¶ Technical Network and Communications Manual
Updated: March/2026
💵 1. Darwin – Servers and Infrastructure
¶ 1. Darwin – Servers and Infrastructure
¶ 🔁 Routing Rules (CRITICAL)
-
Do not use Load Balancing (L4/L7)
-
Do not use intermediate proxies
-
Do not use SD-WAN in load-balanced mode
-
Do not use DNS with multiple destinations (round-robin)
-
Traffic must always originate from the same IP
-
NAT must be persistent (no changes during session)
-
Do not change routing while sessions are active
-
Failover must be active-passive only
-
Link switching only on real failure
-
Sessions must be re-established after failover
Multiple active paths are not supported (WebRTC/RTP)
¶ ☁️ Cloud Connectivity
- Continuous connectivity to AWS is required
- Instability impacts: video, API, telemetry, and active sessions
¶ 🌐 Main Ports and Domains
| Domain / Address | Port(s) | Transport | Protocol | Direction | Notes |
|---|---|---|---|---|---|
*.easi.live |
443 | TCP / UDP | HTTPS / HTTP/3 | Bidirectional | Main communication (HTTP/3 automatically used when available) |
api.easi.live |
443 | TCP | HTTPS | Bidirectional | API |
storage.easi.live |
443 | TCP | HTTPS | Bidirectional | Upload / storage |
remote.easi.live |
443 | TCP | HTTPS | Bidirectional | Remote access |
mqttv2.easi.live |
8883 | TCP | MQTT TLS | Bidirectional | Telemetry (primary) |
mqttv2.easi.live |
1883 | TCP | MQTT TLS | Bidirectional | Compatibility (via AWS LB) |
stun.br.easi.live |
3478 | TCP/UDP | STUN | Bidirectional | WebRTC (NAT discovery) |
ntp.easi.live, a.ntp.br |
123 | UDP | NTP | Bidirectional | Time synchronization (required) |
easilive.s3.amazonaws.com, s3-1-w.amazonaws.com |
443 | TCP | HTTPS | Bidirectional | AWS S3 |
archive.ubuntu.com, security.ubuntu.com, ppa.launchpad.net |
443 | TCP | HTTPS | Outbound | Ubuntu updates |
download.docker.com |
443 | TCP | HTTPS | Outbound | Docker |
hub.docker.com, registry-1.docker.io, production.cloudflare.docker.com, auth.docker.io, index.docker.io |
443 | TCP | HTTPS | Outbound | Docker images |
quay.io (optional) |
443 | TCP | HTTPS | Outbound | Alternative registry |
monitore.svc.easi.live |
10051 | TCP | Zabbix | Outbound | Monitoring |
<Telephony Server IP> |
443 | TCP | HTTPS / SOAP | Internal | Telephony integration |
* |
1024–65535 | UDP | RTP | Bidirectional | Media (WebRTC / DVR) – dynamic ports |
| — | 23454 | UDP | Proprietary | Internal | POS integration |
¶ 🚀 HTTP/3 (QUIC)
¶ Firewall
- TCP 443 (required)
- UDP 443 (recommended)
- TCP 80 (redirect)
UDP 443 reduces latency and connection establishment time
¶ ⏱️ NTP (Time Synchronization)
Time synchronization is required for:
- TLS (certificate validation)
- WebRTC (session negotiation)
- Logs and auditing
- Authentication
¶ Firewall
- UDP 123 must be allowed (outbound)
- Access to external NTP servers
Recommended maximum offset: 5 seconds
¶ Best Practices
- Do not intercept or redirect NTP
- Do not apply inspection (DPI)
¶ Failure Symptoms
- TLS certificate errors
- Intermittent login/API failures
- WebRTC issues (ICE / handshake)
¶ 📞 VoIP Telephony
| Port | Transport | Protocol | Function |
|---|---|---|---|
| 5060 | UDP | SIP | Signaling |
| 10000–20000 | UDP | RTP | Media |
| 8222 | TCP | TCP | Control |
¶ ⚖️ Scale Integration
| Source → Destination | Port | Protocol |
|---|---|---|
| Darwin → MGV7 | 8080 | HTTP |
| MGV7 → Scale | 9000 | TCP |
¶ 🧩 EAS (Optional)
| Domain | Port | Protocol |
|---|---|---|
webenable.easi.live, webenable.inwavetech.com |
9000 | TCP |
¶ 📶 Recommended Bandwidth
| Service | Recommendation |
|---|---|
| MTU | 1500 |
| Full HD Video | 256 Kbps per POS |
| HD Video | 128 Kbps per POS |
| Operator | 2048 Kbps |
| VoIP | 10 Mbps + QoS |
| EAS | 25 Kbps per device |
📡 2. EASi (EAS)
¶ 2. EASi (EAS)
.png)
| Domain | Port | Transport | Protocol |
|---|---|---|---|
webenable.easi.live, webenable.inwavetech.com |
9000 | TCP | Proprietary |
Minimum bandwidth: 25 Kbps per device
Avoid Wi-Fi in environments with high interference.
📹 3. EASiGuard
¶ 3. EASiGuard
| Domain | Port | Transport | Protocol |
|---|---|---|---|
*.easi.live |
443 | TCP | HTTPS |
storage.easi.live |
443 | TCP | HTTPS |
remote.easi.live |
443 | TCP | HTTPS |
mqtt.easi.live |
8883 | TCP | MQTT TLS |
mqttv2.easi.live |
8883 | TCP | MQTT TLS |
ntp.easi.live, a.ntp.br |
123 | UDP | NTP |
¶ ⚙️ Firewall Requirements
- TCP 443 must be allowed
- UDP 443 must be allowed (HTTP/3 recommended)
- UDP 123 must be allowed (NTP required)
- UDP 1024–65535 must be allowed (RTP/WebRTC)
¶ ⚙️ Routing Requirements
- Persistent NAT (no changes during session)
- Do not use symmetric NAT
- Do not use per-session load balancing
- Ensure a single route per connection
Best regards,
Darwin Support Team