Ribbon SBC SWe Edge R12.1 on Hyper-V Interop with Cisco Unified Communications Manager : Interoperability Guide

Interoperable Vendors

Copyright

© 2024 Ribbon Communications Operating Company, Inc. © 2024 ECI Telecom Ltd. All rights reserved. The compilation (meaning the collection, arrangement and assembly) of all content on this site is protected by U.S. and international copyright laws and treaty provisions and may not be used, copied, reproduced, modified, published, uploaded, posted, transmitted or distributed in any way, without prior written consent of Ribbon Communications Inc.

The trademarks, logos, service marks, trade names, and trade dress (“look and feel”) on this website, including without limitation the RIBBON and RIBBON logo marks, are protected by applicable US and foreign trademark rights and other proprietary rights and are the property of Ribbon Communications Operating Company, Inc. or its affiliates. Any third-party trademarks, logos, service marks, trade names and trade dress may be the property of their respective owners.  Any uses of the trademarks, logos, service marks, trade names, and trade dress without the prior written consent of Ribbon Communications Operating Company, Inc., its affiliates, or the third parties that own the proprietary rights, are expressly prohibited.

Document Overview

This document outlines the Trunk-based Routing configuration for the Ribbon SBC SWe Edge HA environment when deploying on Microsoft Hyper-V hypervisor.

In this demonstration, the SBC SWe Edge HA environment is installed on Microsoft Hyper-V hypervisor and it uses the following signaling groups:

UDP / RTP:

• To/From UA1 UDP. This signaling group works as the ingress side.
• To/From CUCM UDP. This signaling group works as the egress side.

TLS / SRTP:

• To/From UA1 TLS. This signaling group works as the ingress side.
• To/From CUCM UDP. This signaling group works as the egress side.

About Ribbon SBC SWe Edge

The Ribbon Session Border Controller Software Edition Edge (SBC SWe Edge) provides best-in-class communications security with the convenience of deployment from popular virtual machine platforms as well as the Azure Marketplace and AWS. The SBC SWe Edge delivers:

• VoIP Security (topology hiding, encryption, protection against Denial of Service attacks, and more
• Interoperability with leading PBXs, cloud Unified Communications (UC) services, cloud contact center services, SIP endpoints, and SIP trunking providers
• Certified for Microsoft Teams Direct Routing, Zoom Phone BYOC, Webex Local Gateway, Google Voice SIP Link, and many other platforms
• Advanced call routing features such as Active Directory/LDAP server routing integration and onboard call forking
• Offers powerful media services and SIPREC support
• Efficient architecture that uses fewer software resources, reducing the cost to deploy
• Deployment as a single instance or in High Availability (HA) pairs

The SBC SWe Edge dramatically simplifies the deployment of robust communications security services for SIP trunking, Direct Routing, and cloud UC services. Organizations can deploy the software instantly from virtual machine platforms including Microsoft Hyper-V, VMware, and Linux KVM as well as the Azure Marketplace and AWS. The SBC SWe Edge protects SIP trunks, SIP endpoints, cloud contact centers, and cloud UC services, including Microsoft Teams and Zoom Phone. Since SBC SWe Edge is software, it easily scales up or down based on the cloud environment or platform attributes you choose. Deploy it as a single instance or configure two instances in a high-availability model that maintains active calls in the event of a failure. It also includes support for a number of important media services, such as transcoding, that are critical for interoperability. The SBC SWe Edge supports up to 1,200 concurrent calls and 5,000 devices. It boasts an intuitive user interface with templates for popular platforms and telecom providers. 

SBC SWe Edge has been independently verified to deliver full protection and performance, even during severe security attacks, which should come as no surprise since Ribbon SBCs are widely deployed across the globe in many of the world’s largest telecom provider networks. Ribbon’s engineering teams understand the importance of scale and resiliency.

The Ribbon SBC SWe Edge is certified for Direct Routing with Microsoft Teams, Zoom Phone BYOC, Webex Local Gateway, and Google Voice SIP Link. More importantly, Ribbon has tens of thousands of deployments across the globe with industry-leading cloud UC services, cloud contact center services, IP-PBXs, and telecom providers on six continents.

About Cisco Unified Communications Manager

Cisco Unified Communications Manager (UCM) is the core of Cisco’s collaboration portfolio. UCM has a rich feature set that supports calling, mobility, conferencing, messaging, and features for remote workers.

