DO NOT SHARE THESE DOCS WITH CUSTOMERS!
This is an LA release that will only be provided to a select number of PLM-sanctioned customers (PDFs only). Contact PLM for details.
In this section:
Ribbon recommends using the Transparency Profile to configure transparency on the SBC Core for new deployments, as well as applying additional transparency configurations to existing deployments. Do not use IP Signaling Profile flags in these scenarios because the flags will be retired in upcoming releases. Refer to the SBC SIP Transparency Implementation Guide for additional information.
Microsoft (MS) Lync 2013 introduces support for H.264-UC open standard video codec, and enables point-to-point video from Lync endpoints to non-Lync endpoints. With this capability, MS Lync 2013 supports establishing video sessions with other devices that are capable of supporting H.264-UC codec.
MS Lync 2010 supports the older standard codec H.263 which is commonly supported by video devices; however, it is not supported by MS Lync 2013.
The two methods to route video from Lync 2013 are following:
Lync 2010 and Lync 2013 expects STUN/ICE connectivity to be completed before initiating video stream.
The SBC interworks with a Microsoft Lync 2010 or 2013 client by enabling the SIP trunk group iceLync
flag (see SIP Trunk Group - Services - CLI, SIP Trunk Group - Media - CLI for details). When flag is enabled, the SBC relays (passes through) MS Lync video sessions. A Video call originating from Lync typically includes multi-part/alternative content with two SDPs. SBC uses a second SDP to establish the audio/video call.
Lync-capable endpoints such as Polycom RPG clients simulate the Lync endpoint behavior for Presence (it initiates a “SERVICE” method). This and its 200OK response back from Lync needs to be relayed through the SBC. Lync uses BENOTIFY method which is also relayed. Offer/Answer SDP during the STUN connectivity phase includes TCP-ACT attribute for the server reflexive candidates. This is derived from the UDP host candidates. Upon completion of the STUN connectivity checks, the final offer SDP that is sent by the SBC, which includes the “remote-candidate” attribute for remote media IP and the “a=candidate” attribute for local media IP.
If sRTP is used for media between the SBC and the Lync endpoint (as well as for normal sRTP configuration), configure the SBC to add the lifetime parameter to the crypto attribute for the sRTP-encrypted media streams when it sends SDP toward the endpoint. An example SMM configuration to accomplish this is provided below.
% set profiles signaling sipAdaptorProfile CRYPTO rule 1 criterion 1 type message message messageTypes responseAll % set profiles signaling sipAdaptorProfile CRYPTO rule 1 criterion 2 type messageBody messageBody condition regex-match regexp string "a=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:.{40}" numMatch match set profiles signaling sipAdaptorProfile CRYPTO rule 1 action 1 type messageBody operation regappend from type value value "|2^31" % set profiles signaling sipAdaptorProfile CRYPTO rule 1 action 1 to type messageBody messageBodyValue all % set profiles signaling sipAdaptorProfile CRYPTO rule 1 action 1 regexp string "a=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:.{40}" matchInstance all
The SBC supports the following call scenarios for MS Lync Video Relay:
The following example procedure configures the SBC for MS Lync-Video relay.
Enable transparency for following headers.
% set profiles services transparencyProfile LYNC sipHeader <supported | contact | server>
% set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags unknownHeader enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags unknownBody enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags fromHeader enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags toHeader enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags requestURI enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags userAgentHeader enable
Enable “DisableHostTranslation”, INFO relay
% set profiles signaling ipSignalingProfile LYNC commonIpAttributes flags disableHostTranslation enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes flags sendRtcpPortInSdp enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes relayFlags info enable
Disable “Privacy”
% set profiles signaling ipSignalingProfile LYNC egressIpAttributes privacy flags includePrivacy disable
Enable STUN Support on SIP trunk group facing Lync or Lync-capable endpoints.
% set addressContext a1 zone ACCESS sipTrunkGroup LYNC_TG services natTraversal iceSupport iceLync
Enable Video and RTCP in packet service profile.
