CSS Stylesheet |
---|
h1, h2, {font-size: 18pt !important;}
h3 {font-size: 16pt !important;}
h4 {font-size: 14pt !important;}
h5 {font-size: 14pt !important;} |
CSS Stylesheet |
---|
.wiki-content h1 {
border-top: 1px solid rgb(145,150,153);
} |
Section |
---|
Column |
---|
|
Noprint |
---|
Add_workflow_for_appnotes |
---|
AUTH1 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cec00c5c, userName='null'} |
---|
JIRAIDAUTH | IOT-606 |
---|
REV5 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb220566, userName='null'} |
---|
REV6 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd5909df, userName='null'} |
---|
REV4 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c8a10148, userName='null'} |
---|
REV1 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c99e02c0, userName='null'} |
---|
|
|
|
|
Interoperable Vendors
Copyright
© 2023 Ribbon Communications Operating Company, Inc. © 2023 ECI Telecom Ltd. All rights reserved. The compilation (meaning the collection, arrangement and assembly) of all content on this site is protected by U.S. and international copyright laws and treaty provisions and may not be used, copied, reproduced, modified, published, uploaded, posted, transmitted or distributed in any way, without prior written consent of Ribbon Communications Inc.
The trademarks, logos, service marks, trade names, and trade dress (“look and feel”) on this website, including without limitation the RIBBON and RIBBON logo marks, are protected by applicable US and foreign trademark rights and other proprietary rights and are the property of Ribbon Communications Operating Company, Inc. or its affiliates. Any third-party trademarks, logos, service marks, trade names and trade dress may be the property of their respective owners. Any uses of the trademarks, logos, service marks, trade names, and trade dress without the prior written consent of Ribbon Communications Operating Company, Inc., its affiliates, or the third parties that own the proprietary rights, are expressly prohibited.
Document Overview
This document outlines the configuration best practices for the Ribbon solution covering the Ribbon SBC Core SWe when deployed with Microsoft Teams vSBA (virtual Survivable Branch Appliance).
About Ribbon SBC Core
A Session Border Controller (SBC) is a network element deployed to protect SIP-based Voice over Internet Protocol (VoIP) networks. Early deployments of SBCs were focused on the borders between two service provider networks in a peering environment. This role has now expanded to include significant deployments between a service provider's access network and a backbone network to provide service to residential and/or enterprise customers.
The SBC Core (SBC 5K, 7K, SWe) addresses the next-generation needs of SIP communications by delivering embedded media transcoding, robust security, and advanced call routing in a high-performance, small form-factor device enabling service providers and enterprises to quickly and securely enhance their network by implementing services like SIP Trunking, secure Unified Communications, and Voice over IP (VoIP).
The SBC Core provides a reliable, scalable platform for IP interconnect to deliver security, session control, bandwidth management, advanced media services, and integrated billing/reporting tools in an SBC appliance. This versatile series of SBCs can be deployed as peering SBCs, access SBCs, or enterprise SBCs (eSBCs). The SBC product family is tested for interoperability and performance against a variety of third-party products and call flow configurations in the customer networks.
Note |
---|
The SBC 5400, 7000, and SWe are represented as "SBC Core" in the subsequent sections. |
About Virtual Survivable Branch Appliance (vSBA)
The Direct Routing Virtual Survivable Branch Appliance (vSBA) is a Ribbon Communications SBC SWe Edge offer accomplished through close cooperation with Microsoft®. The vSBA allows users to make and receive Public Switched Telephone Network (PSTN) calls when there is an outage.
When a customer site using Direct Routing to connect to Microsoft Phone System experiences an internet outage, the intranet inside the branch will remain fully functional. Users can connect to the Session Border Controller (SBC) that is providing the PSTN connectivity.
During an internet outage, the Teams client should switch to the vSBA automatically. No action is required from the user. As soon as the Teams client detects that the internet service is restored and any outgoing calls are finished, the client will fall back to normal operation mode and connect to other Teams services.
The interoperability compliance testing focuses on verifying inbound and outbound call flows between the Ribbon SBC SWe Core and Teams vSBA.
Note |
---|
Direct Routing vSBA is available on the SBC SWe Edge Release 11.0x and later. Contact your authorized Ribbon sales representative/partner for more information regarding approved SBC SWe Edge Direct Routing vSBA platforms and acquisition. |
This guide contains the following configuration sections:
Non-Goals
It is not the goal of this guide to provide detailed configurations that will meet the requirements of every customer. Use this guide as a starting point and build the SBC configurations in consultation with network design and deployment engineers.
