This document provides a configuration guide for Sonus Session Border Controller 5XX0Series (SBC) when connecting to Skype for Business 2015 and Exchange Unified Messaging.
The interoperability compliance testing focuses on verifying inbound and outbound calls flow between Sonus SBC 5200 and Microsoft Skype for Business, using TCP, TLS, and SRTP.
Document History
This is a technical document intended for telecommunications engineers with the purpose of configuring both the Sonus SBC and the third-party product. Navigating the third-party product as well as the Sonus SBC Command Line Interface (CLI) is required. Understanding the basic concepts of TCP/UDP, IP/Routing, and SIP/RTP are also necessary to complete the configuration and any required troubleshooting.
The following equipment and software were used for the sample configuration provided:
The following reference configuration shows connectivity between the third-party and the Sonus SBC 5XX0.
For any questions regarding this document or the content herein, contact your maintenance or support provider.
Kindly refer to the Microsoft's Skype for Business test plan for complete product features details.
Microsoft's Skype For Business enterprise topology should be deployed with at least two Mediation servers..
Verify you have necessary licences for making enterprise voice call.
This section provides a “snapshot” of the Sonus SBC 5200 configuration used during compliance testing. The Sonus SBC 5200 is typically configured for customers by Sonus Networks. The screenshots and partial configuration shown below, supplied by Sonus Networks, are provided for reference only. Other configurations are possible.
Create a Codec Entry with the supported codec on the network.
set profiles media codecEntry G711_2833_20 dtmf relay rfc2833 set profiles media codecEntry G711_2833_20 packetSize 20 commit set profiles media codecEntry G711SS_2833_20 codec g711ss sendSid enable dtmf relay rfc2833 set profiles media codecEntry G711SS_2833_20 packetSize 20 commit
Configure RTCP interval.
set system media mediaRtcpControl senderReportInterval 5 commit
Specify the global SIP Domain name.
set global sipDomain vm.testnetwork.com set global sipDomain access.testnetwork.com set global sipDomain vm.interopdomain.com set global sipDomain med01.testnetwork.com set global sipDomain med02.testnetwork.com commit
Create a Feature Control Profile (FCP) for the Skype side. The FCP will be specified within the SIP Trunk Group Configuration.
set profiles featureControlProfile SKYPE_FCP commit
This configuration only applies if the SBC has been deployed with (hardware) DSP resources. If it has not, executing this configuration step has no negative impact.
Subsequent configuration sections (Packet service profiles) do not attempt transcoding, so the lack of compression resources will not impact the overall SBC configuration in this document.
set system mediaProfile compression 75 tone 25 commit
set profiles media toneAndAnnouncementProfile LRBT_PROF set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone signalingTonePackageState enable makeInbandToneAvailable enable set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags useThisLrbtForIngress enable set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags dynamicLRBT enable commit
set profiles services pathCheckProfile SKYPE_OPTIONS protocol sipOptions sendInterval 20 replyTimeoutCount 1 recoveryCount 1 commit set profiles services pathCheckProfile SKYPE_OPTIONS transportPreference preference1 tcp commit Change the transport preference to TCP-TLS if SKYPE is listening on TLS.
Create a Packet Service Profile (PSP) for the Skype side. The PSP will be specified within the SIP Trunk Group Configuration.
set profiles media packetServiceProfile SKYPE_PSP set profiles media packetServiceProfile SKYPE_PSP codec codecEntry1 G711_2833_20 set profiles media packetServiceProfile SKYPE_PSP rtcpOptions rtcp enable set profiles media packetServiceProfile SKYPE_PSP preferredRtpPayloadTypeForDtmfRelay 101 set profiles media packetServiceProfile SKYPE_PSP flags ssrcRandomize enable set profiles media packetServiceProfile SKYPE_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable commit
Create an IP Signaling Profile (IPSP) for the Skype side. The IPSP will be specified within the SIP Trunk Group Configuration.
