Table of Contents


 

Interoperable Vendors

                                                                                                   


© 2023 Ribbon Communications Operating Company, Inc. © 2023 ECI Telecom Ltd. All rights reserved. The compilation (meaning the collection, arrangement and assembly) of all content on this site is protected by U.S. and international copyright laws and treaty provisions and may not be used, copied, reproduced, modified, published, uploaded, posted, transmitted or distributed in any way, without prior written consent of Ribbon Communications Inc.

The trademarks, logos, service marks, trade names, and trade dress (“look and feel”) on this website, including without limitation the RIBBON and RIBBON logo marks, are protected by applicable US and foreign trademark rights and other proprietary rights and are the property of Ribbon Communications Operating Company, Inc. or its affiliates. Any third-party trademarks, logos, service marks, trade names and trade dress may be the property of their respective owners.  Any uses of the trademarks, logos, service marks, trade names, and trade dress without the prior written consent of Ribbon Communications Operating Company, Inc., its affiliates, or the third parties that own the proprietary rights, are expressly prohibited.

Document Overview

This document outlines the configuration best practices for the Ribbon solution covering the Ribbon Edge 8K when deployed with Microsoft Teams vSBA (virtual Survivable Branch Appliance).

About Ribbon Edge 8K

Ribbon’s Edge 8000 is the newest, high-performance member of our line of services gateway routers that combines security, routing, switching, and 10 Gbps WAN interfaces with next-generation voice and data services where the combination of broadband connectivity and advanced threat mitigation capabilities are required. By consolidating fast, highly available routing, security, and next-generation SBC capabilities in a single device, enterprises can remove network complexity, protect and prioritize resources, and improve user and application experience while lowering the total cost of ownership (TCO).

A ​Session Border Controller​ (​SBC​) is a network element deployed to protect​ ​SIP​-based Voice over Internet Protocol​ (VoIP) networks. ​Early deployments of SBCs were focused on the borders between two service provider networks in a peering environment. This role has now expanded to include significant deployments between a service provider's access network and a backbone network to provide service to residential and/or enterprise customers. ​


The Edge 8000 series is comprised of two models,

  • Edge 8100 – a highly scalable Ethernet SBC/data router.
  • Edge 8300 – a high-capacity mixed SBC/analog/data router.

The 8100/8300 platform is based on the Intel Atom 8-core processor with multiple interfaces. This platform meets the following high-level requirements:

Functionality

  • SBC support with and without transcoding
  • Gateway support (Edge 8300 only) for legacy interfaces (PRI, FXS) – Enables the cost, performance, and availability benefits by collapsing edge routing functionality with legacy termination services in one multiservice box
  • Layer-3 Routing
  • Security


In the subsequent sections, the Ribbon Edge 8100 and Edge 8300 are represented as Ribbon Edge 8K.

About Microsoft Survivable Branch Appliance (SBA)

When a customer site using Direct Routing to connect to Microsoft Phone System experiences an internet outage, the intranet inside the branch will remain fully functional. Users can connect to the Session Border Controller (SBC) that provides the PSTN connectivity.

During an internet outage, the Teams Phone should switch to the SBA automatically. No action is required from the user. As soon as the Teams Phone detects that the internet service is restored and any outgoing calls are finished, the Teams Phone falls back to normal operation mode and connects to other Teams services.

The interoperability compliance testing focuses on verifying inbound and outbound call flows between the Ribbon Edge 8K, Teams vSBA, and Teams Phone.

This guide contains the following configuration sections: 

Non-Goals

It is not the goal of this guide to provide detailed configurations that meet the requirements of every customer. Use this guide as a starting point and build the SBC configurations in consultation with network design and deployment engineers. 

Audience

This is a technical document intended for telecommunications engineers to configure both the Ribbon SBCs and the third-party product.

To perform this interop, you need to:

  • Use the Ribbon product's graphical user interface (GUI) or command line interface (CLI).
  • Understand the basic concepts of TCP/UDP/TLS and IP/Routing.
  • Have SIP/RTP/SRTP to complete the configuration and for troubleshooting.


Note

This configuration guide is offered as a convenience to Ribbon customers. The specifications and information regarding the product in this guide are subject to change without notice. All statements, information, and recommendations in this guide are believed to be accurate but are presented without warranty of any kind, express or implied, and are provided “as is.” Users must take full responsibility for the application of the specifications and information in this guide.

