Table of Contents

 

Document Overview

This document provides a configuration guide for Sonus SBC 5XX0 series (Session Border Controller) when connecting to Microsoft Skype for Business.

This configuration guide supports features given in TDS_SfB_Server_2015_Infrastructure_Interoperability_Program_for_SBC.docx.

Introduction

The interoperability compliance testing focuses on verifying inbound and outbound calls flows between the Sonus SBC 5200 and Microsoft Skype for Business, using TCP, TLS and SRTP.

Audience

This is a technical document intended for telecommunications engineers with the purpose of configuring both the Sonus SBC and the third-party product. Some steps require navigating third-party as well as the Sonus SBC Command Line Interface (CLI). Understanding the basic concepts of TCP/UDP, IP/Routing, and SIP/RTP are also necessary to complete the configuration and for troubleshooting, if necessary.

Requirements

The following equipment and software were used for the sample configuration provided:

Test Equipment and Software

 

Equipment

Software Version

Sonus Networks

Sonus SBC 5200

BMC

BIOS

ConnexIP OS

SonusDB

EMA

SBX

 

V02.10.00

V02.06.00

V03.00.01-R000

V05.00.01-R000

V05.00.01-R000

V05.00.01-R000

Third-party Equipment

Microsoft

Skype for Business 2015

Reference Configuration

The following reference configuration shows connectivity between third-party and Sonus SBC 5XX0 series.

Reference Configuration

Support

For any questions regarding this document or the content herein, please contact your maintenance and support provider.

Third-Party Product Features

The following features and functionality were covered during compliance testing:

  • Incoming calls to the Enterprise site through the Sonus SBC 5200.
  • Outgoing calls from the Enterprise site through the Sonus SBC 5200.
  • DTMF tone transmission using RFC 2833.
  • Telephony features such as hold, resume, transfer, conference, and call forwarding.

Prerequisites

All the Skype Topology should be configured.

SBC is installed with correct version and also has valid License for TLS. 

Verify License

No special licensing is required for this test.

Configuration  - SBC Configuration

This section provides an overview of Sonus SBC 5200 configuration used during compliance testing.  The Sonus SBC 5200 is typically configured for customers by Sonus Networks.  The screen shots and partial configuration shown below, supplied by Sonus Networks, is provided only for reference.  Other configurations are possible. 

1. Global Configuration

 

1.1 Codec Entry

Create a Codec Entry with the supported codec on the network.

set profiles media codecEntry G711_2833_20
set profiles media codecEntry G711_2833_20 codec g711 dtmf relay rfc2833
set profiles media codecEntry G711_2833_20 packetSize 20
commit
 
set profiles media codecEntry G711SS_2833_20 codec g711ss sendSid enable dtmf relay rfc2833
set profiles media codecEntry G711SS_2833_20 packetSize 20
commit


set profiles media codecEntry G711A_2833_20 law ALaw codec g711 packetSize 20 dtmf relay rfc2833
commit

 

1.2 RTCP

Configure RTCP interval.

set system media mediaRtcpControl senderReportInterval 5
commit

 

1.3 SIP Domain

Specify the global SIP Domain name.

set global sipDomain amuthusamy2-inl.sonusnet.com
set global sipDomain med.sonusent.in
set global sipDomain med1.testnetwork.com
set global sipDomain med2.testnetwork.com
commit

 

1.4 Feature Control Profile (FCP)

Create a Feature Control Profile (FCP) for the Skype side. The FCP will be specified within the SIP Trunk Group configuration.

set profiles featureControlProfile LYNC_FCP ipProtocolFlags useIpProtocol enable defaultCalledUser enable
commit

 

1.5 DSP Resource Allocation

Configure DSP resources.