% set profiles media packetServiceProfile LYNC_PSP videoCalls maxVideoBandwith 8000 % set profiles media packetServiceProfile LYNC_PSP rtcpOptions rtcp enable
Disable rel100Support
flag on the Lync facing the SIP trunk group.
% set addressContext a1 zone ACCESS sipTrunkGroup LYNC_TG signaling rel100Support disabled
Enable SuppressEmptyFragments
flag in the TLS profile.
% set profiles security tlsProfile nbstls suppressEmptyFragments enabled
To relay unknown DSP attributes for the trunk group, enable sdpAttributesSelectiveRelay
flag.
% set addressContext a1 zone ACCESS sipTrunkGroup LYNC_TG media sdpAttributesSelectiveRelay enabled
To configure sRTP for the Packet Service Profile of the trunk group facing Lync.
% set profiles media packetServiceProfile Lync_PSP secureRtpRtcp flags allowFallback "enable" enableSrtp "enable" resetROCOnKeyChange "disable" resetEncDecROCOnDecKeyChange "disable" updateCryptoKeysOnModify "disable" set profiles media packetServiceProfile Lync_PSP secureRtpRtcp cryptoSuiteProfile DEFAULT
The following steps are performed to configure MS Lync/Skpe for business desktop sharing:
To configure basic Lync for media, refer to the section How to Configure MS Lync Video Relay.
Once the base configuration is applied to enable support for Lync desktop sharing in the SBC, configure the following parameters and flags:
% set system media dedicatedBWForNonRTPMedia 10
The value indicates the percentage of RTP bandwidth (which is 95% of overall bandwidth) allocated for application share calls. The value is calculated based on the number of expected application share calls, which is initiated either from Lync clients or from the other third-party applications.
To configure the parameter lyncshare
on ingress and egress Sip Trunk Group, execute the following commands:
% set addressContext default zone ZONE3 sipTrunkGroup TG_ingress media lyncShare enabled % set addressContext default zone ZONE3 sipTrunkGroup TG_egress media lyncShare enabled
To configure the parameter iceTcpRole
on ingress and egress Sip Trunk Group, execute the following commands:
% set addressContext default zone ZONE3 sipTrunkGroup TG_ingress services natTraversal iceSupport iceLync iceTcpRole passive % set addressContext default zone ZONE3 sipTrunkGroup TG_egress services natTraversal iceSupport iceLync iceTcpRole passive
The new stats TCP/LYNC/APPSHARE is added to the media streams of call detail status.
> show status global callDetailStatus callDetailStatus 4 { mediaStreams audio,video,UDP/BFCP,video; state Stable; callingNumber ""; calledNumber ""; addressTransPerformed none; origCalledNum ""; scenarioType SIP_TO_SIP; callDuration 221072; mediaType passthru; associatedGcid1 4; associatedGcid2 4; associatedGcidLegId1 1; associatedGcidLegId2 0; ingressSessionBandwidthkbps 269; egressSessionBandwidthkbps 269; ingressMediaStream1LocalIpSockAddr "10.32.114.1/ 1062 (rtcp: 1063)"; ingressMediaStream1RemoteIpSockAddr "10.128.99.157/ 3230 (rtcp: 3231)"; egressMediaStream1LocalIpSockAddr "10.33.5.141/ 1066 (rtcp: 1067)"; egressMediaStream1RemoteIpSockAddr "10.128.96.48/ 