Technical Documentation
Version 2023.3 (EN)
Search
K
Comment on page

Network Requirements

Needed Requirements for your SWARM Perception Box
  • IPv4 is required (IPv6 is not supported)
    • A private IP4 address is okay. A public routable IP4 address is not required.
    • Make sure the MTU size is at least 1500 bytes.
  • At least 1Mbit/s down/up

Firewall (your network)

The P101/OP101/VPX Agent need to connect to the SWARM Control Center, which is hosted in the Microsoft Azure Cloud. This requires the following outgoing ports to be open in your firewall. Incoming ports are not required to be open.
Port
Protocol
Direction
80
IPv4 - TCP/UDP
Outgoing
123
IPv4 - UDP
Outgoing
443
IPv4 - TCP/UDP
Outgoing
1194
IPv4 - UDP
Outgoing
8883
IPv4 - TCP
Outgoing
5671
IPv4 - TCP
Outgoing
Typically, the camera video stream is accessed through port 554 (TCP/UDP)
If you are using your own MQTT broker, make sure to allow the required ports.

Troubleshooting

Connect your PC to the network the Perception Box is connected to.

IPv4

Make sure IP4 is supported
ping4 google.com

DNS

Make sure the DNS is able to resolve *.azure-devices.net, *.azure-devices-provisioning.net.
swarm@:~$ dig +short global.azure-devices-provisioning.net
id-prod-global-endpoint.trafficmanager.net.
idsu-prod-mrs-001-su.francesouth.cloudapp.azure.com.
40.79.180.98

Ports

Make sure that all above listed outgoing ports are open.
swarm@:~$ curl portquiz.net:8883
Port 8883 test successful!
Your IP: 127.0.0.1

SSL/TLS

Make sure the TLS certificate is valid (and not inspected). Watch out for Verification: OK.
swarm@:~$ openssl s_client -connect global.azure-devices-provisioning.net:443
CONNECTED(00000005)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = Microsoft Corporation, CN = Microsoft RSA TLS CA 02
verify return:1
depth=0 CN = *.azure-devices-provisioning.net
verify return:1
---
Certificate chain
0 s:CN = *.azure-devices-provisioning.net
i:C = US, O = Microsoft Corporation, CN = Microsoft RSA TLS CA 02
1 s:C = US, O = Microsoft Corporation, CN = Microsoft RSA TLS CA 02
i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIWTCCBkGgAwIBAgITfwATMr0tZ+TbqzQUkQAAABMyvTANBgkqhkiG9w0BAQsF
ADBPMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
<<SNIP>>
/5bEzS0RghacUpAj47GmEtrpMGnjW+NpzowkjsR4HE2T54ItSlafD/4Am1Fbx/oE
/o14IXIGOpM+TlGPEifj+7cgIA7GESAgi8J3CaI=
-----END CERTIFICATE-----
subject=CN = *.azure-devices-provisioning.net
issuer=C = US, O = Microsoft Corporation, CN = Microsoft RSA TLS CA 02
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4003 bytes and written 444 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 36070000994141FEF9A6DA8FFE8AEBAE8609332DED4B5B69AC05BF44FE3667B8
Session-ID-ctx:
Master-Key: 1D2580A0EECFF340F4A7DA46BC6B88D25309C78EFF35B736A2882745E010778D6EB29B45A1C7F62ADDF1AB6D2937EA9D
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1626709603
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---