Table of Contents


 

Interoperable Vendors


© 2021 Ribbon Communications Operating Company, Inc. © 2021 ECI Telecom Ltd. All rights reserved. The compilation (meaning the collection, arrangement and assembly) of all content on this site is protected by U.S. and international copyright laws and treaty provisions and may not be used, copied, reproduced, modified, published, uploaded, posted, transmitted or distributed in any way, without prior written consent of Ribbon Communications Inc.

The trademarks, logos, service marks, trade names, and trade dress (“look and feel”) on this website, including without limitation the RIBBON and RIBBON logo marks, are protected by applicable US and foreign trademark rights and other proprietary rights and are the property of Ribbon Communications Operating Company, Inc. or its affiliates. Any third-party trademarks, logos, service marks, trade names and trade dress may be the property of their respective owners.  Any uses of the trademarks, logos, service marks, trade names, and trade dress without the prior written consent of Ribbon Communications Operating Company, Inc., its affiliates, or the third parties that own the proprietary rights, are expressly prohibited.

Document Overview

This document outlines the configuration best practices for the Ribbon SBC Core (SBC 5K, 7K, SWe) when deployed with RingCentral Bring Your Own Carrier (BYOC). This means that for all subscribers catering to RingCentral customers, the PSTN calls terminating through the local SBC Core are directly connected to the Service Provider of their choice.

A ​Session Border Controller​ (​SBC​) is a network element deployed to protect​ ​SIP​-based Voice over Internet Protocol​ (VoIP) networks. ​Early deployments of SBCs were focused on the borders between two service provider networks in a peering environment. This role has now expanded to include significant deployments between a service provider's access network and a backbone network to provide service to residential and/or enterprise customers. ​The interoperability compliance testing focuses on verifying inbound and outbound call flows between Ribbon SBC 5K/7K/SWe and RingCentral cloud. Ribbon SBC 5K/7K/SWe is deployed on the customer site to resolve any potential numbering format issue between RingCentral and the customer's existing carrier dial plan numbering. 

This guide contains the following configuration sections: 


Note

SBC 5x10, 5400, 7000 and SWe are represented as SBC Core in the following sections.

Non-Goals

It is not the goal of this guide to provide detailed configurations that will meet the requirements of every customer. Use this guide as a starting point and build the SBC configurations in consultation with network design and deployment engineers. 

Audience

This is a technical document intended for telecommunications engineers with the purpose of configuring the Ribbon SBC.

The RingCentral BYOC configuration requires the customer to provide details such as the IP address and transport.

To perform this interop, you need

  • to use graphical user interface (GUI) or command line interface (CLI) of the Ribbon product.
  • to understand the basic concepts of TCP/UDP/TLS and IP/Routing.
  • to have SIP/RTP/SRTP to complete the configuration and for troubleshooting.


Note

This configuration guide is offered as a convenience to Ribbon customers. The specifications and information regarding the product in this guide are subject to change without notice. All statements, information, and recommendations in this guide are believed to be accurate but are presented without warranty of any kind, express or implied, and are provided “AS IS”. Users must take full responsibility for the application of the specifications and information in this guide.

Pre-Requisites

The following aspects are required before proceeding with the interop:

Product and Device Details

The following equipment and software were used for the sample configuration provided:

Requirements


Equipment

Software Version

Ribbon Communications

Ribbon SBC 5K /7K/SWe Core 

V10.00.00R0

RingCentralRingCentral Desktop app

21.3.20.629 Web,

21.3.10.1517 Windows

RingCentral Mobile app
21.3.20.544

Third-party Phones

Phonerlite2.77
Zoiper5.3.8

Note
  • The Ribbon SBC Core portfolio includes SBC 5x10, SBC 5400, SBC 7000 (appliance based), and SBC SWe (virtualized platform). The software version is applicable to Ribbon SBC Core portfolio, and hence, this configuration guide is valid for all these devices.
  • RingCentral Desktop app version is 21.3.20.629 or later.
  • RingCentral Mobile app version is 21.3.20.544 or later.


