Network Requirements
Network Requirements Reference
Every UCaaS deployment depends on the customer’s network. This document gives you the numbers, formulas, and configuration requirements to assess any customer network and flag any problems before they become go-live failures.
Bandwidth requirements
Formula
Required bandwidth = (peak concurrent calls) × (codec bandwidth) × 1.25 (overhead factor)Peak concurrent calls: Typically 15–25% of total seat count for a standard business. Contact centers may be 50–80%.
Codec bandwidth:
| Codec | Bandwidth per call (each direction) | Quality |
|---|---|---|
| G.711 | ~87 kbps | Good (default) |
| G.729 | ~27 kbps | Acceptable |
| G.722 | ~87 kbps | HD voice |
Quick reference by seat count
| Seat count | Est. peak concurrent | Bandwidth needed (G.711) | Minimum connection |
|---|---|---|---|
| 10 | 2 | 217 kbps | 5 Mbps up/down |
| 25 | 5 | 544 kbps | 10 Mbps up/down |
| 50 | 10 | 1.1 Mbps | 25 Mbps up/down |
| 100 | 20 | 2.2 Mbps | 50 Mbps up/down |
| 200 | 40 | 4.3 Mbps | 100 Mbps up/down |
| 500 | 100 | 10.9 Mbps | 250 Mbps up/down |
Note: These minimums are for voice only — the customer’s internet also carries email, file downloads, video streaming, and cloud backups. Always ask what the peak business internet usage looks like and whether a dedicated voice circuit or VLAN is in place.
Quality targets
| Metric | Target | Acceptable | Problem |
|---|---|---|---|
| MOS | ≥4.0 | 3.5–3.9 | <3.5 |
| Jitter | <20ms | 20–40ms | >40ms |
| Latency (one-way) | <100ms | 100–150ms | >150ms |
| Packet loss | <1% | 1–3% | >3% |
QoS configuration
Why QoS matters
Without QoS, a file upload or video stream can saturate the connection and cause voice packet drops. With QoS, the router/switch prioritizes voice packets even under load.
DSCP markings
VoIP audio should be marked DSCP EF (Expedited Forwarding) = decimal 46 = binary 101110. SIP signaling should be marked DSCP CS3 = decimal 24.
All major UCaaS platforms expect incoming audio marked DSCP EF and will mark their own outgoing audio accordingly.
Configuration by router type
Cisco IOS (enterprise routers):
! Mark outbound voice traffic
class-map match-any VOICE-RTP
match ip dscp ef
policy-map VOICE-PRIORITY
class VOICE-RTP
priority percent 30
interface GigabitEthernet0/1
service-policy output VOICE-PRIORITYUbiquiti UniFi (common SMB): Settings → QoS → Enable Smart Queue → set Upload and Download bandwidth → Enable VoIP prioritization
Fortinet FortiGate: Policy & Objects → Traffic Shaping → Create shaper for VoIP → Apply to firewall policy for UCaaS IP ranges
Meraki: Network-wide → QoS → Voice and Video → Enable → Priority: High for the UCaaS IP ranges
Consumer-grade routers (Netgear, TP-Link, Asus): Most support basic QoS in their admin UI. Set to “prioritize voice” or enable WMM (Wi-Fi Multimedia). This is significantly less reliable than enterprise QoS. Flag as a risk for customers on consumer hardware.
Firewall port requirements
Universal requirements (all platforms)
| Port | Protocol | Direction | Purpose |
|---|---|---|---|
| 5060 | UDP | Outbound | SIP signaling (unencrypted) |
| 5061 | TCP/UDP | Outbound | SIP-TLS (encrypted signaling) |
| 10000–20000 | UDP | Bidirectional | RTP media (voice audio) |
| 443 | TCP | Outbound | Admin portals, softphone provisioning |
| 80 | TCP | Outbound | Provisioning (some devices) |
Platform-specific additions
RingCentral:
- UDP 19302–19309: STUN
- UDP 5080: additional SIP
- IPs:
66.81.240.0/20,216.82.240.0/20,213.19.0.0/21(partial — full list at rc.com/support)
8x8:
- UDP 5060–5090: SIP range
- IPs:
216.115.192.0/20(partial — verify at 8x8.com/support)
Webex Calling:
- TCP/UDP 8934: Webex-specific
- Full IP and port list:
help.webex.com/firewall-setup
Best practice: Download the current port and IP list from each platform’s support documentation before configuring the firewall. These ranges change and published lists may be outdated in training materials.