Audience
This is a technical document intended for telecommunications engineers with the purpose of configuring both the Ribbon SBCs and the third-party product.
To perform this interop, you need to:
- use the graphical user interface (GUI) or command line interface (CLI) of the Ribbon product.
- understand the basic concepts of TCP/UDP/TLS and IP/Routing.
- have SIP/RTP/SRTP to complete the configuration, and for troubleshooting.
Info |
---|
|
This configuration guide is offered as a convenience to Ribbon customers. The specifications and information regarding the product in this guide are subject to change without notice. All statements, information, and recommendations in this guide are believed to be accurate but are presented without warranty of any kind, express or implied, and are provided “AS IS”. Users must take full responsibility for the application of the specifications and information in this guide. |
Prerequisites
The following aspects are required before proceeding with the interop:
- Ribbon SBC SWe Core
- Ribbon SWe Edge
- Public IP Addresses
- Microsoft admin account - a special type of account where the Teams user can be configured for Direct Routing SBA (Survivable Branch Appliance).
- TLS Certificates for Ribbon SBC Core signed by one of the Microsoft approved CA vendors.
- Certificates must have the FQDN or domain name that is configured on the Microsoft admin portal.
- A Windows Server 2019 VM with a minimum of four virtual processors, 8GB memory, and 80GB of disk space to install vSBA.
- Media Bypass is a prerequisite for vSBA deployments.
Anchor |
---|
| Product and device details |
---|
| Product and device details |
---|
|
Product and Device Details
The sample configuration in this document uses the following equipment and software:
Caption |
---|
|
| Appliance/Application/Tool | Software Version |
---|
Ribbon Communications | SBC SWe Core | V10.01.01-R002 |
---|
SBC SWe Edge | 11.0.1 build 42 | Microsoft | Survivable Branch Appliance (SBA) | v.2022.6.14.1 | Teams Client | 1.5.00.17656 (64-bit) | PSTN Phone | PhonerLite | 2.79 | Administration and Debugging Tools | Ribbon LX Tool | 2.1.0.6 |
|
Info |
---|
|
- Microsoft SBA version is v.2022.6.14.1 or later
- Teams Client version is 1.5.00.17656 (64-bit) or later
- PhonerLite version is 2.79 or later
|
Note |
---|
SoftPhones and IP-PBX are used to simulate PSTN. |
Anchor |
---|
| Network Topology Diagram |
---|
| Network Topology Diagram |
---|
|
Network Topology Diagram
This section covers the Ribbon SWe Core deployments in Wells Fargo.
Deployment Topology
Caption |
---|
0 | Figure |
---|
1 | Deployment Topology 1 & 2 |
---|
|
|
Caption |
---|
0 | Figure |
---|
1 | Deployment Topology 3 |
---|
|
|
Caption |
---|
0 | Figure |
---|
1 | Deployment Scenario 4 |
---|
|
|
Interoperability Test Lab Topology
The lab topology describes the following scenarios:
Deployment Scenario 1: Teams Client 1 (behind Direct Routing) calls Teams Client 2 (behind vSBA1).
Deployment Scenario 2: Teams Client 2 (behind vSBA1) calls Teams Client 1 (behind Direct Routing).
Deployment Scenario 3: Teams Client 1 (behind vSBA1) calls Teams client 2 behind vSBA2.
Deployment Scenario 4: PSTN calls vSBA1, vSBA1 sends 4xx error response to SWeCore, SBC (SWeCore) sends call to Teams Client 2 behind vSBA2.
Caption |
---|
0 | Figure |
---|
1 | Deployment Scenario 1 and 2 |
---|
|
|
Caption |
---|
0 | Figure |
---|
1 | Deployment Scenario 3 |
---|
|
|
Caption |
---|
0 | Figure |
---|
1 | Deployment Scenario 4 |
---|
|
|
Document Workflow
Section A: SBC Core Configuration for Deployment Scenario 1 & 2
The following SBC Core configurations are included in this section:
Network and Connectivity
Static Routes
Configure SBC for MS Teams
Configure ERE for MS Teams
SBC Core SBA Leg Generic Configuration
Microsoft SBA Leg Configuration
Anchor |
---|
| Network and Connectivity |
---|
| Network and Connectivity |
---|
|
Network and Connectivity
Ribbon SBC is as shown below:
Caption |
---|
|
|
Info |
---|
Mgmt is an RJ45 port and the management interface of the SBC. Media 0/Media 1, depicted as pkt0/pkt1, are RJ45 OR optical SFP ports. Media 0 and Media 1 are used in the current deployment and the same interfaces can be used in SBC Core 5K and 7K (appliance based). Typically, on 5K/7K these ports would be optical SFPs. For the SBC SWe (virtualized platform), the logical pkt0/pkt1 interface must be mapped to a physical port. |
Anchor |
---|
| Static Routes |
---|
| Static Routes |
---|
|
Static Routes
Static routes are used to create communication to remote networks. In a production environment, static routes are mainly configured for routing from a specific network to a network that can only be accessed through one point or one interface (single path access or default route).
