© 2021 Ribbon Communications Operating Company, Inc. © 2021 ECI Telecom Ltd. All rights reserved. The compilation (meaning the collection, arrangement and assembly) of all content on this site is protected by U.S. and international copyright laws and treaty provisions and may not be used, copied, reproduced, modified, published, uploaded, posted, transmitted or distributed in any way, without prior written consent of Ribbon Communications Inc.
The trademarks, logos, service marks, trade names, and trade dress (“look and feel”) on this website, including without limitation the RIBBON and RIBBON logo marks, are protected by applicable US and foreign trademark rights and other proprietary rights and are the property of Ribbon Communications Operating Company, Inc. or its affiliates. Any third-party trademarks, logos, service marks, trade names and trade dress may be the property of their respective owners. Any uses of the trademarks, logos, service marks, trade names, and trade dress without the prior written consent of Ribbon Communications Operating Company, Inc., its affiliates, or the third parties that own the proprietary rights, are expressly prohibited.
This document outlines the configuration best practices for the Ribbon solution covering the Ribbon SBC Core SWe when deployed with Microsoft Teams vSBA (virtual Survivable Branch Appliance).
A Session Border Controller (SBC) is a network element deployed to protect SIP-based Voice over Internet Protocol (VoIP) networks. Early deployments of SBCs were focused on the borders between two service provider networks in a peering environment. This role has now expanded to include significant deployments between a service provider's access network and a backbone network to provide service to residential and/or enterprise customers.
The SBC Core (SBC 5K, 7K, SWe) addresses the next-generation needs of SIP communications by delivering embedded media transcoding, robust security and advanced call routing in a high-performance, small form-factor device enabling service providers and enterprises to quickly and securely enhance their network by implementing services like SIP Trunking, secure Unified Communications and Voice over IP (VoIP).
The SBC Core provides a reliable, scalable platform for IP interconnect to deliver security, session control, bandwidth management, advanced media services and integrated billing/reporting tools in an SBC appliance. This versatile series of SBCs can be deployed as peering SBCs, access SBCs or enterprise SBCs (eSBCs). The SBC product family is tested for interoperability and performance against a variety of third-party products and call flow configurations in the customer networks.
SBC 5x10, 5400, 7000 and SWe are represented as SBC Core in the subsequent sections.
When a customer site using Direct Routing to connect to Microsoft Phone System experiences an internet outage, the intranet inside the branch is still fully functional. Users can connect to the Session Border Controller (SBC) that is providing the PSTN connectivity.
During an internet outage, the Teams client should switch to the SBA automatically. No action is required from the user. As soon as the Teams client detects that the internet service is restored and any outgoing calls are finished, the client will fall back to normal operation mode and connect to other Teams services.
The interoperability compliance testing focuses on verifying inbound and outbound call flows between the Ribbon SBC SWe Core & Teams vSBA.
This guide contains the following configuration sections:
Captures the Microsoft SBA configuration.
Basic Calls and Call Hold/Resume features can be tested with configurations from Section A and Section B.
It is not the goal of this guide to provide detailed configurations that will meet the requirements of every customer. Use this guide as a starting point and build the SBC configurations in consultation with network design and deployment engineers.
This is a technical document intended for telecommunications engineers with the purpose of configuring both the Ribbon SBCs and the third-party product.
To perform this interop, you need to:
This configuration guide is offered as a convenience to Ribbon customers. The specifications and information regarding the product in this guide are subject to change without notice. All statements, information, and recommendations in this guide are believed to be accurate but are presented without warranty of any kind, express or implied, and are provided “AS IS”. Users must take full responsibility for the application of the specifications and information in this guide.
The following aspects are required before proceeding with the interop:
The sample configuration in this document uses the following equipment and software:
This section covers the Ribbon SWe Core deployment topology and the Interoperability Test Lab Topology.
The following lab topology diagram shows connectivity between Ribbon SWe Core on virtual platform and Microsoft SBA.
The following SBC Core configurations are included in this section:
TLS Configuration on Ribbon SBC Core
Microsoft SBA Leg Configuration
Ribbon SBC is as shown below:
Mgmt is an RJ45 port and is the management interface of the SBC.