Scope/Non-Goals

This document provides configuration best practices for deploying a Trunk-based Routing configuration for the Ribbon SBC SWe Edge HA environment when deploying on Microsoft Hyper-V hypervisor. Note that these are configuration best practices and each customer may have unique needs and networks. Ribbon recommends that customers work with network design and deployment engineers to establish the network design that best meets their requirements.  

It is not the goal of this guide to provide detailed configurations that meet the requirements of every customer. Use this guide as a starting point, and build the SBC configurations in consultation with network design and deployment engineers. 

Audience

This is a technical document intended for telecommunications engineers with the purpose of configuring the Ribbon SBC SWe Edge.

To perform this interop, you need to

• use the graphical user interface (GUI) or command line interface (CLI) of the Ribbon product.
• understand the basic concepts of TCP/UDP/TLS and IP/Routing.
• have basic knowledge of SIP/RTP/SRTP to complete the configuration and perform troubleshooting.

Prerequisites

The following are required before proceeding with the interop:

• Ribbon SBC SWe Edge HA environment installed on Microsoft Hyper-V hypervisor.
• Ribbon SBC SWe Edge HA environment licensed.
  • A valid license from Ribbon is required to enable the SBC functionality on the SBC SWe Edge. Each SBC license provides a base set of capabilities to which users can add and enable additional features as required.
• IP addresses
• TLS certificates for SBC SWe Edge
  • For more details, please visit Working with Certificates

Product and Device Details

The configuration uses the following equipment and software:

Table : Requirements

Network Topology and E2E Flow Diagrams

Deployment Topology UDP/RTP to UDP/RTP

Interoperability Test Lab UDP/RTP to UDP/RTP Basic Call Flow Diagram

Deployment Topology TLS/SRTP to UDP/RTP

Interoperability Test Lab TLS/SRTP to UDP/RTP Basic Call Flow Diagram

Document Workflow

The sections in this document follow the sequence below. The reader is advised to complete each section for successful configuration.

Installing Ribbon SBC SWe Edge HA on Microsoft Hyper-V

To deploy the Ribbon SBC SWe Edge instance, refer to Installing SBC SWe Edge on Microsoft Hyper-V.

To enable high availability on an SBC SWe Edge, refer to Enabling High Availability on an SBC SWe Edge.

Section A: Ribbon SBC SWe Edge Configuration

Accessing SBC SWe Edge 

Open a browser and enter the Admin IP address of the active node.

In this demonstration, the IP address to access the user interface is 10.35.150.210 (Active node). This is the address assigned to the Admin IP Interface.

Log in with a valid User ID and Password.

Login screen

License and TLS Certificates

View License

This section describes how to view the status of each license along with a copy of the license keys installed on your SBC SWe Edge. The Feature Licenses panel enables you to verify whether a feature is licensed, along with the number of remaining licenses available for a given feature at run-time.

From the Settings tab, navigate to System > Licensing > Current Licenses.

License

SBC Certificate

From the Settings tab, navigate to Security > SBC Certificates > Generate SBC Edge CSR.

1. Provide the Common Name of the SBC that includes Host and Domain.
2. Set the Key Length to 2048 bits.
3. Provide the location information.
4. Click OK.
5. The CSR will be generated and displayed in the Result text box.

CSR Creation

Result text box

After generating the CSR on the Ribbon SBC, provide the CSR to the Certificate Authority (CA). The CA will generally provide the following certificates:

• SBC Certificate
• CA's Root Certificate
• Intermediate Certificate

From the Settings tab, navigate to Security > SBC Certificates > SBC Primary Certificate to import the SBC Primary Certificate.

SBC Primary Certificate

To import an X.509 signed certificate:

1. Select X.509 Signed Certificate from the Import menu at the top of the page.
2. Chose the import mode (Copy and Paste or File Upload) from the Mode pull-down menu.
3. If you chose File Upload, use the Browse button to find the file and click OK.
4. If you choose Copy and Paste, open the file in a text editor, paste the contents into the Paste Base64 Certificate text field and click OK.

X.509 Certificate

1. Select PKCS12 Certificate and Key from the Import menu at the top of the page.
2. Enter the password used to export the certificate in the Password field.
3. Browse for the PKCS certificate and key file and click OK.

