In this section:


IMPORTANT

Ribbon recommends using the Transparency Profile to configure transparency on the SBC Core for new deployments, as well as applying additional transparency configurations to existing deployments. Do not use IP Signaling Profile flags in these scenarios because the flags will be retired in upcoming releases.

Refer to the SBC SIP Transparency Implementation Guide for additional information.


Microsoft Lync Video Relay

Microsoft (MS) Lync 2013 introduces support for H.264-UC open standard video codec, and enables point-to-point video from Lync endpoints to non-Lync endpoints. With this capability, MS Lync 2013 supports establishing video sessions with other devices that are capable of supporting H.264-UC codec.

Info

MS Lync 2010 supports the older standard codec H.263 which is commonly supported by video devices; however, it is not supported by MS Lync 2013.

The two methods to route video from Lync 2013 are following:

  • Static route (via FQDN)
  • Non-Lync endpoint registers directly to Lync server

Lync 2010 and Lync 2013 expects STUN/ICE connectivity to be completed before initiating video stream.

The SBC interworks with a Microsoft Lync 2010 or 2013 client by enabling the SIP trunk group iceLync flag (see SIP Trunk Group - Services - CLI, SIP Trunk Group - Media - CLI for details). When flag is enabled, the SBC relays (passes through) MS Lync video sessions. A Video call originating from Lync typically includes multi-part/alternative content with two SDPs. SBC uses a second SDP to establish the audio/video call.

Lync-capable endpoints such as Polycom RPG clients simulate the Lync endpoint behavior for Presence (it initiates a “SERVICE” method). This and its 200OK response back from Lync needs to be relayed through the SBC. Lync uses BENOTIFY method which is also relayed. Offer/Answer SDP during the STUN connectivity phase includes TCP-ACT attribute for the server reflexive candidates. This is derived from the UDP host candidates. Upon completion of the STUN connectivity checks, the final offer SDP that is sent by the SBC, which includes the “remote-candidate” attribute for remote media IP and the “a=candidate” attribute for local media IP.

Figure 1: Lync 2013 to Polycom RPG H.264-UC Pass-through Diagram


Using sRTP for Media

If sRTP is used for media between the SBC and the Lync endpoint (as well as for normal sRTP configuration), configure the SBC to add the lifetime parameter to the crypto attribute for the sRTP-encrypted media streams when it sends SDP toward the endpoint. An example SMM configuration to accomplish this is provided below.

Example SMM
% set profiles signaling sipAdaptorProfile CRYPTO rule 1 criterion 1 type message message messageTypes responseAll
% set profiles signaling sipAdaptorProfile CRYPTO rule 1 criterion 2 type messageBody messageBody condition regex-match regexp string "a=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:.{40}" numMatch match
set profiles signaling sipAdaptorProfile CRYPTO rule 1 action 1 type messageBody operation regappend from type value value "|2^31"
% set profiles signaling sipAdaptorProfile CRYPTO rule 1 action 1 to type messageBody messageBodyValue all
% set profiles signaling sipAdaptorProfile CRYPTO rule 1 action 1 regexp string "a=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:.{40}" matchInstance all 
Note

If the Lync setup does not have a mediation server between the SBC and Lync endpoint and sRTP is used for media between the two, then by this SMM SBC will add the lifetime parameter to the crypto attribute for the sRTP encrypted media streams when it sends SDP toward the endpoint.

Call Scenarios

The SBC supports the following call scenarios for MS Lync Video Relay:

  • Lync call which starts out as audio and then adds a video stream. In this situation the ICE processing occurs on the newly-added video stream with media being cut-through successfully.

  • Lync call which starts out as audio and video and then downgrades to an audio only stream. In this case, the ICE is successfully completed for both audio and video streams. Once the video stream is removed, the audio stream remains unaffected. The SBC ceases all ICE activity on what was previously the video stream.

  • The SBC redirects a non-Lync leg of a call toward a Lync endpoint. In this case the ICE processing occurs on the redirected leg and media is cut through appropriately to the Lync endpoint.

