Enterprise Network Configuration

Basic Connectivity Requirements for Freedom Robotics Device Agent will be outlined here. This includes:

  • How it connects to the internet steps
  • Network Metrics
  • WebRTC
  • Remote SSH
  • Firewall Rules

Internet Connectivity
An internet connection in order to communicate with the Freedom Robotics API, to receive and transmit data. It will connect to api.freedomrobotics.ai on port default port 443, establishing a https connection.

Network Metrics
There are metrics that check the public internet IP of the device. This is done by making http GET requests (on default port 80) to test urls like:

WebRTC
Tele-operation and remote piloting via WebRTC needs a port to establish communication between python2 processes and python3 processes which handles WebRTC. The default port is 5540, but this can be changed by configuring the device during install time under the advanced settings.

Python2 processes will start a small service that will create a socket that listens on port 5540 but only on the localhost interface. The python3 process will connect to this socket as a client.

Turn/Stun servers used for Remote WebRTC

  • stun:global.stun.twilio.com:3478?transport=udp
  • turn:global.turn.twilio.com:3478?transport=udp
  • turn:global.turn.twilio.com:3478?transport=tcp
  • turn:global.turn.twilio.com:443?transport=tcp
  • stun:stun.l.google.com:19302

Direct connectivity via local WebRTC
WebRTC needs all UDP traffic on the network unblocked to have it working without using a turn server (local_webrtc only).

Remote SSH:
This feature is using an external tool NGROK which is able to create a tunnel for ssh services.

  • The tunnel is created by connecting on port 443 to ngrok.io servers and keeping the connection alive for some period of time (it will close if it is inactive for some time).
  • The tool is also creating a local service which listens on port 4040 for our Device Agent to make a http GET request to: http://127.0.0.1:4040/api/tunnels.
  • SSHD has to be running and listening on default port 22 otherwise ngrok can’t finish the external connection via the tunnel. (Configuring the port may be possible in some cases)
  • When someone connects via the tunnel, ngrok will proxy the connection to 127.0.0.1 port 22 tcp (where SSHD is listening). Note that this works even if no incoming connection is allowed on the device (as the connection is technically internal)

Firewall Rules
Incoming

RuleProtocolPortApp ProtocolFromTo
Remote SSHTCP22SSHlocalhostlocalhost
WebRTCTCP5540 (configurable)Socketlocalhostlocalhost
Remote SSH - ngrok serviceTCP4040HTTPlocalhost127.0.0.1

Outgoing

RuleNetwork ProtocolPortApp ProtocolTo
Freedom APITCP443HTTPSapi.freedomrobotics.ai
Freedom API (optional)TCP443HTTPSstaging.api.freedomrobotics.ai
Remote SSHTCP443HTTPS*.ngrok.io
WebRTC stun 1UDP3478stunglobal.stun.twilio.com
WebRTC stun 2UDP19302stunstun.l.google.com
WebRTC turnUDP/TCP3478turnglobal.turn.twilio.com
Public ip echo (recommended)TCP80HTTPifconfig.me
icanhazip.com
ipecho.net
bot.whatismyipaddress.com
checkip.amazonaws.com
ifconfig.co
ip.42.pl
Geo LocationTCP80HTTPip-api.com
Map BoxTCP80HTTPmapbox.com
www.mapbox.com
api.mapbox.com
api.tiles.mapbox.com
a.tiles.mapbox.com
b.tiles.mapbox.com
c.tiles.mapbox.com
d.tiles.mapbox.com