...
This Best Practice details the configuration required for interoperability between Ribbon SBC Edge (SBC 1000/2000 and SBC SWe Lite) and Microsoft Teams Direct Routing.
...
Info |
---|
title | Future Support - Notes |
---|
| This Best Practice applies to the physical SBC Edge products (SBC 1000 and SBC 2000) only; the SBC SWe Lite interoperability with Microsoft Direct Routing will be available in 2018. |
Microsoft Teams Direct Routing with Media Bypass will be supported on the SBC Edge products in 2018. Note: Direct Routing support is available on the SBC Core products immediately. |
Info |
---|
This Best Practice includes the configuration steps necessary for the SBC Edge and the Microsoft Teams Direct Routing Interface to interoperate; the connection of other entities, such as a SIP/TDM trunk or 3rd Party PBX and/or analog devices, are not included. For connection to additional equipment, refer to Ribbon documentation and search for a Best Practice that reflects the specific interoperability you want to achieve (i.e., FXS on SBC Edge, TDM on SBC Edge, etc.). |
...
Microsoft supports only validated devices (such as the Ribbon SBC Core and Edge) to connect to the Direct Routing interface.
The example below shows the connection topology, which includes the following:
...
Caption |
---|
0 | Figure |
---|
1 | SBC 1000-2000 and Microsoft Teams Direct Connect Interface - Topology Example |
---|
|
The topology example below uses an SBC 1000/2000.
|
Prerequisites
Info |
---|
|
A Tenant is used within the Microsoft environment to describe an Office 365 organization; through this tenant, administrators can manage projects, users, and roles. |
Consult the Microsoft documentation for the Direct Routing interface configuration guidelines, including the RFC standards and the syntax of SIP messages.
Info |
---|
To locate the SBC Edge software version you are running, refer to Viewing the Software Version and Hardware ID. |
Before you begin, ensure that you have the following for every SBC to be paired:
- Public IP address
- FQDN name matching the Public IP address.
- Public certificate (issued by one of the supported CAs; see Domain Name for details about supported Certification Authorities)
Obtain Domain NameThe SBC FQDN must be from one of the Domain names registered in “Domains” of the Tenant. The table below lists Domain Name examples.
...
Caption |
---|
0 | Table |
---|
1 | Domain Name Examples |
---|
|
DNS Domain Name | Use for SBC FQDN? | FQDN Names - Examples |
---|
aepsite[x].SonusMS01.com | | Valid names: | hybridvoice.org | | Valid names: - sbc1. hybridvoice.org
- ussbcs15. hybridvoice.org
- europe. hybridvoice.org
Non-Valid name: sbc1.europe.hybridvoice.org (requires registering domain name europe. hybridvoice.org in “Domains” first) |
|
...
Caption |
---|
0 | Figure |
---|
1 | Configure Domain Names - Example |
---|
|
|
Ensure you are running the latest SBC Edge Release:
Release | Specifications |
---|
7.0.2 3 or later | Does not support Media Bypass.* |
8.0.0 or later (available shortly) | Supports Media Bypass.* NOTE: If Release 8.0.0 is not generally available, contact your local Ribbon sales representative for early access options. |
*Teams Direct Routing With/Without Media Bypass - Example Below
Caption |
---|
0 | Figure |
---|
1 | Teams Direct Routing - Media Bypass |
---|
|
|
Info |
---|
To locate the SBC Edge software version you are running, refer to Viewing the Software Version and Hardware ID. |
Configuring SBC Edge
To locate the SBC Edge software version you are running, refer to Viewing the Software Version and Hardware ID. |
Configuring SBC Edge
Info |
---|
For the purposes of this documentation, the screens displayed are for an SBC 1000/2000; the interface configuration may vary slightly for the SBC SWe Lite. If configuration is not specified for a field, use the default value. |
Info |
---|
In this document, the following are used as examples: |
Microsoft Teams Direct Routing only allows TLS connections from the SBC for SIP traffic with a certificate signed by one of the trusted certification authorities.
...
Info |
---|
The certificate is obtained through the Certificate Signing Request (instructions below). The Trusted Root and Intermediary Signing Certificates are obtained from your certification authority. |
- Access the WebUI.
