Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Automatic update to correct links


Image Removed


CSS Stylesheet
h1, h2, {font-size: 18pt !important;}
h3 {font-size: 16pt !important;}
h4 {font-size: 14pt !important;}
h5 {font-size: 14pt !important;}

...

CSS Stylesheet
.wiki-content h1 {
border-top: 1px solid rgb(145,150,153);
}


Section


Column
width40%
Table of Contents
Panel

Table of Contents
maxLevel4



Column
width5%



Column
width55%


Noprint

Add_workflow_for_appnotes
AUTH1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cec00c5c, userName='null'}
JIRAIDAUTHIOT-606
REV5UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb220566, userName='null'}
REV6UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd5909df, userName='null'}
REV3UserResourceIdentifier{userKey=8a00a0c8601a1bc701602339d1190006, userName='null'}
REV4UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c8a10148, userName='null'}
REV1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c8e901a1, userName='null'}
REV2UserResourceIdentifier{userKey=
8a00a02355cd1c2f0155cd26c8a10148
8a00a02355cd1c2f0155cd26c99e02c0, userName='null'}



 

Pagebreak

Interoperable Vendors

   

...

This document outlines the configuration best practices for the Ribbon solution covering the Ribbon SBC Core SWe when SWe when deployed with Microsoft Teams vSBA (virtual Survivable Branch Appliance).

...

A ​Session Border Controller​ (​SBC​) is a network element deployed to protect​ ​SIP​-based Voice over Internet Protocol​ (VoIP) networks. ​Early deployments of SBCs were focused on the borders between two service provider networks in a peering environment. This role has now expanded to include significant deployments between a service provider's access network and a backbone network to provide service to residential and/or enterprise customers. ​

The SBC Core Core (SBC 5K, 7K, SWe) addresses the next-generation needs of SIP communications by delivering embedded media transcoding, robust security, and advanced call routing in a high-performance, small form-factor device enabling service providers and enterprises to quickly and securely enhance their network by implementing services like SIP Trunking, secure Unified Communications, and Voice over IP (VoIP).

The SBC Core provides Core provides a reliable, scalable platform for IP interconnect to deliver security, session control, bandwidth management, advanced media services, and integrated billing/reporting tools in an SBC appliance. This versatile series of SBCs can be deployed as peering SBCs, access SBCs, or enterprise SBCs (eSBCs). The SBC product family is tested for interoperability and performance against a variety of third-party products and call flow configurations in the customer networks.

Note

SBC 5x10, 5400, 7000, and SWe are represented as SBC Core in the subsequent sections.

About

...

Virtual Survivable Branch Appliance (

...

vSBA)

The Direct Routing Virtual Survivable Branch Appliance (vSBA) is a Ribbon Communications SBC SWe Edge offer accomplished through close cooperation with Microsoft®. The vSBA allows users to make and receive Public Switched Telephone Network (PSTN) calls when there is an outage.

When a customer site using Direct Routing to connect to Microsoft Phone System experiences an internet outage, the intranet inside the branch is When a customer site using Direct Routing to connect to Microsoft Phone System experiences an internet outage, the intranet inside the branch is still fully functional. Users can connect to the Session Border Controller (SBC) that is providing the PSTN connectivity.

During an internet outage, the Teams client should switch to the SBA automatically. No action is required from the user. As soon as the Teams client detects that the internet service is restored and any outgoing calls are finished, the client will fall back to normal operation mode and connect to other Teams services.

The interoperability compliance testing focuses on verifying inbound and outbound call flows between the Ribbon SBC SWe Core & Teams vSBA.

Note

Direct Routing vSBA is available on the SBC SWe Edge Release 11.0x and later.

Contact your authorized Ribbon sales representative/partner for more information regarding approved SBC SWe Edge Direct Routing vSBA platforms and acquisition.


This guide contains the following configuration sections: 

...

This is a technical document intended for telecommunications engineers with the purpose of configuring both the Ribbon SBCs and the third-party product.

To perform this interop, you need to:

  • use the graphical user interface (GUI) or command line interface (CLI) of the Ribbon product.
  • understand the basic concepts of TCP/UDP/TLS and IP/Routing.
  • have SIP/RTP/SRTP to complete the configuration, and for troubleshooting.


Info
titleNote

This configuration guide is offered as a convenience to Ribbon customers. The specifications and information regarding the product in this guide are subject to change without notice. All statements, information, and recommendations in this guide are believed to be accurate but are presented without warranty of any kind, express or implied, and are provided “AS IS”. Users must take full responsibility for the application of the specifications and information in this guide.

...

  • Ribbon SBC SWe Core
  • Ribbon SWe Edge
  • Public IP Addresses
  • Microsoft admin account - a special type of account where the Teams user can be configured for Direct Routing SBA (Survivable Branch Appliance).
  • TLS Certificates for Certificates for Ribbon SBC Core signed by one of the Microsoft approved CA vendors.
  • Certificates must have the FQDN or domain name that is configured on the Microsoft admin portal.
  • A Windows Server 2019 VM with a minimum of four virtual processors, 8GB memory, and 80GB of disk space to install vSBA.

Anchor
Product and device details
Product and device details
Product and Device Details

...

Caption
0Table
1Requirements



Appliance/Application/Tool

Software Version

Ribbon Communications

SBC SWe Core

V10.01.01-R002

SWe Edge11.0.1 build 42
Microsoft Survivable Branch Appliance (SBA)v.2022.6.14.1
Teams Client1.5.00.17656 (64-bit)
PSTN PhonePhonerLite2.79
Administration and Debugging ToolsRibbon LX Tool2.1.0.6


...

