Overview
When the
The Central SBC and the Proxy SBC roles are supported in all deployments as follows:
- Confirm that in all deployments, private interfaces are assured between relevant parties, as identified at: https://docs.microsoft.com/en-us/microsoftteams/direct-routing-media-optimization
- Secondly, acceptable network connectivity and performance between all nodes (typically indicated by KPIs) must be maintained for an acceptable level of LMO service.
- Exercise caution and ensure a high quality link to the Public Cloud (Azure) to ensure acceptable Central SBC/Proxy SBC roles and LMO behavior. Currently, Ribbon and Microsoft strongly encourage the use of ExpressRoute to ensure proper LMO performance.
- Ribbon and Microsoft reserve the right to decline support for LMO issues should proper care and network conditions not meet the requirements listed out in the point above.
This best practice uses the term Microsoft Teams Direct Routing, which is also known as Phone System Direct Routing.
This best practice outlines how to use the
This best practice describes greenfield and migration deployments and explains the requirements for each case. This best practice includes cautions to specify the deployment scenarios.
Though the
For the Central
Make sure the licensed quantity of sessions on the
Microsoft Considerations
The Ribbon TEAMS Local Media Optimization (LMO) solution supports Teams Music on Hold (MOH). The Microsoft Teams LMO document suggests disabling the MOH feature for an LMO deployment because not all SBC vendors support the Teams MOH feature for LMO deployments.
Microsoft does not support Early 183. You should disable Early 183 for all
Prerequisites
This section outlines the prerequisites for Local Media Optimization for Microsoft Teams Direct Routing.
Unable to show "metadata-from": No such page "_space_variables" Capacity
When deploying Local Media Optimization, the Central
- Call made to and from a Teams client that is internal to the customer network:
- The CentralUnable to show "metadata-from": No such page "_space_variables"consumes the Proxy Media Mode with Encryption resource.
- The non-LMO SBC Unable to show "metadata-from": No such page "_space_variables"(SBC not processing the LMO calls) consumes the SIP with corresponding RTP Media resource.
- The Central
- Call made to and from a Teams client that is external to the customer network:
- The Proxy Unable to show "metadata-from": No such page "_space_variables"consumes the SIP with corresponding RTP Media resource.
- The Downstream Unable to show "metadata-from": No such page "_space_variables"consumes the SIP with corresponding RTP Media resource.
- The Proxy
Firmware Requirement
The Central
This document outlines only the recommended firmware.
Microsoft Direct Routing Configuration
You must configure the following for Microsoft Teams Direct Routing:
- You must plan the Microsoft Teams tenant for Local Media Optimization usage according to the Local Media Optimization for Direct Routing document.
- You must configure the Microsoft Teams tenant for Local Media Optimization usage according to the Configure Local Media Optimization for Direct Routing document. When you configure the Microsoft Teams Direct Routing, you must also configure the following items:
CsTenantTrustedIPAddress
CsTenantNetworkRegion
CsTenantNetworkSite
CsTenantNetworkSubnet
CSOnlinePSTNGateway
CsOnlineVoiceRoute
Licensing Requirements
The LMO functionality requires the Downstream SBCs to use a Proxy/Central SBC as a registrar, hence this requires the Proxy/Central SBC to have SIP Registration licenses. This applies for both 1000/2000 and SBC SWe Edge.
Certificate Usage
The Central
Public Certificate
The public certificate must be issued by one of the supported certification authorities (CAs). Wildcard certificates are supported.
Refer to Microsoft documentation for certificate information.
Refer to CCADB Documentation for the comprehensive list of supported CAs.
- See Domain Name for certificate formats.
Domain Name
For the
- On the Microsoft Teams Tenant side, execute Get-CsTenant.
- Review the output.
- Verify that the Domain Name configured is listed in the Domains and DomainUrlMap attributes for the Tenant. If the Domain Name is incorrect or missing, the Unable to show "metadata-from": No such page "_space_variables"will not pair with Microsoft Teams.
Users may be from any SIP domain registered for the tenant. For example, you can configure user user@SonusMS01.com with the
Name Resolution
The Central
This best practice uses host entries.
Implementation
This best practice uses the FQDN and ports illustrated in the following figure.
Prepare Central Unable to show "metadata-from": No such page "_space_variables"
This section outlines how to prepare the Central
Install Unable to show "metadata-from": No such page "_space_variables" and Perform Initial Setup
Perform this procedure only if you are creating a new
Use the following procedure to install the
For the
Run Easy Config Wizard on Central Unable to show "metadata-from": No such page "_space_variables"
Once your
- Access a compatible web browser.
- In the browser, enter the IP address of the Unable to show "metadata-from": No such page "_space_variables"in the URL address bar. The Welcome toUnable to show "metadata-from": No such page "_space_variables"screen is displayed.