- Access Settings > Security > SBC Certificates.
Click Generate SBC Edge Sonus CSR.
Info |
---|
Many CA's do not support a private key with a length of 1024 bits. Validate with your CA requirements and select the appropriate length of the key. |
Enter data in the required fields.
Click OK. After the Certificate Signing request finishes generating, copy the result to the clipboard.
Caption |
---|
0 | Figure |
---|
1 | Generate Certificate Signing Request |
---|
|
|
- Use the generated CSR text from the clipboard to obtain the certificate.
After receiving the certificates from the certification authority, install the SBC Certificate and Root/Intermediate Certificates as follows:
- Obtain Trusted Root and Intermediary signing certificates from your certification authority.
- Access the WebUI.
- To install Trusted Root Certificates, click Settings > Security > SBC Certificates > Trusted Root CA Certificates.
- Click Import and select the trusted root certificates.
- To install the SBC certificate, open Settings > Security > SBC Certificates > SBC Edge Sonus Certificate.
Validate the certificate is installed correctly.
Caption |
---|
0 | Figure |
---|
1 | Validate Certificate |
---|
|
|
- Click Import and select X.509 Signed Certificate.
Validate the certificate is installed correctly.
Caption |
---|
0 | Figure |
---|
1 | Validate Certificate |
---|
|
|
The Direct Routing interface has the DNS name sip.pstnhub.microsoft.com. On that interface, the certificate is signed by Baltimore CyberTrust Root with Serial Number: 02 00 00 b9 and SHA fingerprint: d4:de:20:d0:5e:66:fc: 53:fe:1a:50:88:2c:78:db:28:52:ca:e4:74.
...
Download the certificate from https://cacert.omniroot.com/bc2025.crt and use the steps above to import the certificate to the Trusted Root storage.
Caption |
---|
0 | Figure |
---|
1 | Deploy Certificate |
---|
|
|
The TLS profile defines the crypto parameters for the SIP protocol.
...
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Security > TLS Profiles.
- Click the CreateTLS Profile ( ) icon at the top of the TLS Profile page.
Configure the parameters shown below. Leave all other parameters as default.
Caption |
---|
0 | Table |
---|
1 | TLS Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Description | Microsoft Phone system (example name) | TLS Protocol | TLS 1.2 Only | Validate Client FQDN | Disabled |
|
Caption |
---|
|
|
- In the WebUI, click the Settings tab.
In the left navigation page, access System > Node-Level Settings.
Configure the NTP and DNS Server with the appropriate configuration.
Caption |
---|
0 | Figure |
---|
1 | Node-level Settings - Example |
---|
|
|
Note |
---|
Ensure the IP Routing Table contains the same information as in the network topology. |
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Node Interfaces > Logical Interfaces.
Configure the parameters shown below:
Caption |
---|
0 | Table |
---|
1 | Logical Interfaces Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Description | To Microsoft Phone System | Admin Interface | Enable | IP Assign Method | Static (example) | Primary Address | <Public IP of your SBC> in the example 192.168.211.80 | Primary Netmask | <Mask of Public Interface of your SBC> in the example 255.255.255.0 |
|
Caption |
---|
0 | Figure |
---|
1 | Logical Interfaces - Example |
---|
|
|
The SIP Profile enables configuration for parameters, such as SIP Header customization, option tags, etc.
- In the WebUI, click the Settings tab.
- In the left navigation page, access SIP > SIP Profiles.
Click the ( ) icon at the top of left corner and add a new SIP profile.
Configure parameters shown below:
Caption |
---|
0 | Table |
---|
1 | SIP Profile Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Description | Microsoft Phone System | FQDN in From Header | Sonus SBC FQDN | FQDN In Contact Header | Sonus SBC FQDN | Origin Field name | <FQDN of SBC> |
|
Caption |
---|
0 | Figure |
---|
1 | SIP Profile - Example |
---|
|
|
The Media Crypto Profile defines the encryption mechanism to use between the SBC and the Microsoft Direct Routing Interface.
...
- In the WebUI, click the Settings tab.
- In the left navigation page, access Media > Media Crypto Profiles.