PKCS12 Certificate

Trusted CA Certificates

A Trusted CA Certificate is a certificate issued by a Trusted Certificate Authority. Trusted CA Certificates are imported to the SBC SWe Edge to establish its authenticity on the network.

• For TLS to work, a Trusted CA (Certificate Authority) is required. For this interop, a private CA is used as the Trusted CA.
• Ensure the following certificate is part of the root certificate trust:
  • Root CA (if required)

From the Settings tab, navigate to Security > SBC Certificates > Trusted CA Certificates.

Trusted CA Certificate

1. To import a Trusted CA Certificate, click the Import Trusted CA Certificate () Icon.
2. Select either Copy and Paste or File Upload from the Mode menu.
3. If you choose File Upload, use the Select File button to find the file.
4. Click OK.

Copy and Paste Trusted CA Certificate

Upload Trusted CA Certificate

Networking Interfaces

This section contains information about how to manage the way the SBC SWe Edge interfaces with the network. The SBC SWe Edge supports system-created logical interfaces (known as Admin IP, Ethernet 1 IP, Ethernet 2 IP, Ethernet 3 IP and High Availability) for the SBC SWe Edge function. In addition to the system-created logical interfaces, the SBC SWe Edge supports user-created VLAN logical sub-interfaces.

In this demonstration:

• The Admin IP was set during the installation procedure.
• The Ethernet 1 IP is the SBC SWe Edge logical interface supporting SIP and Media connection to the SIPP UA – not set during the installation procedure; must be entered manually.
• The Ethernet 2 IP is the SBC SWe Edge logical interface supporting SIP and Media connection to the CISCO CUCM – not set during the installation procedure; must be entered manually.
• The Ethernet 3 IP is the SBC SWe Edge logical interface  – not used in this demonstration.
• The High Availability is the SBC SWe Edge logical interface supporting a connection to the peer node when using a High Availability deployment - not set during the installation procedure; must be entered manually.

Navigate to Networking Interfaces > Logical Interfaces

In this demonstration, the Logical Interfaces were configured as follow:

Active node - Logical Interfaces

Standby node - Logical Interfaces

Active Admin IP Example

Standby Admin IP Example

Ethernet 1 IP Example

Ethernet 2 IP Example

Active High Availability Example

Standby High Availability Example

Configure Static Routes

Static routes are used to create communication to remote networks. In a production environment, static routes are mainly configured for routing from a specific network to another network that you can only access through one point or one interface (single path access or default route).

Destination IP
Destination IP specifies the destination IP address.

Mask
Mask specifies the network mask of the destination host or subnet. If the 'Destination IP Address' field and 'Mask' field are both 0.0.0.0, the static route is called the 'default static route'.

Gateway
Gateway specifies the IP address of the next-hop router to use for this static route.

Metric
Metric specifies the cost of this route and therefore indirectly specifies the preference of the route. Lower values indicate more preferred routes. The typical value is 1 for most static routes, indicating that static routes are preferred to dynamic routes.

From the Settings tab, navigate to Protocols > IP > Static Routes. Click the  icon to add the entries.

• The first static route (Row ID 1) is the default static route.
• The second static route (Row ID 2) is for the SIP Phones over TLS registered on the SBC SWe Edge using its Local Registrar. This allow IP traffic between the SIP Phones and the Ethernet 1 IP interface of the SBC SWe Edge.
• The Third static route (Row ID 3) is for the CISCO CUCM (IP PBX). This allow IP traffic between the CISCO CUCM and the Ethernet 2 IP interface of the SBC SWe Edge.

Static Routes example

Global Configuration

Media

Media Profiles

Media Profiles allow you to specify the individual voice and fax compression codecs and their associated settings, for inclusion in a Media List. Different codecs provide varying levels of compression, allowing one to reduce bandwidth requirements at the expense of voice quality.

From the Settings tab, navigate to Media > Media Profiles. From the Create Media Profile drop-down, select Voice Codec Profile.

Navigation Panel

Create Media Profile

For G729:

1. Provide the profile's description.
2. Select G.729 from the Codec drop-down menu.
3. Select the Payload Size from the drop-down menu.
4. Click OK. 

G729 Codec Profile

SDES-SRTP Profiles

The SDES-SRTP Profiles configuration defines a cryptographic context used in SRTP negotiation. SDES-SRTP Profiles required to enable encryption and SRTP are applied to Media Lists.

From the Settings tab, navigate to Media > SDES-SRTP Profiles to create new SDES-SRTP Profiles. Click the  icon to add the entries.