Info
titleNote
  • Microsoft SBA version is v.2022.6.14.1 or later.
  • Teams Client version is 1.5.00.17656 (64-bit) or later. later 
  • PhonerLite version is 2.70 79 or later


Note

SoftPhones and IP-PBX are used to simulate PSTN.


Anchor
Network Topology Diagram
Network Topology Diagram
Network Topology Diagram

This section covers the Ribbon SWe Core deployment topology and the Interoperability Test Lab Topology.

Deployment Topology

Caption
0Figure
1Ribbon SWe Core Deployment Topology

Image Modified

Interoperability Test Lab Topology

The following lab topology diagram shows connectivity between Ribbon SWe Core on virtual platform and Microsoft SBA.

Caption
0Figure
1SWe Core and Teams Direct Routing test lab topology

Image Added


Caption
0Figure
1SWe Core and Microsoft SBA interoperability Test Lab Topology

Image RemovedImage Added


Document Workflow

Image RemovedImage Added


Anchor
Section A
Section A
Section A: SBC

...

Core Configuration

The following SBC Core configurations are included in this section:

Network and Connectivity

Static Routes

TLS Configuration on Ribbon SBC Core

Configure SBC for MS Teams

Configure ERE for MS Teams

SBC Core SBA Leg SBC Generic Configuration

PSTN Leg Configuration

Microsoft SBA Leg Configuration

...

Caption
0Figure
1Ribbon SBC

Image Modified


Info

Mgmt is is an RJ45 port and is the management interface of the SBC.

Media 0/Media1 Media1, depicted as pkt0/pkt1, are RJ45 OR optical SFP ports. Media 0 and Media 1 are used in the current deployment and the same interfaces can be used in SBC Core 5K and 7K (appliance based). Typically, on 5K/7K these ports would be optical SFPs.

For the SBC SWe (virtualized platform), the logical pkt0/pkt1 interface must be mapped to a physical portport.

Anchor
Static Routes
Static Routes
Static Routes

Static routes are used to create communication to remote networks. In a production environment, static routes are mainly configured for routing from a specific network to a network that can only be accessed through one point or one interface (single path access or default route).

Tip
titleTip
  • For smaller networks with just one or two routes, configuring static routing is preferable. This is more efficient since a link is not wasted by exchanging dynamic routing information.
  • For networks that have a LAN-side Gateway on Voice VLAN or Multi-Switch Edge Devices (MSEs) with Voice VLAN towards SBC Core, static routing configurations are not required.
Info
Add the static route once the Microsoft SBA Leg and PSTN Leg configurations are done on the SBC
  • .

Static route towards

...

Code Block
set addressContext default staticRoute 0.0.0.0 0 10.54.X.X LIF1 PKT0_V4 preference 100
commit

Static route towards SBA

Code Block
set addressContext default staticRoute 0.0.0.0 0 115172.11016.X.X LIF2 PKT1_V4 preference 100
commit

Anchor

...

Prerequisites:

  • For the TLS to work, a trusted CA (Certificate Authority) is needed. In this scenario, GoDaddy is used as a Trusted CA.
  • Create the Ribbon SBC Core private IP entry in the Public DNS. In this scenario, GoDaddy public DNS is used.

Generate a CSR with OpenSSL 

Code Block
# To create a Certificate Signing Request (CSR) and key file for a Subject Alternative Name (SAN) certificate with multiple subject alternate names, complete the following procedure:
  
Create an OpenSSL configuration file (text file) on the local computer by editing the fields to the company requirements.
  
Note 1: In the example used in this article the configuration file is req.conf.
  
Note 2: req_extensions will put the subject alternative names in a CSR, whereas x509_extensions would be used when creating an actual certificate file.
  
[req]
        distinguished_name = req_distinguished_name
        req_extensions = v3_req
        prompt = no
        [req_distinguished_name]
        C = US
        ST = VA
        L = SomeCity
        O = MyCompany
        OU = MyDivision
        CN = www.company.com
        [v3_req]
        keyUsage = keyEncipherment, dataEncipherment
        extendedKeyUsage = serverAuth
        subjectAltName = @alt_names
        [alt_names]
        DNS.1 = www.company.com
        DNS.2 = company.com
        DNS.3 = www.company.net
        DNS.4 = company.net
  
Make sure there are no whitespaces at the end of the lines.
  
#Run the following commands to create the Certificate Signing Request (CSR) and a new Key file:
openssl req -new -out company_san.csr -newkey rsa:2048 -nodes -sha256 -keyout company_san.key.temp -config req.conf
  
#Run the following command to verify the Certificate Signing Request:
openssl req -text -noout -verify -in company_san.csr
   
# After receiving the CSR with above information, provide it to CA (Certificate Authority). You will then receive the proper CA signed certificate in .crt format that is convertable into other formats using openssl.
 
# By default, you should receive two or more certificates from CA (depanding upon your CA). One is the SBC certificate, and other is CA's root and intermediate certificate.
 
# Upload the certificates to the SBC at /opt/sonus/external and convert them into SBC-readable format, i.e. SBC certificate is in .pem or .p12 format and root certificate is in .cer or .der.
  
#Converting .crt to .pem USING OPENSSL for SBC certificate.
openssl x509 -in sbc_cert.crt -out sbc_cert.der -outform DER
openssl x509 -in sbc_cert.der -inform DER -out sbc_cert.pem -outform PEM
  
#After generating sbc_cert.pem file, convert it to .p12 format using below command and the location of the certificate key.
openssl pkcs12 -export -out sbc1_cert.p12 -in sbc_cert.pem -inkey /opt/sonus/company_san.key.temp
  
#CONVERTING CRT to CER USING OPENSSL for CA's root and intermediate certificate.
openssl x509 -in root_cert.crt -out root_cert.cer -outform DER
  
After converting all these certificates upload them on SBC at /opt/sonus/external location.

