Jump to content

Sprint WIFI Calling port for QOS.


Cataract2

Recommended Posts

Wouldn't it be easier just to assign the phone a static IP and do QOS priority on its IP?

Normally I would say yes, though I prefer to save static ips for wired devices.  In the case of the phones, I would prefer to QOS the port so that it doesn't matter what device (phone) is used.

  • Like 1
Link to comment
Share on other sites

Use Port 4500. Definitely is 4500. I know by experience because the ASUS routers Sprint sends out slow all other Port 4500 traffic to a standstill in order to give priority to WiFi calling.

Anyway I would most likely start by setting Port 4500 to the Highest QOS Priority you have.

Additional settings beloe:

  • 500,4500,5060,5061,52000:59999 for WiFi Calling.
  • 53,67,68,500,4500 for an Airvanna (if you have on connected to your router as well.

The below details are just a summary of my research. Please let me know if you agree with my conclusions.

  • Port 444 is for emergency 911.
  • WiFi calling Gateway: IP Address: 68.31.26.1 Host of this IP: 68-31-26-1.pools.spcsdns.net

 

From T-Mobile Documentation:

From T-mobile's Instructions but much the same for Sprint WiFi Calling Routers. http://serverfault.com/questions/628379/qos-settings-for-wi-fi-calling-on-pfsense-firewall-gateway

 

s91fj.png

 

There seems to be a consensus of sorts that you may want to also do some of the AIRRAVE QOS ports as well likethe following from T-mobile as well.

Enter the following two rules giving them a meaningful name like "WiFi Calling", enter the MAC for your phone, enter at least 85% of your available bandwidth (e.g 0-42500 if your maximum transfer rate is 50 Meg), the highest priority and:
Rule 1: Destination port "4500" Protocol "UDP"
Rule 2: Destination port "5060, 5061" Protocol "TCP"  lso 52000 to 59999.

 

From Sprint Documentation:

Sprint also details additional ports for the Airvanna and Airrave.

http://support.sprint.com/support/article/Know_if_you_need_to_enable_additional_ports_on_your_router_for_your_AIRAVE_Access_Point/case-wh164052-20100806-134201#!/

If your AIRAVE cannot connect to the Sprint network due to a unique network configuration, you may need to open the following UDP ports on your switch or router that the AIRAVE is connected behind:

  • Airave (Airave 1.0 Samsung) ports are: 53, 500, 4500, and 52428
  • Airave Access Point (Airave 2.0 Airvana) ports are: 53, 67, 68, 500, and 4500
  • Like 3
Link to comment
Share on other sites

Can you handle the airave in one shot by setting its MAC address to highest priority?

 

Sent from my LG-LS980 using Tapatalk

Yes, that should work as well, since it really does not create any unnecessary traffic that you would want to filter out by ports.

  • Like 1
Link to comment
Share on other sites

 

Use Port 4500. Definitely is 4500. I know by experience because the ASUS routers Sprint sends out slow all other Port 4500 traffic to a standstill in order to give priority to WiFi calling.

Anyway I would most likely start by setting Port 4500 to the Highest QOS Priority you have.

Additional settings beloe:

  • 500,4500,5060,5061,52000:59999 for WiFi Calling.
  • 53,67,68,500,4500 for an Airvanna (if you have on connected to your router as well.

The below details are just a summary of my research. Please let me know if you agree with my conclusions.

  • Port 444 is for emergency 911.
  • WiFi calling Gateway: IP Address: 68.31.26.1 Host of this IP: 68-31-26-1.pools.spcsdns.net

 

From T-Mobile Documentation:

From T-mobile's Instructions but much the same for Sprint WiFi Calling Routers. http://serverfault.com/questions/628379/qos-settings-for-wi-fi-calling-on-pfsense-firewall-gateway

 

s91fj.png

 

There seems to be a consensus of sorts that you may want to also do some of the AIRRAVE QOS ports as well likethe following from T-mobile as well.

Enter the following two rules giving them a meaningful name like "WiFi Calling", enter the MAC for your phone, enter at least 85% of your available bandwidth (e.g 0-42500 if your maximum transfer rate is 50 Meg), the highest priority and:

Rule 1: Destination port "4500" Protocol "UDP"

Rule 2: Destination port "5060, 5061" Protocol "TCP"  lso 52000 to 59999.

 

From Sprint Documentation:

Sprint also details additional ports for the Airvanna and Airrave.

http://support.sprint.com/support/article/Know_if_you_need_to_enable_additional_ports_on_your_router_for_your_AIRAVE_Access_Point/case-wh164052-20100806-134201#!/

If your AIRAVE cannot connect to the Sprint network due to a unique network configuration, you may need to open the following UDP ports on your switch or router that the AIRAVE is connected behind:

  • Airave (Airave 1.0 Samsung) ports are: 53, 500, 4500, and 52428
  • Airave Access Point (Airave 2.0 Airvana) ports are: 53, 67, 68, 500, and 4500

 

 

Really nice, informative post, with references. That's awesome. 

Link to comment
Share on other sites

  • 2 years later...

Here's the packet capture.  Once I added 68.31.20.2 with ports 4500 Sprint Wifi Would not work.

