© 2021 Ribbon Communications Operating Company, Inc. © 2021 ECI Telecom Ltd. All rights reserved. The compilation (meaning the collection, arrangement and assembly) of all content on this site is protected by U.S. and international copyright laws and treaty provisions and may not be used, copied, reproduced, modified, published, uploaded, posted, transmitted or distributed in any way, without prior written consent of Ribbon Communications Inc.
The trademarks, logos, service marks, trade names, and trade dress (“look and feel”) on this website, including without limitation the RIBBON and RIBBON logo marks, are protected by applicable US and foreign trademark rights and other proprietary rights and are the property of Ribbon Communications Operating Company, Inc. or its affiliates. Any third-party trademarks, logos, service marks, trade names and trade dress may be the property of their respective owners. Any uses of the trademarks, logos, service marks, trade names, and trade dress without the prior written consent of Ribbon Communications Operating Company, Inc., its affiliates, or the third parties that own the proprietary rights, are expressly prohibited.
This document outlines the configuration best practices for the Ribbon SBC Core (SBC 5K, 7K, SWe) when deployed with RingCentral Bring Your Own Carrier (BYOC). This means that for all subscribers catering to RingCentral customers, the PSTN calls terminating through the local SBC Core are directly connected to the Service Provider of their choice.
A Session Border Controller (SBC) is a network element deployed to protect SIP-based Voice over Internet Protocol (VoIP) networks. Early deployments of SBCs were focused on the borders between two service provider networks in a peering environment. This role has now expanded to include significant deployments between a service provider's access network and a backbone network to provide service to residential and/or enterprise customers. The interoperability compliance testing focuses on verifying inbound and outbound call flows between Ribbon SBC 5K/7K/SWe and RingCentral cloud. Ribbon SBC 5K/7K/SWe is deployed on the customer site to resolve any potential numbering format issue between RingCentral and the customer's existing carrier dial plan numbering.
This guide contains the following configuration sections:
SBC 5x10, 5400, 7000 and SWe are represented as SBC Core in the following sections.
It is not the goal of this guide to provide detailed configurations that will meet the requirements of every customer. Use this guide as a starting point and build the SBC configurations in consultation with network design and deployment engineers.
This is a technical document intended for telecommunications engineers with the purpose of configuring the Ribbon SBC.
The RingCentral BYOC configuration requires the customer to provide details such as the IP address and transport.
To perform this interop, you need
This configuration guide is offered as a convenience to Ribbon customers. The specifications and information regarding the product in this guide are subject to change without notice. All statements, information, and recommendations in this guide are believed to be accurate but are presented without warranty of any kind, express or implied, and are provided “AS IS”. Users must take full responsibility for the application of the specifications and information in this guide.
The following aspects are required before proceeding with the interop:
The following equipment and software were used for the sample configuration provided:
Requirements
Equipment | Software Version | |
---|---|---|
Ribbon Communications | Ribbon SBC 5K /7K/SWe Core | V10.00.00R0 |
RingCentral | RingCentral Desktop app | 21.3.20.629 Web, 21.3.10.1517 Windows |
RingCentral Mobile app | 21.3.20.544 | |
Third-party Phones | Phonerlite | 2.77 |
Zoiper | 5.3.8 |
This section covers the SBC Core deployment topology and the Interoperability Test Lab Topology.
SBC Core Deployment Topology
The following lab topology diagram shows connectivity between RingCentral and Ribbon SBC Core.
Interoperability Test Lab Topology
The following SBC Core configurations are included in this section:
Ribbon SBC is as shown below:
Ribbon SBC
Mgmt is an RJ45 port and is the management interface of the SBC.
Media 0/Media1 depicted as pkt0/pkt1 are RJ45 ports. Media 0 and Media 1 are used in the current deployment and the same interfaces can be used in SBC Core 5K , 7K (appliance based).
For the SBC SWe (virtualized platform), the logical pkt0/pkt1 interfaces must be mapped to a physical port.