  • The SBC handles call hold and resume on streams that are established with Lync ICE.

  • The SBC interoperates with a Lync 2013 Endpoint offering IPv6 and or IPv4 addresses and Lync 2010 endpoints offering IPv4 addresses for media. The SBC does not support offering both IPv4 and IPv6 addresses at this time. 

How to Configure MS Lync Video Relay

The following example procedure configures the SBC for MS Lync-Video relay.

  1. Enable transparency for following headers.

    Supported, Contact, Server
    % set profiles services transparencyProfile LYNC sipHeader <supported | contact | server> 
    Unknown header, From, To, Unknown body, requestURI, userAgentHeader 
    % set profiles signaling ipSignalingProfile  LYNC commonIpAttributes transparencyFlags unknownHeader enable
% set profiles signaling ipSignalingProfile  LYNC commonIpAttributes transparencyFlags unknownBody enable
% set profiles signaling ipSignalingProfile  LYNC commonIpAttributes transparencyFlags fromHeader enable
% set profiles signaling ipSignalingProfile  LYNC commonIpAttributes transparencyFlags toHeader enable
% set profiles signaling ipSignalingProfile  LYNC commonIpAttributes transparencyFlags requestURI enable
% set profiles signaling ipSignalingProfile  LYNC commonIpAttributes transparencyFlags userAgentHeader enable



  2. Configure the following in IP signaling profile:

    1. Enable “DisableHostTranslation”, INFO relay

      % set profiles signaling ipSignalingProfile LYNC commonIpAttributes flags disableHostTranslation enable
% set profiles signaling ipSignalingProfile LYNC commonIpAttributes flags sendRtcpPortInSdp enable
% set profiles signaling ipSignalingProfile LYNC commonIpAttributes relayFlags info enable
      Note

      This parameter must be enabled to configure Lync 2010.

    2. Disable “Privacy”

      % set profiles signaling ipSignalingProfile LYNC egressIpAttributes privacy flags includePrivacy disable



  3. Enable STUN Support on SIP trunk group facing Lync or Lync-capable endpoints.

    % set addressContext a1 zone ACCESS sipTrunkGroup LYNC_TG services natTraversal iceSupport iceLync



  4. Enable Video and RTCP in packet service profile.

    % set profiles media packetServiceProfile LYNC_PSP videoCalls maxVideoBandwith 8000
% set profiles media packetServiceProfile LYNC_PSP rtcpOptions rtcp enable



  5. Disable rel100Support flag on the Lync facing the SIP trunk group.

    % set addressContext a1 zone ACCESS sipTrunkGroup LYNC_TG signaling rel100Support disabled



  6. Enable SuppressEmptyFragments flag in the TLS profile.

    % set profiles security tlsProfile nbstls suppressEmptyFragments enabled



  7. To relay unknown DSP attributes for the trunk group, enable sdpAttributesSelectiveRelay flag.

    Note

     The following configuration is not applicable for MS Lync/Skype for remote desktop sharing configuration.

    % set addressContext a1 zone ACCESS sipTrunkGroup LYNC_TG media sdpAttributesSelectiveRelay enabled



  8. To configure sRTP for the Packet Service Profile of the trunk group facing Lync.

    % set profiles media packetServiceProfile Lync_PSP secureRtpRtcp flags allowFallback "enable" enableSrtp "enable" resetROCOnKeyChange "disable" resetEncDecROCOnDecKeyChange "disable" updateCryptoKeysOnModify "disable"
set profiles media packetServiceProfile Lync_PSP secureRtpRtcp cryptoSuiteProfile DEFAULT 

How to Configure MS Lync/Skype for Remote Desktop Sharing

The following steps are performed to configure MS Lync/Skpe for business desktop sharing:

  1. Configuring Basic Lync for Media
  2. Setting the non-RTP Media Bandwidth
  3. Enabling Application Sharing on Ingress and Egress Sip Trunk Group
  4. Enabling SBC TCP Client Role on Ingress and Egress Sip Trunk Group
  5. Call Detail Status

Configuring Basic Lync for Media

To configure basic Lync for media, refer to the section How to Configure MS Lync Video Relay.

Once the base configuration is applied to enable support for Lync desktop sharing in the SBC, configure the following parameters and flags:

Setting the non-RTP Media Bandwidth

% set system media dedicatedBWForNonRTPMedia 10
  • The non-RTP media value must be set as non zero.

  • The value indicates the percentage of RTP bandwidth (which is 95% of overall bandwidth) allocated for application share calls. The value is calculated based on the number of expected application share calls, which is initiated either from Lync clients or from the other third-party applications.

  • The bandwidth for Lync initiated application share call is around 500Kbps.
  • The bandwidth for remote desktop sessions from UC servers, which are the result of video stream to remote desktop conversion can use more than 1MB data.

Enabling Application Sharing on Ingress and Egress Sip Trunk Group

To configure the parameter lyncshare on ingress and egress Sip Trunk Group, execute the following commands:

% set addressContext default zone ZONE3 sipTrunkGroup TG_ingress media lyncShare enabled

% set addressContext default zone ZONE3 sipTrunkGroup TG_egress media lyncShare enabled

Enabling SBC TCP Client Role on Ingress and Egress Sip Trunk Group

To configure the parameter iceTcpRole on ingress and egress Sip Trunk Group, execute the following commands:

% set addressContext default zone ZONE3 sipTrunkGroup TG_ingress services natTraversal iceSupport iceLync iceTcpRole passive

% set addressContext default zone ZONE3 sipTrunkGroup TG_egress services natTraversal iceSupport iceLync iceTcpRole passive

Call Detail Status

The new stats TCP/LYNC/APPSHARE is added to the media streams of call detail status.

> show status global callDetailStatus
callDetailStatus 4 {
    mediaStreams                        audio,video,UDP/BFCP,video;
    state                               Stable;
    callingNumber                       "";
    calledNumber                        "";
    addressTransPerformed               none;
    origCalledNum                       "";
    scenarioType                        SIP_TO_SIP;
    callDuration                        221072;
    mediaType                           passthru;
    associatedGcid1                     4;
    associatedGcid2                     4;
    associatedGcidLegId1                1;
    associatedGcidLegId2                0;
    ingressSessionBandwidthkbps         269;
    egressSessionBandwidthkbps          269;
    ingressMediaStream1LocalIpSockAddr  "10.32.114.1/ 1062 (rtcp: 1063)";
    ingressMediaStream1RemoteIpSockAddr "10.128.99.157/ 3230 (rtcp: 3231)";
    egressMediaStream1LocalIpSockAddr   "10.33.5.141/ 1066 (rtcp: 1067)";
    egressMediaStream1RemoteIpSockAddr  "10.128.96.48/ 51564 (rtcp: 51565)";
    ingressMediaStream1Security         rtp-disabled,rtcp-disabled;
    egressMediaStream1Security          rtp-disabled,rtcp-disabled;
    ingressMediaStream1Bandwidth        127;
    egressMediaStream1Bandwidth         127;
    ingressMediaStream1IceState         NONE;
    egressMediaStream1IceState          NONE;
    ingressDtlsStream1                  DISABLED;
    egressDtlsStream1                   DISABLED;
    ingressMediaStream2LocalIpSockAddr  "10.32.114.1/ 1064 (rtcp: 1065)";
    ingressMediaStream2RemoteIpSockAddr "10.128.99.157/ 3232 (rtcp: 3233)";
    egressMediaStream2LocalIpSockAddr   "10.33.5.141/ 1068 (rtcp: 1069)";
    egressMediaStream2RemoteIpSockAddr  "10.128.96.48/ 51566 (rtcp: 51567)";
    ingressMediaStream2Security         rtp-disabled,rtcp-disabled;
    egressMediaStream2Security          rtp-disabled,rtcp-disabled;
    ingressMediaStream2Bandwidth        269;
    egressMediaStream2Bandwidth         269;
    ingressMediaStream2IceState         NONE;
    egressMediaStream2IceState          NONE;
    ingressDtlsStream2                  DISABLED;
    egressDtlsStream2                   DISABLED;
    ingressMediaStream3LocalIpSockAddr  "10.32.114.1/ 1066";
    ingressMediaStream3RemoteIpSockAddr "10.128.99.157/ 3238";
    egressMediaStream3LocalIpSockAddr   "10.33.5.141/ 1070";
    egressMediaStream3RemoteIpSockAddr  "10.128.96.48/ 51570";
    ingressMediaStream3Security         rtp-UnEncrypted;
    egressMediaStream3Security          rtp-UnEncrypted;
    ingressMediaStream3Bandwidth        0;
    egressMediaStream3Bandwidth         0;
    ingressMediaStream3IceState         NONE;
    egressMediaStream3IceState          NONE;
    ingressDtlsStream3                  DISABLED;
    egressDtlsStream3                   DISABLED;
    ingressMediaStream5LocalIpSockAddr  "10.32.114.1/ 1070 (rtcp: 1071)";
    ingressMediaStream5RemoteIpSockAddr "10.128.99.157/ 3234 (rtcp: 3235)";
    egressMediaStream5LocalIpSockAddr   "10.33.5.141/ 1074 (rtcp: 1075)";
    egressMediaStream5RemoteIpSockAddr  "10.128.96.48/ 51568 (rtcp: 51569)";
    ingressMediaStream5Security         rtp-disabled,rtcp-disabled;
    egressMediaStream5Security          rtp-disabled,rtcp-disabled;
    ingressMediaStream5Bandwidth        269;
    egressMediaStream5Bandwidth         269;
    ingressMediaStream5IceState         NONE;
    egressMediaStream5IceState          NONE;
    ingressDtlsStream5                  DISABLED;
    egressDtlsStream5                   DISABLED;
    iceCallTypes                        ing-lcl-NONE,ing-rmt-NONE,eg-lcl-NONE,eg-rmt-NONE;
}
callDetailStatus 524292 {
    mediaStreams                        TCP/LYNC/APPSHARE;
    state                               Stable;
    callingNumber                       "";
    calledNumber                        "";
    addressTransPerformed               none;
    origCalledNum                       "";
    scenarioType                        SIP_TO_SIP;
    callDuration                        220758;
    mediaType                           passthru;
    associatedGcid1                     524292;
    associatedGcid2                     524292;
    associatedGcidLegId1                1;
    associatedGcidLegId2                0;
    ingressSessionBandwidthkbps         0;
    egressSessionBandwidthkbps          0;
    ingressMediaStream1LocalIpSockAddr  "10.33.5.141/ 42589 (rtcp: 42589)";
    ingressMediaStream1RemoteIpSockAddr "10.128.96.48/ 43131 (rtcp: 43131)";
    egressMediaStream1LocalIpSockAddr   "10.33.5.141/ 1029 (rtcp: 1029)";
    egressMediaStream1RemoteIpSockAddr  "10.128.99.168/ 5358 (rtcp: 5359)";
    ingressMediaStream1Security         rtp-Encrypted;
    egressMediaStream1Security          rtp-UnEncrypted;
    ingressMediaStream1Bandwidth        0;
    egressMediaStream1Bandwidth         0;
    ingressMediaStream1IceState         ST_ICE_COMPLETE;
    egressMediaStream1IceState          ST_ICE_COMPLETE;
    ingressDtlsStream1                  DISABLED;
    egressDtlsStream1                   DISABLED;
    iceCallTypes                        ing-lcl-FULL-ICE,ing-rmt-FULL-ICE,eg-lcl-FULL-ICE,eg-rmt-FULL-ICE;
}
[ok]