Table of Contents


 

Interoperable Vendors

                                                                                                   


© 2023 Ribbon Communications Operating Company, Inc. © 2023 ECI Telecom Ltd. All rights reserved. The compilation (meaning the collection, arrangement and assembly) of all content on this site is protected by U.S. and international copyright laws and treaty provisions and may not be used, copied, reproduced, modified, published, uploaded, posted, transmitted or distributed in any way, without prior written consent of Ribbon Communications Inc.

The trademarks, logos, service marks, trade names, and trade dress (“look and feel”) on this website, including without limitation the RIBBON and RIBBON logo marks, are protected by applicable US and foreign trademark rights and other proprietary rights and are the property of Ribbon Communications Operating Company, Inc. or its affiliates. Any third-party trademarks, logos, service marks, trade names and trade dress may be the property of their respective owners.  Any uses of the trademarks, logos, service marks, trade names, and trade dress without the prior written consent of Ribbon Communications Operating Company, Inc., its affiliates, or the third parties that own the proprietary rights, are expressly prohibited.

Document Overview

This document outlines the configuration best practices for the Ribbon solution covering the Ribbon SBC Edge when deployed with Microsoft Teams vSBA (virtual Survivable Branch Appliance).

About Ribbon SBC Edge

A ​Session Border Controller​ (​SBC​) is a network element deployed to protect​ ​SIP​-based Voice over Internet Protocol​ (VoIP) networks. ​Early deployments of SBCs were focused on the borders between two service provider networks in a peering environment. This role has now expanded to include significant deployments between a service provider's access network and a backbone network to provide service to residential and/or enterprise customers. ​

The SBC Edge (SBC 1000/2000) addresses the next-generation needs of SIP communications by delivering embedded media transcoding, robust security, and advanced call routing in a high-performance, small form-factor device enabling service providers and enterprises to quickly and securely enhance their network by implementing services like SIP Trunking, secure Unified Communications, and Voice over IP (VoIP).

The SBC Edge provides a reliable, scalable platform for IP interconnect to deliver security, session control, bandwidth management, advanced media services, and integrated billing/reporting tools in an SBC appliance. This versatile series of SBCs is deployed as peering SBCs, access SBCs, or enterprise SBCs (eSBCs). The SBC product family is tested for interoperability and performance against a variety of third-party products and call flow configurations in the customer networks.

SBC 1000, SBC 2000 and SWe Edge are represented as SBC Edge in the subsequent sections.

About Microsoft Survivable Branch Appliance (SBA)

When a customer site using Direct Routing to connect to Microsoft Phone System experiences an internet outage, the intranet inside the branch is still fully functional. Users can connect to the Session Border Controller (SBC) that is providing the PSTN connectivity.

During an internet outage, the Teams Phone should switch to the SBA automatically. No action is required from the user. As soon as the Teams Phone detects that the internet service is restored and any outgoing calls are finished, the Teams Phone falls back to normal operation mode and connects to other Teams services.

The interoperability compliance testing focuses on verifying inbound and outbound call flows between the Ribbon SBC Edge, Teams vSBA, and Teams Phone.

This guide contains the following configuration sections: 

Non-Goals

It is not the goal of this guide to provide detailed configurations that meet the requirements of every customer. Use this guide as a starting point and build the SBC configurations in consultation with network design and deployment engineers. 

Audience

This is a technical document intended for telecommunications engineers with the purpose of configuring both the Ribbon SBCs and the third-party product.

To perform this interop, you need to:

  • use the graphical user interface (GUI) or command line interface (CLI) of the Ribbon product.
  • understand the basic concepts of TCP/UDP/TLS and IP/Routing.
  • have SIP/RTP/SRTP to complete the configuration and for troubleshooting.


Note

This configuration guide is offered as a convenience to Ribbon customers. The specifications and information regarding the product in this guide are subject to change without notice. All statements, information, and recommendations in this guide are believed to be accurate but are presented without warranty of any kind, express or implied, and are provided “as is”. Users must take full responsibility for the application of the specifications and information in this guide.

Prerequisites

The following aspects are required before proceeding with the interop:

  • Ribbon SBC Edge
  • Public IP Addresses
  • Microsoft admin account - a special type of account where the Teams user is configurable for Direct Routing SBA (Survivable Branch Appliance).
  • TLS Certificates for the Ribbon SBC signed by one of the Microsoft approved CA vendors.
  • Certificates must have the FQDN or domain name that is configured on the Microsoft admin portal.