set profiles signaling ipSignalingProfile SKYPE_IPSP set profiles signaling ipSignalingProfile SKYPE_IPSP commonIpAttributes flags includeReasonHeader enable set profiles signaling ipSignalingProfile SKYPE_IPSP commonIpAttributes flags sendPtimeInSdp enable set profiles signaling ipSignalingProfile SKYPE_IPSP commonIpAttributes flags sendRtcpPortInSdp enable set profiles signaling ipSignalingProfile SKYPE_IPSP egressIpAttributes flags disable2806Compliance enable set profiles signaling ipSignalingProfile SKYPE_IPSP egressIpAttributes transport type1 tcp set profiles signaling ipSignalingProfile SKYPE_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable set profiles signaling ipSignalingProfile SKYPE_IPSP egressIpAttributes redirect flags forceRequeryForRedirection enable set profiles signaling ipSignalingProfile SKYPE_IPSP commonIpAttributes flags routeUsingRecvdFqdn enable set profiles signaling ipSignalingProfile SKYPE_IPSP commonIpAttributes relayFlags notify enable set profiles signaling ipSignalingProfile SKYPE_IPSP commonIpAttributes relayFlags statusCode4xx6xx enable set profiles signaling ipSignalingProfile SKYPE_IPSP commonIpAttributes flags includeTransportTypeInContactHeader enable set profiles signaling ipSignalingProfile SKYPE_IPSP egressIpAttributes sipHeadersAndParameters callForwarding dataMapping none set profiles signaling ipSignalingProfile SKYPE_IPSP egressIpAttributes sipHeadersAndParameters callForwarding diversionHeaderTransparency enable set profiles signaling ipSignalingProfile SKYPE_IPSP commonIpAttributes transparencyFlags mwiBody enable set profiles signaling ipSignalingProfile SKYPE_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable set profiles signaling ipSignalingProfile SKYPE_IPSP egressIpAttributes numberGlobalizationProfile DEFAULT_IP commit
The configuration below is for a Sonus 52x0 system using a single port for Internal connectivity.
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName IOTNEXUS portName pkt1 ipAddress 172.16.103.184 prefix 24 altIpAddress fc00::103:f:f:f:118 altPrefix 64 set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled commit
This Zone groups the set of objects that are used for the communication to Skype for Business. Configure the domain name.
set addressContext default zone SKYPE_ZONE id 4 set addressContext default zone SKYPE_ZONE domainName vm.testnetwork.com commit
A SIP Signaling port is a logical address permanently bound to a specific zone and is used to send and receive SIP call signaling packets.
set addressContext default zone SKYPE_ZONE id 4 sipSigPort 4 ipInterfaceGroupName LIF2 ipAddressV4 172.16.103.184 portNumber 5060 ipAddressV6 fc00::103:f:f:f:118 transportProtocolsAllowed sip-tcp,sip-udp,sip-tls-tcp set addressContext default zone SKYPE_ZONE id 4 sipSigPort 4 state enabled mode inService commit
DNS Groups set DNS objects that may be used for DNS resolution within a particular Zone.
set addressContext default dnsGroup EXT_DNS set addressContext default dnsGroup EXT_DNS type mgmt server DNS1 ipAddress 172.16.101.165 state enabled set addressContext default zone SKYPE_ZONE dnsGroup EXT_DNS commit
Create a SIP Trunk Group towards Skype side and assign the Profiles configured above.
set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG media mediaIpInterfaceGroupName LIF2 set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG signaling honorMaddrParam enabled set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG policy media packetServiceProfile SKYPE_PSP set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG policy signaling ipSignalingProfile SKYPE_IPSP set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG downstreamForkingSupport enabled set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG signaling rel100Support enabled set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG services dnsSupportType a-only set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG media earlyMedia forkingBehaviour firstRtp set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG ingressIpPrefix 172.16.101.0 24 set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG ingressIpPrefix :: 0 set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG signaling relayNonInviteRequest enabled set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG signaling methods notify allow set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG signaling acceptHistoryInfo enabled set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG policy media toneAndAnnouncementProfile LRBT_PROF set addressContext default zone SKYPE_ZONE sipTrunkGroup SKYPE_TG mode inService state enabled commit
Create a default route to the subnet's next hop IP for the interface and IP Interface Group.
