In this section:
Ribbon recommends using the Transparency Profile to configure transparency on the SBC Core for new deployments, as well as applying additional transparency configurations to existing deployments. Do not use IP Signaling Profile flags in these scenarios because the flags will be retired in upcoming releases. Refer to the SBC SIP Transparency Implementation Guide for additional information.
Microsoft Lync Video Relay
Microsoft (MS) Lync 2013 introduces support for H.264-UC open standard video codec, and enables point-to-point video from Lync endpoints to non-Lync endpoints. With this capability, MS Lync 2013 supports establishing video sessions with other devices that are capable of supporting H.264-UC codec.
MS Lync 2010 supports the older standard codec H.263 which is commonly supported by video devices; however, it is not supported by MS Lync 2013.
The two methods to route video from Lync 2013 are following:
- Static route (via FQDN)
- Non-Lync endpoint registers directly to Lync server
Lync 2010 and Lync 2013 expects STUN/ICE connectivity to be completed before initiating video stream.
The SBC interworks with a Microsoft Lync 2010 or 2013 client by enabling the SIP trunk group iceLync
flag (see SIP Trunk Group - Services - CLI, SIP Trunk Group - Media - CLI for details). When flag is enabled, the SBC relays (passes through) MS Lync video sessions. A Video call originating from Lync typically includes multi-part/alternative content with two SDPs. SBC uses a second SDP to establish the audio/video call.
Lync-capable endpoints such as Polycom RPG clients simulate the Lync endpoint behavior for Presence (it initiates a “SERVICE” method). This and its 200OK response back from Lync needs to be relayed through the SBC. Lync uses BENOTIFY method which is also relayed. Offer/Answer SDP during the STUN connectivity phase includes TCP-ACT attribute for the server reflexive candidates. This is derived from the UDP host candidates. Upon completion of the STUN connectivity checks, the final offer SDP that is sent by the SBC, which includes the “remote-candidate” attribute for remote media IP and the “a=candidate” attribute for local media IP.
Using sRTP for Media
If sRTP is used for media between the SBC and the Lync endpoint (as well as for normal sRTP configuration), configure the SBC to add the lifetime parameter to the crypto attribute for the sRTP-encrypted media streams when it sends SDP toward the endpoint. An example SMM configuration to accomplish this is provided below.
% set profiles signaling sipAdaptorProfile CRYPTO rule 1 criterion 1 type message message messageTypes responseAll % set profiles signaling sipAdaptorProfile CRYPTO rule 1 criterion 2 type messageBody messageBody condition regex-match regexp string "a=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:.{40}" numMatch match set profiles signaling sipAdaptorProfile CRYPTO rule 1 action 1 type messageBody operation regappend from type value value "|2^31" % set profiles signaling sipAdaptorProfile CRYPTO rule 1 action 1 to type messageBody messageBodyValue all % set profiles signaling sipAdaptorProfile CRYPTO rule 1 action 1 regexp string "a=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:.{40}" matchInstance all
Call Scenarios
The SBC supports the following call scenarios for MS Lync Video Relay:
- Lync call which starts out as audio and then adds a video stream. In this situation the ICE processing occurs on the newly-added video stream with media being cut-through successfully.
- Lync call which starts out as audio and video and then downgrades to an audio only stream. In this case, the ICE is successfully completed for both audio and video streams. Once the video stream is removed, the audio stream remains unaffected. The SBC ceases all ICE activity on what was previously the video stream.
- The SBC redirects a non-Lync leg of a call toward a Lync endpoint. In this case the ICE processing occurs on the redirected leg and media is cut through appropriately to the Lync endpoint.
- The SBC handles call hold and resume on streams that are established with Lync ICE.
- The SBC interoperates with a Lync 2013 Endpoint offering IPv6 and or IPv4 addresses and Lync 2010 endpoints offering IPv4 addresses for media. The SBC does not support offering both IPv4 and IPv6 addresses at this time.
How to Configure MS Lync Video Relay
The following example procedure configures the SBC for MS Lync-Video relay.
Enable transparency for following headers.
Supported, Contact, Server% set profiles services transparencyProfile LYNC sipHeader <supported | contact | server>
Unknown header, From, To, Unknown body, requestURI, userAgentHeader% set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags unknownHeader enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags unknownBody enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags fromHeader enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags toHeader enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags requestURI enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes transparencyFlags userAgentHeader enable
- Configure the following in IP signaling profile:
Enable “DisableHostTranslation”, INFO relay
% set profiles signaling ipSignalingProfile LYNC commonIpAttributes flags disableHostTranslation enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes flags sendRtcpPortInSdp enable % set profiles signaling ipSignalingProfile LYNC commonIpAttributes relayFlags info enable
Disable “Privacy”
% set profiles signaling ipSignalingProfile LYNC egressIpAttributes privacy flags includePrivacy disable
Enable STUN Support on SIP trunk group facing Lync or Lync-capable endpoints.