Tip |
---|
|
- For smaller networks with just one or two routes, configuring static routing is preferable. This is more efficient since a link is not wasted by exchanging dynamic routing information.
- For networks that have a LAN-side Gateway on Voice VLAN or Multi-Switch Edge Devices (MSEs) with Voice VLAN towards SBC Core, static routing configurations are not required.
|
Static route towards SBA
Code Block |
---|
set addressContext default staticRoute 0.0.0.0 0 172.16.X.X LIF2 PKT1_V4 preference 100
commit |
SBC Core should be configured for Teams Direct Routing and PSTN with the below link:
https://doc.rbbn.com/display/ALLDOC/SBC+8.2+-+Configure+SBC+for+MS+Teams
Info |
---|
- When using media bypass, the media between the Teams client and the SBC is using the SBC external (public) interface.
- This solution is to allow calls to/from the SIP trunk/PSTN, when connectivity to Microsoft Teams is lost – survivability mode.
|
SBC Core has an Embedded Routing Engine (ERE). It can be configured as mentioned in the link below:
https://doc.rbbn.com/display/ALLDOC/SBC+8.2+-+Configure+ERE+for+MS+Teams
Note |
---|
Once the above 2 sections are configured, proceed with the below mentioned sections. |
SBC Core SBA Leg Generic Configuration
Crypto Suite Profile
Since there is a SRTP between the SBA and the SBC, a crypto suite profile needs to be created as follows:
Code Block |
---|
set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES-CM-128-HMAC-SHA1-80
commit |
Anchor |
---|
| PSTN Codec Entry |
---|
| PSTN Codec Entry |
---|
|
Codec Entry
Codec entry allows you to specify the codec used for the call. Create the codec entry for G711 codec with a packet size 20 and rfc2833 method for dtmf.
Code Block |
---|
set profiles media codecEntry G711-TEAMS codec g711
set profiles media codecEntry G711-TEAMS packetSize 20
set profiles media codecEntry G711-TEAMS law deriveFromOtherLeg
set profiles media codecEntry G711-TEAMS dtmf relay rfc2833
commit |
To configure the RTCP for media, execute the following commands:
Code Block |
---|
set system media mediaRtcpControl senderReportInterval 5
set system media mediaRtcpControl sendBYEPacket disabled
commit |
Anchor |
---|
| Configure SIP Domain |
---|
| Configure SIP Domain |
---|
|
SIP Domain
The SBC SIP domain is configured as follows:
Code Block |
---|
set global sipDomain x.x.x.x
commit |
Info |
---|
Replace "x.x.x.x" with the SBC fqdn. |
The SBA SIP domain is configured as follows:
Code Block |
---|
set global sipDomain y.y.y.y
commit |
Info |
---|
Replace "y.y.y.y" with the SBA fqdn. |
Anchor |
---|
| Path Check Profile |
---|
| Path Check Profile |
---|
|
Path Check Profile
Create and attach a Path Check Profile to the SBA side:
Code Block |
---|
set profiles services pathCheckProfile SBA_OPTIONS protocol sipOptions sendInterval 50 replyTimeoutCount 1 recoveryCount 1
set profiles services pathCheckProfile SBA_OPTIONS transportPreference preference1 tls-tcp
commit |
Anchor |
---|
| Teams SBA Leg Configuration |
---|
| Teams SBA Leg Configuration |
---|
|
Microsoft SBA Leg Configuration
Create profiles with a specific set of characteristics corresponding to the Microsoft SBA. This includes the configuration of the following entities on the Microsoft SBA leg:
IP Interface Group
Zone
SIP Signaling Port
IP Peer
SIP Trunk Group
Routing Label
Call Routing
Anchor |
---|
| IP Interface Group |
---|
| IP Interface Group |
---|
|
IP Interface Group
Create an IP interface group.