set addressContext default staticRoute 172.16.101.0 24 172.16.103.1 LIF2 PKT1_V4 preference 100 set addressContext default staticRoute :: 0 fc00::103:f:f:f:1 LIF2 PKT1_V4 preference 100 commit
Create an IP Peer with the Fully-Qualified Domain Name (FQDN) of the end points and assign it to the SP or SKYPE Zone. Assign the path check profile created.
set addressContext default zone SKYPE_ZONE ipPeer Exchange_IPP policy sip fqdn exchange.testnetwork.com fqdnPort 5060 set addressContext default zone SKYPE_ZONE ipPeer SKYPE_IPP policy sip fqdn med.testnetwork.com fqdnPort 5068 set addressContext default zone SKYPE_ZONE ipPeer SKYPE_IPP pathCheck profile SKYPE_PATHCHECK set addressContext default zone SKYPE_ZONE ipPeer SKYPE_IPP pathCheck profile SKYPE_PATHCHECK hostName med.testnetwork.com hostPort 5068 state enabled commit
set profiles media packetServiceProfile ACCESS_PSP set profiles media packetServiceProfile ACCESS_PSP codec codecEntry1 G711_2833_20 set profiles media packetServiceProfile ACCESS_PSP rtcpOptions rtcp enable terminationForPassthrough enable set profiles media packetServiceProfile ACCESS_PSP preferredRtpPayloadTypeForDtmfRelay 101 set profiles media packetServiceProfile ACCESS_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable commit
Create an IP Signaling Profile (IPSP) for the SP side. The IPSP will be specified within the SIP Trunk Group Configuration.
set profiles signaling ipSignalingProfile ACCESS_IPSP set profiles signaling ipSignalingProfile ACCESS_IPSP commonIpAttributes flags includeReasonHeader enable set profiles signaling ipSignalingProfile ACCESS_IPSP commonIpAttributes flags sendPtimeInSdp enable set profiles signaling ipSignalingProfile ACCESS_IPSP commonIpAttributes flags sendRtcpPortInSdp enable set profiles signaling ipSignalingProfile ACCESS_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable set profiles signaling ipSignalingProfile ACCESS_IPSP commonIpAttributes flags routeUsingRecvdFqdn enable set profiles signaling ipSignalingProfile ACCESS_IPSP egressIpAttributes domainName useZoneLevelDomainNameInContact enable set profiles signaling ipSignalingProfile ACCESS_IPSP egressIpAttributes transport type1 tcp set profiles signaling ipSignalingProfile ACCESS_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable set profiles signaling ipSignalingProfile ACCESS_IPSP commonIpAttributes relayFlags notify enable set profiles signaling ipSignalingProfile ACCESS_IPSP commonIpAttributes relayFlags statusCode4xx6xx enable set profiles signaling ipSignalingProfile ACCESS_IPSP commonIpAttributes transparencyFlags mwiBody enable set profiles signaling ipSignalingProfile ACCESS_IPSP egressIpAttributes redirect flags forceRequeryForRedirection disable set profiles signaling ipSignalingProfile ACCESS_IPSP commonIpAttributes flags includeTransportTypeInContactHeader enable commit
The below configuration is for a Sonus 52x0 system using a single port for Internal connectivity.
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName IOTNEXUS portName pkt0 ipAddress 172.16.102.184 prefix 24 set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 mode inService state enabled commit
This Zone groups the set of objects that are used for the communication to Skype for Business. Configure the domain name and assign DNS server to the zone.
set addressContext default zone ACCESS_ZONE id 2 set addressContext default zone ACCESS_ZONE domainName access.testnetwork.com commit
A SIP Signaling port is a logical address permanently bound to a specific zone which is used to send and receive SIP call signaling packets.
