLS) FTPS FTPS Control Connection: TCP 21 Explicit, TCP 2121 Explicit, TCP 990 Implicit
Data XFER Ports: UDP 30000-30999
Bria Softphone Standalone contact center softphone SIP, RTP UDP 5060 Default, UDP 5061 Alternate/Optional, UDP High Ports (1024 - 65535)
Zoiper Softphone Standalone contact center softphone SIP, RTP UDP 5060, 5061, UDP High Ports (32000 - 65535)
Network Utility* Media Tests, Fragmentation Test, BufferBloat Test, NAT Test, Network Assessment
*8x8's recommendation is to always allow these ports		 RTP, STUN, TURN UDP 3478-3480
Wavecell API (Video API)   HTTP, HTTPS, WSS UDP 10000 - 20000
SIP Trunks / TIE Trunks   SIPs Signalling, sRTP See customized Statement of Work for the unique implementation

Applications Requiring Incoming Connections

Traffic Source & Purpose Destination Ports Source IPs
Contact Center Email (POP3/IMAP email access) For POP3 email support, enable port TCP 110.
For POP3 SSL, enable port TCP 995.
For IMAP email support, enable port TCP 143.
For IMAP SSL, enable port TCP 993.
For SMTP email support, enable port TCP 25.
For SMTP TLS email support, enable port TCP 587.
For SMTP SSL email support, enable port TCP 465.
Note: custom ports can be configured.		 US-West: 8.21.164.0/24
US-East: 8.28.3.0/24
Brazil: 168.90.173.112/28
Canada: 142.165.219.0/24
Europe2: 217.163.57.0/24
Europe3: 109.70.58.0/24
Hong Kong: 103.252.162.0/24
Australia: 103.239.164.0/24
Bell Canada: 50.100.15.0/24
SIP Trunks SIPs Signaling, sRTP See customized Statement of Work for the unique implementation

8x8 Domains

Domain Name Name of Application or Service Port Used Domain Owner
*.8x8.com 8x8 Core Domains * 8x8
*.8x8cloud.com 8x8 Core Domains * 8x8
*.callstats.io 8x8 Core Domains * 8x8
*.cloud8.net 8x8 Core Domains * 8x8
*.p8t.us 8x8 Core Domains * 8x8
*.packet8.net 8x8 Core Domains * 8x8
*.wavecell.com 8x8 Core Domains * 8x8
*.8x8.com 8x8 Media Domains * 8x8
*.packet8.net 8x8 Media Domains * 8x8
*.8x8.vc 8x8 Video Meetings (Required) * 8x8
*.jitsi.net 8x8 Video Meetings (Required) * 8x8
8x8.vc 8x8 Video Meetings (Required) * 8x8
jitsi.net 8x8 Video Meetings (Required) * 8x8
*.dxi.eu 8x8CoreDomains(Deprecated) * 8x8
*.easycallnow.net 8x8CoreDomains(Deprecated) * 8x8
*.easycontactnow.com 8x8CoreDomains(Deprecated) * 8x8
*.amplitude.com 8x8VideoMeetings(Analytics) TCP:443 3rd Party
*.google.com 8x8VideoMeetings(Analytics) TCP:443 3rd Party
*.googleapis.com 8x8VideoMeetings(Analytics) TCP:443 3rd Party
*.googleusercontent.com 8x8VideoMeetings TCP:443 3rd Party
*.microsoftonline.com 8x8VideoMeetings(Optional) TCP:443 3rd Party
*.msauth.net 8x8VideoMeetings(Optional) TCP:443 3rd Party
*.youtube.com 8x8VideoMeetings(Optional) TCP:443 3rd Party
www.gravatar.com 8x8VideoMeetings(Optional) TCP:443 3rd Party
*.apigee.io API TCP:443 3rd Party
*.cloudflare.net DDoS mitigation,Internet security,distributed domain-name-server services TCP:443 3rd Party
*.okta.com SSO via Okta TCP:443 3rd Party
*.amazonaws.com Storage and downloading Call Center Analytic reports via S3 Signed URLs TCP:443 3rd Party
*.walkme.com Training,Configuration assistance TCP:443 3rd Party