Info |
---|
Replace "x.x.x.x" with the SBC's packet interface (pkt) IP address towards SBA (example pkt1 IP), and "Y" with its prefix length. Provide the ceName used during an SBC deployment. For example, the ceName is "TEAMSSBA1". |
Code Block |
---|
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName TEAMSSBA1 portName pkt1
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ipAddress x.x.x.x prefix Y
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled
commit |
Zone
Create a Zone towards the SBA and specify the ID of the zone.
Info |
---|
This Zone groups the set of objects used for communication towards the SBA. |
Code Block |
---|
set addressContext default zone SBA_ZONE id 6
commit |
Anchor |
---|
| SIP Signaling Port |
---|
| SIP Signaling Port |
---|
|
SIP Signaling Port
Set the SIP Signaling port, which is a logical address used to send and receive SIP call signaling packets and is permanently bound to a specific zone.
Info |
---|
Replace "x.x.x.x" with the SIP Signaling Port IP address of the SBC towards the SBA. |
Code Block |
---|
set addressContext default zone SBA_ZONE sipSigPort 7 ipInterfaceGroupName LIF2
set addressContext default zone SBA_ZONE sipSigPort 7 ipAddressV4 x.x.x.x
set addressContext default zone SBA_ZONE sipSigPort 7 portNumber 5060
set addressContext default zone SBA_ZONE sipSigPort 7 tlsProfileName SBA_TLS
set addressContext default zone SBA_ZONE sipSigPort 7 transportProtocolsAllowed sip-tls-tcp
set addressContext default zone SBA_ZONE sipSigPort 7 mode inService
set addressContext default zone SBA_ZONE sipSigPort 7 state enabled
commit |
Warning |
---|
There are a few areas that result in a TLS negotiation issue. One area involves assigning the incorrect port. Ensure the following are accomplished: SBA listens on port number 5061 (default setting). Configure port number 5060 on the SBC IP-Peer, since Ribbon SBC Core increments the port by 1 when the transport protocol is TLS.
|
IP Peer
Create an IP Peer with the signaling fqdn of the SBA and assign it to the SBA Zone.
Info |
---|
Replace "x.x.x.x" with the SBA fqdn. |
Code Block |
---|
set addressContext default zone SBA_ZONE ipPeer SBA policy description ""
set addressContext default zone SBA_ZONE ipPeer SBA policy sip fqdn X.X.X.X
set addressContext default zone SBA_ZONE ipPeer SBA policy sip fqdnPort 5060
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck profile SBA_OPTIONS
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck hostName X.X.X.X
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck hostPort 5060
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck state enabled
commit |
DmPm Rule
Teams Client 1 needs to dial an external number (i.e. any number, other than the Teams Phone number present in the Active Directory) in order for the call to reach SBC Core.
SBC Core applies digit manipulation (DmPmRule) to convert the external number to the Teams Client 2 number. DmPmRule is applied based on DmPmCriteria.
DmPmCriteria
DmPmCriteria is matched based on the called number +196200445566.
Code Block |
---|
set profiles digitParameterHandling dmPmCriteria MATCH_FULL_NUM criteriaType digit digitType calledNumber digitCriteria digitMatch operation equals value matchValue +196200445566 numberOfDigits 0 startDigitPosition 0 |
DmPmRule
DmPmRule is applied here to modify the called number to the billing number +17779992001.
Code Block |
---|
set profiles digitParameterHandling dmPmRule MODIFY_CALLED subRule 0 criteria MATCH_FULL_NUM ruleType digit digitManipulation numberType calledNumber digitStringManipulation startDigitPosition 0 numberOfDigits 30 replacement type constant digitString billingNumber value +17779992001 |
Info |
---|
In the above example, the DmPmRule External called number +196200445566 is converted to the Teams Phone Number +17779992001. |
For the calls from Teams Client 1 behind Teams Cloud to Teams Client 2 behind vSBA1, dmPmRule need to be applied to TEAMS_TG, so that SBC Core would modify the called number from external number to Teams Phone number.
Code Block |
---|
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG policy digitParameterHandling ingressDmPmRule MODIFY_CALLED |
Note |
---|
DmPmRule is applied on SIP Trunk Group TEAMS_TG, as the call is originating from TEAMS_TG. |
SIP Message Manipulation (SMM)
Microsoft SBA expects the fqdn in the From and Contact header of the OPTIONS message. Replace <user_input1> with the SBC's fqdn in the SMM below.
