Network Requirements

Needed Requirements for your SWARM Perception Box

  • IPv4 is required (IPv6 is not supported)

    • A private IP4 address is okay. A public routable IP4 address is not required.

    • Make sure the MTU size is at least 1500 bytes.

  • At least 1Mbit/s down/up

Firewall (your network)

The P101/OP101/VPX Agent need to connect to the SWARM Control Center, which is hosted in the Microsoft Azure Cloud. This requires the following outgoing ports to be open in your firewall. Incoming ports are not required to be open.

PortProtocolDirection

80

IPv4 - TCP/UDP

Outgoing

123

IPv4 - UDP

Outgoing

443

IPv4 - TCP/UDP

Outgoing

1194

IPv4 - UDP

Outgoing

8883

IPv4 - TCP

Outgoing

5671

IPv4 - TCP

Outgoing

Typically, the camera video stream is accessed through port 554 (TCP/UDP)

If you are using your own MQTT broker, make sure to allow the required ports.

Troubleshooting

Connect your PC to the network the Perception Box is connected to.

IPv4

Make sure IP4 is supported

ping4 google.com

DNS

Make sure the DNS is able to resolve *.azure-devices.net, *.azure-devices-provisioning.net.

swarm@:~$ dig +short global.azure-devices-provisioning.net

id-prod-global-endpoint.trafficmanager.net.
idsu-prod-mrs-001-su.francesouth.cloudapp.azure.com.
40.79.180.98

Ports

Make sure that all above listed outgoing ports are open.

swarm@:~$ curl portquiz.net:8883
Port 8883 test successful!
Your IP: 127.0.0.1

SSL/TLS

Make sure the TLS certificate is valid (and not inspected). Watch out for Verification: OK.

swarm@:~$ openssl s_client -connect global.azure-devices-provisioning.net:443

CONNECTED(00000005)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = Microsoft Corporation, CN = Microsoft RSA TLS CA 02
verify return:1
depth=0 CN = *.azure-devices-provisioning.net
verify return:1
---
Certificate chain
 0 s:CN = *.azure-devices-provisioning.net
   i:C = US, O = Microsoft Corporation, CN = Microsoft RSA TLS CA 02
 1 s:C = US, O = Microsoft Corporation, CN = Microsoft RSA TLS CA 02
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIWTCCBkGgAwIBAgITfwATMr0tZ+TbqzQUkQAAABMyvTANBgkqhkiG9w0BAQsF
ADBPMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
<<SNIP>>
/5bEzS0RghacUpAj47GmEtrpMGnjW+NpzowkjsR4HE2T54ItSlafD/4Am1Fbx/oE
/o14IXIGOpM+TlGPEifj+7cgIA7GESAgi8J3CaI=
-----END CERTIFICATE-----
subject=CN = *.azure-devices-provisioning.net

issuer=C = US, O = Microsoft Corporation, CN = Microsoft RSA TLS CA 02

---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4003 bytes and written 444 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 36070000994141FEF9A6DA8FFE8AEBAE8609332DED4B5B69AC05BF44FE3667B8
    Session-ID-ctx:
    Master-Key: 1D2580A0EECFF340F4A7DA46BC6B88D25309C78EFF35B736A2882745E010778D6EB29B45A1C7F62ADDF1AB6D2937EA9D
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1626709603
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---

Last updated