Navigation Panel

SRTP_Profile

Media Lists

Specifies a list of Media Profiles for use with Media Lists.
Codec profile order determines the order in which codecs are specified in SIP message(s) sent to a peer. Consider user preferences when ordering codec profiles, placing the more desirable codecs above the less desirable ones.

From the Settings tab, navigate to Media > Media List to create new Media List. Click the  icon to add the entries.

Navigation Panel

G711-G729_Media_List

SRTP_Media_List

Tone Tables

Tone tables allow the SBC SWe Edge Portfolio administrator to customize the tones a user hears when placing a call. You can modify the tone to match your local PSTN or PBX. The default tone table is configured for the values used in the United States for the following categories: Ringback, Dial, Busy, Congestion, Call Waiting, Disconnect, and Confirmation.

From the Settings tab, navigate to Tone Tables to create new tones profiles. Click the  icon to add the entries.

Navigation Panel

Tone Table

Ringback Tone Profile

Congestion Tone Profile

SIP Profiles

SIP Profiles control how the SBC SWe Edge device communicates with SIP devices. They control important characteristics such as: session timers, SIP header customization, SIP timers, MIME payloads, and option tags.

From the Settings tab, navigate to SIP > SIP Profiles to create new SIP Profiles. Click the  icon to add the entries.

Navigation Panel

Default SIP Profile

TLS Profiles

After the Ribbon SBC SWe Edge obtains the required certificates, configuration of several options/attributes on both the server and client is necessary before TLS can employ the certificate(s) in establishing a secure connection. The attributes are configured in TLS profiles. Attributes include, but are not limited to, items such as Client Ciphers, and inactivity timeouts.

TLS Profiles are used by SIP Signaling Groups when the TLS transport type is selected for incoming and outgoing SIP trunks (Listen Ports), and in SIP Server Tables when TLS is selected as the Server Host protocol.

From the Settings tab, navigate to Security > TLS Profile to create new TLS Profiles. Click the  icon to add the entries.

Navigation Panel

Default TLS Profile

SIP Server Tables

SIP Server Tables contain information about the SIP servers connected to the SBC SWe Edge. The entries in the tables provide information about the IP Addresses, ports, and protocols used to communicate with each server. The Table Entries also contain links to counters that are useful for troubleshooting. The SIP Server supports either an FQDN or IP Address (V4 or V6).

The SIP Server tables contain the IP address or FQDN of one or more SIP servers where INVITE messages can be sent for egress calls on a Signaling Group.

From the Settings tab, navigate to SIP > SIP Server Tables to create new SIP server tables. Click the  icon to add the entries.

Navigation Panel

1. Provide the SIP Server Table's description.
2. Select SIP Server from the drop-down menu
3. Click OK. 

Create SIP Server Table

Default SIP Server Table

UA1_UDP

UA1_TLS

CUCM_UDP

Local Registrars

SIP provides a registration function that allows users to upload their current locations for use by proxy servers. Registration creates bindings in a location service for a particular domain that associates an address-of-record URI with one or more contact addresses.

Registration entails sending a REGISTER request to a special type of UAS (User-Agent Server) known as a registrar. A registrar acts as the front end to the location service for a domain, reading and writing mappings based on the contents of REGISTER requests. This location service is then typically consulted by a proxy server that is responsible for routing requests for that domain.

From the Settings tab, navigate to SIP > Local Registrars. Click the  icon to create a Local Registrar.

Local Registrars

1. Provide a name for the Local Registrar in the Description field.
2. Provide the Maximum Number of Users.
3. Click OK.

Transformation Tables

Transformation Tables facilitate the conversion of names, numbers, and other fields when routing a call. They can, for example, convert a public PSTN number into a private extension number, or into a SIP address (URI). Every entry in a Call Routing Table requires a Transformation Table. In addition, Transformation tables are configurable as a reusable pool that Action Sets can reference.

From the Settings tab, navigate to Call Routing > Transformation. Click the  icon to create a Transformation Table.

Navigation Panel

1. Provide a name for the Transformation Table in the Description field.
2. Click OK.

Create Transformation Table

Transformation Table Entry

1. Click on the Transformation Table created in the previous step.
2. Click the  icon to create an entry.
3. Provide the values in Input and Output fields.
4. Click OK.

 The figures below depict the Transformation tables and the entries used in this demonstration.