Network Topology Diagram

This section covers the SBC Core deployment topology and the Interoperability Test Lab Topology.

SBC Core Deployment Topology

SBC Core Deployment Topology

Interoperability Test Lab Topology

The following lab topology diagram shows connectivity between RingCentral and Ribbon SBC Core.

Interoperability Test Lab Topology


Section A: SBC Core Configuration

The following SBC Core configurations are included in this section:

  1. Network and Connectivity
  2. Static Routes

  3. TLS Configuration between Ribbon SBC Core and RingCentral

  4. PSTN Leg Configuration

  5. RingCentral Leg Configuration

1. Network and Connectivity

Ribbon SBC is as shown below:

Ribbon SBC


Mgmt is an RJ45 port and is the management interface of the SBC.

Media 0/Media1 depicted as pkt0/pkt1 are RJ45 ports. Media 0 and Media 1 are used in the current deployment and the same interfaces can be used in SBC Core 5K , 7K (appliance based). 

For the SBC SWe (virtualized platform), the logical pkt0/pkt1 interfaces must be mapped to a physical port.

2. Static Routes

Static routes are used to create communication to remote networks. In a production environment, static routes are mainly configured for routing from a specific network to a network that can only be accessed through one point or one interface (single path access or default route).

Tip
  • For smaller networks with just one or two routes, configuring static routing is preferable. This is often more efficient since a link is not being wasted by exchanging dynamic routing information.
  • For networks that have a LAN-side Gateway on Voice VLAN or Multi-Switch Edge Devices (MSEs) with Voice VLAN towards SBC Core, static routing configurations are not required.


Add the static route once PSTN Leg and RingCentral Leg configurations are done on the SBC.


Static route towards PSTN

set addressContext default staticRoute 0.0.0.0 0 10.54.X.X LIF1 PKT0_V4 preference 100
commit

Static route towards RingCentral

set addressContext default staticRoute 0.0.0.0 0 115.110.X.X LIF2 PKT1_V4 preference 100
commit

3. TLS Configuration between Ribbon SBC Core and RingCentral

Prerequisites:

  • For TLS to work on the public side of the network, you must have a trusted Certificate Authority (CA). In this scenario, GoDaddy is used as a Trusted CA.
  • Enable RingCentral BYOC trunk with TLS/SRTP.

Generate a CSR with OpenSSL 

# To create a Certificate Signing Request (CSR) and key file for a Subject Alternative Name (SAN) certificate with multiple subject alternate names, complete the following procedure:
  
Create an OpenSSL configuration file (text file) on the local computer by editing the fields to the company requirements.
  
Note 1: In the example used in this article the configuration file is req.conf.
  
Note 2: req_extensions will put the subject alternative names in a CSR, whereas x509_extensions would be used when creating an actual certificate file.
  
[req]
        distinguished_name = req_distinguished_name
        req_extensions = v3_req
        prompt = no
        [req_distinguished_name]
        C = US
        ST = VA
        L = SomeCity
        O = MyCompany
        OU = MyDivision
        CN = www.company.com
        [v3_req]
        keyUsage = keyEncipherment, dataEncipherment
        extendedKeyUsage = serverAuth
        subjectAltName = @alt_names
        [alt_names]
        DNS.1 = www.company.com
        DNS.2 = company.com
        DNS.3 = www.company.net
        DNS.4 = company.net
  
Make sure there are no whitespaces at the end of the lines.
  
#Run the following commands to create the Certificate Signing Request (CSR) and a new Key file:
openssl req -new -out company_san.csr -newkey rsa:2048 -nodes -sha256 -keyout company_san.key.temp -config req.conf
  
#Run the following command to verify the Certificate Signing Request:
openssl req -text -noout -verify -in company_san.csr
   
# After receiving the CSR with above information, provide it to CA (Certificate Authority). You will then receive the proper CA signed certificate in .crt format that is convertable into other formats using openssl.
 
