Direct Routing

Walkthrough: Direct Routing with Ribbon Edge (Part 3)

_latentC, , , , Leave a comment

This post is part of a short series that will explore Microsoft Teams Direct Routing; it’s similar to my previous series, but this time, we’re going to use a Ribbon Edge SBC, specifically a SWe Lite.

Pre-requisites

Before proceeding:

  • Ensure you’ve prepared the environment; see Part 1 for details of the setup in my environment
  • Ensure you’ve configured the SBC; see Part 2 for details of this

Connect to Microsoft Teams

  • Install the Teams PowerShell Module by entering the following at a PowerShell prompt:

Install-Module -Name Microsoft Teams

  • Enter Y to install the NuGet provider:

  • Enter Y to install the module:

  • Connect to Microsoft Teams by entering the following:

Connect-MicrosoftTeams

  • Enter your credentials at the Sign in prompt and click Next:

  • Enter your password and click Sign in:

  • The cmdlet should complete successfully and a Tenant ID shown:

Configure Microsoft Teams Enterprise Voice

  • Note: the following assumptions are made for this section:
    • A user called User01 is defined in Azure AD
    • User01 is licensed for Microsoft Teams and Microsoft Phone System:

  • Define the SBC
    • At the PowerShell prompt, enter the following:

      New-CsOnlinePSTNGateway -Fqdn sbc01.<Domain> -Enabled $true -SipSignalingPort 5061 -MaxConcurrentSessions 5

  • Configure PSTN Usages
    • At the PowerShell prompt, enter the following:

     

Set-CsOnlinePstnUsage -Identity “Global” -Usage @{add=”UK-All”}

  • Configure Voice Routes
    • At the PowerShell prompt, enter the following:

     

New-CsOnlineVoiceRoute -Name “UK-All” -OnlinePstnGatewayList “sbc01.<Domain>” -NumberPattern “.*” -OnlinePstnUsages “UK-All”

  • Configure a Voice Routing Policy
    • At the PowerShell prompt, enter the following:

     

New-CsOnlineVoiceRoutingPolicy -Identity “UK” -OnlinePstnUsages “UK-All”

  • Assign the Voice Routing Policy to a test user
    • At the PowerShell prompt, enter the following:

     

Grant-CsOnlineVoiceRoutingPolicy -PolicyName “UK” -Identity “User01@<Domain>”

  • Enterprise Voice-enable the user and configure a phone number
    • At the PowerShell prompt, enter the following:

     

Set-CsUser -Identity “User01@<Domain>” -EnterpriseVoiceEnabled $true -HostedVoiceMail $true -OnPremLineURI “tel+<TelephoneNumber>

Validation

  • Confirm ITSP Registration [this is likely not applicable to your environment, but is included here for completeness]
    • Navigate to SIP on the Settings tab and select click Contact Registrant Table > ITSP Contact Registrant Table
    • Click the Registration Status link
    • The Registration Status should be Registered

    • If the SBC is not registered to the ITSP, review the Remote Authorization and Remote Registrant Table configuration
  • Confirm the Microsoft Teams and ITSP SIP trunks are up
    • Navigate to Signaling Groups on the Setup tab; both signalling groups should be up:

  • Review the SBC status in the Teams Admin Center
    • Launch the Teams Admin Center and navigate to Voice > Direct Routing; the SBC should show Active for the TLS connectivity status and the SIP options status:

  • Perform an outbound call
    • Launch the Microsoft Teams client, select Calls and enter a PSTN number:

  • Click Call; the call should setup and two-way audio heard

  • You should also be able to make an inbound call; dial the phone number assigned to the Microsoft Teams user from the PSTN and a toast similar to the following should appear:

  • Answer the call and two-way audio should be heard

 

That’s it for this post; in Part 4, we’ll take an in-depth look at media.

Thanks for reading!