- Click the ( ) icon at the top of left corner and add a new Media Crypto Profile.
Configure the parameters as shown below. Leave all other parameters as default.
Caption |
---|
0 | Table |
---|
1 | Media Crypto Profile Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Description | Microsoft Phone System | Operation Option | Required | Crypto Suite | AES_CM_128_HMAC_SHA1_80 |
|
Caption |
---|
0 | Figure |
---|
1 | Media Crypto Profile - Example |
---|
|
|
The Media List defines the codecs and if the crypto mechanism will be used.
...
- In the WebUI, click the Settings tab.
- In the left navigation page, access Media >Media List.
- Click the ( ) icon at the top of left corner and add a new Media List.
Configure the parameters as shown below. Leave all other parameters as default.
Caption |
---|
0 | Table |
---|
1 | Media List Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Description | Microsoft Phone System | Media Profiles List | - Default G711a
- Default G711u
NOTE: See Microsoft documentation for the list of codecs supported by Microsoft. | Crypto Profile ID | Microsoft Phone System (created on the previous step) |
|
Caption |
---|
0 | Figure |
---|
1 | Media List - Example |
---|
|
|
SIP server tables defines the information for the SIP interfaces connected to the Ribbon SBC; it must be configured to support the Microsoft Phone System.
- In the WebUI, click the Settings tab.
- In the left navigation page, access SIP > SIP Server Tables
Click the ( ) icon at the top of left corner and add a new SIP Server Table.
Caption |
---|
0 | Figure |
---|
1 | Create SIP Server Table |
---|
|
|
Configure the parameters as shown below. Leave all other parameters as default.
Caption |
---|
0 | Table |
---|
1 | SIP Server Table Configuration - Example Values |
---|
|
Parameter | Example Value |
---|
Row ID | Assigned by the system | Description | Microsoft Phone System |
|
Configure the parameters of the SIP Server table:
- In the WebUI, click the Settings tab.
- In the left navigation page, access SIP > SIP Server Tables.
- Select the name of the table created in the previous step.
- At the top left corner of the main configuration pane click Create New SIP Server, select IP/FQDN and add the pairing to the Direct Routing interface .
Repeat the operation for the other two SIP Server entries. Leave all other parameters as default.
Caption |
---|
0 | Table |
---|
1 | SIP Server 1 Table - Example Values |
---|
|
Parameter | Value |
---|
Priority | 1 | Host | sip.pstnhub.microsoft.com | Port | 5061 | Protocol | TLS | TLS Profile | Microsoft Phone System | Monitor | SIP Options |
|
Caption |
---|
0 | Table |
---|
1 | SIP Server 2 Table - Example Values |
---|
|
Parameter | Value |
---|
Priority | 2 | Host | sip2.pstnhub.microsoft.com | Port | 5061 | Protocol | TLS | TLS Profile | Microsoft Phone System | Monitor | SIP Options |
|
Caption |
---|
0 | Table |
---|
1 | SIP Server 3 Table - Example Values |
---|
|
Parameter | Value |
---|
Priority | 3 | Host | sip3.pstnhub.microsoft.com | Port | 5061 | Protocol | TLS | TLS Profile | Microsoft Phone System | Monitor | SIP Options |
|
Caption |
---|
0 | Figure |
---|
1 | SIP Server - Example |
---|
|
|
Configure Routing Logic per Ribbon Documentation. Refer to Working with Telephony Routing.
Caption |
---|
0 | Figure |
---|
1 | Configure Voice Routing |
---|
|
|
- In the WebUI, click the Settings tab.
- In the left navigation page, access SIP > Transformation Tables
Click the ( ) icon at the top left corner to add a new Transformation Table.
Caption |
---|
0 | Figure |
---|
1 | Create Transformation Table |
---|
|
|
Configure the parameters as shown below.
Caption |
---|
0 | Table |
---|
1 | Transformation Table - Example Values |
---|
|
Parameter | Value |
---|
Row ID | Assigned by the system | Description | Microsoft Phone System (example name) |
|
To add and configure a new Call Routing Table:
- In the WebUI, click the Settings tab.
- In the left navigation page, access Call Routing Table.
Click the () icon at the top of left corner and add a new Call Routing Table.
