Network Configuration Recommendations > Audio and Video Communication
Audio and Video Communication
User experience can be greatly affected by the quality of the audio and video during a session; therefore, the network path and signal quality of the bandwidth is extremely important.
The way in which audio/video is streamed is determined when a host enters a Chalk session; during this time, there is still communication to the audio/video servers listed in Servers Required for All Configurations and Servers Required Based on Region.
The process goes as follows:
1. External servers are contacted using ICE protocol and STUN servers to determine connectivity requirements.
2. The clients then determine potential connection routes, and attempts are made to validate the potential paths. This is all done silently in the background.
As described in the sections below, there are three different ways that connections can be made; the primary difference to end users is in the session quality and use of a combination of different UDP and TCP ports.
There are no settings in Chalk that control which ports or protocols are used; the networks that the clients are connected to determines this.
One setting that does affect the connection of sessions is the type of session encryption that Chalk is configured to use. Your sessions can use one of the following types of encryption:
Encryption Type
Standard encryption is required for multi-expert sessions. With standard encryption, video traffic always needs to exit your network to external servers, but is still fully encrypted. This is needed to make efficient use for multiple participants.
The server needs the key to transmit video to all participants, and each client receives video based on their available connection using H.264 encoding at 720p. The available bandwidth and connection quality impacts video quality. For example, there is a large overhead in re-establishing a lost connection to a cell tower or Wi-Fi network, so available bandwidth is used for that versus sending video packets.
End-to-end encryption (E2EE) delivers video, audio, and images using a peer-to-peer delivery model. The encryption key is local to the client
E2EE encryption is always used when starting a session via your contacts.
E2EE in the Same Network
If two clients are on the same network using E2EE encryption, and there are no client restrictions that would force traffic through a proxy, the typical flow of direct device communication would look similar to the following diagram.
This scenario is not possible when using Standard encryption.
In this scenario, you only need to be concerned with the firewall rules that apply to the signaling servers as video traffic goes between the devices directly.
E2EE with Clients Outside Your Network
If two clients are on the different networks using E2EE, you’ll need to take into consideration the firewall rules that apply to the signaling servers as well as the ports listed below in the “Destination Port Range” section.
This scenario is not possible when using Standard encryption.
Clients on Different Networks with User Datagram Protocol (UDP)
If standard encryption is being used or cases where E2EE encryption prevents direct communication, you need to be concerned with the firewall rules that apply to the signaling as well as the media traffic. The flow of communication for this scenario looks similar to this:
Each client communicates to the cloud media servers.
Clients on Different Networks with Only Transmission Control Protocol (TCP)
If your networking policy does not allow outgoing UDP traffic, you can alternatively use only TCP ports. You need to be concerned with the firewall rules that apply to the signaling as well as the media traffic. However, because there are less ports for the destination server, there will be some impact to video quality:
IP Ranges
For information on IP ranges that are used in the audio/video communication (servers in the upper-right of the above diagrams in the sections above), see Media Servers. Only the IP ranges where your Chalk users are located need to be added.
Destination Port Range
As mentioned above, video streams use a dynamic port range based on the ability to route through a network. There are three basic recommended configurations to choose from based on the restrictions put in place by your IT department.
For the best video experience, we recommend Option 1.
Required Ports
This method uses UDP ports for the main video transport. The large UDP range is for balancing load on media servers and is automatically chosen as part of the connection negotiation.
Your network should allow access to the destination IP ranges above on the following ports:
UDP Ports 443, 3478, 10000 - 60000
This method is similar to Option 1, but without such a large range of destination port rules. This option is a bit slower due to additional overhead of routing traffic through a single port.
UDP Ports 443, 3478, 5349
This method uses only TCP and provides video stream of a lesser performance due to further reduction of ports and only using TCP.
TCP Ports 443, 3478, 5349
As an example, if a site in Japan is being used for a Chalk session, communication needs to be allowed to all of the signaling servers as listed in Servers Required for All Configurations, as well as the following outgoing traffic: ( - ( - ( -