Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Automatic update to correct links

...

  • Ribbon SBC Edge
  • Ribbon SBC Edge license
    • This interop requires the acquisition and application of SIP sessions, as documented at Working with License.
  • Public IP addresses
  • TLS certificates for SBC Edge
  • Cisco Control Hub and Domain
    • Cisco Control Hub Premier license for the users.
    • For more details, contact Cisco Webex Support.

...

The configuration uses the following equipment and software:

Product

Appliance/ Application/ Tool

Software Version

Ribbon SBCSBC SWe Edge11.0.2 build 99
SBC 1K/2K11.0.1 build 634

Cisco Webex

Cisco Control Hub

Build: 20230607-38bdcbf (mfe)

Cisco Webex Client43.5.0.26155

Third-party Equipment


Cisco Unified Communications Manager12.5.1.11900-146
Poly VVX 6015.8.2.4732

Administration and Debugging Tools

Wireshark3.4.9

Network Topology and E2E Flow Diagrams

Deployment Topology

Info
titleNote

There can be more number of deployment topologies beyond those depicted below.

Single Webex Tenant and Single IP & Single Port on SBC

Image Added

Multiple Webex Tenant and Single IP & Single Port on SBC

Image Added

Multiple Webex Tenant and Multiple IPs / Ports on SBC

Image AddedImage Removed

Interoperability Test Lab Topology

...

To deploy Ribbon SBC Edge instance, refer to Installing SBC Edge.

Ribbon SBC Edge Configuration

...

For more details on Licenses, refer to Working with Licenses.

Installing License on SWe Edge

...

Signaling groups allow telephony channels to be grouped together for the purposes of routing and shared configuration. They are the entity to which calls are routed, as well as the location from which Call Routing Tables are selected.

From the Settings tab, navigate to Signaling Groups. Click Add SIP SG.

...

TLS Profiles are used by SIP Signaling Groups when the TLS transport type is selected for incoming and outgoing SIP trunks (Listen Ports), and in SIP Server Tables when TLS is selected as the Server Host protocol.

...

  1. From the TLS Protocol drop-down menu, select TLS 1.0-1.2.
  2. Attach the certificate which is uploaded in the SBC Certificate.
  3. Add the cipher suites that are supported on Cisco Webex.
  4. Enable the Validate Server and Client FQDN fields to validate the CN and SAN name in the certificate send by Server and Client.
  5. Click OK.


Note
titleNote

The SBC doesn't support tracking active/closed TLS connections.

DNS Host

To Validate the Client FQDN, add the FQDN entries and corresponding IPs that are resolved from the Cisco Webex SRV under the Host section on the SBC.

...

Message Manipulation

a) IP to FQDN conversion Conversion in P-Asserted-Identity

The Message Manipulation is used convert IP to tenant1's FQDN in the P-Asserted-Identity.

...

  1. Select Message Rule Tables > PAI IP to FQDN.
  2. From the Create Rule drop-down menu, select Header Rule.
  3. Under Condition Expression> Add/Edit and select Message Rule Condition > Match all Condition and from the drop-down menu, select the condition rule as Tenant1 Num.
  4. Select Header Action as Modify and Header Name as P-Preferrred-Identity.
  5. Under Header Value > URI Host, select Modify.
  6. Click on Add/Edit. Under the Edit Message Field, set Type of Value as Literal and Value as Tenant1's FQDN.
  7. Click OK and Apply.

b) 408 Request Time-Out to 503 Service Unavailable

Info
titleNote
  • The SMM given below is used to convert 408 Request Time-out response for sip OPTIONS into 503 service unavailable.  

...

  • SBC doesn't generate an alarm and the inactive node is not removed from call routing when a 408 response is received from the Webex node for SIP OPTIONS.
  • It is recommended to use the SMM given below to convert 408 Request Time-out to 503 Service Unavailable.

Condition Rule Table

The Condition Rule Table is here to match the 408 response that is coming only for sip SIP OPTIONS.

From the Settings tab, navigate to SIP > Message Manipulation > Condition Rule Table. Click the  icon to create a new Condition Rule Table.

...

  1. Click on the Message Rule Table 408 to 503.
  2. From the Create Rule drop-down menu, select Status Line Rule.
  3. Under Condition Expression> Add/Edit, select Message Rule Condition > Match all Condition, and from the drop-down menu, select the condition rule as 408 to 503.
  4. Under Status Line Value > Modify > Add/Edit, set Type of Value as Literal and Value as 503 Service Unavailable.
  5. Click OK.

...

SIP Profile - Webex

From the Settings tab, navigate to SIP > SIP Profiles. Click the  icon to create a new SIP Profile.

