Network dataflows
This document provides a comprehensive reference for the network dataflows required by YourSixOS devices, applications, and integrations. It outlines the necessary endpoints, protocols, and network considerations to ensure reliable connectivity and secure operation within the YourSix platform. Use this information to configure firewalls, DNS, and other network infrastructure components to support YourSixOS deployments.
Devices
Summary
- No port-forwarding or NAT needed
- Outbound traffic only
- Standard protocols: HTTPS, STUN, WebRTC, NTP
- Proprietary protocols: AXIS O3Cv2
Endpoint details
Devices managed and utilized through YourSixOS needs to reach the YourSix cloud on the following endpoints:
| Transport | Port | Host |
|---|---|---|
| TCP | 443 | archiver.cloud.yoursix.com |
| TCP | 443 | evbridge.cloud.yoursix.com |
| TCP | 443 | oneclick-[1-36].cloud.yoursix.com |
INFO
archiver.cloud.yoursix.com is a multi-regional endpoint, see section below.
In addition to reaching the cloud, the devices need to reach the following endpoints for WebRTC connectivity:
| Transport | Port | Host |
|---|---|---|
| UDP | 3478 | stun.cloudflare.com |
| UDP | 30000-40000 | 0.0.0.0/0 |
To be enrolled, devices need to reach the AXIS O3C Dispatcher on at least one (two recommended) of the following endpoints:
| Transport | Port | Host |
|---|---|---|
| TCP | 443 | dispatchse1-st.axis.com |
| TCP | 443 | dispatchse2-st.axis.com |
| TCP | 443 | dispatchus1-st.axis.com |
| TCP | 443 | dispatchjp1-st.axis.com |
To maintain accurate system time and prevent drift, devices will be configured to synchronize time using NTP with the following endpoints:
| Transport | Port | Host |
|---|---|---|
| UDP | 123 | time.aws.com |
INFO
If NTP is announced by DHCP on the local network, DHCP announced NTP server will take precedence.
In addition to the above, devices assume a sane network setup, providing IP addressing and DNS configuration via DHCP. If deploying a separate VLAN/subnet for the devices, make sure WebRTC UDP traffic is allowed between the subnets in order for streaming to work.
Multi-regional cloud storage
Cloud recordings are uploaded to archiver.cloud.yoursix.com. This FQDN resolves to the appropriate regional endpoint based on the location from which the DNS query originates.
YourSixOS currently supports two regions: United States and Canada. To ensure that cloud recordings are stored in a specific region, make sure your DNS resolver is located on an IP address within the desired region.
Note that consumer routers typically operate as DNS forwarders, not full DNS resolvers. If you are using a consumer router, configure it to forward DNS queries to a resolver located in the desired region.
Public DNS resolvers, such as Google or Cloudflare, are generally suitable choices thanks to their extensive global infrastructure. However, if you are unsure which resolver to use, please contact your ISP for guidance.
Applications
YourSix does not commit to any set of endpoints used by web- and mobile applications, however, we do commit to a set of trusted paths, see below:
| Application | Trusted path |
|---|---|
| Authenticate | https://auth.platform.yoursix.com |
| Login | https://login.platform.yoursix.com |
| End-customer | https://platform.yoursix.com |
| Tunneling | https://accessdevice.cloud.yoursix.com |
| Central station | https://inspect.cloud.yoursix.com |
We only operate on the yoursix.com domain.
Emails
Emails from YourSixOS are sent from the following addresses:
invite@platform.yoursix.comnotifications@platform.yoursix.com
YourSixOS utilizes AWS SES for email sending, and all of our emails are SPF and DKIM signed for the domain platform.yoursix.com to comply with DMARC.
Webhooks
Webhooks from YourSixOS are sent from IPs pointed out by the IPv4 A record at: webhook.cloud.yoursix.com. All webhooks are sent using the user-agent y6-platform.