Walkthrough: Direct Routing with Ribbon Edge (Part 2)

_latentC, , , Leave a comment

This post is part of a short series that will explore Microsoft Teams Direct Routing; it’s similar to my previous series, but this time, we’re going to use a Ribbon Edge SBC, specifically a SWe Lite.

Pre-requisites

Before proceeding:

  • Ensure you’ve prepared the environment; see Part 1 for details of the setup in my environment
  • Download the SWe Lite image and unzip the files to a local folder

SBC Virtual Machine Setup

  • Launch the Hyper-V Manager and click Import Virtual Machine…:

  • Click Next:

  • Click Browse and navigate to the folder containing the files from the image ZIP file:

  • Click Next:

  • Click Next:

  • Click Next:

  • Select Copy the virtual machine (create a new unique ID) and click Next:

  • Select Store the virtual machine in a different location (if required), set the folders accordingly and click Next:

  • Set the folder for the virtual hard disk and click Next:

  • Click Finish:

  • Rename the Virtual Machine as required
  • Right-click the Virtual Machine and click Settings…
  • Select the first Network Adapter instance and assign the Virtual Switch representing the internal network and click Apply
  • Select the second Network Adapter and assign the Virtual Switch for the management interface and click Apply
  • Select the third Network Adapter and assign the Virtual Switch for the internet interface and click Apply

  • Right-click the Virtual Machine and click Start:

  • Double-click the Virtual Machine to view the console window and note the Admin IP Address:

Initial Setup

Note: the Sonus Edge SBCs have a very effective Wizard which will do a lot of the hard work for you; I’ve purposefully not used the wizard here to give you an idea of the configuration it actually implements.

  • Launch a browser and navigate to the IP address noted in the previous step:

  • Depending on the browser, the connection may be blocked due to the use of HTTP; should this occur, accept the warnings to navigate to the IP address
  • In this environment, the management, internal and untrusted networks have been prepared and each will be assigned a specific interface
  • Populate the following fields:
    • System Information:
      • Network Configuration: Static
      • Hostname: <HostName>
      • Internet Domain: <DomainName>
      • Time Zone: <TimeZone>
      • Country Code: <CountryCode>
    • Remote Log Configuration:
      • Configure Syslog: Yes
      • NTP Server: <NtpServerIpAddress>
      • NTP Server Authentication: Disabled
      • Easy System Configuration
      • Easy Setup: Do Not Launch
    • IP Address
      • Admin IP
        • IPv4 Address: <ManagementIpAddress>
        • Netmask: <ManagementNetMask>
      • Ethernet 1
        • Configure IP: Yes
        • IPv4 Address: <InternalIpAddress>
        • Netmask: <InternalNetMask>
        • Media Next Hop IP: <InternalGateway>
      • Ethernet 2
        • Configure IP: Yes
        • IPv4 Address: <UntrustedIpAddress>
        • Netmask: <UntrustedNetMask>
        • Media Next Hop IP: <UntrustedGateway>
    • Local Users
      • Administrative User
      • Admin User Name: <AdminUserName>
      • Enter Password: <Password>
      • Confirm Password: <Password>
    • Connectivity Information
      • Configure Default Route: No
    • DNS
      • Use Primary DNS: Yes
      • Primary Server IP: <PrimaryDnsServerIpAddress>
      • Use Secondary DNS: No
  • Scroll to the bottom of the page and click OK:

  • Click OK to dismiss the prompt:

  • Connectivity may be lost as the devices admin IP address may have changed; enter the new IP address in the browser address bar and accept any warnings regarding insecure connections
  • Click Enter at the welcome screen:

  • Log on using the previously-entered credentials:

Configure Static Routes

  • Select the Settings tab
  • Navigate to Protocols > IP > Static
    Routes
  • Add a route to internet by clicking Create Static IP Route (the + icon)
  • Enter the following and click OK:
    • Destination IP: 0.0.0.0
    • Mask: 255.255.255.255
    • Gateway: <GatewayIpAddress>
    • Administrative Distance: 10