set addressContext default zone ACCESS_ZONE id 2 sipSigPort 1 ipInterfaceGroupName LIF1 ipAddressV4 172.16.102.184 portNumber 5060 transportProtocolsAllowed sip-tcp,sip-udp,sip-tls-tcp set addressContext default zone ACCESS_ZONE id 2 sipSigPort 1 mode inService state enabled commit
Create a SIP Trunk Group towards SP side and assign the Profiles configured above.
set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG media mediaIpInterfaceGroupName LIF1 set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG policy media packetServiceProfile ACCESS_PSP set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG policy signaling ipSignalingProfile ACCESS_IPSP set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG downstreamForkingSupport enabled set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG signaling rel100Support enabled set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG services dnsSupportType a-only set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG ingressIpPrefix 172.16.100.0 24 set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG ingressIpPrefix 172.16.105.0 24 set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG ingressIpPrefix 172.16.104.0 24 set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG mode inService state enabled set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG signaling honorMaddrParam enabled set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG signaling relayNonInviteRequest enabled set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG signaling methods notify allow set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG policy media toneAndAnnouncementProfile LRBT_PROF commit
Create an IP Peer with the Fully-Qualified Domain Name (FQDN) of the end points and assign it to the SP or SKYPE Zone. Assign the path check profile created.
set addressContext default zone ACCESS_ZONE ipPeer PhonerLite_IPP ipAddress 172.16.100.56 ipPort 5060 set addressContext default zone ACCESS_ZONE ipPeer POLYCOM1_IPP ipAddress 172.16.105.99 ipPort 5060 set addressContext default zone ACCESS_ZONE ipPeer POLYCOM2_IPP ipAddress 172.16.105.105 ipPort 5060 set addressContext default zone ACCESS_ZONE ipPeer CUCM_IPP ipAddress 172.16.104.178 ipPort 5060 commit
Create a default route to the subnet’s IP next hop for the interface and IP Interface Group.
set addressContext default staticRoute 172.16.100.0 24 172.16.102.1 LIF1 PKT0_V4 preference 100 set addressContext default staticRoute 172.16.104.0 24 172.16.102.1 LIF1 PKT0_V4 preference 100 set addressContext default staticRoute 172.16.105.0 24 172.16.102.1 LIF1 PKT0_V4 preference 100 commit
Create a Routing Label with a single Routing Label Route to bind the SP or SKYPE Trunk Group with the SP or SKYPE IP Peer.
set global callRouting routingLabel SKYPE_RL routingLabelRoute 1 trunkGroup SKYPE_TG ipPeer SKYPE_IPP inService inService set global callRouting routingLabel Exchange_RL routingLabelRoute 1 trunkGroup SKYPE_TG ipPeer Exchange_IPP inService inService set global callRouting routingLabel PhonerLite_RL routingLabelRoute 1 trunkGroup ACCESS_TG ipPeer PhonerLite_IPP inService inService set global callRouting routingLabel POLYCOM1_RL routingLabelRoute 1 trunkGroup ACCESS_TG ipPeer POLYCOM1_IPP inService inService set global callRouting routingLabel POLYCOM2_RL routingLabelRoute 1 trunkGroup ACCESS_TG ipPeer POLYCOM2_IPP inService inService set global callRouting routingLabel CUCM_RL routingLabelRoute 1 trunkGroup ACCESS_TG ipPeer CUCM_IPP inService inService commit
Routing must be put in place to send calls to the correct destination. For the purpose of this scenario, we have used number based routing, but additional routing options may be used.
The configuration of both standard and username routes are done to ensure that no matter which way the called party is addressed (a number or username) the SBC will route the message to the Core.