# By default, you should receive two or more certificates from CA (depanding upon your CA). One is the SBC certificate, and other is CA's root and intermediate certificate.
 
# Upload the certificates to the SBC at /opt/sonus/external and convert them into SBC-readable format, i.e. SBC certificate is in .pem or .p12 format and root certificate is in .cer or .der.
  
#Converting .crt to .pem USING OPENSSL for SBC certificate.
openssl x509 -in sbc_cert.crt -out sbc_cert.der -outform DER
openssl x509 -in sbc_cert.der -inform DER -out sbc_cert.pem -outform PEM
  
#After generating sbc_cert.pem file, convert it to .p12 format using below command and the location of the certificate key.
openssl pkcs12 -export -out sbc1_cert.p12 -in sbc_cert.pem -inkey /opt/sonus/company_san.key.temp
  
#CONVERTING CRT to CER USING OPENSSL for CA's root and intermediate certificate.
openssl x509 -in root_cert.crt -out root_cert.cer -outform DER
  
After converting all these certificates upload them on SBC at /opt/sonus/external location.

Import the Required Certificates into SBC Core

Get the RingCentral Root and Intermediate certificate from RingCentral and upload into SBC Core as follows:

#Import RingCentral CA Root Certificate into database.
set system security pki certificate RC_ROOT type remote fileName RC_CA_root.der state enabled

#Import RingCentral Intermediate Certificate1 into database.
set system security pki certificate RC1 type remote fileName RC_CA_int1.der state enabled

#Import RingCentral Intermediate Certificate2 into database.
set system security pki certificate RC2 type remote fileName RC_CA_int2.der state enabled
 
#Import Public CA Certified SBC Server Certificate into database.
set system security pki certificate SBC_CERT filename sbc1_cert.p12 passPhrase <Password defined during CSR generation> state enabled type local


TLS Profile

A TLS Profile is required for the TLS handshake between SBC Core and RingCentral. This profile defines cipher suites supported by SBC Core. Create the TLS profile as mentioned below:

set profiles security tlsProfile TLS_PROF clientCertName SBC_CERT serverCertName SBC_CERT cipherSuite1 tls_ecdhe_rsa_with_aes_256_cbc_sha384 cipherSuite2 tls_ecdhe_rsa_with_aes_128_cbc_sha authClient false allowedRoles clientandserver acceptableCertValidationErrors invalidPurpose
set profiles security tlsProfile TLS_PROF clientCertName SBC_CERT
set profiles security tlsProfile TLS_PROF serverCertName SBC_CERT
set profiles security tlsProfile TLS_PROF v1_0 disable
set profiles security tlsProfile TLS_PROF v1_1 enable
set profiles security tlsProfile TLS_PROF v1_2 enable
commit

Attach the TLS Profile to the SIP Signaling Port that will be created later in RingCentral Leg Configuration.

 4. PSTN Leg Configuration

Create profiles with a specific set of characteristics corresponding to PSTN. This includes configuration of the following entities on the PSTN leg:

  1. Codec Entry
  2. Packet Service Profile
  3. IP Signaling Profile
  4. IP Interface Group
  5. Zone
  6. SIP Signaling Port
  7. IP Peer
  8. SIP Trunk Group
  9. Routing Label
  10. Call Routing

4.1 Codec Entry

Codec entry allows you to specify the codec used for the callCreate the codec entry for the G711 codec with packet size 20 and rfc2833 method for dtmf.

set profiles media codecEntry G711ULAW codec g711
set profiles media codecEntry G711ULAW law ULaw
set profiles media codecEntry G711ULAW packetSize 20
set profiles media codecEntry G711ULAW dtmf relay rfc2833
commit

4.2 Packet Service Profile (PSP)

Create a Packet Service Profile (PSP) for the PSTN leg. The PSP is attached to sipTrunkGroup created later in this section.

set profiles media packetServiceProfile PSTN_PSP codec codecEntry1 G711ULAW
set profiles media packetServiceProfile PSTN_PSP rtcpOptions rtcp enable
commit

4.3 IP Signaling Profile (IPSP)

Create an IP Signaling Profile with appropriate signaling flags towards PSTN.

set profiles signaling ipSignalingProfile PSTN_IPSP
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes flags disable2806Compliance enable
commit

4.4 IP Interface Group

Create an IP interface group.