  • Add a route to the ITSP by clicking Create Static IP Route (the + icon)
  • Enter the following and click OK:
    • Destination IP: <ItspIpAddress>
    • Mask: 255.255.255.255
    • Gateway: 10.0.0.254
    • Administrative Distance: 1

  • There should now be two static route entries:

Public Certificate Configuration

  • Select the Settings tab, navigate to Security > SBC Certificates > Generate SBC Edge CSR and enter the following:
    • Common Name: sbc01.<ExternalDomainName>
    • Subject Alternative Name DNS: sbc01.<ExternalDomainName>
    • ISO Country Code: United Kingdom
    • Key Length: 2048 bits

  • Click OK
  • Copy the resulting text to the clipboard:

    …and save the text to a file, e.g. sbc01.<ExternalDomainName>.csr

  • Submit the CSR to the external CA and download the certificate once issued
  • Open the Root CA certificate in notepad and copy the contents to the clipboard
  • Navigate to Security > SBC Certificates > Trusted CA Certificates and click the Import Trusted CA Certificate Icon (the Up arrow)
  • Paste the contents of the clipboard into the Paste Base64 Certificate field and click OK:

  • Click OK at the prompt:

  • Repeat for the Intermediate CA certificate, if required
  • Open the issued certificate in notepad and copy the contents to the clipboard
  • Navigate to Security > SBC Certificates > SBC Primary Certificate and click Import
  • Paste the contents of the clipboard into the Paste Base64 Certificate field and click OK:

  • Click OK at the prompt:

  • The certificate will be imported:

Baltimore Certificate Configuration

  • Microsoft Teams Direct Routing requires the installation of the Baltimore root and intermediate certificates; the Microsoft 365 Certificate bundles can here; once downloaded, extract the Baltimore root CA certificate in Base-64 format, open the certificate in notepad and copy the contents to the clipboard
  • Navigate to Security > SBC Certificates > Trusted CA Certificates and click the Import Trusted CA Certificate icon (the Up arrow)
  • Paste the contents of the clipboard into the Paste Base64 Certificate field and click OK:

  • Click OK to dismiss the prompt:

Define the O365 TLS Profile

  • Navigate to Security on the Settings tab and select TLS Profiles
  • Click Create TLS Profile (the + icon)
  • Enter the following and click OK:
    • Description: O365 TLS Profile
    • TLS Protocol: TLS 1.2 Only
    • Validate Client FQDN: Disabled

Media Configuration

Define the Media System Configuration

  • Navigate to Media on the Settings tab and select Media System Configuration
  • Note: the port range is arbitrary, configure as per your requirements
  • Enter the following and click Apply:
    • Port Range
      • Start Port: 30000 (arbitrary)
      • Number of Port Pairs: 5

Define the Media Profiles

  • Navigate to Media on the Settings tab and select Media Profiles
  • Click Create
    Media
    Profile > Voice Codex Profile
  • Two default profiles exist for G.711 A-law and G.711 mu-law; modify their descriptions if you require and add two additional profiles for SILK
  • Enter the following and click OK:
    • Description: Wideband SILK
    • Codec: SILK
    • Bandwidth: Wideband
    • Payload Type: 104

  • Repeat for SILK Narrowband with a Payload Type of 103:

Define the SRTP Profile

  • Navigate to Media on the Settings tab and select SDES-SRTP Profiles
  • Click Create SDES-SRTP Profile (the + icon)
  • Enter the following and click OK:
    • Description: O365 SRTP Profile
    • Operation Option: Required

Define the O365 Media List

  • Navigate to Media on the Settings tab and select Media List
  • A default Media List exists; modify this entry as follows and click Apply:
    • Description: O365 Media List
    • Media Profile List: (order the profiles using the Up and Down buttons)
      • SILK Wideband
      • SILK Narrowband
      • G711 A-Law
      • G711 mu-Law
    • SDES-SRTP Profile: O365 RTP Profile