Create Route entries for standard Trunk Group routing with Matching Criteria and a Routing Label destination.
set global callRouting route none Sonus_NULL Sonus_NULL standard 7778883000 1 all all ALL none Sonus_NULL routingLabel Exchange_RL set global callRouting route none Sonus_NULL Sonus_NULL standard 77788830 1 all all ALL none Sonus_NULL routingLabel SKYPE_RL set global callRouting route none Sonus_NULL Sonus_NULL standard 9620428030 1 all all ALL none Sonus_NULL routingLabel PhonerLite_RL set global callRouting route none Sonus_NULL Sonus_NULL standard 9620428031 1 all all ALL none Sonus_NULL routingLabel POLYCOM1_RL set global callRouting route none Sonus_NULL Sonus_NULL standard 9620428032 1 all all ALL none Sonus_NULL routingLabel POLYCOM2_RL set global callRouting route none Sonus_NULL Sonus_NULL standard 8030 1 all all ALL none Sonus_NULL routingLabel PhonerLite_RL set global callRouting route none Sonus_NULL Sonus_NULL standard 8031 1 all all ALL none Sonus_NULL routingLabel POLYCOM1_RL set global callRouting route none Sonus_NULL Sonus_NULL standard 8032 1 all all ALL none Sonus_NULL routingLabel POLYCOM2_RL set global callRouting route none Sonus_NULL Sonus_NULL standard 666 1 all all ALL none Sonus_NULL routingLabel CUCM_RL set global callRouting route none Sonus_NULL Sonus_NULL username Sonus_NULL Sonus_NULL all all ALL none med01.testnetwork.com routingLabel SKYPE_RL set global callRouting route none Sonus_NULL Sonus_NULL username Sonus_NULL Sonus_NULL all all ALL none med02.testnetwork.com routingLabel SKYPE_RL commit
Create SIP Adapter profile to remove the transport protocol in the incoming SIP response and attach to SP side TG.
set profiles signaling sipAdaptorProfile DELETE_TRANSPORT rule 1 criterion 1 type message message messageTypes all condition exist set profiles signaling sipAdaptorProfile DELETE_TRANSPORT rule 1 criterion 2 type header header name Contact condition exist set profiles signaling sipAdaptorProfile DELETE_TRANSPORT rule 1 criterion 3 type parameter parameter condition exist paramType uri name transport set profiles signaling sipAdaptorProfile DELETE_TRANSPORT rule 1 action 1 type parameter operation delete paramType uri from type parameter value transport set profiles signaling sipAdaptorProfile DELETE_TRANSPORT rule 1 action 1 type parameter operation delete paramType uri to type parameter value transport set profiles signaling sipAdaptorProfile DELETE_TRANSPORT state enabled commit set addressContext default zone ACCESS_ZONE sipTrunkGroup ACCESS_TG signaling messageManipulation inputAdapterProfile DELETE_TRANSPORT commit
Create a Packet Service Profile (PSP) for the SP side. The PSP will be specified within the SIP Trunk Group Configuration.
set profiles media packetServiceProfile OFFICE_PSP set profiles media packetServiceProfile OFFICE_PSP codec codecEntry1 G711-default set profiles media packetServiceProfile OFFICE_PSP rtcpOptions rtcp enable set profiles media packetServiceProfile OFFICE_PSP preferredRtpPayloadTypeForDtmfRelay 101 set profiles media packetServiceProfile OFFICE_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable commit
Create an IP Signaling Profile (IPSP) for the SP side. The IPSP will be specified within the SIP Trunk Group Configuration.
set profiles signaling ipSignalingProfile OFFICE_IPSP set profiles signaling ipSignalingProfile OFFICE_IPSP commonIpAttributes flags includeReasonHeader enable set profiles signaling ipSignalingProfile OFFICE_IPSP commonIpAttributes flags sendPtimeInSdp enable set profiles signaling ipSignalingProfile OFFICE_IPSP commonIpAttributes flags sendRtcpPortInSdp enable set profiles signaling ipSignalingProfile OFFICE_IPSP egressIpAttributes flags disable2806Compliance enable set profiles signaling ipSignalingProfile OFFICE_IPSP egressIpAttributes transport type1 tlsOverTcp set profiles signaling ipSignalingProfile OFFICE_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable set profiles signaling ipSignalingProfile OFFICE_IPSP commonIpAttributes relayFlags notify enable set profiles signaling ipSignalingProfile OFFICE_IPSP commonIpAttributes transparencyFlags mwiBody enable set profiles signaling ipSignalingProfile OFFICE_IPSP egressIpAttributes redirect flags forceRequeryForRedirection enable set profiles signaling ipSignalingProfile OFFICE_IPSP commonIpAttributes flags routeUsingRecvdFqdn enable commit
The below configuration is for a Sonus 52x0 system using a single port for Internal connectivity.