% set addressContext a1 zone ACCESS sipTrunkGroup LYNC_TG services natTraversal iceSupport iceLync
Enable Video and RTCP in packet service profile.
% set profiles media packetServiceProfile LYNC_PSP videoCalls maxVideoBandwith 8000 % set profiles media packetServiceProfile LYNC_PSP rtcpOptions rtcp enable
Disable
rel100Support
flag on the Lync facing the SIP trunk group.% set addressContext a1 zone ACCESS sipTrunkGroup LYNC_TG signaling rel100Support disabled
Enable
SuppressEmptyFragments
flag in the TLS profile.% set profiles security tlsProfile nbstls suppressEmptyFragments enabled
To relay unknown DSP attributes for the trunk group, enable
sdpAttributesSelectiveRelay
flag.% set addressContext a1 zone ACCESS sipTrunkGroup LYNC_TG media sdpAttributesSelectiveRelay enabled
To configure sRTP for the Packet Service Profile of the trunk group facing Lync.
% set profiles media packetServiceProfile Lync_PSP secureRtpRtcp flags allowFallback "enable" enableSrtp "enable" resetROCOnKeyChange "disable" resetEncDecROCOnDecKeyChange "disable" updateCryptoKeysOnModify "disable" set profiles media packetServiceProfile Lync_PSP secureRtpRtcp cryptoSuiteProfile DEFAULT
How to Configure MS Lync/Skype for Remote Desktop Sharing
The following steps are performed to configure MS Lync/Skpe for business desktop sharing:
- Configuring Basic Lync for Media
- Setting the non-RTP Media Bandwidth
- Enabling Application Sharing on Ingress and Egress Sip Trunk Group
- Enabling SBC TCP Client Role on Ingress and Egress Sip Trunk Group
- Call Detail Status
Configuring Basic Lync for Media
To configure basic Lync for media, refer to the section How to Configure MS Lync Video Relay.
Once the base configuration is applied to enable support for Lync desktop sharing in the SBC, configure the following parameters and flags:
Setting the non-RTP Media Bandwidth
% set system media dedicatedBWForNonRTPMedia 10
- The non-RTP media value must be set as non zero.
The value indicates the percentage of RTP bandwidth (which is 95% of overall bandwidth) allocated for application share calls. The value is calculated based on the number of expected application share calls, which is initiated either from Lync clients or from the other third-party applications.
- The bandwidth for Lync initiated application share call is around 500Kbps.
- The bandwidth for remote desktop sessions from UC servers, which are the result of video stream to remote desktop conversion can use more than 1MB data.
Enabling Application Sharing on Ingress and Egress Sip Trunk Group
To configure the parameter lyncshare
on ingress and egress Sip Trunk Group, execute the following commands:
% set addressContext default zone ZONE3 sipTrunkGroup TG_ingress media lyncShare enabled % set addressContext default zone ZONE3 sipTrunkGroup TG_egress media lyncShare enabled
Enabling SBC TCP Client Role on Ingress and Egress Sip Trunk Group
To configure the parameter iceTcpRole
on ingress and egress Sip Trunk Group, execute the following commands:
% set addressContext default zone ZONE3 sipTrunkGroup TG_ingress services natTraversal iceSupport iceLync iceTcpRole passive % set addressContext default zone ZONE3 sipTrunkGroup TG_egress services natTraversal iceSupport iceLync iceTcpRole passive
Call Detail Status
The new stats TCP/LYNC/APPSHARE is added to the media streams of call detail status.