This configuration only applies if the SBC has been deployed with (hardware) DSP resources. If it was not, executing this configuration step has no negative impact. Subsequent configuration sections (Packet service profiles) do not attempt transcoding, so lack of compression resources will not impact the overall SBC configuration in this document.

set system mediaProfile compression 75 tone 25
commit

 

1.6 LRBT Profile

Create a LRBT profile that will be attached to the Skype side. Enable Dynamic LRBT.

set profiles media toneAndAnnouncementProfile LRBT_PROF
set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone signalingTonePackageState enable makeInbandToneAvailable enable
set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags useThisLrbtForIngress enable
set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags dynamicLRBT enable

 

1.7 Path Check Profile

Create a path Check profile that will be attached to the Skype side.

set profiles services pathCheckProfile LYNC_OPTIONS protocol sipOptions sendInterval 20 replyTimeoutCount 1 recoveryCount 1
commit
set profiles services pathCheckProfile LYNC_OPTIONS transportPreference preference1 tcp
commit

 

2. Lync Configuration

 

2.1 Packet Service Profile (PSP)

Create a Packet Service Profile (PSP) for the Skype side. The PSP will be specified within the SIP Trunk Group configuration.

set profiles media packetServiceProfile LYNC_PSP
set profiles media packetServiceProfile LYNC_PSP codec codecEntry1 G711_2833_20 
set profiles media packetServiceProfile LYNC_PSP rtcpOptions rtcp enable terminationForPassthrough enable
set profiles media packetServiceProfile LYNC_PSP preferredRtpPayloadTypeForDtmfRelay 101
set profiles media packetServiceProfile LYNC_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable
commit

 

2.2 IP Signaling Profile (IPSP)

Create an IP Signaling Profile (IPSP) for the Skype side. The IPSP will be specified within the SIP Trunk Group configuration.

 

set profiles signaling ipSignalingProfile LYNC_IPSP
set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags includeReasonHeader enable
set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags sendPtimeInSdp enable
set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags publishIPInHoldSDP enable
set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags sendRtcpPortInSdp enable
set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable
set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags routeUsingRecvdFqdn disable
set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags minimizeRelayingOfMediaChangesFromOtherCallLegAll enable
set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags relayDataPathModeChangeFromOtherCallLeg disable
set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes numberGlobalizationProfile DEFAULT_IP
set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes domainName useZoneLevelDomainNameInContact enable
set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes transport type1 tcp
set profiles signaling ipSignalingProfile LYNC_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable
set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes privacy flags msLyncPrivacySupport enable
set profiles signaling ipSignalingProfile LYNC_IPSP ingressIpAttributes flags sendSdpInSubsequent18x enable
commit

 

2.3 IP Interface Group

Configure the IP Interface Group.

The following configuration is for a Sonus 52x0 system using a single port for Internal connectivity.

set addressContext a1 ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName NBS51K1 portName pkt0 ipAddress 10.54.20.233 prefix 24 altIpAddress fc00::20:f:f:f:233 altPrefix 64
set addressContext a1 ipInterfaceGroup LIF1 ipInterface PKT0_V4 mode inService state enabled
commit

 

2.4 Zone

Configure the domain name associated with the zone.

The Zone groups the set of objects that is used for the communication to Skype for Business.

set addressContext a1 zone LYNC_ZONE id 2
set addressContext a1 zone LYNC_ZONE domainName NBS51K1.sonusnet.com
commit

 

2.5 SIP Signaling Port

Configure SIP Signaling port.

A SIP Signaling port is a logical address permanently bound to a specific zone and is used to send and receive SIP call signaling packets.

set addressContext a1 zone LYNC_ZONE id 2 sipSigPort 2 ipInterfaceGroupName LIF1 ipAddressV4 10.54.20.233 portNumber 5060 ipAddressV6 fc00::20:f:f:f:233 transportProtocolsAllowed sip-tcp,sip-tls-tcp state enabled mode inService
commit

 

2.6 DNS Group

Configure DNS Group.

DNS Groups set DNS objects that may be used for DNS resolution within a particular Zone.

set addressContext a1 dnsGroup EXT_DNS type mgmt server DNS1 ipAddress 172.16.103.71 state enabled
set addressContext a1 zone LYNC_ZONE dnsGroup EXT_DNS
commit


2.7 SIP Trunk Group

Create a SIP Trunk Group towards Skype side and assign the Profiles configured above.

