Tulip is using WebRTC technology to establish video streams from Vision HW (on the shop floor) to Tulip users.

WebRTC works by making a peer-to-peer secured connection for negotiation of the video stream (via STUN/TURN, SDP and ICE) and video data transfer (via SRTP), on the browser (hence "Web").

See this documentation from Twilio.

WebRTC technology enables most modern web video communication software, e.g. Google Hangouts.

Underlying WebRTC in Tulip is an HTML5 video playback and streaming element, which, for example, runs YouTube and most video websites.

Networking and IP Whitelisting

To enable video streams on the Tulip some firewall/NAT whitelisting is required.


Host names & port:

  • global.turn.twilio.com:3478
  • global.stun.twilio.com:3478
  • stun.services.mozilla.com:3478
  • stun.l.google.com:19302 (also port 19305)

IP ranges: (into which these hostnames may translate)

  • - - - - -

These are STUN/TURN servers needed for video transport. 

These servers will not respond on port 80 (TCP/HTTP) and will not respond on the HTTP protocol. 

They will only work on the STUN protocol on port 3478 (or 1930{2,5} for google). STUN is also usually UDP-based, although TCP is an option.


We use Twilio as a service provider, as they have the security certification to support private and secure video connections.

More info on IP whitelisting.

Media Streaming Networking

For the streaming media, these ports are used: 10,000 - 60,000 UDP/SRTP/SRTCP

The media itself (encrypted video packets on SRTP) may use any high-number random port 10,000-60,000.

We cannot control the range, unfortunately.

However, one could restrict it to only outgoing data, and only UDP. This should keep things fairly constrained.

On the return channel (where you would be viewing the streams) you would need to enable incoming UDP traffic.

Dataflow Diagram


You can then test this connection using the Test WebRTC site, which needs to happen from a computer on the on the same VLAN as the Vision PC.

The ultimate testing will have to be done on the target hardware.

Did this answer your question?