Table of Contents


Interoperable Vendors

  

© 2024 Ribbon Communications Operating Company, Inc. © 2024 ECI Telecom Ltd. All rights reserved. The compilation (meaning the collection, arrangement and assembly) of all content on this site is protected by U.S. and international copyright laws and treaty provisions and may not be used, copied, reproduced, modified, published, uploaded, posted, transmitted or distributed in any way, without prior written consent of Ribbon Communications Inc.

The trademarks, logos, service marks, trade names, and trade dress (“look and feel”) on this website, including without limitation the RIBBON and RIBBON logo marks, are protected by applicable US and foreign trademark rights and other proprietary rights and are the property of Ribbon Communications Operating Company, Inc. or its affiliates. Any third-party trademarks, logos, service marks, trade names and trade dress may be the property of their respective owners.  Any uses of the trademarks, logos, service marks, trade names, and trade dress without the prior written consent of Ribbon Communications Operating Company, Inc., its affiliates, or the third parties that own the proprietary rights, are expressly prohibited.

Document Overview

This document outlines the configuration best practices for the Ribbon SBC Core (SBC 5K, 7K, SWe) when deployed with the Lawful Intercept server. 

About Ribbon SBC Core

The SBC Core (SBC 5K, 7K, SWe) addresses the next-generation needs of SIP communications by delivering embedded media transcoding, robust security, and advanced call routing in a high-performance, small form-factor device. This enables service providers and enterprises to quickly and securely enhance their networks by implementing services like SIP Trunking, secure Unified Communications, and Voice over IP (VoIP).

The SBC Core provides a reliable, scalable platform for IP interconnect to deliver security, session control, bandwidth management, advanced media services, and integrated billing/reporting tools in an SBC appliance. This versatile series of SBCs can be deployed as peering SBCs, access SBCs, or enterprise SBCs (eSBCs). The SBC product family is tested for interoperability and performance against various third-party products and call flow configurations in the customer networks.

Note

The subsequent sections represent SBC 5400, 7000, and SWe as SBC Core.

About Group 2000

Group 2000 is a professional partner for legal compliance, resilient networks, and smart devices. It contributes by creating intelligent security solutions for law enforcement, intelligence agencies, telecom providers, and internet service providers.

Scope/Non-Goals

This document provides configuration best practices for deploying Ribbon SBC Core for Lawful Intercept interop with Group 2000's LIMA Lawful Intercept server. Lawful Intercept (LI) enables a Law Enforcement Agency (LEA) to perform authorized electronic communication surveillance involving users or subscribers against whom a warrant has been issued. 

Group 2000's LIMA Lawful Intercept server is connected to the Ribbon devices over an IPsec tunnel. For target provisioning, LIMA connects over the X1 interface to the Ribbon RAMP. The Ribbon SBC Core is connected over the X2/X3 interface to the LIMA server for call content and data. In this interop, SBC uses the IMSLI variant of the LI.

Audience

This technical document is intended for telecommunication engineers to configure the Ribbon SBC.

To perform this interop, you need to:

  • use the Graphical User Interface (GUI) or Command Line Interface (CLI) of the Ribbon product.


Note

This configuration guide is offered to Ribbon customers for convenience. The specifications and information regarding the product in this guide are subject to change without notice. All statements, information, and recommendations in this guide are believed to be accurate but are presented without warranty of any kind, express or implied, and are provided “AS IS.” Users must take full responsibility for applying the specifications and information in this guide.

Prerequisites

The following aspects are required before proceeding with the interop:

  • Ribbon SBC Core.
  • Ribbon PSX.
  • Ribbon RAMP.
  • Ribbon license for SBC Core, PSX, and RAMP.
    • To enable Lawful Intercept functionality on Ribbon SBC, PSX, and RAMP, you need a valid Ribbon license.

