Networking requirements and recommendations
The Parsec application communicates with our backend via TCP, with our STUN server via UDP, and peer-to-peer with other Parsec hosts via UDP. All TCP traffic is encrypted and uses port 443, STUN UDP traffic uses port 3478, and the encrypted peer-to-peer UDP traffic uses port ranges specified in Parsec Settings or the configuration file.
Our Websocket API can can be blocked to prevent non-Team accounts from hosting within your network, if you set up your own Team-specific domain.
Parsec API calls can be configured to work with your proxy if you'd like to put a proxy between the computer and the Parsec servers. Here's how you set up a proxy with Parsec.
- DNS must be able to resolve parsec.app and all sub domains, AWS S3 and Cloudfront
- Firewall or security appliance must not block inbound/outbound TCP/UDP traffic from our applications
- SSL traffic must not be decrypted using SSL inspection functionality on Firewall or security appliance
- Host and client must not be inside a "Double NAT" or CGNAT network
If your organization leverages the Parsec Relay server, please see the technical reference page for additional networking requirements. If fallback to Parsec's public STUN is not desired, the first and last two rules can be ignored as the session will not be P2P, but instead relayed through the relay server.
|Source IP||Source port||Domain/IP address||Destination port||Protocol||Purpose|
|Parsec client||*¹||Parsec host WAN IP||*¹||UDP||Peer-to-Peer UDP Streaming|
|Parsec host||*¹||Parsec client WAN IP||*¹||UDP||Peer-to-Peer UDP Streaming|
|Parsec client and host||*||kessel-ws.parsec.app||443||TCP||Websocket API|
|Parsec client and host||*||kessel-api.parsec.app||443||TCP||API|
|Parsec client and host||*||builds.parsec.app||443||TCP||Downloads/Updates|
|Parsec client and host||*||builds.parsecgaming.com||443||TCP||Downloads/Updates|
|Parsec client and host||*||public.parsec.app||443||TCP||CDN|
|Parsec client and host||*||parsecusercontent.com||443||TCP||Avatars/Profile images|
|Parsec client and host||*||IPv4
|Parsec client and host||*||IPv6 2600:1f18:63d9:c506:1337:1337:1337:1337 2600:1f18:63d9:c507:1111:1111:1111:1111 2600:1f18:63d9:c508:1111:1111:1111:1111||3478||UDP||STUN Server|
¹Random by default, can be configured as static port.
Enterprise relay server
Enterprise customers can choose to leverage an on-premises component that allows host computers to bypass communication to Parsec's public STUN server, keeping STUN communication internal to the corporate network. This component is called the Parsec Relay server. It is possible, however, to leverage both the on-premises relay server, and our public STUN server as a fallback. The Parsec Relay server provides several benefits including additional security, simplified network configurations, and greater reliability when compared to the UPnP and basic NAT methods described above. The relay server is exposed to the web, so that clients can communicate with hosts through the relay - the relay server accepts incoming UDP packets from clients and relays them to the session host.
The relay server only needs one port open externally, and one internally. This greatly reduces attack surface as the only one port is exposed externally. For additional details on the Parsec Relay server, see the technical reference page.
|Device||Minimum||Recommended (for 1080p 60fps)|
*If you plan to host 2 or more clients we recommend a 50Mbps minimum. A fiber internet connection is preferred.