SIP ALG
SIP ALG (Application Layer Gateway) is a firewall feature that attempts to modify SIP packets passing through NAT. It is designed to help but almost always causes problems:
- Modifies SIP headers in ways that break the signaling
- Causes one-way audio (breaks NAT traversal)
- Causes calls to drop at fixed intervals (session table issues)
- Breaks DTMF transmission
SIP ALG must be disabled on every UCaaS deployment. No exceptions.
How to disable SIP ALG by firewall
| Firewall | How to disable |
|---|---|
| Cisco ASA | no inspect sip in the service-policy |
| Fortinet FortiGate | Network → SIP → SIP ALG → Disabled |
| Ubiquiti EdgeRouter | set service nat rule X exclude-destination address or via CLI: delete system conntrack modules sip |
| Meraki | Firewall → L7 Firewall → Block SIP ALG → DO NOT check this box — instead disable under SD-WAN |
| SonicWall | Firewall → VoIP → Disable SIP Transformations |
| Netgear | Not all models support this — consider replacing if SIP ALG cannot be disabled |
Voice VLAN
A voice VLAN is a separate logical network segment for VoIP traffic. Benefits:
- Isolates voice traffic from general internet traffic for better QoS
- Allows PoE control per-VLAN
- Simplifies firewall rules (allow entire VLAN outbound on voice ports)
- Security: voice traffic separated from corporate data
When to recommend a voice VLAN
- Customer has >25 seats
- Customer has managed switches (Cisco Catalyst, HP ProCurve, Ubiquiti, Meraki)
- Customer has reported call quality issues in the past
When not to require it
- Very small deployments (<10 seats)
- Unmanaged switches (can’t be configured)
- Single softphone deployment with no desk phones
NAT traversal
All UCaaS platforms handle NAT via STUN/TURN built into the platform. You generally don’t need to configure anything on the customer side for NAT traversal to work, as long as:
- SIP ALG is disabled
- The firewall allows outbound UDP on the RTP port range
- The firewall session timeout for UDP is ≥120 seconds
Symptoms of NAT traversal failure:
- One-way audio on external calls (works internally)
- Calls connect but no audio
- Calls work on LTE but not on office Wi-Fi
Diagnostic: Place a call from inside the office network. Then place the same call from a phone on LTE hotspot. If LTE works and office Wi-Fi doesn’t: NAT/firewall issue. If both fail: platform configuration issue.
Internet connection types — what to expect
| Connection type | Typical throughput | Reliability | Notes |
|---|---|---|---|
| Business fiber (symmetric) | 50–1000 Mbps | Excellent | Preferred for UCaaS |
| Business cable (DOCSIS) | 25–500 Mbps down / 5–50 Mbps up | Good | Asymmetric — check upload |
| T1/DS1 | 1.5 Mbps symmetric | Excellent | Still common in small markets; very limited bandwidth for UCaaS |
| Bonded T1 | 3–12 Mbps symmetric | Excellent | Better, still limited |
| DSL | 5–50 Mbps down / 1–10 Mbps up | Fair | Avoid for UCaaS if possible |
| Fixed wireless | 25–100 Mbps | Variable | Weather-dependent; check jitter |
| Satellite (Starlink) | 50–200 Mbps | Good | Latency ~20–40ms — acceptable for UCaaS. Legacy GEO satellite (HughesNet, Viasat) has 600ms+ latency — NOT suitable |
T1 red flag: A 50-seat customer on T1 (1.5 Mbps) has approximately 14 kbps of voice capacity per user at peak — not enough for G.711. Document as a hard blocker and require ISP upgrade before migration. This comes up more often than you’d expect in smaller markets.