Product and Device Details

The configuration uses the following equipment and software:

Product

Appliance/ Application/ Tool

Software Version

Ribbon CommunicationRibbon SBC Core11.1.0 
PSX15.1.1 
RAMP23.9.0
Group 2000Group 200011.5
Third-party EquipmentPoly VVX 411VVX 601

Administration and Debugging Tools

Wireshark3.4.9
Note

The Ribbon SBC Core portfolio includes SBC 5400, SBC 7000 (appliance-based), and SBC SWe (virtualized platform). The software version applies to the Ribbon SBC Core portfolio, and this configuration guide is valid for all of these devices.

Network Topology and E2E Flow Diagrams

Deployment Topology

Interoperability Test Lab Topology



Call Flow Diagram



Document Workflow

The sections in this document follow the sequence below. Complete each section for the configuration to be successful.

Note

LI server installation and configuration are out of scope for this interop guide

Installing Ribbon SBC Core

Ribbon SBC Standalone

To deploy a Ribbon SBC Core standalone instance, refer to SBC Installation.

Ribbon SBC Core Configuration

Ribbon SBC Core Configuration for PSTN

For call-related configuration on SBC, log into the SBC as an admin user.

IP Interface Group - PSTN1

An IP Interface Group is a named object containing one or more IP interfaces (IP addresses). The IP Interface Group is Address Context-specific (for example, permanently bound to a particular Address Context), and is the primary tool for managing disjointed networks (separate networks that are not designed to communicate directly). An IP Interface Group is the local manifestation of a segregated network domain. The service section of an IP trunk group and a Signaling Port typically reference an IP Interface Group to restrict signaling and/or media activity to that IP Interface Group.

%set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ipAddress X.X.X.X portName pkt0 prefix X ceName TELIASBCCORESA
%set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 state enabled mode inService
%commit

IP Static Route - PSTN1

This object specifies the gateway to which you wish to direct traffic from your Packet, Management, or Link Interface. This object allows you to add, change, and delete gateways (next Hops) to these interfaces. Interface and static routes combine to form the IP routing table for your network.

An IP Static Route provides a route to each potential call destination IP address. It is used to add static IP routes for the IP interfaces. A Static Route indicates the next Hop gateway and IP interface to use for a particular peer network IP prefix.

%set addressContext default staticRoute x.x.x.x x x.x.x.x LIF1 PKT0_V4 preference 100
%commit

Zone - PSTN1

A zone is used to group a set of objects unique to a particular customer environment. 

%set addressContext default zone ACCESS id 2
%commit

SIP Signaling Port - PSTN1

A SIP Signaling Port is a logical address permanently bound to a specific zone and is used to send and receive SIP call signaling packets. A SIP Signaling Port can have multiple transports such as UDP, TCP, and TLS/TCP.

%set addressContext default zone ACCESS sipSigPort 1 ipAddressV4 x.x.x.x portNumber <port_number> ipInterfaceGroupName LIF1 transportProtocolsAllowed sip-udp,sip-tcp
%set addressContext default zone ACCESS sipSigPort 1 state enabled mode inService
%commit

Trunk Group - PSTN1

SIP Trunk Groups are used to apply a wide-ranging set of call management functions to a group of peer devices (endpoints) within the network. SIP Trunk Groups are created within a specific address context and zone.

All SBC signaling and routing (both Trunking and Access) are based upon Trunk Group configurations defined within zones. A zone can contain multiple Trunk Groups.

%set addressContext default zone ACCESS sipTrunkGroup ACCESS_TG media mediaIpInterfaceGroupName LIF1
%set addressContext default zone ACCESS sipTrunkGroup ACCESS_TG signaling rel100Support enabled
%set addressContext default zone ACCESS sipTrunkGroup ACCESS_TG signaling relayNonInviteRequest enabled
%set addressContext default zone ACCESS sipTrunkGroup ACCESS_TG ingressIpPrefix  x.x.x.x <ingressIPPrefix>
%set addressContext default zone ACCESS sipTrunkGroup ACCESS_TG state enabled mode inService
%commit

IP Interface Group - PSTN2

%set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ipAddress X.X.X.X portName pkt1 prefix X ceName TELIASBCCORESA
%set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 state enabled mode inService
%commit

Static Route - PSTN2

%set addressContext default staticRoute x.x.x.x x x.x.x.x LIF2 PKT1_V4 preference 100
%commit

Zone - PSTN2

%set addressContext default zone CORE id 3
%commit

SIP Signaling Port - PSTN2

%set addressContext default zone CORE sipSigPort 2 ipAddressV4 x.x.x.x portNumber <port_number> ipInterfaceGroupName LIF2 transportProtocolsAllowed sip-udp,sip-tcp
%set addressContext default zone CORE sipSigPort 2 state enabled mode inService
%commit

Trunk Group - PSTN2

  • IngressIpPrefix must be entered with the LI server's IP address.


%set addressContext default zone CORE sipTrunkGroup CORE_TG media mediaIpInterfaceGroupName LIF2
%set addressContext default zone CORE sipTrunkGroup CORE_TG signaling relayNonInviteRequest enabled
%set addressContext default zone CORE sipTrunkGroup CORE_TG ingressIpPrefix x.x.x.x <ingressIPPrefix>
%set addressContext default zone CORE sipTrunkGroup CORE_TG state enabled mode inService
%commit

SBC Configuration for LI Intercept

For intercept-related configuration on SBC, log into SBC as a Calea user.

Enabling Calea User

%set oam localAuth user calea group Calea
%set oam localAuth user calea passwordAgingState enabled
%set oam localAuth user calea accountAgingState enabled
%set oam localAuth user calea passwordLoginSupport enabled
%set oam localAuth user calea interactiveAccess enabled
%set oam localAuth user calea m2mAccess enabled
%set oam localAuth user calea accountRemovalState enabled
%commit

Intercept Configuration

  • After creating a Calea user, log in as a Calea user.
  • Configure the LI server IP and listenport for signaling and media intercepts accordingly. 
%set addressContext default intercept callDataChannel CDC interceptStandard etsi
%set addressContext default intercept callDataChannel CDC vendorId groupTwoThousand
%set addressContext default intercept callDataChannel CDC ipInterfaceGroupName LIF2
%set addressContext default intercept callDataChannel CDC mediaIpInterfaceGroupName LIF2
%set addressContext default intercept callDataChannel CDC dsrProtocolVersion 1
%set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling
%set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling ipAddress <LI server IP>
%set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling portNumber <LI server listenport>
%set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling mode inService
%set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling state enabled
%set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp
%set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp ipAddress <LI server IP>
%set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp portNumber <LI server listenport>
%set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp mode inService
%set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp state enabled

SBC Configuration to enable PSX

Disable local PolicyServer and configure remote PSX details in SBC Core.

%set system policyServer localServer PSX_LOCAL_SERVER state disabled
%set system policyServer localServer PSX_LOCAL_SERVER mode outOfService
%set system policyServer remoteServer PSX ipAddress <PSX IP>
%set system policyServer remoteServer PSX state enabled
%set system policyServer remoteServer PSX mode active
%commit

Installing Ribbon PSX SWe

To deploy a Ribbon PSX SWe instance, refer to PSX Installation.

Ribbon PSX Configuration

Class of Service

For this interop default Class Of Service can be used - "DEFAULT IP".

Figure 5:

COS1.PNG

Figure 6:

Gateway

  • Configure a gateway with the SBC name and the management IP address.

Figure 7:

  • From the Gateway configuration UI, enter the name of the gateway that is configured in the SBC.
Note

The Gateway name should be the same as systemname in the SBC conf file and should be capitalized.

Figure 8:

Figure 9:

  • Configure SBC management IP in IPv4 Address and default port number 2569.

Globalization Profile

This object defines numbers to be globalized for egress SIP message headers. Specify a profile entry for each number type that needs to be globalized. The profile includes a digit type, a source for the country code, and a flag to enable globalization. Assign Globalize Profiles to egress trunk groups by selecting them on the IP Signaling Profile for each trunk group.

Figure 10:

Figure 11:

Figure 12:

IP Signaling Profile

  • This object specifies parameters associated with H.323, SIP, SIP-I communication that are sent as part of the outgoing signaling message after applying standard protocol rules.
  • You can associate IP Signaling Profiles with IP Trunk Groups and virtual trunk groups. For this interop, the default IP Signaling Profile can be used.

