Jump to content

Sprint WIFI Calling port for QOS.


Cataract2

Recommended Posts

Wouldn't it be easier just to assign the phone a static IP and do QOS priority on its IP?

Normally I would say yes, though I prefer to save static ips for wired devices.  In the case of the phones, I would prefer to QOS the port so that it doesn't matter what device (phone) is used.

  • Like 1
Link to comment
Share on other sites

Use Port 4500. Definitely is 4500. I know by experience because the ASUS routers Sprint sends out slow all other Port 4500 traffic to a standstill in order to give priority to WiFi calling.

Anyway I would most likely start by setting Port 4500 to the Highest QOS Priority you have.

Additional settings beloe:

  • 500,4500,5060,5061,52000:59999 for WiFi Calling.
  • 53,67,68,500,4500 for an Airvanna (if you have on connected to your router as well.

The below details are just a summary of my research. Please let me know if you agree with my conclusions.

  • Port 444 is for emergency 911.
  • WiFi calling Gateway: IP Address: 68.31.26.1 Host of this IP: 68-31-26-1.pools.spcsdns.net

 

From T-Mobile Documentation:

From T-mobile's Instructions but much the same for Sprint WiFi Calling Routers. http://serverfault.com/questions/628379/qos-settings-for-wi-fi-calling-on-pfsense-firewall-gateway

 

s91fj.png

 

There seems to be a consensus of sorts that you may want to also do some of the AIRRAVE QOS ports as well likethe following from T-mobile as well.

Enter the following two rules giving them a meaningful name like "WiFi Calling", enter the MAC for your phone, enter at least 85% of your available bandwidth (e.g 0-42500 if your maximum transfer rate is 50 Meg), the highest priority and:
Rule 1: Destination port "4500" Protocol "UDP"
Rule 2: Destination port "5060, 5061" Protocol "TCP"  lso 52000 to 59999.

 

From Sprint Documentation:

Sprint also details additional ports for the Airvanna and Airrave.

http://support.sprint.com/support/article/Know_if_you_need_to_enable_additional_ports_on_your_router_for_your_AIRAVE_Access_Point/case-wh164052-20100806-134201#!/

If your AIRAVE cannot connect to the Sprint network due to a unique network configuration, you may need to open the following UDP ports on your switch or router that the AIRAVE is connected behind:

  • Airave (Airave 1.0 Samsung) ports are: 53, 500, 4500, and 52428
  • Airave Access Point (Airave 2.0 Airvana) ports are: 53, 67, 68, 500, and 4500
  • Like 3
Link to comment
Share on other sites

Can you handle the airave in one shot by setting its MAC address to highest priority?

 

Sent from my LG-LS980 using Tapatalk

Yes, that should work as well, since it really does not create any unnecessary traffic that you would want to filter out by ports.

  • Like 1
Link to comment
Share on other sites

 

Use Port 4500. Definitely is 4500. I know by experience because the ASUS routers Sprint sends out slow all other Port 4500 traffic to a standstill in order to give priority to WiFi calling.

Anyway I would most likely start by setting Port 4500 to the Highest QOS Priority you have.

Additional settings beloe:

  • 500,4500,5060,5061,52000:59999 for WiFi Calling.
  • 53,67,68,500,4500 for an Airvanna (if you have on connected to your router as well.

The below details are just a summary of my research. Please let me know if you agree with my conclusions.

  • Port 444 is for emergency 911.
  • WiFi calling Gateway: IP Address: 68.31.26.1 Host of this IP: 68-31-26-1.pools.spcsdns.net

 

From T-Mobile Documentation:

From T-mobile's Instructions but much the same for Sprint WiFi Calling Routers. http://serverfault.com/questions/628379/qos-settings-for-wi-fi-calling-on-pfsense-firewall-gateway

 

s91fj.png

 

There seems to be a consensus of sorts that you may want to also do some of the AIRRAVE QOS ports as well likethe following from T-mobile as well.