Define the ITSP Media List

  • Click Create Media List (the + icon)
  • Enter the following and click OK:
    • Description: ITSP Media List
    • Media Profiles List:
      • G.711 A-Law
      • G.711 mu-Law

Reconfigure the Tone Table

  • Navigate to Tone
    Tables on the Settings tab and select the Default Tone Table
  • Note: the following configuration is specific to the UK; for other regions, please consult a service such as 3am Systems’ world tone database
  • Update the Tone Table’s description as required
  • Modify the Ringback entry as follows and click Apply:
    • Frequency
      • Frequency 1: 400
      • Amplitude 1: -16
    • Cadence
      • Cadence On: 400
      • Cadence Off: 200
    • Double Cadence
      • Double Cadence: Yes
      • Cadence On: 400
      • Cadence Off: 2000

  • Modify the Congestion entry as follows and click Apply:
    • Frequency
      • Frequency 1: 400
      • Amplitude 1: -14
      • Configure Frequency 2: No

Configure ITSP Authorisation

Note: The ITSP I’m using requires authorisation; this step may not be applicable to your scenario

Define the Remote Authorisation Table

  • Navigate to SIP on the Settings tab and select Remote Authorization Table
  • Click Create Remote Authorization Table (the + icon)
  • Enter the following and click OK:
    • Description: ITSP Remote Authorisation Table

  • Select the newly-created Remote Authorisation Table and click the Create SIP Remote Authorization Entry (the + icon)
  • Enter the following and click OK:
    • Authentication ID: <ItspUsername>
    • Password: <Password>
    • Confirm Password: <Password>

Define the Contact Registrant Table

  • Navigate to SIP on the Settings tab and select Contact
    Registrant
    Table
  • Click Create
    Contact
    Registrant Table (the + icon)
  • Enter the following and click OK:
    • Description: ITSP Contact Registrant Table

  • Select the newly-created Contact Registrant Table and click the Create SIP Contact Registrant (the + icon)
  • Enter the following and click OK:
    • Type of Address of Record: Remote
    • Address of Record URI: <ItspUsername>
    • Click Create SIP Contact (the + icon)
  • Enter the following and click OK:
    • Description: ITSP Contact Registrant Table
    • Contact URI Username: <ItspUsername>

Configure SIP

Define the O365 SIP Profile

  • Navigate to SIP on the Settings tab and select SIP Profiles
  • Click Create SIP Profile (the + icon)
  • Enter the following and click OK:
    • Description: O365 SIP Profile
    • Header Customization
      • FQDN in From Header: SBC Edge FQDN
      • FQDN in Contact Header: SBC FQDN
    • Options Tags
      • 100 rel: Not Present
      • SDP Customization
      • Origin Field Username: sbc01.<domain>

Define the ITSP SIP Profile

  • Navigate to SIP on the Settings tab and select SIP Profiles
  • Click Create
    SIP
    Profile (the + icon)
  • Enter the following and click OK:
    • Description: ITSP SIP Profile
    • Session Timer
    • Session Timer: Disable

Define the O365 SIP Server

  • Navigate to SIP on the Settings tab and select SIP Server Tables
  • Remove the Default
    SIP
    Server entry
  • Click Create
    SIP Server Table (the + icon)
  • Enter the following and click OK:
    • Description: ITSP SIP Profile

  • Select the newly-created SIP Server Table and select Create SIP Server > IP/FQDN
  • Enter the following and click OK:
    • Server Host
      • Host FQDN/IP: sip.pstnhub.microsoft.com
      • Port: 5061
      • Protocol: TLS
      • TLS Profile: O365 TLS Profile
    • Transport
      • Monitor: SIP Options
      • Connection Reuse
      • Sockets: 6
  • Create two additional entries for sip2.pstnhub.microsoft.com (priority 2) and sip3.pstnhub.microsoft.com (priority 3)

Define the ITSP SIP Server

  • Navigate to SIP on the Settings tab and select SIP Server Tables
  • Click Create
    SIP
    Server Table (the + icon)
  • Enter the following and click OK:
    • