Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 2

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin


CSS Stylesheet
h1, h2, {font-size: 18pt !important;}
h3 {font-size: 16pt !important;}
h4 {font-size: 14pt !important;}
h5 {font-size: 14pt !important;}


CSS Stylesheet
.wiki-content h1 {
border-top: 1px solid rgb(145,150,153);
}


Section


Column
width40%
Table of Contents
Panel

Table of Contents
maxLevel4



Column
width5%



Column
width55%


Noprint

Add_workflow_for_appnotes
AUTH1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cec00c5c, userName='null'}
JIRAIDAUTHAFN-1369
REV6UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd5909df, userName='null'}
REV4UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c8a10148, userName='null'}
REV1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c99e02c0, userName='null'}



 

Pagebreak

Interoperable Vendors

                                                                                                   


© 2023 Ribbon Communications Operating Company, Inc. © 2023 ECI Telecom Ltd. All rights reserved. The compilation (meaning the collection, arrangement and assembly) of all content on this site is protected by U.S. and international copyright laws and treaty provisions and may not be used, copied, reproduced, modified, published, uploaded, posted, transmitted or distributed in any way, without prior written consent of Ribbon Communications Inc.

The trademarks, logos, service marks, trade names, and trade dress (“look and feel”) on this website, including without limitation the RIBBON and RIBBON logo marks, are protected by applicable US and foreign trademark rights and other proprietary rights and are the property of Ribbon Communications Operating Company, Inc. or its affiliates. Any third-party trademarks, logos, service marks, trade names and trade dress may be the property of their respective owners.  Any uses of the trademarks, logos, service marks, trade names, and trade dress without the prior written consent of Ribbon Communications Operating Company, Inc., its affiliates, or the third parties that own the proprietary rights, are expressly prohibited.

Document Overview

This document outlines the configuration best practices for the Ribbon solution covering the Ribbon Edge 8K when deployed with Microsoft Teams vSBA (virtual Survivable Branch Appliance).

About Ribbon Edge 8K

A ​Session Border Controller​ (​SBC​) is a network element deployed to protect​ ​SIP​-based Voice over Internet Protocol​ (VoIP) networks. ​Early deployments of SBCs were focused on the borders between two service provider networks in a peering environment. This role has now expanded to include significant deployments between a service provider's access network and a backbone network to provide service to residential and/or enterprise customers. ​

Ribbon’s Edge 8000 is the newest, high-performance member of our line of services gateway routers that combines security, routing, switching, and 10 Gbps WAN interfaces with next-generation voice and data services where the combination of broadband connectivity and advanced threat mitigation capabilities are required. By consolidating fast, highly available routing, security, and next-generation SBC capabilities in a single device, enterprises can remove network complexity, protect and prioritize resources, and improve user and application experience while lowering the total cost of ownership (TCO).

The Edge 8000 series is comprised of two models,

  • Edge 8100, a highly scalable Ethernet SBC/data router.
  • Edge 8300, a high-capacity mixed SBC/analog/data router.

The 8100/8300 platform is based on the Intel Atom 8-core processor with multiple interfaces. This platform shall meet the following high-level requirements:

Functionality

  • SBC with or without transcoding.
  • Support for legacy Analog interfaces (Edge8300 only) - Enables the cost, performance, and availability benefits by collapsing edge routing functionality with legacy termination services in one multiservice box. 
  • Routing and Security.
Note

In the subsequent sections, Ribbon Edge 8100 and Edge 8300 are represented as Ribbon Edge 8K.

About Microsoft Survivable Branch Appliance (SBA)

When a customer site using Direct Routing to connect to Microsoft Phone System experiences an internet outage, the intranet inside the branch will remain fully functional. Users can connect to the Session Border Controller (SBC) that provides the PSTN connectivity.

During an internet outage, the Teams Phone should switch to the SBA automatically. No action is required from the user. As soon as the Teams Phone detects that the internet service is restored and any outgoing calls are finished, the Teams Phone falls back to normal operation mode and connects to other Teams services.

The interoperability compliance testing focuses on verifying inbound and outbound call flows between the Ribbon Edge 8K, Teams vSBA, and Teams Phone.

This guide contains the following configuration sections: 

Anchor
Non-Goals
Non-Goals
Non-Goals

It is not the goal of this guide to provide detailed configurations that meet the requirements of every customer. Use this guide as a starting point and build the SBC configurations in consultation with network design and deployment engineers. 

Anchor
Audience
Audience
Audience

This is a technical document intended for telecommunications engineers to configure both the Ribbon SBCs and the third-party product.

To perform this interop, you need to:

  • Use the Ribbon product's graphical user interface (GUI) or command line interface (CLI).
  • Understand the basic concepts of TCP/UDP/TLS and IP/Routing.
  • Have SIP/RTP/SRTP to complete the configuration and for troubleshooting.