...

Configure SBC for MS Teams
Configure SBC for MS Teams
Configure SBC for MS Teams

SBC Core should be configured for Teams Direct Routing and PSTN with the below link:

https://doc.rbbn.com/display/ALLDOC/Configure+SBC+for+MS+Teams


Info

Follow the section from Common SBC Configuration till Configure SBC for MS Teams Media Bypass.

Anchor
Configure ERE for MS Teams
Configure ERE for MS Teams
Configure ERE for MS Teams

SBC Core has an Embedded Routing Engine (ERE). It can be configured as mentioned in the link below:

https://doc.rbbn.com/display/ALLDOC/Configure+ERE+for+MS+Teams

Note

Once the above 2 sections are configured, proceed with the below mentioned sections.

Anchor
SBC Core SBA Leg Generic Configuration
SBC Core SBA Leg Generic Configuration
SBC Core SBA Leg Generic Configuration

Anchor
Crypto Suite
Crypto Suite
Crypto Suite Profile

Since there is a SRTP between the SBA and the SBC, a crypto suite profile needs to be created as follows:

Code Block
set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES-CM-128-HMAC-SHA1-80
commit

Anchor
PSTN Codec Entry
PSTN Codec Entry
Codec Entry

Codec entry allows you to specify the codec used for the call. Create the codec entry for G711 codec with a packet size 20 and rfc2833 method for dtmf.


Code Block
set profiles media codecEntry G711-TEAMS codec g711 
set profiles media codecEntry G711-TEAMS packetSize 20
set profiles media codecEntry G711-TEAMS law deriveFromOtherLeg
set profiles media codecEntry G711-TEAMS dtmf relay rfc2833
commit


Anchor
RTCP
RTCP
RTCP for Media

To configure the RTCP for media, execute the following commands:

Code Block
set system media mediaRtcpControl senderReportInterval 5
set system media mediaRtcpControl sendBYEPacket disabled
commit


Anchor
Configure SIP Domain
Configure SIP Domain
SIP Domain

The SBC SIP domain is configured as follows:

Code Block
set global sipDomain x.x.x.x
commit


Info

Replace "x.x.x.x"  with the SBC fqdn.


The SBA SIP domain is configured as follows:

Code Block
set global sipDomain y.y.y.y
commit


Info

Replace "y.y.y.y"  with the SBA fqdn.

Anchor
Path Check Profile
Path Check Profile
Path Check Profile

Create and attach a Path Check Profile to the SBA side:

Code Block
set profiles services pathCheckProfile SBA_OPTIONS protocol sipOptions sendInterval 50 replyTimeoutCount 1 recoveryCount 1
set profiles services pathCheckProfile SBA_OPTIONS transportPreference preference1 tls-tcp
commit

Anchor
SMM
SMM
SIP Message Manipulation (SMM)

Microsoft expects the fqdn in the From and Contact header of the OPTIONS message. Replace <user_input1> with the SBC's fqdn in the SMM below.

  • rule 1 - replace the From header with the SBC's fqdn.
  • rule 2 - replace the Contact header with the SBC's fqdn.
  • rule 3 - add the User Agent header.


Code Block
set profiles signaling sipAdaptorProfile SBAOPT state enabled
set profiles signaling sipAdaptorProfile SBAOPT advancedSMM disabled
set profiles signaling sipAdaptorProfile SBAOPT profileType messageManipulation
set profiles signaling sipAdaptorProfile SBAOPT rule 1 applyMatchHeader one
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header name From
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 operation modify
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from type value
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from value <user_input1>
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to type token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 2 applyMatchHeader one
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 type message
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 message
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header name Contact
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 operation modify
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from type value
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from value <user_input1>
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to type token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 3 applyMatchHeader one
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 type message
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 message
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header name From
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 operation add
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 headerPosition last
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from type value
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from value "Ribbon SBCvirtual V10.01.01R002"
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to type header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to value User-Agent

Apply this SMM globally as follows:

Code Block
set global signaling messageManipulation outputAdapterProfile SBAOPT
commit

Anchor
Teams SBA Leg Configuration
Teams SBA Leg Configuration
Microsoft SBA Leg Configuration

Create profiles with a specific set of characteristics corresponding to the Microsoft SBA. This includes the configuration of the following entities on the Microsoft SBA leg:

IP Interface Group

Zone

SIP Signaling Port

IP Peer

SIP Trunk Group

Routing Label

Call Routing

Anchor
IP Interface Group
IP Interface Group
IP Interface Group

Create an IP interface group.

Info

Replace "x.x.x.x" with the SBC's packet interface (pkt) IP address towards SBA (example pkt1 IP), and "Y" with its prefix length. Provide the ceName used during an SBC deployment.

For example, the ceName is "TEAMSSBA1".


Code Block
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName TEAMSSBA1 portName pkt1
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ipAddress x.x.x.x prefix Y
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled
commit

Anchor
Zone
Zone
Zone

Create a Zone towards the SBA and specify the ID of the zone.

Info

This Zone groups the set of objects used for communication towards the SBA.


Code Block
set addressContext default zone SBA_ZONE id 6
commit

Anchor
SIP Signaling Port
SIP Signaling Port
SIP Signaling Port

Set the SIP Signaling port, which is a logical address used to send and receive SIP call signaling packets and is permanently bound to a specific zone.

Info

Replace "x.x.x.x" with the SIP Signaling Port IP address of the SBC towards the SBA.