Figure 13:

Figure 14:

Figure 15:

Figure 16:

Figure 17:

Figure 18:

Figure 19:

Figure 20:

Packet Service Profile

  • Each Packet Service Profile is configured for a pair of gateways and includes entries for up to four audio/video encoding methods. The pair of gateways can originate from destination gateways in the same gateway group or in an inter-gateway group.

Figure 21:

Figure 22:

Figure 23:

Figure 24:

Figure 25:

IP Peer 

  • IP Peer is an entity of a Session Border Controller, which is configured inside the Zone. It acts as a destination endpoint for the call to be routed. An IP Peer constitutes an IPv4/IPv6 address or a Fully Qualified Domain Name (FQDN) with a port number

Figure 26:

Figure 27:

Element Routing Priority Profile

For this interop default Element Routing Priority Profile can be used.

Figure 28:

Signaling Profile

For this interop default Signaling Profile can be used

Figure 29:

Figure 30:

Figure 31:

Figure 32:

Figure 33:

Feature Control Profile

For this interop default Feature Control Profile can be used.

Figure 34:

Figure 35:

Figure 36:

Figure 37:

Figure 38:

Figure 39:

Trunk Group

Create two Trunk Groups for Ingress and Egress and associate the Trunk Groups to the gateway created in Step 1.

Note

The Trunk Group name of PSX should be the same as the SIP Trunk Group name of the SBC.

Trunk Group - ACCESS

Figure 40:

Figure 41:

Figure 42:

Figure 43:

Figure 44:

Figure 45:

Figure 46:

Trunk Group - CORE

Figure 47:

Figure 48:

Figure 49:

Figure 50:

Figure 51:

Figure 52:

Figure 53:

Routing Label

A routing label is associated with a route. Each route includes a gateway/trunk group pair. Routing labels link an entry in the Standard Route table and the set of routes associated with that Standard Route table entry.

Routing Label 1

Figure 54:

Figure 55:

Figure 56:

Routing Label 2

Figure 57:

Figure 58:

Figure 59:

Standard Routes

Standard Route 1

Figure 60:

Standard Route 2

Figure 61:

Installing Ribbon RAMP 

To deploy Ribbon RAMP, refer to RAMP Installation

Ribbon RAMP Configuration

Enabling Calea user

  • Create a calea user for RAMP, refer to Calea user.
  • Share the URL/username/password to the Group 2000 LI server team for sending the request for target provisioning.
  • Sample URL:- https://<RAMP_IP>/liTargetProvisioning/services/LawfulInterceptTargetService

PSX registration with RAMP

Register the PSX to RAMP by following:

  • Login as an insight user on RAMP. 
  • Run the command "cd .ssh/"
  • Copy the content of "id_rsa.pub" file.
  • Login as "ssuser" on the PSX.
  • Run the command "cd .ssh/"
  • Open the "authorized_keys" file.
  • Paste the content of "id_rsa.pub" copied from RAMP into "authorized_keys"

Supplementary Services and Features Coverage

The following checklist lists the set of services/features covered through the configuration defined in this Interop Guide. 

Sr. No.

Supplementary Services/ Features

Coverage

1Basic Call Setup & Termination

2Call hold/unhold

3Call Forward

4Call Transfer (Attended/ Consultative)

5Call Transfer (Unattended/ Blind)

6Video Calls

7SMS

8Calling Line ID

9DTMF Interwork

Legend

Supported

Not Supported


Support

For any support-related queries about this guide, please contact your local Ribbon representative, or use the details below:

References

For detailed information about Ribbon products and solutions, visit https://ribboncommunications.com/products.

Conclusion

This Interoperability Guide describes the successful Ribbon SBC Core interop configuration involving Group 2000 LI for customer deployments.

This document details all features and capabilities tested, as well as any limitations, notes, or observations, to provide the reader with an accurate understanding of what has been covered and what has not.

Configuration guidance is provided to enable the reader to replicate the same base setup; additional configuration changes may be required to suit the exact deployment environment.





© 2024 Ribbon Communications Operating Company, Inc. © 2024 ECI Telecom Ltd. All rights reserved.