Info
titleNote

This configuration guide is offered as a convenience to Ribbon customers. The specifications and information regarding the product in this guide are subject to change without notice. All statements, information, and recommendations in this guide are believed to be accurate but are presented without warranty of any kind, express or implied, and are provided “as is.” Users must take full responsibility for the application of the specifications and information in this guide.

Prerequisites

The following aspects are required before proceeding with the interop:

  • Ribbon Edge 8K
  • Public IP Addresses
  • Microsoft admin account - a special type of account where the Teams user is configurable for Direct Routing SBA (Survivable Branch Appliance).
  • TLS Certificates for the Ribbon SBC signed by one of the Microsoft approved CA vendors.
  • Certificates must have the FQDN or domain name configured on the Microsoft admin portal.

Anchor
Product and device details
Product and device details
Product and Device Details

The sample configuration in this document uses the following equipment and software:

Caption
0Table
1Requirements



Appliance/Application/Tool

Software Version

Ribbon Communications

Ribbon Edge 8X00

24.0.0 build 505


SBC Edge

12.1.0 build 12

Microsoft Survivable Branch Appliance (SBA)v.2023.5.9.2
Teams Client1.6.00.35961
PSTN PhoneJitsi2.10
Administration and Debugging ToolsRibbon LX Tool2.1.0.6



Info
titleNote
  • Microsoft SBA version is v.2023.5.9.2 or later.
  • Jitsi version is 2.10 or later.

Anchor
Network Topology Diagram
Network Topology Diagram
Network Topology Diagram

This section covers the Ribbon Edge 8K deployment topology and the Interoperability Test Lab Topology.

Deployment Topology - Ribbon Edge 8K

Caption
0Figure
1Ribbon Edge 8K Deployment Topology


Interoperability Test Lab Topology - Ribbon Edge 8K

The following lab topology diagram shows connectivity between Ribbon Edge 8K and Microsoft vSBA.

Caption
0Figure
1Ribbon Edge 8K and Microsoft Virtual SBA interoperability Test Lab Topology


Document Workflow

The sections in this document use the following sequence. The reader is advised to complete each section for successful configuration.

Anchor
Section A
Section A
Section A: Ribbon Edge 8K Configuration

The following Ribbon Edge 8K configurations are included in this section:

Installation

Connectivity

Network

Static Routes

TLS Configuration between Ribbon Edge 8K and Microsoft SBA

Easy Config Wizard


Anchor
Installation
Installation
Installation

Ribbon Edge 8K image can be installed as mentioned below:

https://publicdoc.rbbn.com/display/E8KDOC10/Install+the+Image+File

Anchor
Connectivity
Connectivity
Connectivity

Caption
0Figure
1Edge 8K Front and Back Panel

               


Info

Edge 8K is connected to the network as follows:

GE3: RJ45 is connected towards the PSTN leg. GE1, GE2, GE3 and GE4 are the members of BR1 VNF Private.

GE5: RJ45 is an additional interface on Edge8K connected towards the Teams Direct Routing SBA leg.

GE8 RJ45 is an additional interface on Edge8K connected towards the Teams Direct Routing leg.

Anchor
Network
Network
Network

Edge 8K management is configured as follows:

Log into the Edge 8K via serial console cable with "sysadm/<default password>" and go to the setup wizard.

Caption
0Figure
1setupwizard


Navigate to System Startup Configuration > BR2 VNF Management.

Caption
0Figure
1Edge 8K Management IP configuration

Edge 8K has the SBC component SBC Edge. Its management is configured as follows:

Go to setupwizard in the CLI and navigate to  System Startup Configuration > SBC Edge Configuration.

Caption
0Figure
1SBC Edge Management IP


Default gateway and DNS are configured as shown below:

Caption
0Figure
1Default Gateway and DNS configuration

BR1 VNF Private IP can be configured as follows:

Go to setupwizard in cli and navigate to  System Startup Configuration > BR1 VNF Private.

Caption
0Figure
1BR1 VNF Private IP


Caption
0Figure
1SBC Edge Connectivity


Info

The SBC Edge is connected to the network as follows:

Ethernet 1: RJ45 "1" is connected towards the PSTN leg.

Ethernet 3: RJ45 "3" is connected towards the Teams Direct Routing SBA leg.

Ethernet 4: RJ45 "4" is connected towards the Teams Direct Routing leg.

Configure Ethernet 1, Ethernet 3, and Ethernet 4 of the SBC Edge with the IP as follows:

Navigate to Networking Interfaces > Logical Interfaces.

Caption
0Figure
1Logical Interfaces


Caption
0Figure
1Ethernet 1


Caption
0Figure
1Ethernet 3


Caption
0Figure
1Ethernet 4


Tip
  • The SBC Edge is configurable with any of the available Ethernet ports. In the current testing Ethernet 1, 3, and 4 are used.