- rule 1 - replace the From header with the SBC's fqdn.
- rule 2 - replace the Contact header with the SBC's fqdn.
- rule 3 - add the User Agent header.
Code Block |
---|
set profiles signaling sipAdaptorProfile SBAOPT state enabled
set profiles signaling sipAdaptorProfile SBAOPT advancedSMM disabled
set profiles signaling sipAdaptorProfile SBAOPT profileType messageManipulation
set profiles signaling sipAdaptorProfile SBAOPT rule 1 applyMatchHeader one
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header name From
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 operation modify
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from type value
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from value <user_input1>
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to type token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 2 applyMatchHeader one
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 type message
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 message
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header name Contact
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 operation modify
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from type value
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from value <user_input1>
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to type token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 3 applyMatchHeader one
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 type message
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 message
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header name From
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 operation add
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 headerPosition last
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from type value
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from value "Ribbon SBCvirtual V10.01.01R002"
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to type header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to value User-Agent |
Anchor |
---|
| SIP Trunk Group |
---|
| SIP Trunk Group |
---|
|
SIP Trunk Group
Create a SIP Trunk Group towards the SBA and assign the corresponding profiles such as PSP and IPSP which were created in earlier steps.
Warning |
---|
You must configure Trunk Group names using capital letters. |
Code Block |
---|
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG media mediaIpInterfaceGroupName LIF1
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG ingressIpPrefix 0.0.0.0 0 commit
commit
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy callRouting elementRoutingPriority TEAMS_ERP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy callRouting digitParameterHandling ingressDmPmRule MODIFY_CALLED
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy media packetServiceProfile TEAMS_PSP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy media toneAndAnnouncementProfile TEAMS_LRBT_PROF
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy services classOfService DEFAULT_IP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy signaling ipSignalingProfile TEAMS_IPSP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG signaling relayNonInviteRequest enabled
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG signaling messageManipulation outputAdapterProfile SBAOPT
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG services natTraversal iceSupport iceWebrtc
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG ingressIpPrefix 0.0.0.0 0
commit |
Anchor |
---|
| Z Routing Label |
---|
| Z Routing Label |
---|
|
Routing Label
Create a Routing Label with a single Routing Label Route to bind the SBA Trunk Group with the SBA IP Peer.
Code Block |
---|
set global callRouting routingLabel SBA_RL routingLabelRoute 1 trunkGroup SBA_TG
set global callRouting routingLabel SBA_RL routingLabelRoute 1 ipPeer SBA
set global callRouting routingLabel SBA_RL routingLabelRoute 1 inService inService
commit |
Anchor |
---|
| ZOOM Call Routing |
---|
| ZOOM Call Routing |
---|
|
Call Routing
To route all the calls coming from the Teams Direct Routing (DR) towards the Teams Survivable Branch Appliance (SBA), input the following command:
Info |
---|
Provide ceName used during an SBC deployment. "TEAMSSBA" is the ceName. |
Code Block |
---|
set global callRouting route trunkGroup TEAMS_TG TEAMSSBA standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel SBA_RL
commit |
To route all the calls, coming from the Teams Survivable Branch Appliance (SBA) towards Teams Direct Routing (DR):
Code Block |
---|
set global callRouting route trunkGroup SBA_TG TEAMSSBA standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel TEAMS_RL
commit |
Note |
---|
- DmPmRule is applied on SIP Trunk Group SBA_TG, since the call is originating from the SBA_TG for the calls from the Teams Survivable Branch Appliance (SBA) towards Teams Direct Routing (DR).
- SBC Core configuration remains the same for Deployment Scenario 1 and 2.
- Additional SBC Configurations required for Deployment scenarios are covered in Deployment Scenario 3 and Deployment Scenario 4.
|
Section B: SBC Core Configuration for Deployment Scenario 3
Deployment Scenario 3 covers Teams Client 1 (behind vSBA1) calling Teams Client 2 (behind vSBA2).
This Deployment Scenario would require 2 Microsoft vSBAs, nomenclature used is vSBA1 and vSBA2. The user must configure a new Zone, SIP Signaling Port, IP Peer, SIP Trunk Group, Routing Label, and Call Routing for vSBA2.
Microsoft SBA2 Leg Configuration
Create profiles with a specific set of characteristics corresponding to the Microsoft SBA2. This includes the configuration of the following entities on the Microsoft SBA2 leg:
Zone
SIP Signaling Port
IP Peer
SIP Trunk Group
Routing Label
Call Routing
Zone
Create a Zone towards the SBA and specify the ID of the zone.