set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG media mediaIpInterfaceGroupName LIF1
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG policy media packetServiceProfile LYNC_PSP
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG policy signaling ipSignalingProfile LYNC_IPSP
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG downstreamForkingSupport enabled
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG signaling rel100Support enabled
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG signaling acceptHistoryInfo enabled
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG services dnsSupportType a-only
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG policy featureControlProfile LYNC_FCP
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG policy media toneAndAnnouncementProfile LRBT_PROF
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG ingressIpPrefix 10.54.20.50 32
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG ingressIpPrefix 172.16.101.84 32
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG ingressIpPrefix 172.16.101.83 32
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG ingressIpPrefix fc00::20:f:f:f:50 128
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG ingressIpPrefix fc00::101:f:f:f:83 128
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG ingressIpPrefix fc00::101:f:f:f:84 128
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG signaling timers sessionKeepalive 0
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG signaling honorMaddrParam enabled
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG mode inService state enabled	
commit


2.8 IP Static Route

Create a default route to the subnet's IP nexthop for the interface and IP Interface Group.

set addressContext a1 staticRoute 10.54.20.50 32 10.54.20.1 LIF1 PKT0_V4 preference 100
set addressContext a1 staticRoute 10.54.20.51 32 10.54.20.1 LIF1 PKT0_V4 preference 100
set addressContext a1 staticRoute 10.54.20.52 32 10.54.20.1 LIF1 PKT0_V4 preference 100
commit
set addressContext a1 staticRoute fc00::20:f:f:f:50 128 fc00::20:f:f:f:1 LIF1 PKT0_V4 preference 100
set addressContext a1 staticRoute fc00::20:f:f:f:51 128 fc00::20:f:f:f:1 LIF1 PKT0_V4 preference 100
set addressContext a1 staticRoute fc00::20:f:f:f:52 128 fc00::20:f:f:f:1 LIF1 PKT0_V4 preference 100
commit
set addressContext a1 staticRoute 172.16.101.84 32 10.54.20.1 LIF1 PKT0_V4 preference 100
set addressContext a1 staticRoute 172.16.101.83 32 10.54.20.1 LIF1 PKT0_V4 preference 100
set addressContext a1 staticRoute fc00::101:f:f:f:83 128 fc00::20:f:f:f:1 LIF1 PKT0_V4 preference 100
set addressContext a1 staticRoute fc00::101:f:f:f:84 128 fc00::20:f:f:f:1 LIF1 PKT0_V4 preference 100
commit

 

3. Service Provider Side Configuration

 

3.1 Packet Service Profile (PSP)

Create a Packet Service Profile (PSP) for the SP side. The PSP will be specified within the SIP Trunk Group configuration.

set profiles media packetServiceProfile SP_PSP
set profiles media packetServiceProfile SP_PSP codec codecEntry1 G711_2833_20 
set profiles media packetServiceProfile SP_PSP rtcpOptions rtcp enable
set profiles media packetServiceProfile SP_PSP preferredRtpPayloadTypeForDtmfRelay 101
set profiles media packetServiceProfile SP_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable
commit

 

3.2 IP Signaling Profile (IPSP)

Create an IP Signaling Profile (IPSP) for the SP side. The IPSP will be specified within the SIP Trunk Group configuration.

set profiles signaling ipSignalingProfile SP_IPSP
set profiles signaling ipSignalingProfile SP_IPSP commonIpAttributes flags includeReasonHeader enable
set profiles signaling ipSignalingProfile SP_IPSP commonIpAttributes flags sendPtimeInSdp enable
set profiles signaling ipSignalingProfile SP_IPSP commonIpAttributes flags publishIPInHoldSDP enable
set profiles signaling ipSignalingProfile SP_IPSP commonIpAttributes flags sendRtcpPortInSdp enable
set profiles signaling ipSignalingProfile SP_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable
set profiles signaling ipSignalingProfile SP_IPSP commonIpAttributes flags routeUsingRecvdFqdn disable
set profiles signaling ipSignalingProfile SP_IPSP commonIpAttributes flags minimizeRelayingOfMediaChangesFromOtherCallLegAll enable
set profiles signaling ipSignalingProfile SP_IPSP commonIpAttributes flags relayDataPathModeChangeFromOtherCallLeg disable
set profiles signaling ipSignalingProfile SP_IPSP egressIpAttributes numberGlobalizationProfile DEFAULT_IP
set profiles signaling ipSignalingProfile SP_IPSP egressIpAttributes sipHeadersAndParameters sipToHeaderMapping calledNumber
set profiles signaling ipSignalingProfile SP_IPSP egressIpAttributes domainName useZoneLevelDomainNameInContact enable
set profiles signaling ipSignalingProfile SP_IPSP egressIpAttributes transport type1 tcp
set profiles signaling ipSignalingProfile SP_IPSP egressIpAttributes transport type2 udp
set profiles signaling ipSignalingProfile SP_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable
set profiles signaling ipSignalingProfile SP_IPSP egressIpAttributes privacy flags msLyncPrivacySupport enable
set profiles signaling ipSignalingProfile SP_IPSP ingressIpAttributes flags sendSdpInSubsequent18x enable
commit

