Hi everyone,
We’re currently running an agent on LiveKit Cloud and need some help regarding IP whitelisting.
Our backend APIs are protected by a WAF, and the agent needs to call these APIs. To allow this, we tried whitelisting the EU region static IPs listed in the LiveKit documentation:
https://docs.livekit.io/deploy/admin/firewall/#static-ips
However, even after whitelisting those IPs, our requests from the agent are still getting blocked by the WAF.
Could someone clarify the following?
-
Are the IPs listed in the documentation the only outbound IPs used by agents in the EU region?
-
Is there a possibility that additional dynamic IPs are used when agents make outbound API calls?
-
If agents run in LiveKit Cloud, what is the correct IP range or method we should whitelist to allow our APIs to be accessed reliably?
Any guidance would be greatly appreciated. Thanks in advance!
Sorry, we do not currently have a fixed CIDR range for LiveKit-hosted agents.
Oh! How do you best propose we solve for this? Because, the rooms are not getting triggered.
Not sure I understand what you mean by that. Agents should be joining rooms.
I am not sure how you should handle your servers API access layer. Many use a token access in the authorization header. Currently an agent request can come from dynamic IP ranges.
We are working on moving that to a known CIDR range but it is not currently available.
Presumably you are aware of this, since you explicitly state LiveKit Cloud in your question, but another option would be to self-host your agents, outside of LiveKit cloud: Self-hosted deployments | LiveKit Documentation . You could still leverage LiveKit cloud’s infrastructure for WebRTC, and to manage your agents, but self-hosting agents would give you full control over their hosting infrastructure.