Static routes are used to create communication to remote networks. In a production environment, static routes are mainly configured for routing from a specific network to a network that can only be accessed through one point or one interface (single path access or default route).
Add the static route once PSTN Leg and RingCentral Leg configurations are done on the SBC.
set addressContext default staticRoute 0.0.0.0 0 10.54.X.X LIF1 PKT0_V4 preference 100 commit
set addressContext default staticRoute 0.0.0.0 0 115.110.X.X LIF2 PKT1_V4 preference 100 commit
Prerequisites:
# To create a Certificate Signing Request (CSR) and key file for a Subject Alternative Name (SAN) certificate with multiple subject alternate names, complete the following procedure: Create an OpenSSL configuration file (text file) on the local computer by editing the fields to the company requirements. Note 1: In the example used in this article the configuration file is req.conf. Note 2: req_extensions will put the subject alternative names in a CSR, whereas x509_extensions would be used when creating an actual certificate file. [req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] C = US ST = VA L = SomeCity O = MyCompany OU = MyDivision CN = www.company.com [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = www.company.com DNS.2 = company.com DNS.3 = www.company.net DNS.4 = company.net Make sure there are no whitespaces at the end of the lines. #Run the following commands to create the Certificate Signing Request (CSR) and a new Key file: openssl req -new -out company_san.csr -newkey rsa:2048 -nodes -sha256 -keyout company_san.key.temp -config req.conf #Run the following command to verify the Certificate Signing Request: openssl req -text -noout -verify -in company_san.csr # After receiving the CSR with above information, provide it to CA (Certificate Authority). You will then receive the proper CA signed certificate in .crt format that is convertable into other formats using openssl. # By default, you should receive two or more certificates from CA (depanding upon your CA). One is the SBC certificate, and other is CA's root and intermediate certificate. # Upload the certificates to the SBC at /opt/sonus/external and convert them into SBC-readable format, i.e. SBC certificate is in .pem or .p12 format and root certificate is in .cer or .der. #Converting .crt to .pem USING OPENSSL for SBC certificate. openssl x509 -in sbc_cert.crt -out sbc_cert.der -outform DER openssl x509 -in sbc_cert.der -inform DER -out sbc_cert.pem -outform PEM #After generating sbc_cert.pem file, convert it to .p12 format using below command and the location of the certificate key. openssl pkcs12 -export -out sbc1_cert.p12 -in sbc_cert.pem -inkey /opt/sonus/company_san.key.temp #CONVERTING CRT to CER USING OPENSSL for CA's root and intermediate certificate. openssl x509 -in root_cert.crt -out root_cert.cer -outform DER After converting all these certificates upload them on SBC at /opt/sonus/external location.
Get the RingCentral Root and Intermediate certificate from RingCentral and upload into SBC Core as follows:
#Import RingCentral CA Root Certificate into database. set system security pki certificate RC_ROOT type remote fileName RC_CA_root.der state enabled #Import RingCentral Intermediate Certificate1 into database. set system security pki certificate RC1 type remote fileName RC_CA_int1.der state enabled #Import RingCentral Intermediate Certificate2 into database. set system security pki certificate RC2 type remote fileName RC_CA_int2.der state enabled #Import Public CA Certified SBC Server Certificate into database. set system security pki certificate SBC_CERT filename sbc1_cert.p12 passPhrase <Password defined during CSR generation> state enabled type local
TLS Profile
A TLS Profile is required for the TLS handshake between SBC Core and RingCentral. This profile defines cipher suites supported by SBC Core. Create the TLS profile as mentioned below:
set profiles security tlsProfile TLS_PROF clientCertName SBC_CERT serverCertName SBC_CERT cipherSuite1 tls_ecdhe_rsa_with_aes_256_cbc_sha384 cipherSuite2 tls_ecdhe_rsa_with_aes_128_cbc_sha authClient false allowedRoles clientandserver acceptableCertValidationErrors invalidPurpose set profiles security tlsProfile TLS_PROF clientCertName SBC_CERT set profiles security tlsProfile TLS_PROF serverCertName SBC_CERT set profiles security tlsProfile TLS_PROF v1_0 disable set profiles security tlsProfile TLS_PROF v1_1 enable set profiles security tlsProfile TLS_PROF v1_2 enable commit
Attach the TLS Profile to the SIP Signaling Port that will be created later in RingCentral Leg Configuration.