 

3.3 IP Interface Group

Configure the IP Interface Group.

The following configuration is for a Sonus 52x0 system using a single port for Internal connectivity.

set addressContext a1 ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName NBS51K1 portName pkt1 ipAddress 10.54.21.233 prefix 24 altIpAddress fc00::21:f:f:f:233 altPrefix 64
set addressContext a1 ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled
commit

 

3.4 Zone

Configure the domain name. Assign DNS server to the zone.

The Zone groups the set of objects that is used for the communication to Skype for Business.

set addressContext a1 zone SP_ZONE id 3
commit
set addressContext a1 zone SP_ZONE domainName NBS51K1.sonusnet.com
commit
set addressContext a1 zone SP_ZONE dnsGroup EXT_DNS
commit

 

3.5 SIP Signaling Port

Configure SIP Signaling port.

A SIP Signaling port is a logical address permanently bound to a specific zone and is used to send and receive SIP call signaling packets.

set addressContext a1 zone SP_ZONE id 3 sipSigPort 3 ipInterfaceGroupName LIF2 ipAddressV4 10.54.21.233 portNumber 5060 ipAddressV6 fc00::21:f:f:f:233 transportProtocolsAllowed sip-tcp,sip-tls-tcp state enabled mode inService
commit

 

3.6 SIP Trunk Group

Create a SIP Trunk Group towards SP side and assign the Profiles configured above.

set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG media mediaIpInterfaceGroupName LIF2
set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG policy media packetServiceProfile SP_PSP
set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG policy signaling ipSignalingProfile SP_IPSP
set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG policy media toneAndAnnouncementProfile LRBT_PROF
set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG ingressIpPrefix 10.54.20.50 32
set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG ingressIpPrefix 10.54.20.69 32
set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG ingressIpPrefix fc00::20:f:f:f:50 128
set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG signaling timers sessionKeepalive 0
set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG signaling honorMaddrParam enabled
set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG mode inService state enabled
commit

 

 3.7 IP Peer

Create an IP Peer with the Fully-Qualified Domain Name (FQDN) of the end points and assign it to the SP or Lync Zone. Assign the path check profile created.

set addressContext a1 zone SP_ZONE ipPeer SP_IPP1 policy sip fqdn amuthusamy2-inl.sonusnet.com fqdnPort 5068
commit
set addressContext a1 zone SP_ZONE ipPeer SP_IPP1 pathCheck profile LYNC_OPTIONS hostName amuthusamy2-inl.sonusnet.com hostPort 5068 state disabled
commit
set addressContext a1 zone SP_ZONE ipPeer SP_IPP1 pathCheck profile LYNC_OPTIONS hostName amuthusamy2-inl.sonusnet.com hostPort 5068 state enabled
commit
set addressContext a1 zone SP_ZONE ipPeer SP_IPP2 policy sip fqdn amuthusamy2-inl.sonusnet.com fqdnPort 5066
commit
set addressContext a1 zone SP_ZONE ipPeer SP_IPP2 pathCheck profile LYNC_OPTIONS hostName amuthusamy2-inl.sonusnet.com hostPort 5066 state disabled
commit
set addressContext a1 zone SP_ZONE ipPeer SP_IPP2 pathCheck profile LYNC_OPTIONS hostName amuthusamy2-inl.sonusnet.com hostPort 5066 state enabled
commit
set addressContext a1 zone SP_ZONE ipPeer SP_IPP3 policy sip fqdn amuthusamy2-inl.sonusnet.com fqdnPort 5070
commit
set addressContext a1 zone SP_ZONE ipPeer SP_IPP3 pathCheck profile LYNC_OPTIONS hostName amuthusamy2-inl.sonusnet.com hostPort 5070 state disabled
commit
set addressContext a1 zone SP_ZONE ipPeer SP_IPP3 pathCheck profile LYNC_OPTIONS hostName amuthusamy2-inl.sonusnet.com hostPort 5070 state enabled
commit
set addressContext a1 zone SP_ZONE ipPeer SP_FAILOVER1 policy sip fqdn amuthusamy2-inl.sonusnet.com fqdnPort 5072
commit
set addressContext a1 zone SP_ZONE ipPeer SP_FAILOVER1 pathCheck profile LYNC_OPTIONS hostName amuthusamy2-inl.sonusnet.com hostPort 5072 state disabled
commit
set addressContext a1 zone SP_ZONE ipPeer SP_FAILOVER1 pathCheck profile LYNC_OPTIONS hostName amuthusamy2-inl.sonusnet.com hostPort 5072 state enabled
commit
set addressContext a1 zone LYNC_ZONE ipPeer LYNC_IPP1_Manual policy sip fqdn med.sonusent.in fqdnPort 5068
commit
set addressContext a1 zone SP_ZONE ipPeer SP_IPP1_MANUAL ipAddress 10.54.20.69 ipPort 5060
commit