New Transformation Table

525501 Transformation Table Entry

Passthrough Untouched Transformation Table Entry

UDP / RTP to UDP / RTP Configuration

Signaling Groups

Signaling groups allow telephony channels to be grouped together for the purposes of routing and shared configuration. They are the entity to which calls are routed, as well as the location from which Call Routes are selected. They are also the location from which Tone Tables and Action Sets are selected.

From the Settings tab, navigate to Signaling Groups. In the right panel, click on the Add SIP SG icon to add a new SIP Signaling Group.

Signaling Group - Navigation Panel

Add SIP SG

1. Attach the Default Route Table in the Call Routing Table field. 

   Note

   The Call routing table field will be modified on the Signaling Groups once the Call Routing tables are configured on the SBC SWe Edge. For now use the Default Route Table as shown in the pictures.

2. Attach the SIP Profile.
3. Attach the SIP Server Table.
4. Attach the Media List ID.
5. Attach the Tone Table.
6. Attach the Proxy Local SRTP Crypto Profile ID (Only if SRTP is used).
7. Associate the appropriate IP address in the "Signaling/Media Source IP" field.
   1. This specifies the Logical IP address at which SIP messages are received.
   2. This address is used as the source IP for all SIP messages leaving the SBC SWe Edge through this Signaling Group.
8. Configure Protocol and Listen Ports in the "Listen Ports" panel.
9. Create an entry in the Federated IP/FQDN panel.
   1. Federated IP addresses and FQDNs specified in a SIP Signaling Group are whitelisted. 
   2. The Federated IP/FQDN feature acts as an access control by defining from which server a SIP Signaling Group will accept messages.
10. Click OK.

Trunk Groups

The SIP Trunk Group Table enables you to configure trunk groups in a profile that can be associated with specific SIP Signaling Groups. The SBC provides interoperability with different servers by transporting, identifying, and processing the trunk group (list of signaling groups) via enterprise trunking parameters. The trunk group helps provide a way to identify/choose the carrier at the gateway for a proxy or service provider.

Configuration for SIP Trunk groups consists of configuration in the following areas:

Trunk Group Profiles (create/modify SIP Trunk Groups)
Call Routing Tables (configure Trunk Group as a destination type for a call route)
Transformation Tables (select destination Trunk Group ID for a call route)

From the Settings tab, navigate to SIP > Trunk Groups to create new Trunk Groups. Click the  icon to create a Trunk Group.

Navigation Panel

1. Provide the Trunk Group's description.
2. Provide the Trunk Group ID.
3. Select the Trunk Group Type from the drop-down menu.
4. Provide the Trunk-Context in case you select TGRP as the Trunk Group Type.
5. Associate a Signaling Group.
6. Click OK. 

CUCM_TG Trunk Group

Ingress INVITE message examples:

INVITE sip:525501;tgrp=TOCUCM;trunk-context=null@10.35.151.132:5060 SIP/2.0
Via: SIP/2.0/UDP 10.35.151.134:4010;branch=z9hG4bK-1707-1-0
From: 10.35.151.134_1707_1 <sip:sipp@10.35.151.134:4010>;tag=1707SIPpTag001
To: 525501_pktart1707-1 <sip:525501@10.35.151.132:5060>
Call-ID: 1-1707@10.35.151.134
CSeq: 1 INVITE
Contact: sip:sipp@10.35.151.134:4010
Max-Forwards: 70
Subject: Performance Test
Content-Type: application/sdp
Content-Length:   189

v=0
o=user1 53655765 2353687637 IN IP4 10.35.151.134
s=-
c=IN IP4 10.35.151.133
t=0 0
m=audio 4196 RTP/AVP 0
a=rtpmap:0 PCMU/8000
a=rtcp:3000
a=ptime:20
a=maxptime:20
a=sendrecv

INVITE sip:525501@10.35.151.132:5060;dtg=TOCUCM SIP/2.0
Via: SIP/2.0/UDP 10.35.151.134:4010;branch=z9hG4bK-2286-1-0
From: 10.35.151.134_2286_1 <sip:sipp@10.35.151.134:4010>;tag=2286SIPpTag001
To: 525501_pktart2286-1 <sip:525501@10.35.151.132:5060>
Call-ID: 1-2286@10.35.151.134
CSeq: 1 INVITE
Contact: sip:sipp@10.35.151.134:4010
Max-Forwards: 70
Subject: Performance Test
Content-Type: application/sdp
Content-Length:   189

v=0
o=user1 53655765 2353687637 IN IP4 10.35.151.134
s=-
c=IN IP4 10.35.151.133
t=0 0
m=audio 4346 RTP/AVP 0
a=rtpmap:0 PCMU/8000
a=rtcp:3000
a=ptime:20
a=maxptime:20
a=sendrecv