> show status global callDetailStatus callDetailStatus 4 { mediaStreams audio,video,UDP/BFCP,video; state Stable; callingNumber ""; calledNumber ""; addressTransPerformed none; origCalledNum ""; scenarioType SIP_TO_SIP; callDuration 221072; mediaType passthru; associatedGcid1 4; associatedGcid2 4; associatedGcidLegId1 1; associatedGcidLegId2 0; ingressSessionBandwidthkbps 269; egressSessionBandwidthkbps 269; ingressMediaStream1LocalIpSockAddr "10.32.114.1/ 1062 (rtcp: 1063)"; ingressMediaStream1RemoteIpSockAddr "10.128.99.157/ 3230 (rtcp: 3231)"; egressMediaStream1LocalIpSockAddr "10.33.5.141/ 1066 (rtcp: 1067)"; egressMediaStream1RemoteIpSockAddr "10.128.96.48/ 51564 (rtcp: 51565)"; ingressMediaStream1Security rtp-disabled,rtcp-disabled; egressMediaStream1Security rtp-disabled,rtcp-disabled; ingressMediaStream1Bandwidth 127; egressMediaStream1Bandwidth 127; ingressMediaStream1IceState NONE; egressMediaStream1IceState NONE; ingressDtlsStream1 DISABLED; egressDtlsStream1 DISABLED; ingressMediaStream2LocalIpSockAddr "10.32.114.1/ 1064 (rtcp: 1065)"; ingressMediaStream2RemoteIpSockAddr "10.128.99.157/ 3232 (rtcp: 3233)"; egressMediaStream2LocalIpSockAddr "10.33.5.141/ 1068 (rtcp: 1069)"; egressMediaStream2RemoteIpSockAddr "10.128.96.48/ 51566 (rtcp: 51567)"; ingressMediaStream2Security rtp-disabled,rtcp-disabled; egressMediaStream2Security rtp-disabled,rtcp-disabled; ingressMediaStream2Bandwidth 269; egressMediaStream2Bandwidth 269; ingressMediaStream2IceState NONE; egressMediaStream2IceState NONE; ingressDtlsStream2 DISABLED; egressDtlsStream2 DISABLED; ingressMediaStream3LocalIpSockAddr "10.32.114.1/ 1066"; ingressMediaStream3RemoteIpSockAddr "10.128.99.157/ 3238"; egressMediaStream3LocalIpSockAddr "10.33.5.141/ 1070"; egressMediaStream3RemoteIpSockAddr "10.128.96.48/ 51570"; ingressMediaStream3Security rtp-UnEncrypted; egressMediaStream3Security rtp-UnEncrypted; ingressMediaStream3Bandwidth 0; egressMediaStream3Bandwidth 0; ingressMediaStream3IceState NONE; egressMediaStream3IceState NONE; ingressDtlsStream3 DISABLED; egressDtlsStream3 DISABLED; ingressMediaStream5LocalIpSockAddr "10.32.114.1/ 1070 (rtcp: 1071)"; ingressMediaStream5RemoteIpSockAddr "10.128.99.157/ 3234 (rtcp: 3235)"; egressMediaStream5LocalIpSockAddr "10.33.5.141/ 1074 (rtcp: 1075)"; egressMediaStream5RemoteIpSockAddr "10.128.96.48/ 51568 (rtcp: 51569)"; ingressMediaStream5Security rtp-disabled,rtcp-disabled; egressMediaStream5Security rtp-disabled,rtcp-disabled; ingressMediaStream5Bandwidth 269; egressMediaStream5Bandwidth 269; ingressMediaStream5IceState NONE; egressMediaStream5IceState NONE; ingressDtlsStream5 DISABLED; egressDtlsStream5 DISABLED; iceCallTypes ing-lcl-NONE,ing-rmt-NONE,eg-lcl-NONE,eg-rmt-NONE; } callDetailStatus 524292 { mediaStreams TCP/LYNC/APPSHARE; state Stable; callingNumber ""; calledNumber ""; addressTransPerformed none; origCalledNum ""; scenarioType SIP_TO_SIP; callDuration 220758; mediaType passthru; associatedGcid1 524292; associatedGcid2 524292; associatedGcidLegId1 1; associatedGcidLegId2 0; ingressSessionBandwidthkbps 0; egressSessionBandwidthkbps 0; ingressMediaStream1LocalIpSockAddr "10.33.5.141/ 42589 (rtcp: 42589)"; ingressMediaStream1RemoteIpSockAddr "10.128.96.48/ 43131 (rtcp: 43131)"; egressMediaStream1LocalIpSockAddr "10.33.5.141/ 1029 (rtcp: 1029)"; egressMediaStream1RemoteIpSockAddr "10.128.99.168/ 5358 (rtcp: 5359)"; ingressMediaStream1Security rtp-Encrypted; egressMediaStream1Security rtp-UnEncrypted; ingressMediaStream1Bandwidth 0; egressMediaStream1Bandwidth 0; ingressMediaStream1IceState ST_ICE_COMPLETE; egressMediaStream1IceState ST_ICE_COMPLETE; ingressDtlsStream1 DISABLED; egressDtlsStream1 DISABLED; iceCallTypes ing-lcl-FULL-ICE,ing-rmt-FULL-ICE,eg-lcl-FULL-ICE,eg-rmt-FULL-ICE; } [ok]