CSS Stylesheet |
---|
h1, h2, {font-size: 18pt !important;}
h3 {font-size: 16pt !important;}
h4 {font-size: 14pt !important;}
h5 {font-size: 14pt !important;} |
CSS Stylesheet |
---|
.wiki-content h1 {
border-top: 1px solid rgb(145,150,153);
} |
Section |
---|
Column |
---|
|
Noprint |
---|
Add_workflow_for_appnotes |
---|
AUTH1 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cec00c5c, userName='null'} |
---|
JIRAIDAUTH | AFN-1369 |
---|
REV6 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd5909df, userName='null'} |
---|
REV4 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c8a10148, userName='null'} |
---|
REV1 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c99e02c0, userName='null'} |
---|
|
|
|
|
Interoperable Vendors
Copyright
© 2023 Ribbon Communications Operating Company, Inc. © 2023 ECI Telecom Ltd. All rights reserved. The compilation (meaning the collection, arrangement and assembly) of all content on this site is protected by U.S. and international copyright laws and treaty provisions and may not be used, copied, reproduced, modified, published, uploaded, posted, transmitted or distributed in any way, without prior written consent of Ribbon Communications Inc.
The trademarks, logos, service marks, trade names, and trade dress (“look and feel”) on this website, including without limitation the RIBBON and RIBBON logo marks, are protected by applicable US and foreign trademark rights and other proprietary rights and are the property of Ribbon Communications Operating Company, Inc. or its affiliates. Any third-party trademarks, logos, service marks, trade names and trade dress may be the property of their respective owners. Any uses of the trademarks, logos, service marks, trade names, and trade dress without the prior written consent of Ribbon Communications Operating Company, Inc., its affiliates, or the third parties that own the proprietary rights, are expressly prohibited.
Document Overview
This document outlines the configuration best practices for the Ribbon solution covering the Ribbon Edge 8K when deployed with Microsoft Teams vSBA (virtual Survivable Branch Appliance).
About Ribbon Edge 8K
A Session Border Controller (SBC) is a network element deployed to protect SIP-based Voice over Internet Protocol (VoIP) networks. Early deployments of SBCs were focused on the borders between two service provider networks in a peering environment. This role has now expanded to include significant deployments between a service provider's access network and a backbone network to provide service to residential and/or enterprise customers.
Ribbon’s Edge 8000 is the newest, high-performance member of our line of services gateway routers that combines security, routing, switching, and 10 Gbps WAN interfaces with next-generation voice and data services where the combination of broadband connectivity and advanced threat mitigation capabilities are required. By consolidating fast, highly available routing, security, and next-generation SBC capabilities in a single device, enterprises can remove network complexity, protect and prioritize resources, and improve user and application experience while lowering the total cost of ownership (TCO).
The Edge 8000 series is comprised of two models,
- Edge 8100, a highly scalable Ethernet SBC/data router.
- Edge 8300, a high-capacity mixed SBC/analog/data router.
The 8100/8300 platform is based on the Intel Atom 8-core processor with multiple interfaces. This platform shall meet the following high-level requirements:
Functionality
- SBC with or without transcoding.
- Support for legacy Analog interfaces (Edge8300 only) - Enables the cost, performance, and availability benefits by collapsing edge routing functionality with legacy termination services in one multiservice box.
- Routing and Security.
Note |
---|
In the subsequent sections, Ribbon Edge 8100 and Edge 8300 are represented as Ribbon Edge 8K. |
About Microsoft Survivable Branch Appliance (SBA)
When a customer site using Direct Routing to connect to Microsoft Phone System experiences an internet outage, the intranet inside the branch will remain fully functional. Users can connect to the Session Border Controller (SBC) that provides the PSTN connectivity.
During an internet outage, the Teams Phone should switch to the SBA automatically. No action is required from the user. As soon as the Teams Phone detects that the internet service is restored and any outgoing calls are finished, the Teams Phone falls back to normal operation mode and connects to other Teams services.
The interoperability compliance testing focuses on verifying inbound and outbound call flows between the Ribbon Edge 8K, Teams vSBA, and Teams Phone.
This guide contains the following configuration sections:
Non-Goals
It is not the goal of this guide to provide detailed configurations that meet the requirements of every customer. Use this guide as a starting point and build the SBC configurations in consultation with network design and deployment engineers.
Audience
This is a technical document intended for telecommunications engineers to configure both the Ribbon SBCs and the third-party product.
To perform this interop, you need to:
- Use the Ribbon product's graphical user interface (GUI) or command line interface (CLI).
- Understand the basic concepts of TCP/UDP/TLS and IP/Routing.
- Have SIP/RTP/SRTP to complete the configuration and for troubleshooting.