Call Routing Tables

Call Routing allows calls to be carried between Signaling Groups, thus allowing calls to be carried between ports. Routes are defined by Call Routing Tables, which allow flexible configuration of how calls are to be carried and how they are translated. These tables are the central connection points of the system, linking Transformation Tables, Message Translations, Cause Code Reroute Tables, Media Lists, and the Signaling Groups.

Every call enters through an ingress Signaling Group, traverses through a Call Routing Table and its associated Transformation Table or Tables, and exits through an egress Signaling Group. In this demonstration, two Signaling Groups are defined: one serving the SIPP UA, and one serving the CISCO CUCM. A SIP Server Table for each Signaling Group defines where the call should go on egress.

The following flow chart describes the SIP/RTP to SIP/RTP routing process used in this demonstration.

From the Settings tab, navigate to Call Routing > Call Routing Table. Click the  icon to create a Call Routing Table.

1. Provide a name for the Routing Table in the Description field.
2. Click OK.

Navigation Panel

Create Call Routing Table

Call Routing Table Entry 

The following figures depict the From UA1 UDP routing table associated with the To/From UA1 UDP signaling group.

From UA1 UDP

1. Click the Create Routing Entry ( ) icon.
2. Attach the Transformation Table with priority 1.
3. Select Trunk Group in the Destination Type field.
4. In the Media panel, select Dynamic DSP from the Audio Stream Mode.
5. Click OK.

To CUCM UDP entry

Associate the Call Routing Table with the Signaling Group

From the Settings tab, navigate to Signaling Groups and click on the To/From UA1 UDP Signaling Group.

Navigation Panel

To/From UA1 UDP Signaling Group

TLS / SRTP to UDP / RTP Configuration

Signaling Groups

Signaling groups allow telephony channels to be grouped together for the purposes of routing and shared configuration. They are the entity to which calls are routed, as well as the location from which Call Routes are selected. They are also the location from which Tone Tables and Action Sets are selected.

From the Settings tab, navigate to Signaling Groups. In the right panel, click on the Add SIP SG icon to add a new SIP Signaling Group.

Signaling Group - Navigation Panel

Add SIP SG

1. Attach the Default Route Table in the Call Routing Table field. 

   Note

   The Call routing table field will be modified on the Signaling Groups once the Call Routing tables are configured on the SBC SWe Edge. For now use the Default Route Table as shown in the pictures.

2. Attach the SIP Profile.
3. Select Local Registrar from the SIP Mode field.
4. Attach the Registrar.
5. Attach the Media List ID.
6. Attach the Tone Table.
7. Attach the Proxy Local SRTP Crypto Profile ID (Only if SRTP is used).
8. Associate the appropriate IP address in the "Signaling/Media Source IP" field.
   1. This specifies the Logical IP address at which SIP messages are received.
   2. This address is used as the source IP for all SIP messages leaving the SBC SWe Edge through this Signaling Group.
9. Configure Protocol and Listen Ports in the "Listen Ports" panel.
10. Create an entry in the Federated IP/FQDN panel.
    1. Federated IP addresses and FQDNs specified in a SIP Signaling Group are whitelisted. 
    2. The Federated IP/FQDN feature acts as an access control by defining from which server a SIP Signaling Group will accept messages.
11. Click OK.

Trunk Groups

The SIP Trunk Group Table enables you to configure trunk groups in a profile that can be associated with specific SIP Signaling Groups. The SBC provides interoperability with different servers by transporting, identifying, and processing the trunk group (list of signaling groups) via enterprise trunking parameters. The trunk group helps provide a way to identify/choose the carrier at the gateway for a proxy or service provider.

Configuration for SIP Trunk groups consists of configuration in the following areas:

Trunk Group Profiles (create/modify SIP Trunk Groups)
Call Routing Tables (configure Trunk Group as a destination type for a call route)
Transformation Tables (select destination Trunk Group ID for a call route)

From the Settings tab, navigate to SIP > Trunk Groups to create new Trunk Groups. Click the  icon to create a Trunk Group.