Prerequisites

The following aspects are required before proceeding with the interop:

  • Ribbon Edge 8K
  • Public IP Addresses
  • Microsoft admin account - a special type of account where the Teams user is configurable for Direct Routing SBA (Survivable Branch Appliance).
  • TLS Certificates for the Ribbon SBC signed by one of the Microsoft approved CA vendors.
  • Certificates must have the FQDN or domain name configured on the Microsoft admin portal.

Product and Device Details

The sample configuration in this document uses the following equipment and software:

Requirements


Appliance/Application/Tool

Software Version

Ribbon Communications

Ribbon Edge 8X00

24.0.0 build 505,12.1.0 build 12

Microsoft Survivable Branch Appliance (SBA)v.2023.5.9.2
Teams Client1.6.00.35961
PSTN PhoneJitsi2.10
Administration and Debugging ToolsRibbon LX Tool2.1.0.6

Note
  • Microsoft SBA version is v.2023.5.9.2 or later.
  • Jitsi version is 2.10 or later.

Network Topology Diagram

This section covers the Ribbon Edge 8K deployment topology and the Interoperability Test Lab Topology.

Deployment Topology - Ribbon Edge 8K

Ribbon Edge 8K Deployment Topology

Interoperability Test Lab Topology - Ribbon Edge 8K

The following lab topology diagram shows connectivity between Ribbon Edge 8K and Microsoft vSBA.

Ribbon Edge 8K and Microsoft Virtual SBA interoperability Test Lab Topology

Document Workflow

The sections in this document use the following sequence. The reader is advised to complete each section for successful configuration.


Section A: Ribbon Edge 8K Configuration

The following Ribbon Edge 8K configurations are included in this section:

Installation

Connectivity

Network

Static Routes

TLS Configuration between Ribbon Edge 8K and Microsoft SBA

Easy Config Wizard


Installation

Ribbon Edge 8K image can be installed as mentioned below:

https://publicdoc.rbbn.com/display/E8KDOC10/Install+the+Image+File

Connectivity

Front and Back Panels: Edge 8300 Model

               

You can order the Edge 8300 model with 24 active FXS analog ports, or 22 active FXS ports and 2 FXO ports.

Edge 8K is connected to the network as follows:

GE3: RJ45 is connected towards the PSTN leg. GE1, GE2, GE3 and GE4 are the members of BR1 VNF Private.

GE5: RJ45 is an additional interface on Edge8K connected towards the Teams Direct Routing SBA leg.

GE8 RJ45 is an additional interface on Edge8K connected towards the Teams Direct Routing leg.

Network

Edge 8K management is configured as follows:

Log into the Edge 8K via serial console cable with "sysadm/<default password>".

Login as root "sudo -i" (enter the sysadm password).

Go to the setup wizard.

setupwizard

Edge 8K management is configured as follows:

Navigate to System Startup Configuration > BR2 VNF Management.

Edge 8K Management IP configuration

SBC management is configured as follows:

Navigate to System Startup Configuration > Swe-Edge Configuration.

SBC Management IP


Default gateway and DNS are configured as shown below:

Default Gateway and DNS configuration

BR1 VNF Private IP can be configured as follows:

Navigate to  System Startup Configuration > BR1 VNF Private.

BR1 VNF Private IP

  • BR1 VNF Private is mapped to Ethernet 1 of SBC.
  • GE5 interface is mapped to Ethernet 3 of SBC.
  • GE8 interface is mapped to Ethernet 4 of SBC.

SBC Edge Connectivity

The SBC Edge is connected to the network as follows:

Ethernet 1: RJ45 "1" is connected towards the PSTN leg.

Ethernet 3: RJ45 "3" is connected towards the Teams Direct Routing SBA leg.

Ethernet 4: RJ45 "4" is connected towards the Teams Direct Routing leg.

Configure Ethernet 1, Ethernet 3, and Ethernet 4 of the SBC Edge with the IP as follows:

Navigate to Networking Interfaces > Logical Interfaces.

Logical Interfaces

Ethernet 1

Ethernet 3

Ethernet 4

  • The SBC Edge is configurable with any of the available Ethernet ports. In the current testing Ethernet 1, 3, and 4 are used.