Anchor
Static Routes
Static Routes
Static Routes

Static routes are used to create communication to remote networks. In a production environment, static routes are mainly configured for routing from a specific network to a network that can only be accessed through one point or one interface (single path access or default route).

Tip
titleTip
  • Configuring static routing is preferable for smaller networks with just one or two routes. This is often more efficient since a link is not wasted by exchanging dynamic routing information.
  • Static routing configurations are not required for networks that have a LAN-side Gateway on Voice VLAN or Multi-Switch Edge Devices (MSEs) with Voice VLAN towards the SBC Edge,

Add static routes towards the Eth1 interface 172.16.X.X (PSTN) and the Eth2 interface 172.16.X.X (Microsoft SBA).

The default static route is towards the Eth1, which is in a private network.

  • Navigate to Settings > Protocol > IP > Static Routes to configure the routes.
Caption
0Figure
1Static Routes
3Static Routes

Anchor
TLS Configuration between Ribbon SBC Edge and ZPLS
TLS Configuration between Ribbon SBC Edge and ZPLS
TLS Configuration between Ribbon Edge 8K and Microsoft SBA

Prerequisites:

  • A trusted Certificate Authority (CA) is needed for TLS to work on the public side of the network. In this scenario, Go Daddy is used as a trusted CA.

  • Go Daddy Root Certificate Authority G2 and Go Daddy Secure Certificate Authority G2 are used as a trusted CA.

  • A Baltimore CyberTrust Root certificate is required.

Request a certificate for the SBC and configure it based on the example using Go Daddy as follows:

  • Generate a Certificate Signing Request (CSR) and obtain the certificate from a Certificate Authority.
  • Import the Public CA Root/Intermediate Certificate and the SBC Certificate on the SBC.

Step 1: Generate a Certificate Signing Request and obtain the certificate from a Certificate Authority (CA).

  • Navigate to Settings > Security > SBC Certificates.
  • Click Generate SBC Edge CSR.
  • Enter data in the required fields. Click OK. Copy the result to the clipboard after the Certificate Signing Request is generated.

  • Use the generated CSR text from the clipboard to obtain the certificate. 


Caption
0Figure
1Generate Certificate Signing Request


Step 2: Deploy the Root/Intermediate and SBC certificates on the SBC.

After receiving the certificates from the certificate authority, install the SBC Certificate and the Root/Intermediate certificates as follows:

  • Obtain the Trusted Root and Intermediary signing certificates from your Certificate Authority.
  • To install the Trusted Root/Intermediate certificates, go to Settings > Security > SBC Certificates > Trusted Root Certificates.
  • Click Import and select the trusted root certificates.
  • To install the SBC certificate, open Settings > Security > SBC Certificates > SBC Edge Certificate.

  • Validate the certificate is installed correctly.

Caption
0Figure
1Trusted CA Certificate Table

  • Click Import and select X.509 Signed Certificate.
  • Validate that the certificate is installed correctly.
Caption
0Figure
1Validate certificate

Anchor
Easy Config Wizard
Easy Config Wizard
Easy Config Wizard

Configure the SBC Edge with Teams Direct Routing SBA using the Easy Config Wizard.

  • Access the WebUI of SBC Edge.
  • Click on the Tasks tab.
  • From the left side menu, click SBC Easy Setup > Easy Config Wizard.


Caption
0Figure
1Easy Config Wizard

Fill in the details for Step 1 as follows:

  • Application SIP Trunk↔Microsoft Teams.
  • Scenario Description as Teams SBA.
  • SIP Sessions as 100.


Info

Enter a value for SIP sessions as per the requirement. The value is listed up to 960.


Caption
0Figure
1Step 1

Fill in the details for Step 2 as follows:

  • Border Element Server is the PSTN IP.
  • Use Secondary Border Element Server is Disabled.
  • Teams Connection Type is Standalone Direct Connection.
  • The SBC Signaling/Media Source IP towards Teams Direct Routing (public IP).
  • Configure Direct Routing SBA is set to True.
  • Direct Routing SBA FQDN as ioteamsba.customers.interopdomain.com (following fqdn is just an example).
  • The SBC Signaling /Media Source IP towards Teams Direct Routing SBA.


Caption
0Figure
1Step 2

Review the configurations in Steps 1 and 2, and click the Finish button.


Caption
0Figure
1Step 3

Anchor
Message Manipulation
Message Manipulation
Message Manipulation

The Message Manipulation feature comprises two primary components that work in concert to modify SIP messages. Those components are Condition Rules and Rule Tables. SIP Message rules per table include all SIP rule types: Header, Request, Status and Raw.