Media 0/Media1 depicted as pkt0/pkt1 are RJ45 OR optical SFP ports. Media 0 and Media 1 are used in the current deployment and the same interfaces can be used in SBC Core 5K and 7K (appliance based). Typically, on 5K/7K these ports would be optical SFPs.
For the SBC SWe (virtualized platform), the logical pkt0/pkt1 interface must be mapped to a physical port.
Static routes are used to create communication to remote networks. In a production environment, static routes are mainly configured for routing from a specific network to a network that can only be accessed through one point or one interface (single path access or default route).
Add the static route once the Microsoft SBA Leg and PSTN Leg configurations are done on the SBC.
set addressContext default staticRoute 0.0.0.0 0 10.54.X.X LIF1 PKT0_V4 preference 100 commit
set addressContext default staticRoute 0.0.0.0 0 115.110.X.X LIF2 PKT1_V4 preference 100 commit
Prerequisites:
Generate a CSR with OpenSSL
# To create a Certificate Signing Request (CSR) and key file for a Subject Alternative Name (SAN) certificate with multiple subject alternate names, complete the following procedure: Create an OpenSSL configuration file (text file) on the local computer by editing the fields to the company requirements. Note 1: In the example used in this article the configuration file is req.conf. Note 2: req_extensions will put the subject alternative names in a CSR, whereas x509_extensions would be used when creating an actual certificate file. [req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] C = US ST = VA L = SomeCity O = MyCompany OU = MyDivision CN = www.company.com [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = www.company.com DNS.2 = company.com DNS.3 = www.company.net DNS.4 = company.net Make sure there are no whitespaces at the end of the lines. #Run the following commands to create the Certificate Signing Request (CSR) and a new Key file: openssl req -new -out company_san.csr -newkey rsa:2048 -nodes -sha256 -keyout company_san.key.temp -config req.conf #Run the following command to verify the Certificate Signing Request: openssl req -text -noout -verify -in company_san.csr # After receiving the CSR with above information, provide it to CA (Certificate Authority). You will then receive the proper CA signed certificate in .crt format that is convertable into other formats using openssl. # By default, you should receive two or more certificates from CA (depanding upon your CA). One is the SBC certificate, and other is CA's root and intermediate certificate. # Upload the certificates to the SBC at /opt/sonus/external and convert them into SBC-readable format, i.e. SBC certificate is in .pem or .p12 format and root certificate is in .cer or .der. #Converting .crt to .pem USING OPENSSL for SBC certificate. openssl x509 -in sbc_cert.crt -out sbc_cert.der -outform DER openssl x509 -in sbc_cert.der -inform DER -out sbc_cert.pem -outform PEM #After generating sbc_cert.pem file, convert it to .p12 format using below command and the location of the certificate key. openssl pkcs12 -export -out sbc1_cert.p12 -in sbc_cert.pem -inkey /opt/sonus/company_san.key.temp #CONVERTING CRT to CER USING OPENSSL for CA's root and intermediate certificate. openssl x509 -in root_cert.crt -out root_cert.cer -outform DER After converting all these certificates upload them on SBC at /opt/sonus/external location.
#Import Public CA Root Certificate into database. set system security pki certificate CA_ROOT_CERT type remote fileName root_cert.der state enabled #Import Public CA Certified SBC Server Certificate into database. set system security pki certificate SBC_CERT filename sbc1_cert.p12 passPhrase <Password defined during CSR generation> state enabled type local #Import the Baltimore Certificate into database. set system security pki certificate BALTIMORE_CERT type remote fileName BaltimoreSBA.der state enabled
A TLS Profile is required for the TLS handshake between the SBA and SBC Core. This profile defines cipher suites supported by SBC Core. Create the TLS profile as mentioned below:
set profiles security tlsProfile SBA_TLS clientCertName SBC_CERT serverCertName SBC_CERT cipherSuite1 tls_ecdhe_rsa_with_aes_256_cbc_sha384 cipherSuite2 tls_ecdhe_rsa_with_aes_128_cbc_sha authClient true allowedRoles clientandserver acceptableCertValidationErrors invalidPurpose set profiles security tlsProfile SBA_TLS v1_0 disable set profiles security tlsProfile SBA_TLS v1_1 enable set profiles security tlsProfile SBA_TLS v1_2 enable commit
Attach the TLS Profile to the SIP Signaling Port that will be created later in the Microsoft SBA Leg Configuration.
Since there is a SRTP between the SBA and SBC, a crypto suite profile needs to be created as follows:
set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES-CM-128-HMAC-SHA1-80 commit
This section covers SBC Generic configurations such as: Element Routing Priority, Prefix Profile, E164 Profile, Codec Entry and Packet Service Profile.
set profiles callRouting elementRoutingPriority TEAMS_ERP entry _private 1 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry nationalOperator 1 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry localOperator 1 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry nationalType 1 entityType trunkGroup set profiles callRouting elementRoutingPriority TEAMS_ERP entry nationalType 2 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry internationalType 1 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry internationalOperator 1 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry longDistanceOperator 1 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry ipVpnService 1 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry test 1 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry transit 1 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry otherCarrierChosen 1 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry carrierCutThrough 1 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry userName 1 entityType trunkGroup set profiles callRouting elementRoutingPriority TEAMS_ERP entry userName 2 entityType none set profiles callRouting elementRoutingPriority TEAMS_ERP entry mobile 1 entityType none
Codec entry allows you to specify the codec used for the call. Create the codec entry for G711 codec with a packet size 20 and rfc2833 method for dtmf.
set profiles media codecEntry G711-TEAMS codec g711 set profiles media codecEntry G711-TEAMS packetSize 20 set profiles media codecEntry G711-TEAMS law deriveFromOtherLeg set profiles media codecEntry G711-TEAMS dtmf relay rfc2833 commit
To configure the RTCP for media, execute the following commands:
set system media mediaRtcpControl senderReportInterval 5 set system media mediaRtcpControl sendBYEPacket disabled commit
The SBC SIP domain is configured as follows:
set global sipDomain IOTSBA.CUSTOMERS.INTEROPDOMAIN.COM commit
The SBA SIP domain is configured as follows:
set global sipDomain IOTTEAMSBA.CUSTOMERS.INTEROPDOMAIN.COM commit
Configure the Ring Back Tone profile as follows:
set profiles media toneCodecEntry g711u codec g711 set profiles media toneCodecEntry g711u law ULaw set profiles media toneCodecEntry g711a codec g711 set profiles media toneCodecEntry g711a law ALaw set profiles media toneAsAnnouncementProfile toneType defRing codecType g711u segmentId 20001 set profiles media toneAsAnnouncementProfile toneType defRing codecType g711a segmentId 20002 commit
Create and attach a Path Check Profile to the SBA side:
set profiles services pathCheckProfile SBA_OPTIONS protocol sipOptions sendInterval 50 replyTimeoutCount 1 recoveryCount 1 set profiles services pathCheckProfile SBA_OPTIONS transportPreference preference1 tls-tcp commit
Microsoft expects the fqdn in the From and Contact header of the OPTIONS message. Replace <user_input1> with the SBC's fqdn in the SMM below.
set profiles signaling sipAdaptorProfile SBAOPT state enabled set profiles signaling sipAdaptorProfile SBAOPT advancedSMM disabled set profiles signaling sipAdaptorProfile SBAOPT profileType messageManipulation set profiles signaling sipAdaptorProfile SBAOPT rule 1 applyMatchHeader one set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 type message set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 message set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 1 message messageTypes requestAll set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 type header set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header name From set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header condition exist set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 2 header hdrInstance all set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 type token set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token condition exist set profiles signaling sipAdaptorProfile SBAOPT rule 1 criterion 3 token tokenType urihostname set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 type token set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 operation modify set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from type value set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 from value <user_input1> set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to type token set profiles signaling sipAdaptorProfile SBAOPT rule 1 action 1 to tokenValue urihostname set profiles signaling sipAdaptorProfile SBAOPT rule 2 applyMatchHeader one set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 type message set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 message set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 1 message messageTypes requestAll set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 type header set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header name Contact set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header condition exist set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 2 header hdrInstance all set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 type token set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token condition exist set profiles signaling sipAdaptorProfile SBAOPT rule 2 criterion 3 token tokenType urihostname set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 type token set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 operation modify set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from type value set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 from value <user_input1> set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to type token set profiles signaling sipAdaptorProfile SBAOPT rule 2 action 1 to tokenValue urihostname set profiles signaling sipAdaptorProfile SBAOPT rule 3 applyMatchHeader one set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 type message set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 message set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 1 message messageTypes requestAll set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 type header set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header name From set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header condition exist set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 2 header hdrInstance all set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 type token set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token condition exist set profiles signaling sipAdaptorProfile SBAOPT rule 3 criterion 3 token tokenType urihostname set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 type header set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 operation add set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 headerPosition last set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from type value set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 from value "Ribbon SBCvirtual V10.01.01R002" set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to type header set profiles signaling sipAdaptorProfile SBAOPT rule 3 action 1 to value User-Agent
Apply this SMM globally as follows:
set global signaling messageManipulation outputAdapterProfile SBAOPT commit
Create profiles with a specific set of characteristics corresponding to the PSTN. This includes the configuration of the following entities on the PSTN leg:
Create an IP Signaling Profile with the appropriate signaling flags towards PSTN Leg.
set profiles signaling ipSignalingProfile PSTN_IPSP ipProtocolType sipOnly set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags includeReasonHeader enable set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags includeTransportTypeInContactHeader enable set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags minimizeRelayingOfMediaChangesFromOtherCallLegAll enable set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags relayDataPathModeChangeFromOtherCallLeg enable set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags sendPtimeInSdp enable set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags storePChargingVector enable set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags lockDownPreferredCodec enable set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes transparencyFlags userAgentHeader enable set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes flags disable2806Compliance enable set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes privacy privacyInformation pPreferredId set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes privacy flags includePrivacy enable commit
Create an IP interface group.
Replace "x.x.x.x" with the SBC's packet interface (pkt) IP address towards PSTN (example pkt0 IP), and "Y" with its prefix length. Provide ceName used during an SBC deployment.
Here, the ceName is "TEAMSSBA1".
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName TEAMSSBA1 portName pkt0 set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 portName pkt0 set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ipAddress x.x.x.x prefix Y set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 mode inService set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 state enabled commit
Create the Zone towards the PSTN and specify the ID of the zone.
This Zone groups the set of objects used for the communication towards the PSTN.
set addressContext default zone PSTN id 2 commit
Set the SIP Signaling port, which is a logical address used to send and receive SIP call signaling packets and is permanently bound to a specific zone.
Replace "x.x.x.x" with SIP Signaling Port IP of SBC towards PSTN Leg.
set addressContext default zone PSTN sipSigPort 3 ipInterfaceGroupName LIF1 set addressContext default zone PSTN sipSigPort 3 ipAddressV4 x.x.x.x set addressContext default zone PSTN sipSigPort 3 portNumber 5060 set addressContext default zone PSTN sipSigPort 3 mode inService set addressContext default zone PSTN sipSigPort 3 state enabled commit
Create an IP Peer towards the PSTN as follows:
set addressContext default zone PSTN ipPeer PSTN_IPP ipAddress x.x.x.x ipPort yyyy commit
Create a SIP Trunk Group towards the PSTN Leg and assign corresponding profiles such as PSP and IPSP that are created in previous steps. For ingressIpPrefix
, replace "X.X.X.X
" with the IP address that you want to allow from the PSTN side, and "Y
" with its prefix length.
You must configure Trunk Group names using capital letters.