Create profiles with a specific set of characteristics corresponding to PSTN. This includes configuration of the following entities on the PSTN leg:
Codec entry allows you to specify the codec used for the call. Create the codec entry for the G711 codec with packet size 20 and rfc2833 method for dtmf.
set profiles media codecEntry G711ULAW codec g711 set profiles media codecEntry G711ULAW law ULaw set profiles media codecEntry G711ULAW packetSize 20 set profiles media codecEntry G711ULAW dtmf relay rfc2833 commit
Create a Packet Service Profile (PSP) for the PSTN leg. The PSP is attached to sipTrunkGroup created later in this section.
set profiles media packetServiceProfile PSTN_PSP codec codecEntry1 G711ULAW set profiles media packetServiceProfile PSTN_PSP rtcpOptions rtcp enable commit
Create an IP Signaling Profile with appropriate signaling flags towards PSTN.
set profiles signaling ipSignalingProfile PSTN_IPSP set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes flags disable2806Compliance enable commit
Create an IP interface group.
Replace "x.x.x.x" with the SBC's packet interface (pkt) IP address towards PSTN (example pkt0 IP), and "Y" with its prefix length. Provide the ceName used during an SBC deployment.
Here the ceName is "RC".
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName RC portName pkt0 set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ipAddress x.x.x.x prefix Y set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 mode inService state enabled commit
Create the Zone towards PSTN and specify the id of the zone.
This Zone groups the set of objects used for the communication towards PSTN.
set addressContext default zone PSTN id 2 commit
Set the SIP Signaling port, which is a logical address used to send and receive SIP call signaling packets and is permanently bound to a specific zone.
Replace "x.x.x.x" with the SIP Signaling Port IP of SBC towards PSTN.
set addressContext default zone PSTN sipSigPort 3 ipInterfaceGroupName LIF1 set addressContext default zone PSTN sipSigPort 3 ipAddressV4 x.x.x.x set addressContext default zone PSTN sipSigPort 3 portNumber 5060 set addressContext default zone PSTN sipSigPort 3 transportProtocolsAllowed sip-udp set addressContext default zone PSTN sipSigPort 3 mode inService set addressContext default zone PSTN sipSigPort 3 state enabled commit
Create an IP Peer with the signaling IP address of the PSTN (Service Provider) and assign it to the PSTN Zone.
Replace "x.x.x.x" with the PSTN IP.
set addressContext default zone PSTN ipPeer PSTN_IPP ipAddress x.x.x.x set addressContext default zone PSTN ipPeer PSTN_IPP ipPort 5060 commit
Create a SIP Trunk Group towards the PSTN and assign corresponding profiles like PSP and IPSP that where created in earlier steps.
You must configure Trunk Group names using upper case letters.
set addressContext default zone PSTN sipTrunkGroup PSTN_TG media mediaIpInterfaceGroupName LIF1 set addressContext default zone PSTN sipTrunkGroup PSTN_TG mode inService state enabled commit set addressContext default zone PSTN sipTrunkGroup PSTN_TG policy digitParameterHandling numberingPlan INDIA_NUM_PLAN set addressContext default zone PSTN sipTrunkGroup PSTN_TG policy signaling ipSignalingProfile PSTN_IPSP set addressContext default zone PSTN sipTrunkGroup PSTN_TG policy media packetServiceProfile PSTN_PSP set addressContext default zone PSTN sipTrunkGroup PSTN_TG ingressIpPrefix 0.0.0.0 0 commit
Create a Routing Label with a single Routing Label Route to bind the PSTN Trunk Group with the PSTN IP Peer.
set global callRouting routingLabel PSTN_RL routingLabelRoute 1 trunkGroup PSTN_TG set global callRouting routingLabel PSTN_RL routingLabelRoute 1 ipPeer PSTN_IPP set global callRouting routingLabel PSTN_RL routingLabelRoute 1 inService inService commit
This entry is used to route all the calls coming from PSTN towards RingCentral endpoints.