Static Routes

Static routes are used to create communication to remote networks. In a production environment, static routes are mainly configured for routing from a specific network to a network that can only be accessed through one point or one interface (single path access or default route).

Tip
  • Configuring static routing is preferable for smaller networks with just one or two routes. This is often more efficient since a link is not wasted by exchanging dynamic routing information.
  • Static routing configurations are not required for networks that have a LAN-side Gateway on Voice VLAN or Multi-Switch Edge Devices (MSEs) with Voice VLAN towards the SBC Edge,

Add static routes towards the Eth1 interface 172.16.X.X (PSTN) and the Eth2 interface 172.16.X.X (Microsoft SBA).

The default static route is towards the Eth1, which is in a private network.

  • Navigate to Settings > Protocol > IP > Static Routes to configure the routes.

Static Routes

TLS Configuration between Ribbon Edge 8K and Microsoft SBA

Prerequisites:

  • A trusted Certificate Authority (CA) is needed for TLS to work on the public side of the network. In this scenario, Go Daddy is used as a trusted CA.

  • Go Daddy Root Certificate Authority G2 and Go Daddy Secure Certificate Authority G2 are used as a trusted CA.

  • A Baltimore CyberTrust Root certificate is required.

Request a certificate for the SBC and configure it based on the example using Go Daddy as follows:

  • Generate a Certificate Signing Request (CSR) and obtain the certificate from a Certificate Authority.
  • Import the Public CA Root/Intermediate Certificate and the SBC Certificate on the SBC.

Step 1: Generate a Certificate Signing Request and obtain the certificate from a Certificate Authority (CA).

  • Navigate to Settings > Security > SBC Certificates.
  • Click Generate SBC Edge CSR.
  • Enter data in the required fields. Click OK. Copy the result to the clipboard after the Certificate Signing Request is generated.

  • Use the generated CSR text from the clipboard to obtain the certificate. 


Generate Certificate Signing Request


Step 2: Deploy the Root/Intermediate and SBC certificates on the SBC.

After receiving the certificates from the certificate authority, install the SBC Certificate and the Root/Intermediate certificates as follows:

  • Obtain the Trusted Root and Intermediary signing certificates from your Certificate Authority.
  • To install the Trusted Root/Intermediate certificates, go to Settings > Security > SBC Certificates > Trusted Root Certificates.
  • Click Import and select the trusted root certificates.
  • To install the SBC certificate, open Settings > Security > SBC Certificates > SBC Edge Certificate.

  • Validate the certificate is installed correctly.

Trusted CA Certificate Table

  • Click Import and select X.509 Signed Certificate.
  • Validate that the certificate is installed correctly.

Validate certificate

Easy Config Wizard

Configure the SBC Edge with Teams Direct Routing SBA using the Easy Config Wizard.

  • Access the WebUI of SBC Edge.
  • Click on the Tasks tab.
  • From the left side menu, click SBC Easy Setup > Easy Config Wizard.

Easy Config Wizard

Fill in the details for Step 1 as follows:

  • Application SIP Trunk↔Microsoft Teams.
  • Scenario Description as Teams SBA.
  • SIP Sessions as 100.


Enter a value for SIP sessions as per the requirement. The value is listed up to 960.


Step 1

Fill in the details for Step 2 as follows:

  • Border Element Server is the PSTN IP.
  • Use Secondary Border Element Server is Disabled.
  • Teams Connection Type is Standalone Direct Connection.
  • The SBC Signaling/Media Source IP towards Teams Direct Routing (public IP).
  • Configure Direct Routing SBA is set to True.
  • Direct Routing SBA FQDN as ioteamsba.customers.interopdomain.com (following fqdn is just an example).
  • The SBC Signaling /Media Source IP towards Teams Direct Routing SBA.


Step 2

Review the configurations in Steps 1 and 2, and click the Finish button.

Step 3

Message Manipulation

The Message Manipulation feature comprises two primary components that work in concert to modify SIP messages. Those components are Condition Rules and Rule Tables. SIP Message rules per table include all SIP rule types: Header, Request, Status and Raw.

