Overvview of ports used - A/V Edge

In order for the A/V Edge server to function correctly, the outside firewall must allow bidirectional traffic through the following ports:

UDP 3478
TCP 443
UDP 50,000-59,999 (formerly 50,000-52,999 before the RC build) for federated partners
TCP 50,000-59,999 (formerly 50,000-52,999 before the RC build) for federated partners


Quick overview of TCP and UDP
TCP is a connection oriented protocol. The protocol itself is responsible for packet loss and proper packet sequencing.

UDP is a connectionless oriented protocol that depends on upper level protocols to take care of packet loss and proper packet sequencing.

Becuase TCP has more responsabilities, it has greater overhead and in most cases is much slower than UDP. The trade off is speed for reliability. TCP will make sure all the packets get there while UDP will ensure that what packets get there, get there quickly.

Why does the A/V Edge need TCP ports?
Although UDP is a more efficient transport, some clients can only reach the internet via TCP, usually due to a firewall policy or restriction. So OCS also supports a TCP media transport in case a UDP path is not available. At the start of each call or conference, the two endpoints use the IETF's ICE (Interactive Connectivity Establishment)protocol to dynamically chooses the optimal media path available and overcome the inherent issues of being behind a NAT device. This protocol prefers direct media paths over those that go through a media relay, and UDP paths over TCP paths.

Why does the A/V Edge need the port range at 50,000?
The A/V Edge server is an implementation of the IETF's media relay protocol called Stun/Turn. The standard
requires this port range because we cannot assume the remote party has access to the same media relay server. Phone calls often traverse company boundaries, and in OCS2007, a good example is a VOIP call to a federated company. (Calls to standalone SIP devices are another example that I could imagine as VOIP technology continues to evolve.) The federated company cannot access the local companyÆs A/V Edge via UDP3478/TCP443. The 50,000 port range allows media to traverse in a federated call. The reason why it is a port range versus a multiplexed port is to enable efficient relaying of RTP packets. A multiplexed port would require increased packet inspection and lowered efficiency of the server. As youÆll see below, the port range also increases the security of the A/V Edge Server.