Info |
---|
|
This configuration guide is offered as a convenience to Ribbon customers. The specifications and information regarding the product in this guide are subject to change without notice. All statements, information, and recommendations in this guide are believed to be accurate but are presented without warranty of any kind, express or implied, and are provided “as is.” Users must take full responsibility for the application of the specifications and information in this guide. |
Prerequisites
The following aspects are required before proceeding with the interop:
- Ribbon Edge 8K
- Public IP Addresses
- Microsoft admin account - a special type of account where the Teams user is configurable for Direct Routing SBA (Survivable Branch Appliance).
- TLS Certificates for the Ribbon SBC signed by one of the Microsoft approved CA vendors.
- Certificates must have the FQDN or domain name configured on the Microsoft admin portal.
Anchor |
---|
| Product and device details |
---|
| Product and device details |
---|
|
Product and Device Details
The sample configuration in this document uses the following equipment and software:
Caption |
---|
|
| Appliance/Application/Tool | Software Version |
---|
Ribbon Communications | Ribbon Edge 8X00 | 24.0.0 build 505 |
---|
| SBC Edge | 12.1.0 build 12 |
---|
Microsoft | Survivable Branch Appliance (SBA) | v.2023.5.9.2 | Teams Client | 1.6.00.35961 | PSTN Phone | Jitsi | 2.10 | Administration and Debugging Tools | Ribbon LX Tool | 2.1.0.6 |
|
Info |
---|
|
- Microsoft SBA version is v.2023.5.9.2 or later.
- Jitsi version is 2.10 or later.
|
Anchor |
---|
| Network Topology Diagram |
---|
| Network Topology Diagram |
---|
|
Network Topology Diagram
This section covers the Ribbon Edge 8K deployment topology and the Interoperability Test Lab Topology.
Deployment Topology - Ribbon Edge 8K
Caption |
---|
0 | Figure |
---|
1 | Ribbon Edge 8K Deployment Topology |
---|
|
|
Interoperability Test Lab Topology - Ribbon Edge 8K
The following lab topology diagram shows connectivity between Ribbon Edge 8K and Microsoft vSBA.
Caption |
---|
0 | Figure |
---|
1 | Ribbon Edge 8K and Microsoft Virtual SBA interoperability Test Lab Topology |
---|
|
|
Document Workflow
The sections in this document use the following sequence. The reader is advised to complete each section for successful configuration.
Section A: Ribbon Edge 8K Configuration
The following Ribbon Edge 8K configurations are included in this section:
Installation
Connectivity
Network
Static Routes
TLS Configuration between Ribbon Edge 8K and Microsoft SBA
Easy Config Wizard
Installation
Ribbon Edge 8K image can be installed as mentioned below:
https://publicdoc.rbbn.com/display/E8KDOC10/Install+the+Image+File
Connectivity Caption |
---|
0 | Figure |
---|
1 | Edge 8K Front and Back Panel |
---|
|
|
Info |
---|
Edge 8K is connected to the network as follows: GE3: RJ45 is connected towards the PSTN leg. GE1, GE2, GE3 and GE4 are the members of BR1 VNF Private.
GE5: RJ45 is an additional interface on Edge8K connected towards the Teams Direct Routing SBA leg. GE8 RJ45 is an additional interface on Edge8K connected towards the Teams Direct Routing leg. |
Network
Edge 8K management is configured as follows:
Log into the Edge 8K via serial console cable with "sysadm/<default password>" and go to the setup wizard.
Caption |
---|
|
|
Navigate to System Startup Configuration > BR2 VNF Management.
Caption |
---|
0 | Figure |
---|
1 | Edge 8K Management IP configuration |
---|
|
|
Edge 8K has the SBC component SBC Edge. Its management is configured as follows:
Go to setupwizard in the CLI and navigate to System Startup Configuration > SBC Edge Configuration.
Caption |
---|
0 | Figure |
---|
1 | SBC Edge Management IP |
---|
|
|
Default gateway and DNS are configured as shown below:
Caption |
---|
0 | Figure |
---|
1 | Default Gateway and DNS configuration |
---|
|
|
BR1 VNF Private IP can be configured as follows:
Go to setupwizard in cli and navigate to System Startup Configuration > BR1 VNF Private.
Caption |
---|
0 | Figure |
---|
1 | BR1 VNF Private IP |
---|
|
|
Caption |
---|
0 | Figure |
---|
1 | SBC Edge Connectivity |
---|
|
|
Info |
---|
The SBC Edge is connected to the network as follows: Ethernet 1: RJ45 "1" is connected towards the PSTN leg.
Ethernet 3: RJ45 "3" is connected towards the Teams Direct Routing SBA leg. Ethernet 4: RJ45 "4" is connected towards the Teams Direct Routing leg. |
Configure Ethernet 1, Ethernet 3, and Ethernet 4 of the SBC Edge with the IP as follows:
Navigate to Networking Interfaces > Logical Interfaces.