Replace "x.x.x.x" with the SBC's packet interface (pkt) IP address towards PSTN (example pkt0 IP), and "Y" with its prefix length. Provide the ceName used during an SBC deployment.

Here the ceName is "RC".

set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName RC portName pkt0
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ipAddress x.x.x.x prefix Y
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 mode inService state enabled
commit


4.5 Zone

Create the Zone towards PSTN and specify the id of the zone.

This Zone groups the set of objects used for the communication towards PSTN.

set addressContext default zone PSTN id 2
commit

4.6 SIP Signaling Port

Set the SIP Signaling port, which is a logical address used to send and receive SIP call signaling packets and is permanently bound to a specific zone.

Replace "x.x.x.x" with the SIP Signaling Port IP of SBC towards PSTN.

set addressContext default zone PSTN sipSigPort 3 ipInterfaceGroupName LIF1
set addressContext default zone PSTN sipSigPort 3 ipAddressV4 x.x.x.x
set addressContext default zone PSTN sipSigPort 3 portNumber 5060
set addressContext default zone PSTN sipSigPort 3 transportProtocolsAllowed sip-udp
set addressContext default zone PSTN sipSigPort 3 mode inService
set addressContext default zone PSTN sipSigPort 3 state enabled
commit

4.7 IP Peer

Create an IP Peer with the signaling IP address of the PSTN (Service Provider) and assign it to the PSTN Zone.

Replace "x.x.x.x" with the PSTN IP.


set addressContext default zone PSTN ipPeer PSTN_IPP ipAddress x.x.x.x
set addressContext default zone PSTN ipPeer PSTN_IPP ipPort 5060
commit

4.8 SIP Trunk Group

Create a SIP Trunk Group towards the PSTN and assign corresponding profiles like PSP and IPSP that where created in earlier steps.

You must configure Trunk Group names using upper case letters.

set addressContext default zone PSTN sipTrunkGroup PSTN_TG media mediaIpInterfaceGroupName LIF1 
set addressContext default zone PSTN sipTrunkGroup PSTN_TG mode inService state enabled
commit

set addressContext default zone PSTN sipTrunkGroup PSTN_TG policy digitParameterHandling numberingPlan INDIA_NUM_PLAN
set addressContext default zone PSTN sipTrunkGroup PSTN_TG policy signaling ipSignalingProfile PSTN_IPSP
set addressContext default zone PSTN sipTrunkGroup PSTN_TG policy media packetServiceProfile PSTN_PSP
set addressContext default zone PSTN sipTrunkGroup PSTN_TG ingressIpPrefix 0.0.0.0 0
commit

4.9 Routing Label

Create a Routing Label with a single Routing Label Route to bind the PSTN Trunk Group with the PSTN IP Peer.

set global callRouting routingLabel PSTN_RL routingLabelRoute 1 trunkGroup PSTN_TG
set global callRouting routingLabel PSTN_RL routingLabelRoute 1 ipPeer PSTN_IPP
set global callRouting routingLabel PSTN_RL routingLabelRoute 1 inService inService
commit

4.10 Call Routing

This entry is used to route all the calls coming from PSTN towards RingCentral endpoints.