The Message Manipulation remove_sdp_attribute is used for the following purposes:

  • To replace a=setup with a=rbbn, as Microsoft SBA doesn't like the DTLS parameter a=setup.
  • To replace UDP/TLS/RTP/SAVP with RTP/SAVP
Message Rule Tables

A Message Rule can be added to the following: all messages, all requests, all responses or selected messages.

From the Settings tab, navigate to SIP > Message Manipulation > Message Rule Table. Click the  icon to create a Message Rule Table.

  1. Provide a description for the Rule Table - remove_sdp_attribute
  2. Apply Message Rule to All Responses.
  3. Click Apply.

Message Rule Table

Message Rule Table Entry

Raw Message Rule:

Raw rules allow you to manipulate any string in the entire message: request, headers, and payload. If the condition rule evaluates true, the MME will search the message for content matching the "Match Regex" and replace it with the content specified in the "Replace Regex."

  1. Click on the Message Rule Table remove_sdp_attribute.
  2. From the Create Rule drop-down menu, select Raw Message Rule.
  3. Provide a name for the entry.
  4. Replace a=setup with a=rbbn using regex.

Message Rule Table Entry 1

          

  1. From the Create Rule drop-down menu, select Raw Message Rule and create a second entry.
  2. Provide a name for the entry.
  3. Replace UDP/TLS/RTP/SAVP with RTP/SAVP using regex.

Message Rule Table Entry 2


The Message Rule Condition appears in a drop-down once it is created in the Condition Rule table.

Condition Rule Table

Condition Rule Table is created to apply the SIP message manipulation to all the responses for the INVITE message.

From the Settings tab, navigate to SIP > Message Manipulation > Condition Rule Table. Click the  icon to create a Message Rule Table.

  1. Provide a description for the Rule Table - remove_sdp
  2. Choose the operation as Regex, Match Type as cseq, and Match Regex as [0-9] INVITE
  3. Click Apply.

Condition Rule Table

Apply the Message Manipulation to the Teams Direct Routing Signaling group as shown below:

Teams Direct Routing SBA Signaling Group


Section B: Microsoft SBA Configuration

For information on configuring the Survivable Branch Appliance (SBA) for Direct Routing, refer to the following link:

https://docs.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance

For the Prerequisites, Installation, and Configuring the Direct Routing SBA, refer to the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#

Prerequisites

For Prerequisites on Direct routing SBA, refer to the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Prerequisites

Installation

For Installation on Direct routing SBA, refer to Step 1 in the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step1:InstallVirtualSBASoftware

Configuration

For Configuring on Direct routing SBA, refer to Step 2 in the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step2:SetuptheOffice365DirectRoutingvSBA


Supplementary Services and Features Coverage

The following checklist depicts the set of services/features covered through the configuration defined in this Interop Guide. 

Sr. No.Supplementary Features/ServicesCoverage
1OPTIONS ping (SBC to SBA)

2OPTIONS ping (SBA to SBC)

3Basic Call from PSTN to Teams

4Basic Call from Teams to PSTN

5Call Hold & Call Resume

Legend

Supported

Not Supported
N/ANot Applicable

Caveats

The following items were observed during this Interop - these are either limitations, untested elements, or useful information about the Interoperability:

  • Message on the Teams Client desktop in Survivable Mode - "No internet connection. Calling, including emergency calls, is only available to and from phone numbers". This indicates that the Teams phone is now registered or connected with Microsoft SBA.
  • Teams User status would be "Offline" in Survivable mode.


The caveats mentioned above do not hamper the Teams performance; instead, the Teams client user notifications in Survivability mode hamper performance.

Support

For any support-related queries about this guide, contact your local Ribbon representative, or use the details below:

References

For detailed information about Ribbon products & solutions, go to:

https://ribboncommunications.com/products

For information about Microsoft Survivable Branch Appliance (SBA) & solutions, go to:

https://learn.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance

Conclusion

This Interoperability Guide describes a successful configuration of the Ribbon Edge 8K and Microsoft Survivable Branch Appliance.

All features and capabilities tested are detailed within this document - any limitations, notes, or observations are also recorded to provide the reader with an accurate understanding of what has been covered and what has not.

Configuration guidance is provided to enable the reader to replicate the same base setup - there may be additional configuration changes required to suit the exact deployment environment.




© 2024 Ribbon Communications Operating Company, Inc. © 2024 ECI Telecom Ltd. All rights reserved.