 

08:16:41.648117 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2cd), length 116
08:16:41.667976 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2ce), length 116
08:16:41.688023 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2cf), length 116
08:16:41.707756 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2d0), length 116
08:16:41.727834 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2d1), length 116
08:16:41.747943 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2d2), length 116

Edited by fdigiovanni@wmrhsd.org
Link to comment
Share on other sites

I mean until I added  68.31.20.2 with ports 4500 Sprint Wifi Would not work.  So add 68.31.20.2 as well to your firewall rules.
They likely have many IP addresses as endpoints. It might be a whole subnet that you can map.

But I'm not sure why you're manually adding firewall rules with the IP address?

Sent from my Pixel 2 XL using Tapatalk

Link to comment
Share on other sites

Well because we block as many things as we can on our network to prevent _______ fill in the blank.  

You could add the entire subnet 68.31.0.0 but then you may be adding addresses to... who knows.   There are a lot of vpn's that run on port 4500 so we block that to prevent students from skirting around our firewalls and content filters.

All I know is the packet capture showed my phone attempting to connect to that IP over 4500. Allowing 4500 out to that IP instantly connected my phone to Sprint WiFi.   So sprint is not even honest and forthcoming with their information as that address is nowhere on their network firewall instructions.

 

 

Link to comment
Share on other sites

Well because we block as many things as we can on our network to prevent _______ fill in the blank.  

You could add the entire subnet 68.31.0.0 but then you may be adding addresses to... who knows.   There are a lot of vpn's that run on port 4500 so we block that to prevent students from skirting around our firewalls and content filters.

All I know is the packet capture showed my phone attempting to connect to that IP over 4500. Allowing 4500 out to that IP instantly connected my phone to Sprint WiFi.   So sprint is not even honest and forthcoming with their information as that address is nowhere on their network firewall instructions.

 

 

Ahh, you're doing a larger scale network, not a home network.

 

I don't think you'll be able to get an IP list from Sprint. They probably have a domain name that is used, and likely has many A records (or may only return 1 for load balancing reasons, preventing you from getting a list. Amazon Alexa does this for example). You could maybe sniff DNS lookups from an Airave when it's powered on, or when WiFi calling is toggled, to see if that's one way to get all the IPs.

 

I suppose you could allow port 4500 to any IP in Sprint's allocation (should be public somewhere). It's possible that someone might have a routed IP (hotspot plan) and decide to host an ipsec tunnel to bypass your filters, but I'd say the odds are fairly low. Regular plans have non-routable IPs so can't host servers.

 

Sent from my Pixel 2 XL using Tapatalk

 

 

 

Link to comment
Share on other sites

I just did a packet capture on my Airave (which should use the same servers as wifi calling), and it connected to segw06.femto.sprint.net for the ipsec tunnel (ports 500 and 4500). It established two tunnels (one for LTE, and one for CDMA) to IP addresses 68.28.116.127 and 68.31.0.1

 

So you can likely try to explore their DNS records to build an IP list.

 

Sent from my Pixel 2 XL using Tapatalk

 

 

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • large.unreadcontent.png.6ef00db54e758d06

  • gallery_1_23_9202.png

  • Posts

    • It’s a neat and seemingly valid / effective strategy that, at least from my understanding, is only really used by VZW
    • Those are usually left over from the initial AWS deployment, so all run B13/B66 with support for BC0/BC1 (although that’s been shut off on most sites). No NR. Sites with the later Ericsson radios got an OTA update and broadcast B2. On those sites, a B5 OTA update was also available (and tested), but ultimately rolled back. Putting up all that power/spectrum severely degraded the B13 output.  The site atop Crystal Mountain is another story and uses the same setup as the site on the ridge near Neilton. These antennas were selected for their vertical beamwidth. Most modern directional antennas have small vertical beamwidths and would require extreme downtilt to cover the road next to a steep ridge. Thus, they would have a severely limited coverage footprint beyond the road. Omnis can be a better choice in these instances, especially when there’s LoS to the coverage objective (since they’ll generally have lower gain figures). Omnis also don’t run in to the horizontal sector edge problem, which can be difficult to optimize for with directional antennas that have complex or irregular 3D gain profiles. That’s why on a lot of sites on mountains, you’ll see wider antennas used. For example, the Verizon site on Joyce Ridge has three sectors with 80-degree HBW antennas. 
    • Do you know what RAN is behind those Omni's? LTE (bands?) are they pushing any NR through them? Very curious   edit: I guess I could check cellmapper etc but you might know more nuance!
    • N41 here has been expanded from 140Mhz to 180Mhz.  Speeds seem the same so they just need to work on backhaul
    • I noticed today that T-mobile has shut of B41 LTE in the Louisville area and widened the 2nd n41 carrier to 80MHz. That just leaves them with 5x5 B12, 10x10 B2, and two 10x10 B66 carriers on LTE, everything else is in NR (besides their 2G network). They have 20x20 n71, 20x20 n25, 5x5 n25, and 180MHz n41. 
  • Recently Browsing

    • No registered users viewing this page.
×
×
  • Create New...