- Review the Pre-Login message.
- Enter the administrator User Name and Password configured during initial setup.
- If the Acknowledge Pre-Login Message checkbox is displayed, click on it to acknowledge you have reviewed the pre-login information above. After initial login, this checkbox can be enabled and disabled via the Global Security Options. By default, this checkbox is configured as disabled.
Click Login. The main screen provides all WebUI functions, including tabbed options, menu tree, device name, and the last login date and time of the system.
Select Tasks > SBC Easy Setup > Easy Config Wizard.
In the Application field, select your application. This best practice configures the SIP Trunk ↔ Microsoft Teams.
- Configure the other fields in Step 1 and click Next.
In the SIP Trunk section, configure the Border Element Server with the FQDN or IP of the central SIP Trunk.
In the Teams Connection Type field, select Local Media Optimization.
The Easy Configuration Wizard automatically generates two ACL tables for Microsoft Teams Direct Routing. In the table that contains the Teams Direct Routing ACL in the name, Rule #4 was setup for deployments where a single ethernet port was used for both Microsoft Teams Direct Routing and a SIP Trunk; this rule may be too permissive for your configuration. If the SBC was deployed with only Microsoft Teams Direct Routing on an ethernet port, Rule #4 could be modified to have the Source IP Address set to 52.112.0.0 and Source Netmask set to 255.252.0.0. This change allows only SIP Signaling from Microsoft Teams.
Configure the other fields in the Microsoft Teams section and click Next.
Review your configuration information in Step 3 and click Finish.
Import Certificate on Central Unable to show "metadata-from": No such page "_space_variables"
This section outlines how to import a certificate on the Central
Configure and Generate Certificates on the Unable to show "metadata-from": No such page "_space_variables"
Update the Current Call Routing
Perform this procedure only if you are using a node that is already configured with another signaling group (a migration scenario).
If this is not a newly deployed
If you configured a SIP Trunk or PSTN Access on this
Unable to show "metadata-from": No such page "_space_variables", you must perform the following procedure to select the previously created signaling group in the From Microsoft Teams Direct Routing table (see the following example call flow).Select Settings > Call Routing > Call Routing Table.
- Select the call routing table for Microsoft Teams Direct Routing.
Select the To Outside (Passthrough) route entry.
In the Destination Signaling Groups field, select the Border Element signaling group and click Remove.
In the Destination Signaling Groups field, click Add and add your previously created SIP Trunk or PSTN Access.
In the Audio Stream Mode field, select Direct Preferred over DSP.
Click Apply.
- Click Signaling Groups.
- Delete the Border Element signaling group.
If you configured a connection to Teams Direct Routing or Skype for Business, you must remove the previously created signaling group (see the following example call flow).
Verify the Deployment
After you configure the Central
- Access a compatible web browser.
- In the browser, enter the IP address of the Unable to show "metadata-from": No such page "_space_variables"in the URL address bar. The Welcome toUnable to show "metadata-from": No such page "_space_variables"screen is displayed.
- Review the Pre-Login message.
- Enter the administrator User Name and Password configured during initial setup.
- If the Acknowledge Pre-Login Message checkbox is displayed, click on it to acknowledge you have reviewed the pre-login information above. After initial login, this checkbox can be enabled and disabled via the Global Security Options. By default, this checkbox is configured as disabled.
Click Login. The main screen provides all WebUI functions, including tabbed options, menu tree, device name, and the last login date and time of the system.
Select Settings > Signaling Groups.
Make sure the Service Status for all signaling groups is Up.
- If the Service Status for the Teams Direct Routing signaling group is Down, refer to Best Practice - Troubleshoot Issues with Microsoft Teams Direct Routing.
Place a Test Call
Use the following procedure to place a test call.
- Access a compatible web browser.
- In the browser, enter the IP address of the Unable to show "metadata-from": No such page "_space_variables"in the URL address bar. The Welcome toUnable to show "metadata-from": No such page "_space_variables"screen is displayed.
- Review the Pre-Login message.
- Enter the administrator User Name and Password configured during initial setup.
- If the Acknowledge Pre-Login Message checkbox is displayed, click on it to acknowledge you have reviewed the pre-login information above. After initial login, this checkbox can be enabled and disabled via the Global Security Options. By default, this checkbox is configured as disabled.
Click Login. The main screen provides all WebUI functions, including tabbed options, menu tree, device name, and the last login date and time of the system.
In the WebUI, click the Diagnostics tab.
In the left navigation pane, click Test a Call.
Use the following table to configure the parameters for your Central SBC.
See the following example configuration of testing a call for a Central SBC.
Click OK.