Info |
---|
This Zone groups the set of objects used for communication towards the SBA. |
Code Block |
---|
set addressContext default zone SBA2_ZONE id 30
commit |
Anchor |
---|
| SIP Signaling Port |
---|
| SIP Signaling Port |
---|
|
SIP Signaling Port
Set the SIP Signaling port, which is a logical address used to send and receive SIP call signaling packets and is permanently bound to a specific zone.
Info |
---|
Replace "x.x.x.x" with the SIP Signaling Port IP address of the SBC towards the SBA2. |
Code Block |
---|
set addressContext default zone SBA2_ZONE sipSigPort 31 ipInterfaceGroupName LIF2
set addressContext default zone SBA2_ZONE sipSigPort 31 ipAddressV4 x.x.x.x
set addressContext default zone SBA2_ZONE sipSigPort 31 portNumber 5060
set addressContext default zone SBA2_ZONE sipSigPort 31 tlsProfileName SBA_TLS
set addressContext default zone SBA2_ZONE sipSigPort 31 transportProtocolsAllowed sip-tls-tcp
set addressContext default zone SBA2_ZONE sipSigPort 31 mode inService
set addressContext default zone SBA2_ZONE sipSigPort 31 state enabled
commit |
Warning |
---|
There are a few areas that result in a TLS negotiation issue. One area involves assigning the incorrect port. Ensure the following are accomplished: SBA listens on port number 5061 (default setting). Configure port number 5060 on the SBC IP-Peer, since Ribbon SBC Core increments the port by 1 when the transport protocol is TLS.
|
IP Peer
Create an IP Peer with the signaling fqdn of the SBA2 and assign it to the SBA2 Zone.
Info |
---|
Replace "x.x.x.x" with the SBA2 fqdn. |
Code Block |
---|
set addressContext default zone SBA2_ZONE ipPeer SBA2 policy description ""
set addressContext default zone SBA2_ZONE ipPeer SBA2 policy sip fqdn X.X.X.X
set addressContext default zone SBA2_ZONE ipPeer SBA2 policy sip fqdnPort 5060
set addressContext default zone SBA2_ZONE ipPeer SBA2 pathCheck profile SBA_OPTIONS
set addressContext default zone SBA2_ZONE ipPeer SBA2 pathCheck hostName X.X.X.X
set addressContext default zone SBA2_ZONE ipPeer SBA2 pathCheck hostPort 5060
set addressContext default zone SBA2_ZONE ipPeer SBA2 pathCheck state enabled
commit |
SIP Message Manipulation (SMM)
The Microsoft SBA expects the fqdn in the From and Contact header of the OPTIONS message. Replace <user_input1> with the SBC's fqdn1 and <user_input2> with the SBC's fqdn2 in the SMM below.
- rule 1 - replace the From header SBC's sipSigPort IP towards vSBA1 with the SBC's fqdn1 and SBC's sipSigPort IP towards vSBA2 with the SBC's fqdn2 .
- rule 2 - replace the Contact header SBC's sipSigPort IP towards vSBA1 with the SBC's fqdn1 and SBC's sipSigPort IP towards vSBA2 with the SBC's fqdn2.
- rule 3 - add the User Agent header.