51564 (rtcp: 51565)"; ingressMediaStream1Security rtp-disabled,rtcp-disabled; egressMediaStream1Security rtp-disabled,rtcp-disabled; ingressMediaStream1Bandwidth 127; egressMediaStream1Bandwidth 127; ingressMediaStream1IceState NONE; egressMediaStream1IceState NONE; ingressDtlsStream1 DISABLED; egressDtlsStream1 DISABLED; ingressMediaStream2LocalIpSockAddr "10.32.114.1/ 1064 (rtcp: 1065)"; ingressMediaStream2RemoteIpSockAddr "10.128.99.157/ 3232 (rtcp: 3233)"; egressMediaStream2LocalIpSockAddr "10.33.5.141/ 1068 (rtcp: 1069)"; egressMediaStream2RemoteIpSockAddr "10.128.96.48/ 51566 (rtcp: 51567)"; ingressMediaStream2Security rtp-disabled,rtcp-disabled; egressMediaStream2Security rtp-disabled,rtcp-disabled; ingressMediaStream2Bandwidth 269; egressMediaStream2Bandwidth 269; ingressMediaStream2IceState NONE; egressMediaStream2IceState NONE; ingressDtlsStream2 DISABLED; egressDtlsStream2 DISABLED; ingressMediaStream3LocalIpSockAddr "10.32.114.1/ 1066"; ingressMediaStream3RemoteIpSockAddr "10.128.99.157/ 3238"; egressMediaStream3LocalIpSockAddr "10.33.5.141/ 1070"; egressMediaStream3RemoteIpSockAddr "10.128.96.48/ 51570"; ingressMediaStream3Security rtp-UnEncrypted; egressMediaStream3Security rtp-UnEncrypted; ingressMediaStream3Bandwidth 0; egressMediaStream3Bandwidth 0; ingressMediaStream3IceState NONE; egressMediaStream3IceState NONE; ingressDtlsStream3 DISABLED; egressDtlsStream3 DISABLED; ingressMediaStream5LocalIpSockAddr "10.32.114.1/ 1070 (rtcp: 1071)"; ingressMediaStream5RemoteIpSockAddr "10.128.99.157/ 3234 (rtcp: 3235)"; egressMediaStream5LocalIpSockAddr "10.33.5.141/ 1074 (rtcp: 1075)"; egressMediaStream5RemoteIpSockAddr "10.128.96.48/ 51568 (rtcp: 51569)"; ingressMediaStream5Security rtp-disabled,rtcp-disabled; egressMediaStream5Security rtp-disabled,rtcp-disabled; ingressMediaStream5Bandwidth 269; egressMediaStream5Bandwidth 269; ingressMediaStream5IceState NONE; egressMediaStream5IceState NONE; ingressDtlsStream5 DISABLED; egressDtlsStream5 DISABLED; iceCallTypes ing-lcl-NONE,ing-rmt-NONE,eg-lcl-NONE,eg-rmt-NONE; } callDetailStatus 524292 { mediaStreams TCP/LYNC/APPSHARE; state Stable; callingNumber ""; calledNumber ""; addressTransPerformed none; origCalledNum ""; scenarioType SIP_TO_SIP; callDuration 220758; mediaType passthru; associatedGcid1 524292; associatedGcid2 524292; associatedGcidLegId1 1; associatedGcidLegId2 0; ingressSessionBandwidthkbps 0; egressSessionBandwidthkbps 0; ingressMediaStream1LocalIpSockAddr "10.33.5.141/ 42589 (rtcp: 42589)"; ingressMediaStream1RemoteIpSockAddr "10.128.96.48/ 43131 (rtcp: 43131)"; egressMediaStream1LocalIpSockAddr "10.33.5.141/ 1029 (rtcp: 1029)"; egressMediaStream1RemoteIpSockAddr "10.128.99.168/ 5358 (rtcp: 5359)"; ingressMediaStream1Security rtp-Encrypted; egressMediaStream1Security rtp-UnEncrypted; ingressMediaStream1Bandwidth 0; egressMediaStream1Bandwidth 0; ingressMediaStream1IceState ST_ICE_COMPLETE; egressMediaStream1IceState ST_ICE_COMPLETE; ingressDtlsStream1 DISABLED; egressDtlsStream1 DISABLED; iceCallTypes ing-lcl-FULL-ICE,ing-rmt-FULL-ICE,eg-lcl-FULL-ICE,eg-rmt-FULL-ICE; } [ok]