 

3.8 IP Static Route

Create a default route to the subnet’s IP nexthop for the interface and IP Interface Group.

set addressContext a1 staticRoute 10.54.20.50 32 10.54.21.1 LIF2 PKT1_V4 preference 100
set addressContext a1 staticRoute 10.54.20.51 32 10.54.21.1 LIF2 PKT1_V4 preference 100
set addressContext a1 staticRoute 10.54.20.52 32 10.54.21.1 LIF2 PKT1_V4 preference 100
commit
set addressContext a1 staticRoute fc00::20:f:f:f:50 128 fc00::21:f:f:f:1 LIF2 PKT1_V4 preference 100
set addressContext a1 staticRoute fc00::20:f:f:f:51 128 fc00::21:f:f:f:1 LIF2 PKT1_V4 preference 100
set addressContext a1 staticRoute fc00::20:f:f:f:52 128 fc00::21:f:f:f:1 LIF2 PKT1_V4 preference 100
commit
set addressContext a1 staticRoute 10.54.20.69 32 10.54.21.1 LIF2 PKT1_V4 preference 100
set addressContext a1 staticRoute fc00::10:54:20:69 128 fc00::21:f:f:f:1 LIF2 PKT1_V4 preference 100
set addressContext a1 staticRoute fc00::20:f:f:f:233 128 fc00::21:f:f:f:1 LIF2 PKT1_V4 preference 100
commit

 

3.9 Routing Label

Create a Routing Label with a single Routing Label Route to bind the SP or Lync Trunk Group with the SP or Lync IP Peer.

set global callRouting routingLabel SP_RL1 routingLabelRoute 1 trunkGroup SP_TG ipPeer SP_IPP1 inService inService
set global callRouting routingLabel SP_RL2 routingLabelRoute 1 trunkGroup SP_TG ipPeer SP_IPP2 inService inService
set global callRouting routingLabel SP_RL3 routingLabelRoute 1 trunkGroup SP_TG ipPeer SP_IPP3 inService inService
set global callRouting routingLabel SP_RL_FO1 routingLabelRoute 1 trunkGroup SP_TG ipPeer SP_FAILOVER1 inService inService
set global callRouting routingLabel LYNC_RL1_Manual routingLabelRoute 1 trunkGroup LYNC_TG ipPeer LYNC_IPP1_Manual inService inService
set global callRouting routingLabel SP_RL_MANUAL routingLabelRoute 1 trunkGroup SP_TG ipPeer SP_IPP1_MANUAL inService inService
commit

 

3.10 Routing

Routing must be put in place to send calls to the correct destination. For the purpose of this scenario, trunk group routing was used, but additional routing options may be used.

Configuration of both standarf and username routes are done to ensure that no matter which way the called party is addressed (a number or username) the SBC will route the message to the Core.