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName IOTNEXUS portName pkt1 ipAddress 182.74.182.205 prefix 24 set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled commit
This Zone groups the set of objects that are used for the communication to Skype for Business. Configure the domain name and assign DNS server to the zone.
set addressContext default zone OFFICE_ZONE id 3 set addressContext default zone OFFICE_ZONE domainName vm.interopdomain.com commit
A SIP Signaling port is a logical address permanently bound to a specific zone which is used to send and receive SIP call signaling packets.
set addressContext default zone OFFICE_ZONE id 2 sipSigPort 2 ipInterfaceGroupName LIF2 ipAddressV4 182.74.182.205 portNumber 5060 transportProtocolsAllowed sip-tls-tcp set addressContext default zone OFFICE_ZONE id 2 sipSigPort 2 state enabled mode inService commit
Create a SIP Trunk Group towards SP side and assign the Profiles configured above.
set addressContext default zone OFFICE_ZONE sipTrunkGroup OFFICE_TG media mediaIpInterfaceGroupName LIF2 set addressContext default zone OFFICE_ZONE sipTrunkGroup OFFICE_TG signaling honorMaddrParam enabled set addressContext default zone OFFICE_ZONE sipTrunkGroup OFFICE_TG policy media packetServiceProfile OFFICE_PSP set addressContext default zone OFFICE_ZONE sipTrunkGroup OFFICE_TG policy signaling ipSignalingProfile OFFICE_IPSP set addressContext default zone OFFICE_ZONE sipTrunkGroup OFFICE_TG downstreamForkingSupport enabled set addressContext default zone OFFICE_ZONE sipTrunkGroup OFFICE_TG signaling rel100Support enabled set addressContext default zone OFFICE_ZONE sipTrunkGroup OFFICE_TG services dnsSupportType a-only set addressContext default zone OFFICE_ZONE sipTrunkGroup OFFICE_TG ingressIpPrefix 0.0.0.0 0 set addressContext default zone OFFICE_ZONE sipTrunkGroup OFFICE_TG mode inService state enabled set addressContext default zone OFFICE_ZONE sipTrunkGroup OFFICE_TG signaling relayNonInviteRequest enabled set addressContext default zone OFFICE_ZONE sipTrunkGroup OFFICE_TG signaling methods notify allow commit
Create an IP Peer with the Fully-Qualified Domain Name (FQDN) of the end points and assign it to the SP or SKYPE Zone. Assign the path check profile created.
set addressContext default zone OFFICE_ZONE ipPeer OFFICE_IPP policy sip fqdn 8bd26852-6bec-4491-8527-29xx61dxxxx3.um.outlook.com fqdnPort 5060 commit
Create a default route to the subnet’s IP next hop for the interface and IP Interface Group.
set addressContext default staticRoute 207.46.58.250 32 182.74.182.193 LIF2 PKT1_V4 preference 100 set addressContext default staticRoute 8.8.8.8 32 182.74.182.193 LIF2 PKT1_V4 preference 100 set addressContext default staticRoute 0.0.0.0 0 182.74.182.193 LIF2 PKT1_V4 preference 100 commit
DNS Groups set DNS objects that may be used for DNS resolution within a particular Zone.
set addressContext default zone OFFICE_ZONE dnsGroup PUBLIC_DNS set addressContext default dnsGroup PUBLIC_DNS type ip interface LIF2 server PUBLIC_DNS state enabled ipAddress 8.8.8.8 set addressContext default zone OFFICE_ZONE dnsGroup PUBLIC_DNS commit
Create a Routing Label with a single Routing Label Route to bind the SP or SKYPE Trunk Group with the SP or SKYPE IP Peer.
set global callRouting routingLabel OFFICE_RL routingLabelRoute 1 trunkGroup OFFICE_TG ipPeer OFFICE_IPP inService inService commit
Routing must be put in place to send calls to the correct destination. For the purpose of this scenario, we have used number base routing, but additional routing options may be used.