Enter the following two rules giving them a meaningful name like "WiFi Calling", enter the MAC for your phone, enter at least 85% of your available bandwidth (e.g 0-42500 if your maximum transfer rate is 50 Meg), the highest priority and:

Rule 1: Destination port "4500" Protocol "UDP"

Rule 2: Destination port "5060, 5061" Protocol "TCP"  lso 52000 to 59999.

 

From Sprint Documentation:

Sprint also details additional ports for the Airvanna and Airrave.

http://support.sprint.com/support/article/Know_if_you_need_to_enable_additional_ports_on_your_router_for_your_AIRAVE_Access_Point/case-wh164052-20100806-134201#!/

If your AIRAVE cannot connect to the Sprint network due to a unique network configuration, you may need to open the following UDP ports on your switch or router that the AIRAVE is connected behind:

  • Airave (Airave 1.0 Samsung) ports are: 53, 500, 4500, and 52428
  • Airave Access Point (Airave 2.0 Airvana) ports are: 53, 67, 68, 500, and 4500

 

 

Really nice, informative post, with references. That's awesome. 

Link to comment
Share on other sites

  • 2 years later...

Here's the packet capture.  Once I added 68.31.20.2 with ports 4500 Sprint Wifi Would not work.

 

08:16:41.648117 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2cd), length 116
08:16:41.667976 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2ce), length 116
08:16:41.688023 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2cf), length 116
08:16:41.707756 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2d0), length 116
08:16:41.727834 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2d1), length 116
08:16:41.747943 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2d2), length 116

Edited by fdigiovanni@wmrhsd.org
Link to comment
Share on other sites

I mean until I added  68.31.20.2 with ports 4500 Sprint Wifi Would not work.  So add 68.31.20.2 as well to your firewall rules.
They likely have many IP addresses as endpoints. It might be a whole subnet that you can map.

But I'm not sure why you're manually adding firewall rules with the IP address?

Sent from my Pixel 2 XL using Tapatalk

Link to comment
Share on other sites

Well because we block as many things as we can on our network to prevent _______ fill in the blank.  

You could add the entire subnet 68.31.0.0 but then you may be adding addresses to... who knows.   There are a lot of vpn's that run on port 4500 so we block that to prevent students from skirting around our firewalls and content filters.

All I know is the packet capture showed my phone attempting to connect to that IP over 4500. Allowing 4500 out to that IP instantly connected my phone to Sprint WiFi.   So sprint is not even honest and forthcoming with their information as that address is nowhere on their network firewall instructions.

 

 

Link to comment
Share on other sites

Well because we block as many things as we can on our network to prevent _______ fill in the blank.  

You could add the entire subnet 68.31.0.0 but then you may be adding addresses to... who knows.   There are a lot of vpn's that run on port 4500 so we block that to prevent students from skirting around our firewalls and content filters.

All I know is the packet capture showed my phone attempting to connect to that IP over 4500. Allowing 4500 out to that IP instantly connected my phone to Sprint WiFi.   So sprint is not even honest and forthcoming with their information as that address is nowhere on their network firewall instructions.

 

 

Ahh, you're doing a larger scale network, not a home network.

 

I don't think you'll be able to get an IP list from Sprint. They probably have a domain name that is used, and likely has many A records (or may only return 1 for load balancing reasons, preventing you from getting a list. Amazon Alexa does this for example). You could maybe sniff DNS lookups from an Airave when it's powered on, or when WiFi calling is toggled, to see if that's one way to get all the IPs.

 

I suppose you could allow port 4500 to any IP in Sprint's allocation (should be public somewhere). It's possible that someone might have a routed IP (hotspot plan) and decide to host an ipsec tunnel to bypass your filters, but I'd say the odds are fairly low. Regular plans have non-routable IPs so can't host servers.

 

Sent from my Pixel 2 XL using Tapatalk

 

 

 

Link to comment
Share on other sites

I just did a packet capture on my Airave (which should use the same servers as wifi calling), and it connected to segw06.femto.sprint.net for the ipsec tunnel (ports 500 and 4500). It established two tunnels (one for LTE, and one for CDMA) to IP addresses 68.28.116.127 and 68.31.0.1

 

So you can likely try to explore their DNS records to build an IP list.