Create Route entries for standard Trunk Group routing with Matching Criteria and a Routing Label destination.

set global callRouting route none Sonus_NULL Sonus_NULL standard 333 1 all all ALL none Sonus_NULL routingLabel SP_RL1
set global callRouting route none Sonus_NULL Sonus_NULL standard 444 1 all all ALL none Sonus_NULL routingLabel SP_RL2
set global callRouting route none Sonus_NULL Sonus_NULL standard 666 1 all all ALL none Sonus_NULL routingLabel SP_RL3
set global callRouting route none Sonus_NULL Sonus_NULL standard 777 1 all all ALL none Sonus_NULL routingLabel SP_RL_FO1
set global callRouting route none Sonus_NULL Sonus_NULL username Sonus_NULL Sonus_NULL all all ALL none amuthusamy2-inl.sonusnet.com routingLabel SP_RL1
set global callRouting route none Sonus_NULL Sonus_NULL standard 65 1 all all ALL none Sonus_NULL routingLabel LYNC_RL1_Manual
set global callRouting route none Sonus_NULL Sonus_NULL standard 54 1 all all ALL none Sonus_NULL routingLabel SP_RL_MANUAL
set global callRouting route none Sonus_NULL Sonus_NULL username Sonus_NULL Sonus_NULL all all ALL none med1.testnetwork.com routingLabel LYNC_RL
set global callRouting route none Sonus_NULL Sonus_NULL username Sonus_NULL Sonus_NULL all all ALL none med2.testnetwork.com routingLabel LYNC_RL
commit

Back to Top

 

4. TLS Configuration

Note

The following shows the only difference from previous section

Important Note
   
SBX5K does not support MKI. LYNC_IT tool does not take into account that SBX has not published MKI support in its SDP and still tries to validate SRTP as
SRTP with MKI BIT set. As a workaround, we publish MKI support in SDP and use this new debug xrm command to mark MKI bit in outgoing SRTP/SRTCP  streams and also factor it for incoming SRTP/ SRTCP streams.

This command is to be used only for LYNC certification or qualification in Customer Labs only. We do not recommend enabling this in production enviroment.

  
admin@pumal%
unhide debug
Password: ******
#password is sonus1

admin@puma%
request sbx xrm debug command "srtpmki enable"
[ok][2014-04-01 16:54:17]
[edit]
MKI Enabled: encLength=1; encValue=0x1; decLength=1
admin@puma%


4.1 Create a configuration object to hold a locally generated RSA key pair

set system security pki certificate SBC_CERT type local-internal
commit


4.2 Generate Key pair and Certificate Signing Request (CSR) for submission to a Certificate Authority (CA)

request system security pki certificate SBC_CERT generateCSR csrSub /C=US/ST=MA/L=Westford/O=Sonus/CN=sbc.domain.com keySize keySize2K


4.3 Generate required certificates

Note: Generate required certificates and then copy the Lync Server Root Certificate (rootcert.cer) and Microsoft signed SBC Certificate (servercert.pem) into
/opt/sonus/external/ folder of SBC


4.4 Create Crypto Suite Profile

set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES-CM-128-HMAC-SHA1-80
commit

 

4.5 Import Lync Root Certificate into database

set system security pki certificate LYNC_CERT type remote fileName rootcert.cer state enabled
commit

 

4.6 Import Microsoft Certified SBC Server Certificate into database

set system security pki certificate SBC_CERT fileName servercert.pem state enabled
commit

 

4.7 Create TLS Profile

set profiles security tlsProfile TLS_PROF clientCertName SBC_CERT serverCertName SBC_CERT cipherSuite1 rsa-with-3des-ede-cbc-sha cipherSuite2 rsa-with-aes-128-cbc-sha authClient true allowedRoles clientandserver acceptableCertValidationErrors invalidPurpose
commit

 

4.8 Configure Packet Service Profile with Crypto Suite

set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp cryptoSuiteProfile CRYPT_PROF
set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags enableSrtp enable
set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags allowFallback disable
commit
 
NOTE: If media Bypass is disabled on LYNC
 
set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags resetEncDecROCOnDecKeyChange disable
set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags resetROCOnKeyChange enable
commit
 
NOTE: If media Bypass is enabled on LYNC
 
set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags resetROCOnKeyChange disable
set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags resetEncDecROCOnDecKeyChange enable
commit