Code Block
set addressContext default zone SBA_ZONE sipSigPort 7 ipInterfaceGroupName LIF2
set addressContext default zone SBA_ZONE sipSigPort 7 ipAddressV4 x.x.x.x
set addressContext default zone SBA_ZONE sipSigPort 7 portNumber 5060
set addressContext default zone SBA_ZONE sipSigPort 7 tlsProfileName SBA_TLS
set addressContext default zone SBA_ZONE sipSigPort 7 transportProtocolsAllowed sip-tls-tcp
set addressContext default zone SBA_ZONE sipSigPort 7 mode inService
set addressContext default zone SBA_ZONE sipSigPort 7 state enabled
commit


Note

Attach the TLS Profile created earlier in Configure SBC for TLS.


Warning

There are a few areas that result in a TLS negotiation issue. One area involves assigning the incorrect port. Ensure the following are accomplished: 

  • SBA listens on port number 5061 (default setting).

  • Configure port number 5060 on the SBC IP-Peer, since Ribbon SBC Core increments the port by 1 when the transport protocol is TLS.

Anchor
IP Peer
IP Peer
IP Peer

Create an IP Peer with the signaling fqdn of the SBA and assign it to the SBA Zone.

Info

Replace "x.x.x.x"  with the SBA fqdn.


Code Block
set addressContext default zone SBA_ZONE ipPeer SBA policy description ""
set addressContext default zone SBA_ZONE ipPeer SBA policy sip fqdn X.X.X.X
set addressContext default zone SBA_ZONE ipPeer SBA policy sip fqdnPort 5060
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck profile SBA_OPTIONS
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck hostName X.X.X.X
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck hostPort 5060
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck state enabled
commit

Anchor
SIP Trunk Group
SIP Trunk Group
SIP Trunk Group

Create a SIP Trunk Group towards the SBA and assign corresponding profiles such as PSP and IPSP, that were created in earlier steps.

Warning

You must configure Trunk Group names using capital letters.


Code Block
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG media mediaIpInterfaceGroupName LIF1
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG ingressIpPrefix 0.0.0.0 0 commit
commit

set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy callRouting elementRoutingPriority TEAMS_ERP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy media packetServiceProfile TEAMS_PSP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy media toneAndAnnouncementProfile TEAMS_LRBT_PROF
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy services classOfService DEFAULT_IP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy signaling ipSignalingProfile TEAMS_IPSP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG signaling relayNonInviteRequest enabled
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG signaling messageManipulation outputAdapterProfile SBAOPT
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG services natTraversal iceSupport iceWebrtc
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG ingressIpPrefix 0.0.0.0 0
commit

Anchor
Z Routing Label
Z Routing Label
Routing Label

Create a Routing Label with a single Routing Label Route to bind the SBA Trunk Group with the SBA IP Peer.

Code Block
set global callRouting routingLabel TEAMS_RL routingLabelRoute 4 trunkGroup SBA_TG
set global callRouting routingLabel TEAMS_RL routingLabelRoute 4 ipPeer SBA
set global callRouting routingLabel TEAMS_RL routingLabelRoute 4 inService inService
commit


Note

Add the sipTrunkGroup SBA_TG and ipPeer SBA to the TEAMS_RL as routingLabelRoute 4, as this would be active only in Teams Survivable mode.

Anchor
ZOOM Call Routing
ZOOM Call Routing
Call Routing

To route all the calls coming from the PSTN towards the Teams SBA:

Info

Provide ceName used during an SBC deployment. "TEAMSSBA" is the ceName.


Code Block
set global callRouting route trunkGroup PSTN_TG TEAMSSBA standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel TEAMS_RL
commit

To route all the calls, coming from the Teams SBA towards PSTN endpoints (irrespective of digits or FQDN):

Code Block
set global callRouting route trunkGroup SBA_TG TEAMSSBA standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel PSTN_RL
commit

To route all the calls, coming from the Teams SBA towards PSTN endpoint depending on different numbers:


Code Block
set global callRouting route none Sonus_NULL Sonus_NULL standard 2414445 1 all all ALL none Sonus_NULL routingLabel PSTN_RL
commit


Note

Above number based call routing is useful, when there are multiple PSTN service providers towards PSTN leg.

Anchor
Section B
Section B
Section B: Microsoft SBA Configuration

For information on configuring the Survivable Branch Appliance (SBA) for Direct Routing refer to following link:

https://docs.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance

For the Prerequisites, Installation and Configuring the Direct Routing SBA refer to following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#

Anchor
Prereq
Prereq
Prerequisites

For Prerequisites on Direct routing SBA, refer to the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Prerequisites

Anchor
Installation
Installation
Installation

For Installation on Direct routing SBA refer to Step 1 in the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step1:InstallVirtualSBASoftware

Anchor
Configuration
Configuration
Configuration

For Configuring on Direct routing SBA refer to Step 2 in the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step2:SetuptheOffice365DirectRoutingvSBA

Info


Warning

As SWe Core would be interacting with Virtual Survivable Branch Appliance (vSBA) in the current deployment scenario, configuring Image Added is not required, as this step is strictly for deployment scenarios involving Ribbon SWe Edge and vSBA.

Anchor
Name resolution
Name resolution
Name Resolution

  • A Public or Private Fully Qualified Domain Name (FQDN) that points to the Direct Routing vSBA IP - No Public IP is required for the Direct Routing vSBA.

  • The Direct Routing vSBA should resolve the SBC Public FQDN with an address it can access, this is completed automatically for the SBC that hosts the ASM.


Info

Use of Private FQDN for Direct Routing SBA

If you use a Private FQDN for Direct Routing SBA:

  • The SBC will have to be configured to use the DNS that host this Private zone.