The configuration of both standard and username routes are done to ensure that no matter which way the called party is addressed (a number or username) the SBC will route the message to the Core.
Create Route entries for standard Trunk Group routing with Matching Criteria and a Routing Label destination.
set global callRouting route none Sonus_NULL Sonus_NULL standard 8888884 1 all all ALL none Sonus_NULL routingLabel OFFICE_RL commit
Note: Only difference from previous Section is shown below
Important Note SBX5K does not support MKI. SKYPE_IT tool does not take into account that SBX has not published MKI support in its SDP and still tries to validate SRTP as SRTP with MKI BIT set. As a workaround, we publish MKI support in SDP and use this new debug xrm command to mark MKI bit in outgoing SRTP/SRTCP streams and also factor it for incoming SRTP/ SRTCP streams. This command is to be used only for SKYPE certification or qualification in Customer Labs only. We do not recommend enabling this in production enviroment. admin@pumal% unhide debug Password: ****** #password is sonus1 admin@puma% request sbx xrm debug command "srtpmki enable" [ok][2014-04-01 16:54:17] [edit] MKI Enabled: encLength=1; encValue=0x1; decLength=1 admin@puma%
set system security pki certificate SBC_CERT type local-internal commit
request system security pki certificate SBC_CERT generateCSR csrSub /C=IN/ST=KA/L=Bangalore/O=Sonus/CN=vm.testnetwork.com keySize keySize2K
Note: Follow certification generation procedure given in Appendix A and then copy the SKYPE Server Root Certificate (rootcert.cer) and Microsoft signed SBC Certificate (servercert.pem) into /opt/sonus/external/ folder of SBC
set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES-CM-128-HMAC-SHA1-80 commit
set system security pki certificate ROOT_CERT type remote fileName Root_CERT.cer state enabled commit
set system security pki certificate SBC_CERT fileName servercert.pem state enabled commit
set profiles security tlsProfile TLS_PROF clientCertName SBC_CERT serverCertName SBC_CERT cipherSuite1 rsa-with-3des-ede-cbc-sha cipherSuite2 rsa-with-aes-128-cbc-sha authClient true allowedRoles clientandserver acceptableCertValidationErrors invalidPurpose commit
set profiles media packetServiceProfile SKYPE_PSP secureRtpRtcp cryptoSuiteProfile CRYPT_PROF set profiles media packetServiceProfile SKYPE_PSP secureRtpRtcp flags enableSrtp enable set profiles media packetServiceProfile SKYPE_PSP secureRtpRtcp flags allowFallback disable commit
set profiles signaling ipSignalingProfile SKYPE_IPSP egressIpAttributes transport type1 tlsOverTcp commit
set addressContext default zone SKYPE_ZONE sipSigPort 4 state disabled mode outOfService commit set addressContext default zone SKYPE_ZONE sipSigPort 4 tlsProfileName TLS_PROF commit set addressContext default zone SKYPE_ZONE sipSigPort 4 state enabled mode inService commit
Note: Only additional config required from previous Section is shown below. 1. New Server certification from public CA needs to be imported. 2. Baltimore certificate in pem formate is found in below site. http://certificate.fyicenter.com/319_Root_CA_Baltimore_CyberTrust_Root_CyberTrust_Baltimore_IE.html
set system security pki certificate MicroSoft_CERT type remote fileName GlobalCert.cer state enable commit
set addressContext default zone OFFICE_ZONE sipSigPort 2 state disabled mode outOfService commit set addressContext default zone OFFICE_ZONE sipSigPort 2 tlsProfileName TLS_PROF commit set addressContext default zone OFFICE_ZONE sipSigPort 2 state enabled mode inService commit
These Application Notes describe the configuration steps required for Sonus SBC 5XX0 to successfully interoperate with Skype for Business 2015 and Exchange Unified Messaging. All feature and serviceability test cases were completed and passed with the exceptions/observations noted in Test Results.