Provide the ceName used during an SBC deployment. "RC" is the ceName.

set global callRouting route trunkGroup PSTN_TG RC standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel RC_RL
commit

5. RingCentral Leg Configuration

Create profiles with a specific set of characteristics corresponding to RingCentral. This includes configuration of the following entities on the RingCentral leg:

  1. Codec Entry
  2. Packet Service Profile
  3. IP Signaling Profile
  4. IP Interface Group
  5. Zone
  6. SIP Signaling Port
  7. IP Peer
  8. SIP Trunk Group
  9. Routing Label
  10. Call Routing

5.1 Codec Entry

Codec entry allows you to specify the codec used for the callCreate the codec entry for G711Ulaw codec with packet size 20 and rfc2833 method for dtmf.

set profiles media codecEntry G711_RC codec g711
set profiles media codecEntry G711_RC law ULaw
set profiles media codecEntry G711_RC packetSize 20
set profiles media codecEntry G711_RC dtmf relay rfc2833
commit

5.2 Packet Service Profile (PSP)

Create a Packet Service Profile (PSP) for the RingCentral leg. The PSP is attached to the sipTrunkGroup that is created later in this section.

Since there is an SRTP between the SBC Core and RingCentral, you must create a crypto suite profile.

set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES_256_CM_HMAC_SHA1_80

The Crypto Suite profile is attached to the RC_PSP.

set profiles media packetServiceProfile RC_PSP codec codecEntry1 G711_RC
set profiles media packetServiceProfile RC_PSP rtcpOptions rtcp enable
set profiles media packetServiceProfile RC_PSP secureRtpRtcp cryptoSuiteProfile CRYPT_PROF
set profiles media packetServiceProfile RC_PSP secureRtpRtcp flags allowFallback enable
set profiles media packetServiceProfile RC_PSP secureRtpRtcp flags enableSrtp enable
commit

5.3 IP Signaling Profile (IPSP)

Create an IP Signaling Profile with appropriate signaling flags towards RingCentral.

The SBC Core to RingCentral transport type is TLS. Therefore, enable the same transport type in RC_IPSP.

set profiles signaling ipSignalingProfile RC_IPSP
set profiles signaling ipSignalingProfile RC_IPSP egressIpAttributes flags disable2806Compliance enable
set profiles signaling ipSignalingProfile RC_IPSP egressIpAttributes numberGlobalizationProfile DEFAULT_IP
set profiles signaling ipSignalingProfile RC_IPSP egressIpAttributes transport type1 tlsOverTcp
commit

5.4 IP Interface Group

Create an IP interface group.

Replace "x.x.x.x" with the SBC's packet interface (pkt) IP address towards RingCentral (for example pkt1 IP) and "Y" with its prefix length. Provide the ceName used during an SBC deployment.

Here the ceName is "RC".

set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName RC portName pkt1
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ipAddress x.x.x.x prefix 26
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled
commit


5.5 Zone

Create a Zone towards RingCentral and specify the id of the zone.

This Zone groups the set of objects used for communication towards RingCentral.

set addressContext default zone RC id 6
commit

5.6 SIP Signaling Port

Set the SIP Signaling port, which is a logical address  used to send and receive SIP call signaling packets and is permanently bound to a specific zone.

Replace "x.x.x.x" with the SIP Signaling Port IP address of the SBC towards RingCentral.

set addressContext default zone RC sipSigPort 7 ipInterfaceGroupName LIF2
set addressContext default zone RC sipSigPort 7 ipAddressV4 x.x.x.x
set addressContext default zone RC sipSigPort 7 portNumber 5060
set addressContext default zone RC sipSigPort 7 tlsProfileName TLS_PROF
set addressContext default zone RC sipSigPort 7 transportProtocolsAllowed sip-tls-tcp
set addressContext default zone RC sipSigPort 7 mode inService
set addressContext default zone RC sipSigPort 7 state enabled
commit

You created the TLS profile in TLS Profile.

There are a few areas that result in a TLS negotiation issue. One area involves assigning the incorrect port. Ensure the following are accomplished: 

  • RingCentral listens on port number 5061 (default setting).

  • Configure port number 5060 on RingCentral IP-Peer since Ribbon SBC Core increments the port by 1 when the transport protocol is TLS.

5.7 IP Peer

Create an IP Peer with the signaling IP address of RingCentral and assign it to Zone "RC" created earlier.