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG media mediaIpInterfaceGroupName LIF1 set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG mode inService state enabled commit set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling methods notify allow set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling rel100Support enabled set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling relayNonInviteRequest enabled set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling honorMaddrParam enabled set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG services dnsSupportType a-only set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG ingressIpPrefix X.X.X.X Y commit
Create a Routing Label with a single Routing Label Route to bind the PSTN Trunk Group with the PSTN IP Peer.
set global callRouting routingLabel PSTN_RL routingLabelRoute 1 trunkGroup PSTN_TG set global callRouting routingLabel PSTN_RL routingLabelRoute 1 ipPeer PSTN set global callRouting routingLabel PSTN_RL routingLabelRoute 1 inService inService commit
This entry is used to route all the calls coming from the SBA to the PSTN.
Provide ceName used during an SBC deployment. "TEAMSSBA" is the ceName.
set global callRouting route trunkGroup SBA_TG TEAMSSBA standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel PSTN_RL commit
Create profiles with a specific set of characteristics corresponding to the Microsoft SBA. This includes the configuration of the following entities on the Microsoft SBA leg:
Create an IP Signaling Profile with the appropriate signaling flags towards the SBA.
set profiles signaling ipSignalingProfile TEAMS_IPSP ipProtocolType sipOnly set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags includeReasonHeader enable set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags includeTransportTypeInContactHeader enable set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags routeUsingRecvdFqdn enable set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags sendPtimeInSdp enable set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags sendRtcpPortInSdp enable set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags storePChargingVector enable set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags publishIPInHoldSDP enable set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes relayFlags statusCode4xx6xx enable set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags minimizeRelayingOfMediaChangesFromOtherCallLegAll enable set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags relayDataPathModeChangeFromOtherCallLeg enable set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes numberGlobalizationProfile DEFAULT_IP set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes flags disable2806Compliance enable set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useIpSignalingPeerDomainInRequestUri enable set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useSipDomainInPAIHeader enable set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useSipDomainNameInFromField enable set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useZoneLevelDomainNameInContact enable set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes privacy transparency disable set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes privacy privacyInformation pPreferredId set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes privacy flags includePrivacy enable set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes privacy flags privacyRequiredByProxy disable set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes privacy flags msLyncPrivacySupport enable set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes redirect flags forceRequeryForRedirection enable set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes transport type1 tlsOverTcp set profiles signaling ipSignalingProfile TEAMS_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable commit
Create an IP interface group.
Replace "x.x.x.x" with the SBC's packet interface (pkt) IP address towards SBA (example pkt1 IP), and "Y" with its prefix length. Provide the ceName used during an SBC deployment.
Here, the ceName is "TEAMSSBA1".
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName TEAMSSBA1 portName pkt1 set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ipAddress x.x.x.x prefix Y set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled commit
Create a Zone towards the SBA and specify the ID of the zone.
This Zone groups the set of objects used for communication towards SBA.
set addressContext default zone SBA_ZONE id 6 commit
Set the SIP Signaling port, which is a logical address used to send and receive SIP call signaling packets and is permanently bound to a specific zone.
Replace "x.x.x.x" with the SIP Signaling Port IP address of the SBC towards SBA.
set addressContext default zone SBA_ZONE sipSigPort 7 ipInterfaceGroupName LIF2 set addressContext default zone SBA_ZONE sipSigPort 7 ipAddressV4 x.x.x.x set addressContext default zone SBA_ZONE sipSigPort 7 portNumber 5060 set addressContext default zone SBA_ZONE sipSigPort 7 tlsProfileName SBA_TLS set addressContext default zone SBA_ZONE sipSigPort 7 transportProtocolsAllowed sip-tls-tcp set addressContext default zone SBA_ZONE sipSigPort 7 mode inService set addressContext default zone SBA_ZONE sipSigPort 7 state enabled commit
Attach the TLS Profile created earlier SBA_TLS.
There are a few areas that result in a TLS negotiation issue. One area involves assigning the incorrect port. Ensure the following are accomplished:
SBA listens on port number 5061 (default setting).
Configure port number 5060 on the SBC IP-Peer, since Ribbon SBC Core increments the port by 1 when the transport protocol is TLS.