Navigation Panel

1. Provide the Trunk Group's description.
2. Provide the Trunk Group ID.
3. Select the Trunk Group Type from the drop-down menu.
4. Provide the Trunk-Context in case you select TGRP as the Trunk Group Type.
5. Associate a Signaling Group.
6. Click OK. 

CUCM_TG Trunk Group

Ingress INVITE message examples:

INVITE sip:525501;tgrp=TOCUCM;trunk-context=null@10.35.151.132 SIP/2.0
Via: SIP/2.0/TLS 172.16.100.94:57077;branch=z9hG4bK00477c110b25ef118f66f6a323e0e641;rport
Allow: INVITE, ACK, BYE, CANCEL, MESSAGE, NOTIFY, OPTIONS, REFER, UPDATE, PRACK
Call-ID: 00477C11-0B25-EF11-8F65-F6A323E0E641@172.16.100.94
Contact: <sip:4000@172.16.100.94:57077;transport=tls;gr=8032A3DA-0425-EF11-8F4A-F6A323E0E641>
Content-Length: 381
Content-Type: application/sdp
CSeq: 1 INVITE
From: "4000" <sip:4000@10.35.151.132>;tag=2415718939
Max-Forwards: 70
P-Preferred-Identity:  <sip:4000@10.35.151.132>
Supported: replaces, from-change, 100rel, gruu
To:  <sip:525501@10.35.151.132>
User-Agent: PhonerLite/3.25

v=0
o=- 54386430 1 IN IP4 172.16.100.94
s=PhonerLite/3.25
c=IN IP4 172.16.100.94
t=0 0
m=audio 5090 RTP/AVP 8 0 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:L4EtF
a=encryption:optional
a=ssrc:1569048343 cname:4000@172.16.100.94
a=sendrecv

INVITE sip:525501@10.35.151.132;dtg=TOCUCM SIP/2.0
Via: SIP/2.0/TLS 172.16.100.94:57077;branch=z9hG4bK00477c110b25ef118f66f6a323e0e641;rport
Allow: INVITE, ACK, BYE, CANCEL, MESSAGE, NOTIFY, OPTIONS, REFER, UPDATE, PRACK
Call-ID: 00477C11-0B25-EF11-8F65-F6A323E0E641@172.16.100.94
Contact: <sip:4000@172.16.100.94:57077;transport=tls;gr=8032A3DA-0425-EF11-8F4A-F6A323E0E641>
Content-Length: 381
Content-Type: application/sdp
CSeq: 1 INVITE
From: "4000" <sip:4000@10.35.151.132>;tag=2415718939
Max-Forwards: 70
P-Preferred-Identity:  <sip:4000@10.35.151.132>
Supported: replaces, from-change, 100rel, gruu
To:  <sip:525501@10.35.151.132>
User-Agent: PhonerLite/3.25

v=0
o=- 54386430 1 IN IP4 172.16.100.94
s=PhonerLite/3.25
c=IN IP4 172.16.100.94
t=0 0
m=audio 5090 RTP/AVP 8 0 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:L4EtF
a=encryption:optional
a=ssrc:1569048343 cname:4000@172.16.100.94
a=sendrecv

Call Routing Tables

Call Routing allows calls to be carried between Signaling Groups, thus allowing calls to be carried between ports. Routes are defined by Call Routing Tables, which allow flexible configuration of how calls are to be carried and how they are translated. These tables are the central connection points of the system, linking Transformation Tables, Message Translations, Cause Code Reroute Tables, Media Lists, and the Signaling Groups.

Every call enters through an ingress Signaling Group, traverses through a Call Routing Table and its associated Transformation Table or Tables, and exits through an egress Signaling Group. In this demonstration, two Signaling Groups are defined: one serving the TLS User Agents, and one serving the CISCO CUCM. SIP Server Tables or Local Registrars define where the call should go on egress.

The following flow chart describes the TLS/SRTP to UDP/RTP routing process used in this demonstration.

From the Settings tab, navigate to Call Routing > Call Routing Table. Click the  icon to create a Call Routing Table.

1. Provide a name for the Routing Table in the Description field.
2. Click OK.

Navigation Panel

Create Call Routing Table

Call Routing Table Entry 

The following figures depict the From SoftPhone TLS routing table associated with the To/From SoftPhone TLS signaling group.