  • You can not use a Public certificate for Direct Routing SBA, so Direct Routing SBA can not share the SBC Public Certificate.

Anchor
Certificates
Certificates
Certificates

Microsoft requires a SHA256 certificate for the Direct Routing vSBA in order to establish a TLS connection with the SBC. See the following options:

  1. Shared SBC Public certificate (recommended). This is only possible if your SBC certificate matches one of the following options:

    • SBC Certificate is a wildcard certificate

      • SBC Certificate Common Name "CN: *.mydomain.com" or SBC Certificate Subject Alternative Name "SAN: *.mydomain.com".

    • SBC Certificate has a SAN for Direct Routing vSBA

      • SBC Certificate Common Name "CN: sbc.mydomain.com" and SBC Certificate Subject Alternative Name "SAN: sba.mydomain.com".

  2. Use an existing Public or Private Certificate that covers the Direct Routing vSBA FQDN.

  3. Create a new Public or Private Certificate that covers the Direct Routing vSBA FQDN. In this case, a Public or Private Certificate Authority must be ready to sign the certificate for the Direct Routing vSBA.

Anchor
Importing a vSBA certificate
Importing a vSBA certificate
Importing a vSBA Certificate

You can import the following kinds of certificates:

  • X.509 Signed Certificate.
  • PKCS12 Certificate and Key.


Info

Before importing a new Signed Server Certificate, you must first import a valid Trusted CA Certificate.


X.509 Signed Certificate

Use the following procedure to import the X.509 Signed Certificate.

  1. Log into the WebUI of the SBC SWe Edge.

  2. Click the Tasks tab.

  3. In the left navigation pane, select Office 365 Direct Routing SBA > Setup.

  4. Click the Manage Certificate tab.

  5. From the Action drop-down menu, select Import X.509 Signed Certificate.


Caption
0Figure
1X.509 Signed Certificate

Image Added

     

      6. Paste the SBC CA certificate in the window and click OK.

Import PKCS12 Certificate and Key

Use the following procedure to import the PKCS12 Certificate and Key.

  1. Log into the WebUI of the SBC SWe Edge.

  2. Click the Tasks tab.

  3. In the left navigation pane, select Office 365 Direct Routing SBA > Setup.

  4. Click the Manage Certificate tab.

  5. From the Action drop-down menu, select Import PKCS12 Certificate and Key. This option imports a certificate you created.


Caption
0Figure
1PKCS12 Certificate and Key

Image Added

     

       6. In the Password field, enter the same password you created to export the certificate and key. Refer to Exporting a vSBA Certificate.

       7. Click Browse and select the desired PKCS12 file and key.

       8. Click OK.     

Anchor
Exporting a vSBA Certificate
Exporting a vSBA Certificate
Exporting a vSBA Certificate

You can export the existing certificate installed on the Direct Routing vSBA.

  1. Log into the WebUI of the SBC SWe Edge.

  2. Click the Tasks tab.

  3. In the left navigation pane, select Office 365 Direct Routing SBA > Setup.

  4. Click the Manage Certificate tab.
  5. From the Action drop-down menu, select Export PKCS12 Certificate and Key.


Caption
0Figure
1Exporting a vSBA Certificate

Image Added

  

     6. In the Password field, enter a password for the certificate file you want to export. This password is user generated/supplied and will be required if you import this certificate on another node.

     7. Click OK.

Anchor
Managing Trusted CA Certificate
Managing Trusted CA Certificate
Managing Trusted CA Certificate

A Trusted CA Certificate is a certificate issued by a trusted certificate authority. Trusted CA Certificates are imported to the SBC Edge Portfolio to establish its authenticity on the network.

Warning

Most Certificate Vendors sign the SBC Edge Portfolio certificate with an intermediate certificate authority.  There is at least one, but there could be several intermediate CAs in the certificate chain. When importing the Trusted Root CA Certificates, be sure to import the root CA certificate and all Intermediate CA certificates.  Failure to import all certificates in the chain causes the import of the SBC Edge Portfolio certificate to fail.

Anchor
Import Trusted CA
Import Trusted CA
Importing a Trusted CA Certificate

Tip

Before you begin: 

You must obtain a Trusted Root CA Certificate before you can proceed - your options are:

  • Contacting your System Administrator or Certificate Vendor (e.g. Godaddy, Verisign etc).
  • Obtaining the Trusted CA certificate from your local Standalone Windows Certificate Authority.
  • When importing a new certificate, make sure the root certificate is still valid and hasn't expired.

To import a Trusted CA Certificate:

  1. Click the Import Trusted CA Certificate (Image Added) Icon. 


Caption
0Figure
1Import Trusted CA Certificate

Image Added

Image Added

      2. Select either Copy and Paste or File Upload from the Mode menu.

    1. If you choose File Upload, use the Browse button to find the file.

      3. Click OK.

Verify Trusted CA Certificate

  1. In the WebUI, click the Settings tab.

  2. In the left navigation pane, go to Security > SBC Certificates > Trusted CA Certificates.

Caption
0Figure
1Trusted CA Certificate Table

Image Added


Info

When the Verify Status field in the Certificate panel indicates Expired or Expiring Soon, the Trusted CA Certificate must be replaced. The old certificate must be deleted before a new certificate can be successfully imported.


Caption
0Figure
1Verify Status OK

Image Added

Anchor
Supplementary
Supplementary
Supplementary Services and Features Coverage

The following checklist depicts the set of services/features covered through the configuration defined in this Interop Guide. 

