If you, as a tournament host or participant, are planning to use NSDA Campus from your school building or another restricted network, please test your network as soon as possible and involve your school’s Information Technology staff to make the below exceptions to the network firewall or content filters, if necessary.
The vast majority of all problems participants encounter with connecting to Campus (especially a failure to connect to audio/video) are due these settings. Campus works as designed when these directions are correctly followed. Some of the specific instructions are uncommon requests for school IT departments, so please note that they must be followed to the letter if you are encountering connection issues when testing.
The best way to test is by going to https://campus.speechanddebate.org/ – This site has a separate Test Competition Room and Test Practice Room: please ensure you can access BOTH without issues. To test, you should use the same devices and the same network as you will use during competition.
If your school IT will not make the necessary firewall accommodations, we recommend using a hotspot or other mobile device to connect to the internet instead.
The following domains need to be whitelisted
The following ports will need to be opened
- 80 TCP: HTTP
- 443 TCP: HTTPS
- 10000 UDP: Web-RTC
You will need to make sure that peer-to-peer connections are unblocked for audio/video connections to work properly. In particular, UDP 10000 needs to be open to all IP addresses for peer-to-peer connections to work.
IT Frequently Asked Questions
Please review these FAQs regarding this process and questions IT departments may pose:
What IP addresses do those ports need to be open to?
The video servers run on AWS and are dynamically scaled, so do not have fixed hostnames or IP’s. Web traffic on ports 80/443 need to be open to at least Amazon’s IP list for us-east-1, us-east-2, us-west-1, and us-west-2: https://ip-ranges.amazonaws.com/ip-ranges.json
The actual audio/video traffic is peer-to-peer on UDP port 10000, so that port needs to be open to all IP addresses.
Why do I have to open the firewall at all?
The design of Campus is peer-to-peer. This keeps the bandwidth costs low, and allows us to offer the platform at significantly lower cost than other alternatives. However, that does require more open network access.
Isn't opening a firewall port a security risk?
Not a significant one. An open port is not ipso facto dangerous. For an open port to represent an exploitable security hole, the device in question has to be running software on that specific port listening to incoming requests, that software needs to have an exploitable security flaw, and that security flaw needs to be substantial enough to cause harm. Then, someone has to be looking at the right place at the right time to exploit it. For Campus to function, the firewall only needs to open a single port during competition hours, and only to the specific devices in use. That represents a very small attack surface.
We have had hundreds of thousands of users on Campus at hundreds of different schools, and have had no reported security incidents.
If you are still concerned about the risks, there are a number of steps you can take to further limit the exposure. You can only open the port to the specific devices being used for competition, you can only open it during competition hours, and you can ensure there is no other software running on the devices.
I can't open my firewall to all IP's.
You don’t have to bypass the firewall for all traffic. Only UDP 10000 needs to be open to the world, and only for the devices behind your network that are actually using Campus.
Why can I use other videoconferencing software without opening my firewall?
In short, money. Large commercial videoconferencing platforms use techniques such as TURN/STUN NAT traversal to bypass your school firewall and send traffic over ports that are already more likely to be unblocked. Unfortunately, the way this works is by routing the traffic through dedicated proxy servers, which significantly adds to the cost of bandwidth. Avoiding costs like these is how we can provide Campus at 1/5 the cost of other services.
What is the difference between the Test Practice Room and the Test Competition Room?
Practice/utility rooms (such as team squad rooms, judge lounges, etc.) are hosted on a publicly available infrastructure. Those servers use a different set of domains and IP’s, and also have NAT traversal techniques implemented which results in less difficulty with firewalls. Competition rooms are a much larger scale and have different technical and security requirements, so are instead run on a private server infrastructure maintained by the NSDA. These servers do not have NAT traversal capabilities, so require firewalls to be open for peer-to-peer audio/video traffic to function.