Caption |
---|
0 | Figure |
---|
1 | Create Call Routing Table |
---|
|
|
Configure the parameters as shown below. Click OK.
Caption |
---|
0 | Table |
---|
1 | Call Routing Table - Example Values |
---|
|
Parameter | Value |
---|
Row ID | Assigned by the system | Description | Microsoft Phone System (example name) |
|
From the left navigation pane, click on the Call Routing > Microsoft Phone System (the entry created in the last step).
- Click the ().
Configure the parameters as shown below. Leave all other parameters as default.
Click OK.
Caption |
---|
0 | Table |
---|
1 | Call Routing Table Configuration - Example |
---|
|
Parameter | Value |
---|
Description | From Microsoft Phone System (example name) | Number/Name Transformation Table | Microsoft Phone System | Destination Signaling Groups | Choose the Signaling Group of a local equipment |
|
Caption |
---|
0 | Figure |
---|
1 | Call Routing Table - Example |
---|
|
|
Anchor |
---|
| Signaling Group |
---|
| Signaling Group |
---|
|
Configure Signaling Group- In the WebUI, click the Settings tab.
- In the left navigation page, access Signaling Groups
From the For the SBC 1000-2000, from the Create Signaling Group drop down box, select SIP Signaling Group.
For the SWe Lite,click Add SIP SG.
Configure the parameters as shown below. Leave the default values for all other parameters.
Click OK.
Caption |
---|
0 | Table |
---|
1 | Signaling Group Configuration - Example Values |
---|
|
Parameter | Value |
---|
Description | Microsoft Phone System | SIP Profile | Microsoft Phone System (from the previous steps) | Media List ID | Microsoft Phone System (from the previous steps) | Signaling Media/Source IP | Ethernet 1 (example, pick the interface which faces the Microsoft Phone System) | Listen Port | 5068 (arbitrary port) TLS TLS Profile ID: Microsoft Phone System (from the previous steps) | Federated IP/FQDN | sip-all.pstnhub.microsoft.com | SIP server table | Microsoft Phone System (from the previous steps) | Load Balancing | Priority | SIP Profile | Microsoft Phone System (from the previous steps) | Call Routing Table | Microsoft Phone System (from the previous steps) | Outbound NAT traversal[1] | Static NAT | NAT Public IP | 192.168.211.80 (Only required if “Static NAT” is selected) |
[1] Please ignore if the SBC has a Public IP assigned on the interface. The NAT Public IP is required only when the SBC is behind a NAT. |
Caption |
---|
0 | Figure |
---|
1 | Signaling Group - Example |
---|
|
|
Confirm the Configuration
Validate SIP Option
- In the WebUI, click the Settings tab.
- In the left navigation pane, access Signaling Groups.
- For the signaling group configured for Microsoft Teams Direct Routing, click Counters.
- Confirm the number of Incoming and Outgoing SIP Options.
- Confirm the number of Incoming and Outgoing 2xx responses.
Caption |
---|
0 | Figure |
---|
1 | Incoming and Outgoing Counters |
---|
|
|
Place a test call as follows:
- In the WebUI, click the Diagnostics tab.
- In the left navigation pane, click Test a Call.
- Configure the parameters as shown below.
Click OK.
Caption |
---|
0 | Table |
---|
1 | Place a Test Call - Parameters |
---|
|
Parameter | Value |
---|
Destination Number | Number assigned to a Teams user. | Origination/Calling Number | Number assigned to a Local user | Call Routing Table | The routing table that handles the call from Local resource. |
|
Caption |
---|
0 | Figure |
---|
1 | Place a Test Call - Configuration |
---|
|
|
Caption |
---|
0 | Figure |
---|
1 | Place Test Call - Example |
---|
|
|
Known Issues
Outbound call from Teams to PSTN show as Anonymous when ForwardPAI is enabled on the CSOnlinePSTNGateway
When forward PAI is enabled on the Tenant CsOnlinePSTNGateway, Microsoft adds a PAI and Privacy SIP header on the outbound call to the SBC. RFC 3325 defined the 'id' value for the Privacy header, which is used to request the network remove the P-Asserted-Identity header field.
...