Sr. No.Supplementary Features/ServicesCoverage
1OPTIONS ping (SBC to SBA)

Image Added

2OPTIONS ping (SBA to SBC)

Image Added

3Basic Call from PSTN to Teams

Image Added

4Basic Call from Teams to PSTN

Image Added

5Call Hold & Call Resume

Image Added


Legend

Image Added

Supported

Image Added

Not Supported
N/ANot Applicable

Caveats

The following items have been observed during this Interop - these are either limitations, untested elements, or useful information pertaining to the Interoperability.

  • Media Bypass is a prerequisite for vSBA deployments.
  • When using media bypass, the media between the Teams client and the SBC is using the SBC external (public) interface.
  • This solution is to allow calls to/from the SIP trunk/PSTN, when connectivity to Microsoft Teams is lost – survivability mode.
  • If the site loses internet connectivity and SIP trunk provider accesses the same internet connection, then the call will still fail because there is no path to the SIP trunk.
  • LMO is currently not supported. Microsoft will need to support.
Code Block
#Import Public CA Root Certificate into database.
set system security pki certificate CA_ROOT_CERT type remote fileName root_cert.der state enabled
 
#Import Public CA Certified SBC Server Certificate into database.
set system security pki certificate SBC_CERT filename sbc1_cert.p12 passPhrase <Password defined during CSR generation> state enabled type local

#Import the Baltimore Certificate into database.
set system security pki certificate BALTIMORE_CERT type remote fileName BaltimoreSBA.der state enabled

...

A TLS Profile is required for the TLS handshake between the SBA and SBC Core. This profile defines cipher suites supported by SBC Core. Create the TLS profile as mentioned below:

Code Block
set profiles security tlsProfile SBA_TLS clientCertName SBC_CERT serverCertName SBC_CERT cipherSuite1 tls_ecdhe_rsa_with_aes_256_cbc_sha384 cipherSuite2 tls_ecdhe_rsa_with_aes_128_cbc_sha authClient true allowedRoles clientandserver acceptableCertValidationErrors invalidPurpose
set profiles security tlsProfile SBA_TLS v1_0 disable
set profiles security tlsProfile SBA_TLS v1_1 enable
set profiles security tlsProfile SBA_TLS v1_2 enable
commit
Info

Attach the TLS Profile to the SIP Signaling Port that will be created later in the Microsoft SBA Leg Configuration.

...

Since there is a SRTP between the SBA and SBC, a crypto suite profile needs to be created as follows:

Code Block
set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES-CM-128-HMAC-SHA1-80
commit

...

This section covers SBC Generic configurations such as: Element Routing Priority, Prefix Profile, E164 Profile, Codec Entry and Packet Service Profile.

...

Code Block
set profiles callRouting elementRoutingPriority TEAMS_ERP entry _private 1 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry nationalOperator 1 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry localOperator 1 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry nationalType 1 entityType trunkGroup
set profiles callRouting elementRoutingPriority TEAMS_ERP entry nationalType 2 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry internationalType 1 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry internationalOperator 1 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry longDistanceOperator 1 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry ipVpnService 1 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry test 1 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry transit 1 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry otherCarrierChosen 1 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry carrierCutThrough 1 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry userName 1 entityType trunkGroup
set profiles callRouting elementRoutingPriority TEAMS_ERP entry userName 2 entityType none
set profiles callRouting elementRoutingPriority TEAMS_ERP entry mobile 1 entityType none

...

Codec entry allows you to specify the codec used for the callCreate the codec entry for G711 codec with a packet size 20 and rfc2833 method for dtmf.

Code Block
set profiles media codecEntry G711-TEAMS codec g711 
set profiles media codecEntry G711-TEAMS packetSize 20
set profiles media codecEntry G711-TEAMS law deriveFromOtherLeg
set profiles media codecEntry G711-TEAMS dtmf relay rfc2833
commit

...

To configure the RTCP for media, execute the following commands:

Code Block
set system media mediaRtcpControl senderReportInterval 5
set system media mediaRtcpControl sendBYEPacket disabled
commit

...

The SBC SIP domain is configured as follows:

Code Block
set global sipDomain IOTSBA.CUSTOMERS.INTEROPDOMAIN.COM
commit

The SBA SIP domain is configured as follows:

Code Block
set global sipDomain IOTTEAMSBA.CUSTOMERS.INTEROPDOMAIN.COM
commit

...

Configure the Ring Back Tone profile as follows:

Code Block
set profiles media toneCodecEntry g711u codec g711
set profiles media toneCodecEntry g711u law ULaw
 
set profiles media toneCodecEntry g711a codec g711
set profiles media toneCodecEntry g711a law ALaw
 
set profiles media toneAsAnnouncementProfile toneType defRing codecType g711u segmentId 20001
set profiles media toneAsAnnouncementProfile toneType defRing codecType g711a segmentId 20002

commit

...

Create and attach a Path Check Profile to the SBA side:

Code Block
set profiles services pathCheckProfile SBA_OPTIONS protocol sipOptions sendInterval 50 replyTimeoutCount 1 recoveryCount 1
set profiles services pathCheckProfile SBA_OPTIONS transportPreference preference1 tls-tcp
commit

...

Microsoft expects the fqdn in the From and Contact header of the OPTIONS message. Replace <user_input1> with the SBC's fqdn in the SMM below.