Code Block |
---|
set profiles signaling sipAdaptorProfile TESTOPT state enabled
set profiles signaling sipAdaptorProfile TESTOPT advancedSMM disabled
set profiles signaling sipAdaptorProfile TESTOPT profileType messageManipulation
set profiles signaling sipAdaptorProfile TESTOPT rule 1 applyMatchHeader one
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 2 type header
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 2 header
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 2 header name From
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 3 type token
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 3 token
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile TESTOPT rule 1 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 type header
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 operation regsub
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 headerInfo headerValue
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 from
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 from type value
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 from value <user_input1>
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 to
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 to type header
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 to value From
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 regexp
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 regexp string 10.54.23.23
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 1 regexp matchInstance all
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 type header
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 operation regsub
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 headerInfo headerValue
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 from
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 from type value
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 from value <user_input2>
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 to
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 to type header
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 to value From
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 regexp
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 regexp string 10.54.23.18
set profiles signaling sipAdaptorProfile TESTOPT rule 1 action 2 regexp matchInstance all
set profiles signaling sipAdaptorProfile TESTOPT rule 2 applyMatchHeader one
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 1 type message
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 1 message
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 2 type header
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 2 header
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 2 header name Contact
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 3 type token
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 3 token
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile TESTOPT rule 2 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 type header
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 operation regsub
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 headerInfo headerValue
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 from
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 from type value
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 from value <user_input1>
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 to
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 to type header
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 to value Contact
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 regexp
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 regexp string 10.54.23.23
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 1 regexp matchInstance all
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 type header
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 operation regsub
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 headerInfo headerValue
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 from
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 from type value
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 from value <user_input2>
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 to
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 to type header
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 to value Contact
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 regexp
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 regexp string 10.54.23.18
set profiles signaling sipAdaptorProfile TESTOPT rule 2 action 2 regexp matchInstance all
set profiles signaling sipAdaptorProfile TESTOPT rule 3 applyMatchHeader one
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 1 type message
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 1 message
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 2 type header
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 2 header
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 2 header name From
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 3 type token
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 3 token
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile TESTOPT rule 3 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile TESTOPT rule 3 action 1 type header
set profiles signaling sipAdaptorProfile TESTOPT rule 3 action 1 operation add
set profiles signaling sipAdaptorProfile TESTOPT rule 3 action 1 headerPosition last
set profiles signaling sipAdaptorProfile TESTOPT rule 3 action 1 from
set profiles signaling sipAdaptorProfile TESTOPT rule 3 action 1 from type value
set profiles signaling sipAdaptorProfile TESTOPT rule 3 action 1 from value "Ribbon SBCvirtual V10.01.01R002"
set profiles signaling sipAdaptorProfile TESTOPT rule 3 action 1 to
set profiles signaling sipAdaptorProfile TESTOPT rule 3 action 1 to type header
set profiles signaling sipAdaptorProfile TESTOPT rule 3 action 1 to value User-Agent |
Anchor |
---|
| SIP Trunk Group |
---|
| SIP Trunk Group |
---|
|
SIP Trunk Group
Create a SIP Trunk Group towards the SBA2 and assign corresponding profiles such as PSP and IPSP which were created in earlier steps.
Warning |
---|
You must configure Trunk Group names using capital letters. |
Code Block |
---|
set addressContext default zone SBA2_ZONE sipTrunkGroup SBA2_TG media mediaIpInterfaceGroupName LIF1
set addressContext default zone SBA2_ZONE sipTrunkGroup SBA2_TG ingressIpPrefix 0.0.0.0 0 commit
commit
set addressContext default zone SBA_ZONE sipTrunkGroup SBA2_TG policy callRouting elementRoutingPriority TEAMS_ERP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA2_TG policy media packetServiceProfile TEAMS_PSP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA2_TG policy media toneAndAnnouncementProfile TEAMS_LRBT_PROF
set addressContext default zone SBA_ZONE sipTrunkGroup SBA2_TG policy services classOfService DEFAULT_IP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA2_TG policy signaling ipSignalingProfile TEAMS_IPSP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA2_TG signaling relayNonInviteRequest enabled
set addressContext default zone SBA_ZONE sipTrunkGroup SBA2_TG signaling messageManipulation outputAdapterProfile TESTOPT
set addressContext default zone SBA_ZONE sipTrunkGroup SBA2_TG services natTraversal iceSupport iceWebrtc
set addressContext default zone SBA_ZONE sipTrunkGroup SBA2_TG ingressIpPrefix 0.0.0.0 0
commit |
Anchor |
---|
| Z Routing Label |
---|
| Z Routing Label |
---|
|
Routing Label
Create a Routing Label with a single Routing Label Route to bind the SBA2 Trunk Group with the SBA2 IP Peer.
Code Block |
---|
set global callRouting routingLabel SBA2_RL routingLabelRoute 1 trunkGroup SBA2_TG
set global callRouting routingLabel SBA2_RL routingLabelRoute 1 ipPeer SBA2
set global callRouting routingLabel SBA2_RL routingLabelRoute 1 inService inService
commit |
Anchor |
---|
| ZOOM Call Routing |
---|
| ZOOM Call Routing |
---|
|
Call Routing
Route all the calls coming from the vSBA1 towards the vSBA2.
Info |
---|
Provide ceName used during an SBC deployment. "TEAMSSBA" is the ceName. |
Code Block |
---|
set global callRouting route trunkGroup SBA_TG TEAMSSBA standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel SBA2_RL
commit |
Section C: SBC Core Configuration for Deployment Scenario 4
In this deployment scenario, PSTN calls Teams Client 2 behind vSBA2. The call flow is as follows:
- SBC Core receives the INVITE from PSTN and sends it to vSBA1.