From SoftPhone TLS

1. Click the Create Routing Entry ( ) icon.
2. Attach the Transformation Table with priority 1.
3. Select Trunk Group in the Destination Type field.
4. In the Media panel, select Dynamic DSP from the Audio Stream Mode.
5. Click OK.

To CUCM entry

Associate the Call Routing Table with the the Signaling Group

From the Settings tab, navigate to Signaling Groups and click on the To/From SoftPhone TLS Signaling Group.

Navigation Panel

To/From SoftPhone TLS

Section B: CISCO Unified Communications Manager Configuration

Unified CM is the core of Cisco’s collaboration infrastructure. It is an IP-based communications system that allows you to contact your coworkers or customers through audio or video regardless of physical location.
The primary function of CUCM is call processing and phone registration. Essentially, it is the brain of the phone; the physical handsets are just endpoints. 
Unified CM is what processes your calls (both video and audio). It’s the application that provides services such as hold, transfer, conference, etc.

The following steps describe the CUCM configuration used in this demonstration.

Accessing CISCO CUCM

Open a browser and enter the CUCM IP address.

Cisco Unified CM Administration

Log in with a valid User ID and Password.

Cisco Unified CM Administration

Trunk Device

From the Device tab, navigate to Trunk to create a new Trunk. Click the  icon to create a new Trunk.

Device Menu

Add New Trunk

1. Select the Trunk Type from the drop-down menu.
2. Select the Device Protocol from the drop-down menu.
3. Click Next.

Trunk Configuration

1. Configure the Device Name.
2. Configure a Destination. This should be the SBC SWe Edge Signaling and Media IP address and port.
3. Select the Device Protocol from the drop-down menu.
4. Select the SIP Profile from the drop-down menu.
5. Select the SIP Trunk Security Profile from the drop-down menu.
6. Click Save.

End Users

From the User Management tab, navigate to End User. Click the  icon to create a new End User.

User Management Menu

Add New End User

1. Configure the User ID.
2. Configure the Last Name.
3. Configure the Password.
4. Configure the PIN.
5. Click Save.

End User

Phone Devices

From the Device tab, navigate to Phone to create new Phone devices. Click the  icon to create a new Phone.

Device Menu

Add New Phone

1. Select the Phone Type from the drop-down menu, this depends on the phone you are configuring.
2. Click Next.

Add a New Phone

1. Configure the MAC Address.
2. Select the Device Protocol from the drop-down menu.
3. Select the SIP Profile from the drop-down menu.
4. Select the Phone Button Template from the drop-down menu.
5. Select the Owner User ID from the drop-down menu. The owner was created in the previous step.
6. Select the Device Security Profile from the drop-down menu.
7. Click Save.

Associate lines to phone devices

From the Device tab, navigate to Phone. 

Device Menu

Click Find to list the Phone devices on the CUCM.

Find and List Phone Devices

Click on the Device Name you want to edit.

Phone Devices

On the left menu, click on Line 1.

Phone Line

1. Configure the Directory Number you want to set on this line.
2. Click Save.

Phone Line 1

Repeat the previous steps to add additional phones and lines.

Supplementary Services & Features Coverage

The following checklist depicts the set of services/features covered through the configuration defined in this Interop Guide. 

Legend

Caveats

The following items should be noted in relation to this Interop - these are either limitations, untested elements, or useful information pertaining to the Interoperability.

Support

For any support related queries about this guide, please contact your local Ribbon representative, or use the details below:

• Sales and Support: 1-833-742-2661
• Other Queries: 1-877-412-8867
• Website: https://ribboncommunications.com/services/ribbon-support-portal

References

For detailed information about Ribbon products & solutions, please visit:

https://ribboncommunications.com/products

For detailed information about Cisco products & solutions, please visit:

https://www.cisco.com/

Conclusion

This Interoperability Guide describes successful configuration of interop involving SBC SWe Edge using Trunk-Based Routing and the CISCO CUCM. 

All features and capabilities tested are detailed within this document - any limitations, notes, or observations are also recorded in order to provide the reader with an accurate understanding of what has been covered, and what has not.

Configuration guidance is provided to enable the reader to replicate the same base setup - there may be additional configuration changes required to suit the exact deployment environment.

© 2024 Ribbon Communications Operating Company, Inc. © 2024 ECI Telecom Ltd. All rights reserved.