The Message Manipulation remove_sdp_attribute is used for the following purposes:

  • To replace a=setup with a=rbbn, as Microsoft SBA doesn't like the DTLS parameter a=setup.
  • To replace UDP/TLS/RTP/SAVP with RTP/SAVP
Message Rule Tables

A Message Rule can be added to the following: all messages, all requests, all responses or selected messages.

From the Settings tab, navigate to SIP > Message Manipulation > Message Rule Table. Click the  icon to create a Message Rule Table.

  1. Provide a description for the Rule Table - remove_sdp_attribute
  2. Apply Message Rule to All Responses.
  3. Click Apply.
Caption
0Figure
1Message Rule Table

Message Rule Table Entry

Raw Message Rule:

Raw rules allow you to manipulate any string in the entire message: request, headers, and payload. If the condition rule evaluates true, the MME will search the message for content matching the "Match Regex" and replace it with the content specified in the "Replace Regex."

  1. Click on the Message Rule Table remove_sdp_attribute.
  2. From the Create Rule drop-down menu, select Raw Message Rule.
  3. Provide a name for the entry.
  4. Replace a=setup with a=rbbn using regex.
Caption
0Figure
1Message Rule Table Entry 1

          

  1. From the Create Rule drop-down menu, select Raw Message Rule and create a second entry.
  2. Provide a name for the entry.
  3. Replace UDP/TLS/RTP/SAVP with RTP/SAVP using regex.
Caption
0Figure
1Message Rule Table Entry 2


Info

The Message Rule Condition appears in a drop-down once it is created in the Condition Rule table.

Anchor
Condition Rule table
Condition Rule table
Condition Rule Table

Condition Rule Table is created to apply the SIP message manipulation to all the responses for the INVITE message.

From the Settings tab, navigate to SIP > Message Manipulation > Condition Rule Table. Click the  icon to create a Message Rule Table.

  1. Provide a description for the Rule Table - remove_sdp
  2. Choose the operation as Regex, Match Type as cseq, and Match Regex as [0-9] INVITE
  3. Click Apply.
Caption
0Figure
1Condition Rule Table

Apply the Message Manipulation to the Teams Direct Routing Signaling group as shown below:

Caption
0Figure
1Teams Direct Routing SBA Signaling Group


Anchor
Section B
Section B
Section B: Microsoft SBA Configuration

For information on configuring the Survivable Branch Appliance (SBA) for Direct Routing, refer to the following link:

https://docs.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance

For the Prerequisites, Installation, and Configuring the Direct Routing SBA, refer to the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#

Anchor
Prereq
Prereq
Prerequisites

For Prerequisites on Direct routing SBA, refer to the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Prerequisites

Anchor
Installation
Installation
Installation

For Installation on Direct routing SBA, refer to Step 1 in the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step1:InstallVirtualSBASoftware

Anchor
Configuration
Configuration
Configuration

For Configuring on Direct routing SBA, refer to Step 2 in the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step2:SetuptheOffice365DirectRoutingvSBA


Info

Anchor
Supplementary
Supplementary
Supplementary Services and Features Coverage

The following checklist depicts the set of services/features covered through the configuration defined in this Interop Guide. 

Sr. No.Supplementary Features/ServicesCoverage
1OPTIONS ping (SBC to SBA)

2OPTIONS ping (SBA to SBC)

3Basic Call from PSTN to Teams

4Basic Call from Teams to PSTN

5Call Hold & Call Resume


Legend

Supported

Not Supported
N/ANot Applicable

Caveats

The following items were observed during this Interop - these are either limitations, untested elements, or useful information about the Interoperability:

  • Message on the Teams Client desktop in Survivable Mode - "No internet connection. Calling, including emergency calls, is only available to and from phone numbers". This indicates that the Teams phone is now registered or connected with Microsoft SBA.
  • Teams User status would be "Offline" in Survivable mode.


Note

The caveats mentioned above do not hamper the Teams performance; instead, the Teams client user notifications in Survivability mode hamper performance.

Support

For any support-related queries about this guide, contact your local Ribbon representative, or use the details below:

References

For detailed information about Ribbon products & solutions, go to:

https://ribboncommunications.com/products

For information about Microsoft Survivable Branch Appliance (SBA) & solutions, go to:

https://learn.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance

Conclusion

This Interoperability Guide describes a successful configuration of the Ribbon Edge 8K and Microsoft Survivable Branch Appliance.

All features and capabilities tested are detailed within this document - any limitations, notes, or observations are also recorded to provide the reader with an accurate understanding of what has been covered and what has not.

Configuration guidance is provided to enable the reader to replicate the same base setup - there may be additional configuration changes required to suit the exact deployment environment.




© 2024 Ribbon Communications Operating Company, Inc. © 2024 ECI Telecom Ltd. All rights reserved.