  1. Provide a name for the profile in the Description field.
  2. Enable Session Timer. This field specifies whether or not to use Session Timer to verify the SIP session. 
  3. Set Minimum Acceptable Timer to 600 and Offered Session Timer to 3600.
  4. From the FQDN in From Header drop-down menu, select SBC Edge FQDN, so that sip Messages from SBC Edge to Webex will have SBC FQDN in From header
  5. From the FQDN in Contact Header drop-down menu, select SBC FQDN, so that sip Messages from SBC Edge to Webex will have SBC FQDN in Contact header.
  6. Click OK.

...

SIP Server - Webex

From the Settings tab, navigate to SIP > SIP Server Tables. Click the  icon to create a new SIP Server Table.

...

  1. Click on the SIP Server Table created in the previous step.
  2. From the Create SIP Server drop-down menu, select DNS-SRV.
  3. Provide the SRV of the Cisco Webex and service of the SRV as sips.
  4. Select the Protocol as TLS and attach the TLS profile which was created previously.
  5. Under the Transport section, enable sip OPTIONS by selecting SIP OPTIONS from the Monitor drop-down menu, and set the Local username as SBC host name and the Peer Username as Webex.
  6. Click OK.

Call Routing Table -

...

Webex

From the Settings tab, navigate to Call Routing > Call Routing Table. Click the  icon to create a Call Routing Table.

...

  1. Attach the Call Routing Table (CallRoutingTable-WEBEXWebex).
  2. Attach the Sip Profile (SipProfile-Webex).
  3. Attach the SIP Server Table (SIPServerTable-PSTN).
  4. Attach the SDES-SRTP Profile (SDES-SRTPProfile-Webex).
  5. Attach the Media List (MediaList-Webex). 
  6. Associate the appropriate IP address in the "Signaling/Media Source IP" field.
  7. Configure Protocol and Listen Ports in the "Listen Ports" panel.
  8. Create an entry in the Federated IP/FQDN panel.
  9. Enable Message Manipulation and attach the profile "PAI IP to FQDN" and "408 to 503" in the outbound Message Manipulation Table List.
  10. Click OK.

...

Transformation Tables facilitate the conversion of names, numbers and other fields when routing a call. They can, for example, convert a public PSTN number into a private extension number, or into a SIP address (URI). Every entry in a Call Routing Table requires a Transformation Table. In addition, Transformation tables are configurable as a reusable pool that Action Sets can reference.

Transformation

...

Table Webex to PBX

From the Settings tab, navigate to Call Routing > Transformation. Click the  icon to create a Transformation Table.

...

From the Settings tab, navigate to Call Routing > Transformation > WEBEXWebex_CUCM. Click the  icon to create a Transformation Table Entry.

  1. Under Input Field, enter the PBX number that is dialed from the WEBEXWebex.
  2. Click OK.

Transformation

...

Table Webex to PSTN

From the Settings tab, navigate to Call Routing > Transformation. Click the  icon to create a Transformation Table.

...

From the Settings tab, navigate to Call Routing > Transformation > WEBEXWebex_PSTN. Click the  icon to create a Transformation Table Entry.

  1. Under Input Field, enter the PSTN number that is dialed from the WEBEXWebex.
  2. Click OK.

Transformation

...

Table PSTN to Webex Tenant1

From the Settings tab, navigate to Call Routing > Transformation. Click the  icon to create a Transformation Table.

...

Call Routing Table Entry

PSTN to WEBEXWebex

From the Settings tab, navigate to Call Routing > Call Routing Table > PSTN_TO_WEBEXWebexClick the  icon to create a Call Routing Table.

  1. Attach the PSTN to WEBEX Webex Transformation Table, which is present in the SBC Edge by default.
  2. Click on Add/Edit under Destination Signaling Groups, and select Webex_SG.
  3. Select DSP for Audio Stream Mode and Proxy for Video Stream Mode.
  4. Click OK.

PBX to WEBEXWebex

From the Settings tab, navigate to Call Routing > Call Routing Table > CUCM_TO_WEBEXWebex. Click the  icon to create a Call Routing Table.

  1. Attach the PSTN to WEBEXWebex Transformation Table, which is present in the SBC Edge by default.
  2. Click on Add/Edit under Destination Signaling Group and select Webex_SG.
  3. Select DSP for Audio Stream Mode and Proxy for Video Stream Mode.
  4. Click OK.

...

Info
titleNote

For Passthrough calls, 'Audio Stream Mode' can be set to 'Proxy preferred over DSP' and enable SRTP on PBX leg.

WEBEX Webex to PSTN

From the Settings tab, navigate to Call Routing > Call Routing Table > WEBEXWebex_TO_PSTN&CUCM. Click the  icon to create a Call Routing Table.