Provide the ceName used during an SBC deployment. "RC" is the ceName.
set global callRouting route trunkGroup PSTN_TG RC standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel RC_RL commit
Create profiles with a specific set of characteristics corresponding to RingCentral. This includes configuration of the following entities on the RingCentral leg:
Codec entry allows you to specify the codec used for the call. Create the codec entry for G711Ulaw codec with packet size 20 and rfc2833 method for dtmf.
set profiles media codecEntry G711_RC codec g711 set profiles media codecEntry G711_RC law ULaw set profiles media codecEntry G711_RC packetSize 20 set profiles media codecEntry G711_RC dtmf relay rfc2833 commit
Create a Packet Service Profile (PSP) for the RingCentral leg. The PSP is attached to the sipTrunkGroup that is created later in this section.
Since there is an SRTP between the SBC Core and RingCentral, you must create a crypto suite profile.
set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES_256_CM_HMAC_SHA1_80
The Crypto Suite profile is attached to the RC_PSP.
set profiles media packetServiceProfile RC_PSP codec codecEntry1 G711_RC set profiles media packetServiceProfile RC_PSP rtcpOptions rtcp enable set profiles media packetServiceProfile RC_PSP secureRtpRtcp cryptoSuiteProfile CRYPT_PROF set profiles media packetServiceProfile RC_PSP secureRtpRtcp flags allowFallback enable set profiles media packetServiceProfile RC_PSP secureRtpRtcp flags enableSrtp enable commit
Create an IP Signaling Profile with appropriate signaling flags towards RingCentral.
The SBC Core to RingCentral transport type is TLS. Therefore, enable the same transport type in RC_IPSP.
set profiles signaling ipSignalingProfile RC_IPSP set profiles signaling ipSignalingProfile RC_IPSP egressIpAttributes flags disable2806Compliance enable set profiles signaling ipSignalingProfile RC_IPSP egressIpAttributes numberGlobalizationProfile DEFAULT_IP set profiles signaling ipSignalingProfile RC_IPSP egressIpAttributes transport type1 tlsOverTcp commit
Create an IP interface group.
Replace "x.x.x.x" with the SBC's packet interface (pkt) IP address towards RingCentral (for example pkt1 IP) and "Y" with its prefix length. Provide the ceName used during an SBC deployment.
Here the ceName is "RC".
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName RC portName pkt1 set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ipAddress x.x.x.x prefix 26 set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled commit
Create a Zone towards RingCentral and specify the id of the zone.
This Zone groups the set of objects used for communication towards RingCentral.
set addressContext default zone RC id 6 commit
Set the SIP Signaling port, which is a logical address used to send and receive SIP call signaling packets and is permanently bound to a specific zone.
Replace "x.x.x.x" with the SIP Signaling Port IP address of the SBC towards RingCentral.
set addressContext default zone RC sipSigPort 7 ipInterfaceGroupName LIF2 set addressContext default zone RC sipSigPort 7 ipAddressV4 x.x.x.x set addressContext default zone RC sipSigPort 7 portNumber 5060 set addressContext default zone RC sipSigPort 7 tlsProfileName TLS_PROF set addressContext default zone RC sipSigPort 7 transportProtocolsAllowed sip-tls-tcp set addressContext default zone RC sipSigPort 7 mode inService set addressContext default zone RC sipSigPort 7 state enabled commit
You created the TLS profile in TLS Profile.
There are a few areas that result in a TLS negotiation issue. One area involves assigning the incorrect port. Ensure the following are accomplished:
RingCentral listens on port number 5061 (default setting).
Configure port number 5060 on RingCentral IP-Peer since Ribbon SBC Core increments the port by 1 when the transport protocol is TLS.
Create an IP Peer with the signaling IP address of RingCentral and assign it to Zone "RC" created earlier.