Replace "x.x.x.x" with the RingCentral SIP signaling IP.


set addressContext default zone RC ipPeer RC_IPP ipAddress x.x.x.x
set addressContext default zone RC ipPeer RC_IPP ipPort 5060
commit

Path Check Profile

Create a path check profile that attaches to the RingCentral side. 

set profiles services pathCheckProfile RC_OPTIONS protocol sipOptions sendInterval 20 replyTimeoutCount 1 recoveryCount 1
set profiles services pathCheckProfile RC_OPTIONS transportPreference preference1 tls-tcp
commit

5.8 SIP Trunk Group

Create a SIP Trunk Group towards RingCentral and assign corresponding profiles like PSP and IPSP that were created in earlier steps.

You must configure Trunk Group names using upper case letters.

set addressContext default zone RC sipTrunkGroup RC_TG media mediaIpInterfaceGroupName LIF2 
set addressContext default zone RC sipTrunkGroup RC_TG mode inService state enabled
commit

set addressContext default zone RC sipTrunkGroup RC_TG policy digitParameterHandling numberingPlan NANP_ACCESS
set addressContext default zone RC sipTrunkGroup RC_TG policy signaling ipSignalingProfile RC_IPSP
set addressContext default zone RC sipTrunkGroup RC_TG policy media packetServiceProfile RC_PSP
set addressContext default zone RC sipTrunkGroup RC_TG signaling transportPreference preference1 tls-tcp
set addressContext default zone RC sipTrunkGroup RC_TG ingressIpPrefix 0.0.0.0 0
commit

5.9 Routing Label

Create a Routing Label with a single Routing Label Route to bind the RC Trunk Group with the RC IP Peer.

set global callRouting routingLabel RC_RL routingLabelRoute 1 trunkGroup RC_TG
set global callRouting routingLabel RC_RL routingLabelRoute 1 ipPeer RC_IPP
set global callRouting routingLabel RC_RL routingLabelRoute 1 inService inService
commit

5.10 Call Routing

This entry is used to route all the calls coming from RC towards the PSTN endpoints.

Provide the ceName used during an SBC deployment. "RC" is the ceName.

set global callRouting route trunkGroup RC_TG RC standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel PSTN_RL
commit

Section B: RingCentral BYOC Deployment

Enabling and Configuring BYOC

You can enable BYOC by contacting your RingCentral account manager. Your account manager collects information about your carrier and carrier phone numbers. 
If you need to add or change BYOC Gateways (GWs) or carrier phone numbers on your account, contact your RingCentral account manager.

For more information on BYOC Configuration: 

https://support.ringcentral.com/article/adding-user-phone-using-your-own-carrier.html

Supplementary Services & Features Coverage

The following checklist depicts the set of services/features covered through the configuration defined in this Interop Guide.


Sr.No.Supplementary Features/ServicesCoverage
1Basic Registration over UDP, TCP & TLS

N/A

2Basic Call Setup

3Basic Call Termination

4Auto Receptionist (Auto Attendant)

5Call Waiting

6Call Hold/Resume

7Call Transfer - Blind (Cold Transfer)

8Call Transfer - Consult (Warm Transfer)

9Call Queue

10Conference

11Voicemail

12Call Forward (Ring Number Simultaneously)

13Call Switch

14Call Flip

Legend

Supported

Not Supported
N/ANot Applicable

Support

For any support related queries about this guide, contact your local Ribbon representative, or use the details below:

References

For detailed information about Ribbon products & solutions, go to :

https://ribboncommunications.com/products

For information about RingCentral products & solutions, go to:

https://www.ringcentral.com/

Conclusion

This Interoperability Guide describes successful configuration covering RingCentral interop with Ribbon SBC Core.

All features and capabilities tested are detailed within this document - any limitations, notes or observations are also recorded in order to provide the reader with an accurate understanding of what has been covered, and what has not.

Configuration guidance is provided to enable the reader to replicate the same base setup - there maybe additional configuration changes required to suit the exact deployment environment.




© 2021 Ribbon Communications Operating Company, Inc. © 2021 ECI Telecom Ltd. All rights reserved.