  1. Attach the WEBEXWebex_PSTN Transformation Table to the match the PSTN's number.
  2. Click on Add/Edit under Destination Signaling Groups, and select PSTN_SG.
  3. Select DSP for Audio Stream Mode and Proxy for Video Stream Mode.
  4. Click OK.

WEBEX Webex to PBX

From the Settings tab, navigate to Call Routing > Call Routing Table > WEBEXWebex_TO_PSTN&CUCM. Click the  icon to create a Call Routing Table.

  1. Attach the WEBEXWebex_CUCM Transformation Table to the match the PBX's number.
  2. Click on Add/Edit under Destination Signaling Groups, and select CUCM_SG.
  3. Select DSP for Audio Stream Mode and Proxy for Video Stream Mode.
  4. Click OK.

...

Multi-Tenant with Single IP / Multiple Port on SBC

...

For Multi-Tenant deployment

...

,

...

refer to SBCEdgeConfigurationforCiscoWebexCallingside for Tenant1.

...

Refer to the following

...

configuration for Tenant 2.

TLS Certificates

CN-based TLS certificate Certificate for Multiple Tenants

Create the certificate for Ribbon SBC with the CN containing the SBC's FQDN for Tenant 2.

...

  1. From the TLS Protocol drop-down menu, select TLS 1.0-1.2.
  2. Attach the certificate which is uploaded in the supplementary certificate.
  3. Add the cipher suites that are supported on Cisco Webex.
  4. Enable the Validate Server and Client FQDN fields to validate the CN and SAN name in the certificate send by Server and Client.
  5. Click OK.

...

SIP Server Table Tenant2

Create a sip server table similar to the one created before.

  1. From the Create SIP Server drop-down menu, select DNS-SRV.
  2. Provide the SRV of the Cisco Webex and set the service of the SRV as sips.
  3. Select the Protocol as TLS and attach the TLS profile which was created using the Tenant2 certificate.
  4. Under the Transport section, enable sip OPTIONS by selecting SIP OPTIONS from the Monitor drop-down menu, and set the Local username as the SBC host name and the Peer Username as Webex.
  5. Click OK.

Message Manipulation

IP to FQDN

...

Conversion in P-Asserted-Identity

The Message Manipulation is used to convert IP to tenant2's FQDN in the P-Asserted-Identity.

...

  1. Select Message Rule Tables > Towards Tenant2.
  2. From the Create Rule drop-down menu, select Header Rule.
  3. Under Condition Expression> Add/Edit and select Message Rule Condition > Match all Condition and from the drop-down menu, select the condition rule as Tenant2.
  4. Select Header Action as Modify and Header Name as P-Preferrred-Identity.
  5. Under Header Value > URI Host select Modify.
  6. Click on Add/Edit. Under the Edit Message Field, set Type of Value as Literal and Value as Tenant2's FQDN.
  7. Click OK and Apply.

...

SIP Profile Webex Tenant2

From the Settings tab, navigate to SIP > SIP Profiles. Click the  icon to create a new SIP Profile.

...

  1. Provide a name for the Routing Table.
  2. Click OK.

SIP Signaling Group -

...

Webex Tenant2

From the Settings tab, navigate to Signaling Groups. Click Add SIP SG.

...

  1. Under Input Field give the PSTN number that is dialed from the WEBEX Webex or Passthrough can be used since we are creating a separate Call Routing for Tenant2 to Webex.
  2. Click Ok.

...

  1. Attach the PSTN to Tenant2 Table.
  2. Click on Add/Edit under Destination Signaling Group and select Tenant 2 SG.
  3. Select DSP for Audio Stream Mode and Proxy for Video Stream Mode.
  4. Click OK.

...

...

Multi-Tenant with

...

Single IP and Port

...

Multi-Tenant with Single IP and Port

...

on SBC

For Multi-Tenant deployment with a single IP/Port, refer to SBCEdgeConfigurationforCiscoWebexCallingside with some changes in the following profiles.

TLS Certificates

SAN-based TLS

...

Certificate for Multiple Tenants

From the Settings tab, navigate to Security > SBC Certificates > Generate SBC Edge Certificates.

...

  1. From the TLS Protocol drop-down menu, select TLS 1.0-1.2.
  2. Attach the certificate which is uploaded in the SBC certificate.
  3. Add the cipher suites that are supported on Cisco Webex.
  4. Enable the Validate Server and Client FQDN fields to the validate the CN and SAN name in the certificate sent by Server and Client.
  5. Click OK.

...

