AES67
AES67 is the AES-governed professional audio-over-IP interoperability standard for exchanging uncompressed PCM audio between otherwise separate network-audio ecosystems. It gives the media/timing contract: `RTP` audio over `UDP/IP`, `PTPv2` timing, and `SDP` stream description. It does not give a universal controller, device-management model, security model, discovery UX, or day-two support boundary. When a system says it is "`AES67 compatible`", the useful follow-up is transmit/receive role, sample rate, packet time, channel count, multicast/unicast behavior, `SDP` workflow, `PTP` domain/profile, and what native ecosystem features change when AES67 mode is enabled.
Audio TransportOpen Standardsub ms, low latencylocal lancampus
Infrastructure Requirements
- Managed switch with QoS / DSCP policy
- explicit `PTPv2` grandmaster / domain / profile strategy
- explicit discovery/subscription method
- `IGMP` snooping and querier policy for multicast streams
- `SDP` handover workflow
Network Ports & Requirements
| Port(s) | Transport | Direction | Purpose | DSCP | Multicast | Config. |
|---|---|---|---|---|---|---|
| 5004 | Multicast | Both | Common/default RTP audio media path — audio is sent as a continuous flow of packets from sender to receiver(s). The exact destination address, port, payload type, sample rate, packet time, channel count, and clock reference are described by `SDP` or the vendor workflow that generates it. Blocking this stops audio. | — | — | Yes |
| 5005 | Multicast | Both | Audio stream control and quality monitoring (RTCP) — a companion to the audio stream that carries timing and quality statistics. Used to detect packet loss and keep streams in sync. | — | — | Yes |
| 319 | Multicast | Both | Clock sync event messages (PTP v2) — devices exchange precise timing signals so all audio stays locked in time with each other. If blocked, audio from different devices will drift out of sync. | — | 224.0.1.129 | No |
| 320 | Multicast | Both | Clock sync general messages (PTP v2) — companion to port 319; carries the broader clock synchronisation conversation between devices and the network's clock master. | — | 224.0.1.129 | No |
| 9875 | Multicast | Both | SAP (Session Announcement Protocol) — one common way to announce available streams. Not universal; some systems use manual `SDP`, vendor import/export, APIs, `mDNS`, or `NMOS` instead. | — | 239.255.255.255 | No |
| 5353 | Multicast | Both | mDNS / DNS-SD — supplemental local discovery in some products. It is link-local multicast behavior, not routed enterprise discovery by default. | — | 224.0.0.251 | No |
Gotchas & IT Notes
- ⚠`AES67` uses `PTPv2`. Native Dante clocking historically uses `PTPv1`, while supported Dante interoperability modes can participate in `PTPv2` scenarios in specific cases. Do not reduce that to "separate switches always required" or "it just works."
- ⚠If `AES67` and Dante must coexist, define the intended grandmaster, domain behavior, endpoint support, and selected interop mode explicitly. VLAN separation can be sensible operationally, but it is not the actual clocking design.
- ⚠Multicast addresses for audio streams are defined per-session in `SDP` or in the vendor workflow that creates/imports the stream. The `239.x.x.x` administratively scoped range is common, but do not hard-code it unless the endpoint does.
- ⚠`IGMP` snooping and an active querier are required when multicast streams are used. Small unicast-only lab paths are not the same as an installed multicast audio network.
- ⚠Do not blindly require every switch to be a `PTP` boundary clock. Boundary-clock or transparent-clock behavior can be appropriate in large or broadcast-style systems, but it has to match the clock architecture and switch capability. Ordinary forwarding can be the right choice in smaller systems when QoS, latency, and packet handling are proven.
- ⚠`ST 2110-30` references the `AES67` PCM-audio model, but a `ST 2110` plant adds its own timing, description, traffic-shaping, `NMOS` / control, monitoring, and operations expectations. Do not answer a broadcast IP-media brief with "AES67 ports" and stop.
- ⚠`AES67` is not a security layer. Segment media/clocking, limit management access, and schedule web UI, API, firmware, telemetry, cloud, licensing, and native ecosystem traffic separately.