  • rule 1 - replace the From header with the SBC's fqdn.
  • rule 2 - replace the Contact header with the SBC's fqdn.
  • rule 3 - add the User Agent header.
Code Block
set profiles signaling sipAdaptorProfile SBAOPT state enabled
set profiles signaling sipAdaptorProfile SBAOPT advancedSMM disabled
set profiles signaling sipAdaptorProfile SBAOPT profileType messageManipulation
set profiles signaling sipAdaptorProfile SBAOPT rule 1 applyMatchHeader one
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header name From
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 operation modify
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from type value
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from value <user_input1>
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to type token
set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 2 applyMatchHeader one
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 type message
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 message
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header name Contact
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 operation modify
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from type value
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from value <user_input1>
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to type token
set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 3 applyMatchHeader one
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 type message
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 message
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 message messageTypes requestAll
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header name From
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 type token
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 type header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 operation add
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 headerPosition last
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from type value
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from value "Ribbon SBCvirtual V10.01.01R002"
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to type header
set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to value User-Agent

Apply this SMM globally as follows:

Code Block
set global signaling messageManipulation outputAdapterProfile SBAOPT
commit

...

Create profiles with a specific set of characteristics corresponding to the PSTN. This includes the configuration of the following entities on the PSTN leg:

IP Signaling Profile

IP Interface Group

Zone

SIP Signaling Port

IP Peer

SIP Trunk Group

Routing Label

Call Routing

...

Create an IP Signaling Profile with the appropriate signaling flags towards PSTN Leg.

Code Block
set profiles signaling ipSignalingProfile PSTN_IPSP ipProtocolType sipOnly
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags includeReasonHeader enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags includeTransportTypeInContactHeader enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags minimizeRelayingOfMediaChangesFromOtherCallLegAll enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags relayDataPathModeChangeFromOtherCallLeg enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags sendPtimeInSdp enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags storePChargingVector enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags lockDownPreferredCodec enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes transparencyFlags userAgentHeader enable
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes flags disable2806Compliance enable
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes privacy privacyInformation pPreferredId
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes privacy flags includePrivacy enable
commit

...

Create an IP interface group.

Info

Replace "x.x.x.x" with the SBC's packet interface (pkt) IP address towards PSTN (example pkt0 IP), and "Y" with its prefix length. Provide ceName used during an SBC deployment.

Here, the ceName is "TEAMSSBA1".

Code Block
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName TEAMSSBA1 portName pkt0
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 portName pkt0
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ipAddress x.x.x.x prefix Y
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 mode inService
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 state enabled
commit

...

Create the Zone towards the PSTN and specify the ID of the zone.

Info

This Zone groups the set of objects used for the communication towards the PSTN.

Code Block
set addressContext default zone PSTN id 2
commit

...

Set the SIP Signaling port, which is a logical address used to send and receive SIP call signaling packets and is permanently bound to a specific zone.

Info

Replace "x.x.x.x" with SIP Signaling Port IP of SBC towards PSTN Leg.

Code Block
set addressContext default zone PSTN sipSigPort 3 ipInterfaceGroupName LIF1
set addressContext default zone PSTN  sipSigPort 3 ipAddressV4 x.x.x.x
set addressContext default zone PSTN sipSigPort 3 portNumber 5060
set addressContext default zone PSTN sipSigPort 3 mode inService
set addressContext default zone PSTN sipSigPort 3 state enabled
commit

...

Create an IP Peer towards the PSTN as follows:

Code Block
set addressContext default zone PSTN ipPeer PSTN_IPP ipAddress x.x.x.x ipPort yyyy
commit

...

Create a SIP Trunk Group towards the PSTN Leg and assign corresponding profiles such as PSP and IPSP that are created in previous steps. For ingressIpPrefix, replace "X.X.X.X" with the IP address that you want to allow from the PSTN side, and "Y" with its prefix length.

Warning

You must configure Trunk Group names using capital letters.

Code Block
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG media mediaIpInterfaceGroupName LIF1
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG mode inService state enabled
commit

set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling methods notify allow
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling rel100Support enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling relayNonInviteRequest enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling honorMaddrParam enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG services dnsSupportType a-only
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG ingressIpPrefix X.X.X.X Y
 
commit

...

Create a Routing Label with a single Routing Label Route to bind the PSTN Trunk Group with the PSTN IP Peer.

Code Block
set global callRouting routingLabel PSTN_RL routingLabelRoute 1 trunkGroup PSTN_TG
set global callRouting routingLabel PSTN_RL routingLabelRoute 1 ipPeer PSTN
set global callRouting routingLabel PSTN_RL routingLabelRoute 1 inService inService
commit

...

This entry is used to route all the calls coming from the SBA to the PSTN.

Info

Provide ceName used during an SBC deployment. "TEAMSSBA" is the ceName.

Code Block
set global callRouting route trunkGroup SBA_TG TEAMSSBA standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel PSTN_RL
commit

...

Create profiles with a specific set of characteristics corresponding to the Microsoft SBA. This includes the configuration of the following entities on the Microsoft SBA leg:

IP Signaling Profile

IP Interface Group

Zone

SIP Signaling Port

IP Peer

SIP Trunk Group

Routing Label

Call Routing

...

Create an IP Signaling Profile with the appropriate signaling flags towards the SBA.

Code Block
set profiles signaling ipSignalingProfile TEAMS_IPSP ipProtocolType sipOnly
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags includeReasonHeader enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags includeTransportTypeInContactHeader enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags routeUsingRecvdFqdn enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags sendPtimeInSdp enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags sendRtcpPortInSdp enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags storePChargingVector enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags publishIPInHoldSDP enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes relayFlags statusCode4xx6xx enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags minimizeRelayingOfMediaChangesFromOtherCallLegAll enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags relayDataPathModeChangeFromOtherCallLeg enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes numberGlobalizationProfile DEFAULT_IP
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes flags disable2806Compliance enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useIpSignalingPeerDomainInRequestUri enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useSipDomainInPAIHeader enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useSipDomainNameInFromField enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useZoneLevelDomainNameInContact enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes privacy transparency disable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes privacy privacyInformation pPreferredId
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes privacy flags includePrivacy enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes privacy flags privacyRequiredByProxy disable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes privacy flags msLyncPrivacySupport enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes redirect flags forceRequeryForRedirection enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes transport type1 tlsOverTcp
set profiles signaling ipSignalingProfile TEAMS_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable
commit

...