SIP Profile

In the existing sip profile which is created in the single tenant, Disable the FQDN in From Header and Contact header.

...

  • The same Signaling Group can be used by attaching the newly created Sip SIP Profile and Message manipulation.
  • Attach the newly created TLS profile in the existing sip server table which is used for single tenant configuration.
  • The same Call Routing Table can be used which is used for single tenant configuration.
  • Both Tenant FQDN will be using the same listen port.

...

Info
titleNote

The same Call Routing can be used which is used in the Single Tenant Configuration by adding an Transformation table entry in PSTN  and PBX towards Webex to match the Tenant2 number.

Multi-Tenant with Multiple IP and Port on SBC

  • For Multi-Tenant deployment with Multiple IP and Port, you can refer to SBCEdgeConfigurationforCiscoWebexCallingside for Tenant1. For Tenant 2, refer to Multi-TenantwithSingleIP/MultiplePortonSBC.
  • For Multi-Tenant with Multiple IP and Port, the same configuration above can be used by changing the signaling/media Source IP on 'SIP Signaling Group - Webex Tenant2'.
  • If multiple Webex tenants are in same 'Webex control hub location' and when the SBC's source ethernet IPs are in different networks, it is recommended to configure the static route using 'different netmasks' for the same destination (Location).

Cisco Webex Cisco Webex Calling Configuration 

For configuration on Cisco Webex, visit https://help.webexWebex.com/.

Supplementary Services and Features Coverage

...

Note the following items in relation to this Interop - these are either limitations, untested elements or useful information pertaining to the interoperability.

Marking Cisco node as down when INVITE gets 503 failure response
  • When PSTN calls Webex client and the Webex node sends a 503 response, the INVITE goes to the next available Webex node but the SBC does not mark the Webex node as down.
  • This issue does not have any impact on calls.
Multi-Tenant in the same Webex Control Hub Location
STUN packets (ICE) not received from Webex during the Ringback stage
  • For Webex to PSTN calls with the ICE mode enabled, the SBC doesn't receive any STUN packets from Webex. Due to this, the SBC rejects the call with 5XX responseThe issue is observed only when the Webex tenants are in same location and when the SBC has ethernet IPs in different networks for Multiple Tenants.
  • As a workaround solution, it is suggested recommended to configure the static route with different netmasks for the same destination (Location).
Displaying the status/history of the nodes

...

  • enable 'static NAT' on the Webex signaling group.
Not blocklisting the Webex node when the SBC receives 503

...

for

...

the INVITE
  • When PSTN calls Webex client and the Webex node sends a 503 response, the INVITE goes to the next available Webex node but the SBC does not blocklist the Webex node. But this status will be for a short period only till OPTIONS is sent.
  • This issue does not have any impact on calls.
Displaying the status/history of the nodes
  • When the SBC receives 503/408/no response for SIP Options from Webex, the SBC generates an alarm in the Monitor tab but there is no status (up/down) displayed for that particular node.
  • Functionality is working fine but from a serviceability perspective, the SBC is unable to display the node status/history.

...

No Alarm is generated for 408 Response for SIP Options
  • The SBC does not generate any alarm & the inactive node is not removed from call routing when a 408 response is received for SIP options from any particular node.
  • This issue can be resolved by using an SMM to modify the 408 to a 503 in this case.

SBC supports only Proxy mode for Video call

  • The SBC supports only Proxy mode for Video calls, so the SBC relays the Crypto lines without decrypting or encrypting.
  • As a workaround, it is suggested to use SRTP on the PSTN/Enterprise network.
 TLS Connections Monitoring
  • The SBC does not support tracking the open TLS connections and past TLS connections.
TTL issue
  • The SBC is not adhering to the Time To Live (TTL) for sending the SRV query.
  • This issue is observed only in SBC 1K/2K and not observed in SWe Edge.

...

SBC response to OPTIONS during drain mode
  • When the SBC SIP signaling group is in drain mode, the SBC is not responding to with 503 Service Unavailable for incoming SIP OPTIONS.
  • This issue is observed only in SBC 1K/2K and not observed in SWe Edge.
SBC supports only Proxy mode for Video calls
  • The SBC supports only Proxy mode for Video calls, so the SBC relays Crypto lines without decrypting or encrypting.
  • As a workaround, it is suggested to use SRTP on the Enterprise network.

These issues will be addressed by Ribbon in their upcoming releases.

Support

For any support related queries about this guide, please contact your local Ribbon representative, or use the details below:

...

For detailed information about Cisco Webex, visit: https://www.webexWebex.com/.

Conclusion

This Interoperability Guide describes successful configuration for Ribbon SBC Edge interop involving Cisco Webex Calling for customer deployments.

...