- vSBA1 responds with 4xx error response to SBC Core.
- SBC Core sends the INVITE to vSBA2.
- vSBA2 sends the INVITE to Teams Client 2.
Crankback Profile
The crankback profile is used in the existing deployment scenario to route the call to vSBA2, when the vSBA1 sends the 4xx error response.
Code Block |
---|
set profiles callRouting crankbackProfile C1 lateCrankback enabled
set profiles callRouting crankbackProfile C1 reason 18
set profiles callRouting crankbackProfile C1 reason 31
commit |
The crankback profile needs to be attached to the PSTN trunk group as follows:
Code Block |
---|
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG callRouting crankBackProfile C1
commit |
Routing Label
Routing Label for this deployment scenario would be as mentioned below:
Code Block |
---|
set global callRouting routingLabel SBA_REDUNDANCY_RL routingLabelRoute 1 trunkGroup SBA_TG ipPeer SBA inService inService
set global callRouting routingLabel SBA_REDUNDANCY_RL routingLabelRoute 2 trunkGroup SBA2_TG ipPeer SBA2 inService inService
commit |
Call Route
Code Block |
---|
set global callRouting route trunkGroup PSTN_TG TEAMSSBA standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel SBA_REDUNDANCY_RL
commit |
Section D: Microsoft SBA Configuration
For information on configuring the Survivable Branch Appliance (SBA) for Direct Routing refer to following link:
https://learn.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance
For the Prerequisites, Installation and Configuring the Direct Routing SBA refer to following link:
https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#
Prerequisites
For Prerequisites on Direct routing SBA, refer to the following link:
https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Prerequisites
Installation
For Installation on Direct routing SBA refer to Step 1 in the following link:
https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step1:InstallVirtualSBASoftware
Anchor |
---|
| Configuration |
---|
| Configuration |
---|
|
Configuration
For Configuring on Direct routing SBA refer to Step 2 in the following link:
https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step2:SetuptheOffice365DirectRoutingvSBA
Warning |
---|
As SWe Core would be interacting with Virtual Survivable Branch Appliance (vSBA) in the current deployment scenario, configuring Step 3: Configure SBC SWe Edge is not required, as this step is strictly for deployment scenarios involving Ribbon SWe Edge and vSBA. |
Anchor |
---|
| Supplementary |
---|
| Supplementary |
---|
|
Supplementary Services and Features Coverage
The following checklist depicts the set of services/features covered through the configuration defined in this Interop Guide.
Sr. No. | Supplementary Features/Services | Coverage |
---|
1 | Teams Client 1 (behind Direct Routing) calls Teams Client 2 (behind vSBA1) | |
2 | Teams Client 2 (behind vSBA1) calls Teams Client 1 (behind Direct Routing) | |
3 | Teams Client 1 (behind vSBA1) calls Teams client 2 behind vSBA2 | |
4 | 4xx vSBA redirecting scenario * | |
Legend
| Supported |
| Not Supported |
N/A | Not Applicable |
* PSTN Calls vSBA1, vSBA1 sends 4xx error response to SWe Core, SWe Core sends call to Teams Client 2 behind vSBA2.
Caveats
The following items have been observed during this Interop - these are either limitations, untested elements, or useful information pertaining to the Interoperability.
- If the site loses internet connectivity and the service provider accesses the same internet connection, then the call will still fail because there is no path to the SIP trunk.
- Microsoft does not support LMO in vSBA deployments.
Support
For any support related queries about this guide, contact your local Ribbon representative, or use the details below:
References
For detailed information about Ribbon products & solutions, go to :
https://ribboncommunications.com/products
For information about microsoft products & solutions, go to:
https://docs.microsoft.com/en-us/microsoftteams/
Conclusion
This Interoperability Guide describes a successful configuration of the Microsoft SBA interoperability with Ribbon SBC Core for Wells Fargo deployments.
All features and capabilities tested are detailed within this document - any limitations, notes or observations are also recorded in order to provide the reader with an accurate understanding of what has been covered, and what has not.
Configuration guidance is provided to enable the reader to replicate the same base setup - there maybe additional configuration changes required to suit the exact deployment environment.
© 2023 Ribbon Communications Operating Company, Inc. © 2023 ECI Telecom Ltd. All rights reserved.