4.9 Configure IP Signaling Profile

set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes transport type1 tlsOverTcp
commit

 

4.10 SMM to Add crypto Parameter in the outgoing SIP messages to Skype server

set profiles signaling sipAdaptorProfile addCryptoParam rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 criterion 1 message condition exist
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 criterion 2 type messageBody
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 criterion 2 messageBody condition exist
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 action 1 type messageBody
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 action 1 operation regstore
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 action 1 from type messageBody
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 action 1 from messageBodyValue all
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 action 1 to type variable
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 action 1 to variableValue var1
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 action 1 regexp string "a=crypto.*?\r\n"
set profiles signaling sipAdaptorProfile addCryptoParam rule 1 action 1 regexp matchInstance one
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 criterion 1 type message
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 criterion 1 message condition exist
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 criterion 2 type variable
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 criterion 2 variable condition exist
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 criterion 2 variable variableID var1
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 action 1 type variable
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 action 1 operation regsub
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 action 1 from type value
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 action 1 from value "|2^31|1:1\r\n"
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 action 1 to type variable
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 action 1 to variableValue var1
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 action 1 regexp string "\r\n"
set profiles signaling sipAdaptorProfile addCryptoParam rule 2 action 1 regexp matchInstance one
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 criterion 1 type message
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 criterion 1 message condition exist
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 criterion 2 type variable
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 criterion 2 variable condition exist
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 criterion 2 variable variableID var1
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 action 1 type messageBody
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 action 1 operation regsub
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 action 1 from type variable
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 action 1 from variableValue var1
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 action 1 to type messageBody
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 action 1 to messageBodyValue all
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 action 1 regexp string "a=crypto.*?\r\n"
set profiles signaling sipAdaptorProfile addCryptoParam rule 3 action 1 regexp matchInstance one
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 criterion 1 type message message messageTypes requestAll condition exist
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 criterion 2 type header header name Request-Line condition exist
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 criterion 3 type parameter parameter name maddr paramType uri 
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 criterion 3 type parameter parameter condition exist
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 criterion 3 parameter condition regex-match regexp string .*fc00.*
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 1 type parameter operation store from type parameter value maddr 
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 1 paramType uri 
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 1 to type variable variableValue var1
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 2 type variable operation store from type value value [
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 2 to type variable variableValue var2
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 3 type variable operation append from type variable variableValue var1
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 3 to type variable variableValue var2
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 4 type variable operation append from type value value ]
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 4 to type variable variableValue var2
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 5 type parameter operation modify from type variable variableValue var2
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 5 to type parameter value maddr  
set profiles signaling sipAdaptorProfile addCryptoParam rule 4 action 5 paramType uri 
set profiles signaling sipAdaptorProfile addCryptoParam state enabled 
commit

 

4.11 SMM to remove Crypto parameter in the incoming SIP messages.

set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 criterion 2 type messageBody
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 criterion 2 messageBody condition exist
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 criterion 2 messageBody messageBodyType all
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 1 type messageBody
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 1 operation regsub
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 1 from type value
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 1 from value "\r\n"
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 1 to type messageBody
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 1 to messageBodyValue all
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 1 regexp string "\|2\^31.*r\n"
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 2 type messageBody
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 2 operation regsub
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 2 from type value
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 2 from value "\r\n"
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 2 to type messageBody
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 2 to messageBodyValue all
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 2 regexp string "\|2\^31.*\r\n"
set profiles signaling sipAdaptorProfile removeCryptoParam rule 1 action 2 regexp matchInstance one
set profiles signaling sipAdaptorProfile removeCryptoParam state enabled 
commit

 

4.12 Apply the SMM to the Skype and SP Trung Groups.

set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG signaling messageManipulation outputAdapterProfile addCryptoParam
set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG signaling messageManipulation inputAdapterProfile removeCryptoParam
set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG signaling messageManipulation outputAdapterProfile addCryptoParam
set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG signaling messageManipulation inputAdapterProfile removeCryptoParam
commit

Back to Top

 

Conclusion

This Application Notes document describes the configuration steps required for the Sonus SBC 5XX0 series to successfully interoperate with Microsoft Skype for Business. All feature and serviceability test cases were completed and passed.

 

Back to Top