Caption |
---|
0 | Figure |
---|
1 | Logical Interfaces |
---|
|
|
Caption |
---|
|
|
Caption |
---|
|
|
Caption |
---|
|
|
Tip |
---|
- The SBC Edge is configurable with any of the available Ethernet ports. In the current testing Ethernet 1, 3, and 4 are used.
|
Anchor |
---|
| Static Routes |
---|
| Static Routes |
---|
|
Static RoutesStatic routes are used to create communication to remote networks. In a production environment, static routes are mainly configured for routing from a specific network to a network that can only be accessed through one point or one interface (single path access or default route).
Tip |
---|
|
- Configuring static routing is preferable for smaller networks with just one or two routes. This is often more efficient since a link is not wasted by exchanging dynamic routing information.
- Static routing configurations are not required for networks that have a LAN-side Gateway on Voice VLAN or Multi-Switch Edge Devices (MSEs) with Voice VLAN towards the SBC Edge,
|
Add static routes towards the Eth1 interface 172.16.X.X (PSTN) and the Eth2 interface 172.16.X.X (Microsoft SBA).
The default static route is towards the Eth1, which is in a private network.
- Navigate to Settings > Protocol > IP > Static Routes to configure the routes.
Caption |
---|
0 | Figure |
---|
1 | Static Routes |
---|
3 | Static Routes |
---|
|
|
Anchor |
---|
| TLS Configuration between Ribbon SBC Edge and ZPLS |
---|
| TLS Configuration between Ribbon SBC Edge and ZPLS |
---|
|
TLS Configuration between Ribbon Edge 8K and Microsoft SBA
Prerequisites:
Request a certificate for the SBC and configure it based on the example using Go Daddy as follows:
- Generate a Certificate Signing Request (CSR) and obtain the certificate from a Certificate Authority.
- Import the Public CA Root/Intermediate Certificate and the SBC Certificate on the SBC.
Step 1: Generate a Certificate Signing Request and obtain the certificate from a Certificate Authority (CA).
Caption |
---|
0 | Figure |
---|
1 | Generate Certificate Signing Request |
---|
|
|
Step 2: Deploy the Root/Intermediate and SBC certificates on the SBC.
After receiving the certificates from the certificate authority, install the SBC Certificate and the Root/Intermediate certificates as follows:
Caption |
---|
0 | Figure |
---|
1 | Trusted CA Certificate Table |
---|
|
|
- Click Import and select X.509 Signed Certificate.
- Validate that the certificate is installed correctly.
Caption |
---|
0 | Figure |
---|
1 | Validate certificate |
---|
|
|
Anchor |
---|
| Easy Config Wizard |
---|
| Easy Config Wizard |
---|
|
Easy Config WizardConfigure the SBC Edge with Teams Direct Routing SBA using the Easy Config Wizard.
- Access the WebUI of SBC Edge.
- Click on the Tasks tab.
- From the left side menu, click SBC Easy Setup > Easy Config Wizard.
Caption |
---|
0 | Figure |
---|
1 | Easy Config Wizard |
---|
|
|
Fill in the details for Step 1 as follows:
- Application SIP Trunk↔Microsoft Teams.
- Scenario Description as Teams SBA.
- SIP Sessions as 100.
Info |
---|
Enter a value for SIP sessions as per the requirement. The value is listed up to 960. |
Caption |
---|
|
|
Fill in the details for Step 2 as follows:
- Border Element Server is the PSTN IP.
- Use Secondary Border Element Server is Disabled.
- Teams Connection Type is Standalone Direct Connection.
- The SBC Signaling/Media Source IP towards Teams Direct Routing (public IP).
- Configure Direct Routing SBA is set to True.
- Direct Routing SBA FQDN as ioteamsba.customers.interopdomain.com (following fqdn is just an example).
- The SBC Signaling /Media Source IP towards Teams Direct Routing SBA.
Caption |
---|
|
|
Review the configurations in Steps 1 and 2, and click the Finish button.
Caption |
---|
|
|
Anchor |
---|
| Message Manipulation |
---|
| Message Manipulation |
---|
|
Message ManipulationThe Message Manipulation feature comprises two primary components that work in concert to modify SIP messages. Those components are Condition Rules and Rule Tables. SIP Message rules per table include all SIP rule types: Header, Request, Status and Raw.
The Message Manipulation remove_sdp_attribute is used for the following purposes:
- To replace a=setup with a=rbbn, as Microsoft SBA doesn't like the DTLS parameter a=setup.
- To replace UDP/TLS/RTP/SAVP with RTP/SAVP
Message Rule Tables
A Message Rule can be added to the following: all messages, all requests, all responses or selected messages.