 

Sent from my Pixel 2 XL using Tapatalk

 

 

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • large.unreadcontent.png.6ef00db54e758d06

  • gallery_1_23_9202.png

  • Posts

    • T-Mobile Fires Back At AT&T After Their Statements On T-Priority
    • February is always closer than you think! https://stadiumtechreport.com/news/caesars-superdome-gets-matsing-deployment-ahead-of-super-bowl-lix/ Another Super Bowl, another MatSing cellular antenna deployment. Caesars Superdome, home of the NFL’s New Orleans Saints, has deployed a large number of cellular antennas from MatSing as part of an effort to increase wireless network capacity ahead of the upcoming Super Bowl LIX in February, 2025. It is the third such deployment of MatSing equipment at Super Bowl venues in as many years, following cellular upgrades at Allegiant Stadium for Super Bowl LVIII and at State Farm Stadium for Super Bowl LVII. According to the Saints, the MatSing antennas were part of a large wireless overhaul this offseason, done primarily “to satisfy fans’ desires for wireless consumption and bandwidth,” an important thing with Super Bowl LIX coming to the venue on Feb. 9, 2025. Each year, the NFL’s big game regularly sets records for wireless data consumption, with a steady upward progression ever since wireless networks were first put into stadiums. https://www.neworleanssaints.com/news/caesars-superdome-transformation-2024-new-orleans-saints-nfl-season-part-1-wifi-upgrades-wireless-cellular During the offseason renovation project, the foundation of the facility's new Distributed Antenna System (DAS) was the installation of 16 multi-beam, wideband spherical lense antennas that are seven feet in diameter and weigh nearly 600 pounds apiece, a model called the MatSing MS-48H180. Another 16 large antenna spheres of varying sizes and frequencies have also been installed for a total of 32 new large antennas, in addition to 200 cellular antennas inside and around the building, all of these products specifically made for high-density environments such as stadiums and arenas. The DAS system's performance is expected to enhance further as it becomes fully integrated throughout the season. The MatSing MS-48H180 devices, with a black color that matches the Caesars Superdome's roof, each were individually raised by hoist machines to the top of the facility and bolted into place. Each cellular antenna then transmits 48 different beams and signals to a specific area in the stadium, with each sphere angled differently to specifically target different coverage areas, allowing increased, consistent coverage for high-density seating areas. In addition to creating targets in seating and common areas throughout the stadium, these antennas create dedicated floor zones that result in improved coverage to the field areas for fans in 12 field-level suites and the Mercedes-Benz End Zone Club, teams and on-field media and broadcast elements. The project is also adding 2,500 new wireless access points placed in areas such as concourses, atriums, suites and food and beverage areas for better WiFi coverage.
    • https://www.yahoo.com/news/dallas-county-completes-first-911-194128506.html - First 911 call/text received over Starlink/T-Mobile direct to cell.  This appears to be in Dallas County, MO.
    • FCC: "We remain committed to helping with recovery efforts in states affected by Hurricane Helene. We stand ready to do all that is necessary to return connectivity to hard-hit areas and save lives." SpaceX: "SpaceX and @TMobile have been given emergency special temporary authority by the @FCC to enable @Starlink satellites with direct-to-cell capability to provide coverage for cell phones in the affected areas of Hurricane Helene. The satellites have already been enabled and started broadcasting emergency alerts to cell phones on all networks in North Carolina. In addition, we may test basic texting (SMS) capabilities for most cell phones on the T-Mobile network in North Carolina. SpaceX’s direct-to-cell constellation has not been fully deployed, so all services will be delivered on a best-effort basis." Space posted this at 2pm today on X.
    • https://ibb.co/KrTR877 https://ibb.co/DK3MVgw https://ibb.co/VgWtZwR Should work with these links
  • Recently Browsing

    • No registered users viewing this page.
×
×
  • Create New...