Create an IP Peer with the signaling fqdn of the SBA and assign it to the SBA Zone.
Replace "x.x.x.x" with the SBA fqdn.
set addressContext default zone SBA_ZONE ipPeer SBA policy description "" set addressContext default zone SBA_ZONE ipPeer SBA policy sip fqdn X.X.X.X set addressContext default zone SBA_ZONE ipPeer SBA policy sip fqdnPort 5060 set addressContext default zone SBA_ZONE ipPeer SBA pathCheck profile SBA_OPTIONS set addressContext default zone SBA_ZONE ipPeer SBA pathCheck hostName X.X.X.X set addressContext default zone SBA_ZONE ipPeer SBA pathCheck hostPort 5060 set addressContext default zone SBA_ZONE ipPeer SBA pathCheck state enabled commit
Create a SIP Trunk Group towards the SBA and assign corresponding profiles such as PSP and IPSP, that were created in earlier steps.
You must configure Trunk Group names using capital letters.
set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG media mediaIpInterfaceGroupName LIF1 set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG ingressIpPrefix 0.0.0.0 0 commit commit set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy callRouting elementRoutingPriority TEAMS_ERP set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy media packetServiceProfile TEAMS_PSP set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy media toneAndAnnouncementProfile TEAMS_LRBT_PROF set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy services classOfService DEFAULT_IP set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG policy signaling ipSignalingProfile TEAMS_IPSP set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG signaling relayNonInviteRequest enabled set addressContext default zone SBA_ZONE sipTrunkGroup SBA_TG ingressIpPrefix 0.0.0.0 0 commit
Create a Routing Label with a single Routing Label Route to bind the SBA Trunk Group with the SBA IP Peer.
set global callRouting routingLabel SBA_RL routingLabelRoute 1 trunkGroup SBA_TG set global callRouting routingLabel SBA_RL routingLabelRoute 1 ipPeer SBA set global callRouting routingLabel SBA_RL routingLabelRoute 1 inService inService commit
This entry is used to route all the calls coming from the PSTN towards the SBA.
Provide ceName used during an SBC deployment. "TEAMSSBA" is the ceName.
set global callRouting route trunkGroup PSTN_TG TEAMSSBA standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel SBA_RL commit
For information on configuring the Survivable Branch Appliance (SBA) for Direct Routing refer to following link:
https://docs.microsoft.com/en-us/microsoftteams/direct-routing-survivable-branch-appliance
For the Prerequisites, Installation and Configuring the Direct Routing SBA refer to following link:
For Prerequisites on Direct routing SBA, refer to the following link:
For Installation on Direct routing SBA refer to Step 1 in the following link:
For Configuring on Direct routing SBA refer to Step 2 in the following link:
Do not configure the following section - Configure SBC SWe Edge, as this is strictly for Ribbon SWe Edge Configuration.
The following checklist depicts the set of services/features covered through the configuration defined in this Interop Guide.
Sr. No. | Supplementary Features/Services | Coverage |
---|---|---|
1 | OPTIONS ping (SBC to SBA) | |
2 | OPTIONS ping (SBA to SBC) | |
3 | Basic Call from PSTN to Teams | |
4 | Basic Call from Teams to PSTN | |
5 | Call Hold & Call Resume |
Legend
Supported | |
Not Supported | |
N/A | Not Applicable |
For any support related queries about this guide, contact your local Ribbon representative, or use the details below:
For detailed information about Ribbon products & solutions, go to :
https://ribboncommunications.com/products
For information about microsoft products & solutions, go to:
https://docs.microsoft.com/en-us/microsoftteams/
This Interoperability Guide describes a successful configuration of the Microsoft SBA interoperability with Ribbon SBC Core.
All features and capabilities tested are detailed within this document - any limitations, notes or observations are also recorded in order to provide the reader with an accurate understanding of what has been covered, and what has not.
Configuration guidance is provided to enable the reader to replicate the same base setup - there maybe additional configuration changes required to suit the exact deployment environment.
© 2021 Ribbon Communications Operating Company, Inc. © 2021 ECI Telecom Ltd. All rights reserved.