Product and Device Details

The sample configuration in this document uses the following equipment and software:

Requirements


Appliance/Application/Tool

Software Version

Ribbon Communications

SBC 2K 

11.0.1 build 634

Microsoft Survivable Branch Appliance (SBA)v.2022.6.14.1
Teams Client8.0.1.4106
PSTN PhoneJitsi2.10
Administration and Debugging ToolsRibbon LX Tool2.1.0.6

Note
  • Microsoft SBA version is v.2022.6.14.1 or later.
  • Jitsi version is 2.10 or later.


Network Topology Diagram

This section covers the Ribbon SBC Edge deployment topology and the Interoperability Test Lab Topology.

Deployment Topology - Ribbon SBC 2K

Ribbon SWe Edge Deployment Topology

Interoperability Test Lab Topology - Ribbon SBC 2K

The following lab topology diagram shows connectivity between Ribbon SBC 2K, Microsoft vSBA.

SBC 2K and Microsoft Virtual SBA interoperability Test Lab Topology

Document Workflow

The sections in this document use the following sequence. The reader is advised to complete each section for successful configuration.


Section A: Ribbon SBC Edge Configuration

The following SBC Edge configurations are included in this section:

Connectivity

Network

Static Routes

TLS Configuration between SBC Edge and Microsoft SBA

Easy Config Wizard


Connectivity

SBC 2000 Front Panel

               

The SBC 2000 is connected to the network as follows:

Ethernet 1: RJ45 "1" is connected towards the PSTN leg.

Ethernet 3: RJ45 "3" is connected towards the Teams Direct Routing leg.

Ethernet 4: RJ45 "4" is connected towards the Teams Direct Routing SBA leg.

USB 1: USB - LAN adapter used to connect ASM to network.

USB 2: Connected to the keyboard.

SBC Edge Connectivity

The SBC Edge is connected to the network as follows:

Ethernet 1: RJ45 "1" is connected towards the PSTN leg.

Ethernet 3: RJ45 "3" is connected towards the Teams Direct Routing leg.

Ethernet 4: RJ45 "4" is connected towards the Teams Direct Routing SBA leg.

Network

Configure Ethernet 1, Ethernet 3, and Ethernet 4 of the SBC Edge with the IP as follows:

Navigate to Node Interfaces > Logical Interfaces.

Logical Interfaces

 

Ethernet 1

Ethernet 3

Ethernet 4

  • To configure Ethernet 1, Ethernet 2, and Ethernet 3 of an SBC SWe Edge, navigate to Networking Interfaces > Logical Interfaces.
  • The SBC Edge is configurable with any of the available Ethernet ports. In the current testing Ethernet 1, 3, and 4 are used.

Static Routes

Static routes are used to create communication to remote networks. In a production environment, static routes are mainly configured for routing from a specific network to a network that can only be accessed through one point or one interface (single path access or default route).

Tip
  • For smaller networks with just one or two routes, configuring static routing is preferable. This is often more efficient since a link is not wasted by exchanging dynamic routing information.
  • For networks that have a LAN-side Gateway on Voice VLAN or Multi-Switch Edge Devices (MSEs) with Voice VLAN towards the SBC Edge, static routing configurations are not required.

Add static routes towards the Eth1 interface 172.16.X.X (PSTN) and the Eth2 interface 172.16.X.X (Microsoft SBA).

The default static route is towards the Eth1, which is in a private network.

  • Navigate to Settings > Protocol > IP > Static Routes to configure the routes.

Static Routes

TLS Configuration between SBC Edge and Microsoft SBA

Prerequisites:

  • For TLS to work on the public side of the network, a trusted Certificate Authority (CA) is needed. In this scenario, Go Daddy is used as a trusted CA.

  • Go Daddy Root Certificate Authority G2 and Go Daddy Secure Certificate Authority G2 is used as a trusted CA.

  • Baltimore CyberTrust Root certificate is required.

Request a certificate for the SBC and configure it based on the example using Go Daddy as follows:

  • Generate a Certificate Signing Request (CSR) and obtain the certificate from a Certificate Authority.
  • Import the Public CA Root/Intermediate Certificate and the SBC Certificate on the SBC.

Step 1: Generate a Certificate Signing Request and obtain the certificate from a Certificate Authority (CA).

  • Navigate to Settings > Security > SBC Certificates.
  • Click Generate SBC Edge CSR.
  • Enter data in the required fields. Click OK. After the Certificate Signing Request is generated, copy the result to the clipboard.