Replace "x.x.x.x" with the RingCentral SIP signaling IP.
set addressContext default zone RC ipPeer RC_IPP ipAddress x.x.x.x set addressContext default zone RC ipPeer RC_IPP ipPort 5060 commit
Path Check Profile
Create a path check profile that attaches to the RingCentral side.
set profiles services pathCheckProfile RC_OPTIONS protocol sipOptions sendInterval 20 replyTimeoutCount 1 recoveryCount 1 set profiles services pathCheckProfile RC_OPTIONS transportPreference preference1 tls-tcp commit
Create a SIP Trunk Group towards RingCentral and assign corresponding profiles like PSP and IPSP that were created in earlier steps.
You must configure Trunk Group names using upper case letters.
set addressContext default zone RC sipTrunkGroup RC_TG media mediaIpInterfaceGroupName LIF2 set addressContext default zone RC sipTrunkGroup RC_TG mode inService state enabled commit set addressContext default zone RC sipTrunkGroup RC_TG policy digitParameterHandling numberingPlan NANP_ACCESS set addressContext default zone RC sipTrunkGroup RC_TG policy signaling ipSignalingProfile RC_IPSP set addressContext default zone RC sipTrunkGroup RC_TG policy media packetServiceProfile RC_PSP set addressContext default zone RC sipTrunkGroup RC_TG signaling transportPreference preference1 tls-tcp set addressContext default zone RC sipTrunkGroup RC_TG ingressIpPrefix 0.0.0.0 0 commit
Create a Routing Label with a single Routing Label Route to bind the RC Trunk Group with the RC IP Peer.
set global callRouting routingLabel RC_RL routingLabelRoute 1 trunkGroup RC_TG set global callRouting routingLabel RC_RL routingLabelRoute 1 ipPeer RC_IPP set global callRouting routingLabel RC_RL routingLabelRoute 1 inService inService commit
This entry is used to route all the calls coming from RC towards the PSTN endpoints.
Provide the ceName used during an SBC deployment. "RC" is the ceName.
set global callRouting route trunkGroup RC_TG RC standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel PSTN_RL commit
You can enable BYOC by contacting your RingCentral account manager. Your account manager collects information about your carrier and carrier phone numbers.
If you need to add or change BYOC Gateways (GWs) or carrier phone numbers on your account, contact your RingCentral account manager.
For more information on BYOC Configuration:
https://support.ringcentral.com/article/adding-user-phone-using-your-own-carrier.html
The following checklist depicts the set of services/features covered through the configuration defined in this Interop Guide.
Sr.No. | Supplementary Features/Services | Coverage |
---|---|---|
1 | Basic Registration over UDP, TCP & TLS | N/A |
2 | Basic Call Setup | |
3 | Basic Call Termination | |
4 | Auto Receptionist (Auto Attendant) | |
5 | Call Waiting | |
6 | Call Hold/Resume | |
7 | Call Transfer - Blind (Cold Transfer) | |
8 | Call Transfer - Consult (Warm Transfer) | |
9 | Call Queue | |
10 | Conference | |
11 | Voicemail | |
12 | Call Forward (Ring Number Simultaneously) | |
13 | Call Switch | |
14 | Call Flip |
Legend
Supported | |
Not Supported | |
N/A | Not Applicable |
For any support related queries about this guide, contact your local Ribbon representative, or use the details below:
For detailed information about Ribbon products & solutions, go to :
https://ribboncommunications.com/products
For information about RingCentral products & solutions, go to:
This Interoperability Guide describes successful configuration covering RingCentral interop with Ribbon SBC Core.
All features and capabilities tested are detailed within this document - any limitations, notes or observations are also recorded in order to provide the reader with an accurate understanding of what has been covered, and what has not.
Configuration guidance is provided to enable the reader to replicate the same base setup - there maybe additional configuration changes required to suit the exact deployment environment.
© 2021 Ribbon Communications Operating Company, Inc. © 2021 ECI Telecom Ltd. All rights reserved.