8x8 IP Ranges

Region Name Service Type Subnet Port ACL QoS
Anycast/Global Cloudflare CDN 104.16.109.61/32 TCP:443 1 0
Anycast/Global Cloudflare CDN 104.16.110.61/32 TCP:443 1 0
Anycast/Global Required Core Services 13.248.142.77/32 TCP:443 1 0
Anycast/Global Required Core Services 13.248.145.23/32 TCP:443 1 0
Anycast/Global Required Core Services 76.223.15.160/32 TCP:443 1 0
Anycast/Global Required Core Services 76.223.20.131/32 TCP:443 1 0
Anycast/Global Reserved for Future Use 209.94.72.0/22 * 1 1
Asia Pacific 8x8 Meet 168.138.216.49/32 TCP:443,UDP:443 1 1
Asia Pacific 8x8 Meet 168.138.223.155/32 TCP:443,UDP:443 1 1
Asia Pacific ap-southeast-1 (Meeting Singapore) 18.139.118.128/27 UDP:10000 1 1
Asia Pacific Hong Kong Datacenter 103.252.162.0/24 * 1 1
Asia Pacific Maestro GW (CRM ACL) 52.64.74.212/32 TCP:443 1 0
Asia Pacific Maestro GW (CRM ACL) 54.79.107.91/32 TCP:443 1 0
Asia Pacific Maestro GW (CRM ACL) 54.79.122.211/32 TCP:443 1 0
Asia Pacific Required Core Services 13.248.132.108/32 TCP:443 1 0
Asia Pacific Required Core Services 13.248.138.121/32 TCP:443 1 0
Asia Pacific Required Core Services 76.223.13.178/32 TCP:443 1 0
Asia Pacific Required Core Services 76.223.7.179/32 TCP:443 1 0
Asia Pacific Singapore Datacenter 117.20.40.192/28 * 1 1
Asia Pacific Singapore Datacenter 146.235.23.192/26 * 1 1
Asia Pacific Tokyo-Meetings 155.248.191.0/24 UDP:10000 1 1
Australia Google GCP for Real-time media path 34.151.62.64/28 * 1 1
Australia Google GCP for Real-time media path 34.151.63.176/28 * 1 1
Australia Melbourne Datacenter 103.239.164.0/24 * 1 1
Brazil 8x8 Dedicated Datacenter 168.90.173.112/28 * 1 1
Canada 8x8 Dedicated Datacenter 142.165.219.0/24 * 1 1
Canada Required Core Services 15.222.25.56/32 TCP:443 1 0
Canada Required Core Services 15.222.75.187/32 TCP:443 1 0
Canada Toronto-Meetings 52.60.186.133/32 UDP:10000 1 1
EMEA 8x8 Meet 155.248.230.220/32 TCP:443,UDP:443 1 1
EMEA 8x8 Meet 155.248.236.53/32 TCP:443,UDP:443 1 1
EMEA London DC 212.14.227.0/24 * 1 1
EMEA Netherlands Datacenter 77.246.178.0/24 * 1 1
EMEA Required Core Services 13.248.154.21/32 TCP:443 1 0
EMEA Required Core Services 76.223.17.158/32 TCP:443 1 0
EMEA Maestro GW (CRM ACL) 54.154.255.180/32 TCP:443 1 0
EMEA Maestro GW (CRM ACL) 63.32.109.178/32 TCP:443 1 0
EMEA Maestro GW (CRM ACL) 18.197.110.6/32 TCP:443 1 0
EMEA Maestro GW (CRM ACL) 35.176.19.36/32 TCP:443 1 0
Europe Amsterdam (Meeting Netherlands) 18.184.100.96/27 UDP:10000 1 1
Europe Europe2 217.163.57.0/24 * 1 1
Europe Europe3 109.70.58.0/24 * 1 1
Europe Europe3 149.255.96.0/24 * 1 1
Europe London (Meeting UK) 18.130.202.128/27 UDP:10000 1 1
Hong Kong Google GCP for Real-time media path 34.92.74.240/28 * 1 1
Hong Kong Google GCP for Real-time media path 35.220.211.208/28 * 1 1
US East 8x8 Dedicated Datacenter 8.28.0.0/20 * 1 1
US East Required Core Services 13.248.131.204/32 TCP:443 1 0
US East Required Core Services 13.248.150.157/32 TCP:443 1 0
US East Required Core Services 76.223.12.75/32 TCP:443 1 0
US East Required Core Services 76.223.5.117/32 TCP:443 1 0
US East US-East-Meetings 34.225.179.96/32 UDP:10000 1 1
US East US-East-Meetings 34.233.137.192/32 UDP:10000 1 1
US East US-East-Meetings 35.171.204.65/32 UDP:10000 1 1
US West 8x8 Dedicated Datacenter 8.21.160.0/20 * 1 1
US West Required Core Services 13.248.131.75/32 TCP:443 1 0
US West Required Core Services 13.248.151.89/32 TCP:443 1 0
US West Required Core Services 76.223.10.109/32 TCP:443 1 0
US West Required Core Services 76.223.9.102/32 TCP:443 1 0
US West US-West-Meetings 52.8.235.99/32 UDP:10000 1 1
US West US-West-Meetings 54.241.123.63/32 UDP:10000 1 1
US West US-West-Meetings 54.67.119.169/32 UDP:10000 1 1