From the Settings tab, navigate to SIP > Message Manipulation > Message Rule Table. Click the icon to create a Message Rule Table.
- Provide a description for the Rule Table - remove_sdp_attribute
- Apply Message Rule to All Responses.
- Click Apply.
Caption |
---|
0 | Figure |
---|
1 | Message Rule Table |
---|
|
|
Message Rule Table Entry
Raw Message Rule:
Raw rules allow you to manipulate any string in the entire message: request, headers, and payload. If the condition rule evaluates true, the MME will search the message for content matching the "Match Regex" and replace it with the content specified in the "Replace Regex."
- Click on the Message Rule Table remove_sdp_attribute.
- From the Create Rule drop-down menu, select Raw Message Rule.
- Provide a name for the entry.
- Replace a=setup with a=rbbn using regex.
Caption |
---|
0 | Figure |
---|
1 | Message Rule Table Entry 1 |
---|
|
|
- From the Create Rule drop-down menu, select Raw Message Rule and create a second entry.
- Provide a name for the entry.
- Replace UDP/TLS/RTP/SAVP with RTP/SAVP using regex.
Caption |
---|
0 | Figure |
---|
1 | Message Rule Table Entry 2 |
---|
|
|
Info |
---|
The Message Rule Condition appears in a drop-down once it is created in the Condition Rule table. |
Anchor |
---|
| Condition Rule table |
---|
| Condition Rule table |
---|
|
Condition Rule Table
Condition Rule Table is created to apply the SIP message manipulation to all the responses for the INVITE message.
From the Settings tab, navigate to SIP > Message Manipulation > Condition Rule Table. Click the icon to create a Message Rule Table.
- Provide a description for the Rule Table - remove_sdp
- Choose the operation as Regex, Match Type as cseq, and Match Regex as [0-9] INVITE
- Click Apply.
Caption |
---|
0 | Figure |
---|
1 | Condition Rule Table |
---|
|
|
Apply the Message Manipulation to the Teams Direct Routing Signaling group as shown below:
Caption |
---|
0 | Figure |
---|
1 | Teams Direct Routing SBA Signaling Group |
---|
|
|
Section B: Microsoft SBA Configuration
For information on configuring the Survivable Branch Appliance (SBA) for Direct Routing, refer to the following link:
https://docs.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance
For the Prerequisites, Installation, and Configuring the Direct Routing SBA, refer to the following link:
https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#
Prerequisites
For Prerequisites on Direct routing SBA, refer to the following link:
https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Prerequisites
Installation
For Installation on Direct routing SBA, refer to Step 1 in the following link:
https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step1:InstallVirtualSBASoftware
Anchor |
---|
| Configuration |
---|
| Configuration |
---|
|
Configuration
For Configuring on Direct routing SBA, refer to Step 2 in the following link:
https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step2:SetuptheOffice365DirectRoutingvSBA
Anchor |
---|
| Supplementary |
---|
| Supplementary |
---|
|
Supplementary Services and Features Coverage
The following checklist depicts the set of services/features covered through the configuration defined in this Interop Guide.
Sr. No. | Supplementary Features/Services | Coverage |
---|
1 | OPTIONS ping (SBC to SBA) | |
2 | OPTIONS ping (SBA to SBC) | |
3 | Basic Call from PSTN to Teams | |
4 | Basic Call from Teams to PSTN | |
5 | Call Hold & Call Resume | |
Legend
| Supported |
| Not Supported |
N/A | Not Applicable |
Caveats
The following items were observed during this Interop - these are either limitations, untested elements, or useful information about the Interoperability:
- Message on the Teams Client desktop in Survivable Mode - "No internet connection. Calling, including emergency calls, is only available to and from phone numbers". This indicates that the Teams phone is now registered or connected with Microsoft SBA.
- Teams User status would be "Offline" in Survivable mode.
Note |
---|
The caveats mentioned above do not hamper the Teams performance; instead, the Teams client user notifications in Survivability mode hamper performance. |
Support
For any support-related queries about this guide, contact your local Ribbon representative, or use the details below:
References
For detailed information about Ribbon products & solutions, go to:
https://ribboncommunications.com/products
For information about Microsoft Survivable Branch Appliance (SBA) & solutions, go to:
https://learn.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance
Conclusion
This Interoperability Guide describes a successful configuration of the Ribbon Edge 8K and Microsoft Survivable Branch Appliance.
All features and capabilities tested are detailed within this document - any limitations, notes, or observations are also recorded to provide the reader with an accurate understanding of what has been covered and what has not.
Configuration guidance is provided to enable the reader to replicate the same base setup - there may be additional configuration changes required to suit the exact deployment environment.
© 2024 Ribbon Communications Operating Company, Inc. © 2024 ECI Telecom Ltd. All rights reserved.