Create an IP interface group.

Info

Replace "x.x.x.x" with the SBC's packet interface (pkt) IP address towards SBA (example pkt1 IP), and "Y" with its prefix length. Provide the ceName used during an SBC deployment.

Here, the ceName is "TEAMSSBA1".

Code Block
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName TEAMSSBA1 portName pkt1
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ipAddress x.x.x.x prefix Y
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled
commit

...

Create a Zone towards the SBA and specify the ID of the zone.

Info

This Zone groups the set of objects used for communication towards SBA.

Code Block
set addressContext default zone SBA_ZONE id 6
commit

...

Set the SIP Signaling port, which is a logical address used to send and receive SIP call signaling packets and is permanently bound to a specific zone.

Info

Replace "x.x.x.x" with the SIP Signaling Port IP address of the SBC towards SBA.

Code Block
set addressContext default zone SBA_ZONE sipSigPort 7 ipInterfaceGroupName LIF2
set addressContext default zone SBA_ZONE sipSigPort 7 ipAddressV4 x.x.x.x
set addressContext default zone SBA_ZONE sipSigPort 7 portNumber 5060
set addressContext default zone SBA_ZONE sipSigPort 7 tlsProfileName SBA_TLS
set addressContext default zone SBA_ZONE sipSigPort 7 transportProtocolsAllowed sip-tls-tcp
set addressContext default zone SBA_ZONE sipSigPort 7 mode inService
set addressContext default zone SBA_ZONE sipSigPort 7 state enabled
commit
Note

Attach the TLS Profile created earlier SBA_TLS.

Warning

There are a few areas that result in a TLS negotiation issue. One area involves assigning the incorrect port. Ensure the following are accomplished: 

  • SBA listens on port number 5061 (default setting).

  • Configure port number 5060 on the SBC IP-Peer, since Ribbon SBC Core increments the port by 1 when the transport protocol is TLS.

...

Create an IP Peer with the signaling fqdn of the SBA and assign it to the SBA Zone.

Info

Replace "x.x.x.x"  with the SBA fqdn.

Code Block
set addressContext default zone SBA_ZONE ipPeer SBA policy description ""
set addressContext default zone SBA_ZONE ipPeer SBA policy sip fqdn X.X.X.X
set addressContext default zone SBA_ZONE ipPeer SBA policy sip fqdnPort 5060
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck profile SBA_OPTIONS
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck hostName X.X.X.X
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck hostPort 5060
set addressContext default zone SBA_ZONE ipPeer SBA pathCheck state enabled
commit

...

Create a SIP Trunk Group towards the SBA and assign corresponding profiles such as PSP and IPSP, that were created in earlier steps.

Warning

You must configure Trunk Group names using capital letters.

Code Block
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG media mediaIpInterfaceGroupName LIF1
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG ingressIpPrefix 0.0.0.0 0 commit
commit

set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy callRouting elementRoutingPriority TEAMS_ERP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy media packetServiceProfile TEAMS_PSP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy media toneAndAnnouncementProfile TEAMS_LRBT_PROF
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy services classOfService DEFAULT_IP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy signaling ipSignalingProfile TEAMS_IPSP
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG signaling relayNonInviteRequest enabled
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG ingressIpPrefix 0.0.0.0 0
commit

...

Create a Routing Label with a single Routing Label Route to bind the SBA Trunk Group with the SBA IP Peer.

Code Block
set global callRouting routingLabel SBA_RL routingLabelRoute 1 trunkGroup SBA_TG
set global callRouting routingLabel SBA_RL routingLabelRoute 1 ipPeer SBA
set global callRouting routingLabel SBA_RL routingLabelRoute 1 inService inService
commit

...

This entry is used to route all the calls coming from the PSTN towards the SBA.

Info

Provide ceName used during an SBC deployment. "TEAMSSBA" is the ceName.

Code Block
set global callRouting route trunkGroup PSTN_TG TEAMSSBA standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel SBA_RL
commit

...

For information on configuring the Survivable Branch Appliance (SBA) for Direct Routing refer to following link:

https://docs.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance

For the Prerequisites, Installation and Configuring the Direct Routing SBA refer to following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#

...

For Prerequisites on Direct routing SBA, refer to the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Prerequisites

...

For Installation on Direct routing SBA refer to Step 1 in the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step1:InstallVirtualSBASoftware

...

For Configuring on Direct routing SBA refer to Step 2 in the following link:

https://doc.rbbn.com/display/UXDOC110/Best+Practice+-+Configure+Direct+Routing+Virtual+Survivable+Branch+Appliance#BestPracticeConfigureDirectRoutingVirtualSurvivableBranchAppliance-Step2:SetuptheOffice365DirectRoutingvSBA

Info
Warning

Do not configure the following section - Configure SBC SWe Edge, as this is strictly for Ribbon SWe Edge Configuration.

...

The following checklist depicts the set of services/features covered through the configuration defined in this Interop Guide. 

...

Image Removed

...

Image Removed

...

Image Removed

...

Image Removed

...

Image Removed

Legend

...

Image Removed

...

Image Removed

...

Support

For any support related queries about this guide, contact your local Ribbon representative, or use the details below:

...

© 2021 Ribbon Communications Operating Company, Inc. © 2021 ECI Telecom Ltd. All rights reserved.

Image Added