  • Use the generated CSR text from the clipboard to obtain the certificate. 


Generate Certificate Signing Request


Step 2: Deploy the Root/Intermediate and SBC certificates on the SBC.

After receiving the certificates from the certificate authority, install the SBC Certificate and the Root/Intermediate certificates as follows:

  • Obtain the Trusted Root and Intermediary signing certificates from your Certificate Authority.
  • To install the Trusted Root/Intermediate certificates, go to Settings > Security > SBC Certificates > Trusted Root Certificates.
  • Click Import and select the trusted root certificates.
  • To install the SBC certificate, open Settings > Security > SBC Certificates > SBC Edge Certificate.

  • Validate the certificate is installed correctly.

Trusted CA Certificate Table

  • Click Import and select X.509 Signed Certificate.
  • Validate that the certificate is installed correctly.


Validate certificate

Easy Config Wizard

Configure the SBC Edge with Teams Direct Routing SBA using the Easy Config Wizard.

  • Access the WebUI of SBC Edge.
  • Click on the Tasks tab.
  • From the left side menu, click SBC Easy Setup > Easy Config Wizard.

Easy Config Wizard

Fill in the details for Step 1 as follows:

  • Application SIP Trunk↔Microsoft Teams.
  • Scenario Description as Teams SBA.
  • SIP Sessions as 100.


Enter a value for SIP sessions as per the requirement. The value is listed up to 960.


Step 1

Fill in the details for Step 2 as follows:

  • Border Element Server is the PSTN IP.
  • Use Secondary Border Element Server is Disabled.
  • Teams Connection Type is Standalone Direct Connection.
  • The SBC Signaling/Media Source IP towards Teams Direct Routing (public IP).
  • Configure Direct Routing SBA is set to True.
  • Direct Routing SBA FQDN as ioteamsba.customers.interopdomain.com.
  • The SBC Signaling /Media Source IP towards Teams Direct Routing SBA.


Step 2

Review the configurations in Step 1 and Step 2, and click on the Finish button.

The SBC 2000 would not have the option to choose the Signaling/Media Interface - "SBA Signaling/Media Source IP".

Step 3

Section B: Microsoft SBA Configuration

For information on configuring the Survivable Branch Appliance (SBA) for Direct Routing, refer to following link:

https://docs.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance

For the Prerequisites, Installation, and Configuring the Direct Routing SBA, refer to following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#

Prerequisites

For Prerequisites on Direct routing SBA, refer to the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Prerequisites

Installation

For Installation on Direct routing SBA, refer to Step 1 in the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step1:InstallVirtualSBASoftware

Configuration

For Configuring on Direct routing SBA, refer to Step 2 in the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step2:SetuptheOffice365DirectRoutingvSBA


Supplementary Services and Features Coverage

The following checklist depicts the set of services/features covered through the configuration defined in this Interop Guide. 

Sr. No.Supplementary Features/ServicesCoverage
1OPTIONS ping (SBC to SBA)

2OPTIONS ping (SBA to SBC)

3Basic Call from PSTN to Teams

4Basic Call from Teams to PSTN

5Call Hold & Call Resume

Legend

Supported

Not Supported
N/ANot Applicable

Caveats

The following items were observed during this Interop - these are either limitations, untested elements, or useful information pertaining to the Interoperability:

  • Message on the Teams Client desktop in Survivable Mode - "No internet connection. Calling, including emergency calls, is only available to and from phone numbers". This indicates that the Teams phone is now registered or connected with Microsoft SBA.
  • Teams User status would be "Offline" in Survivable mode.


Above mentioned caveats doesn't hamper the Teams performance, instead it's the Teams client user notifications in Survivability mode.


Support

For any support related queries about this guide, contact your local Ribbon representative, or use the details below:

References

For detailed information about Ribbon products & solutions, go to:

https://ribboncommunications.com/products

For information about Microsoft Survivable Branch Appliance (SBA) & solutions, go to:

https://learn.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance

Conclusion

This Interoperability Guide describes a successful configuration of the Ribbon SBC Edge and Microsoft Survivable Branch Appliance .

All features and capabilities tested are detailed within this document - any limitations, notes, or observations are also recorded in order to provide the reader with an accurate understanding of what has been covered, and what has not.

Configuration guidance is provided to enable the reader to replicate the same base setup - there maybe additional configuration changes required to suit the exact deployment environment.




© 2023 Ribbon Communications Operating Company, Inc. © 2023 ECI Telecom Ltd. All rights reserved.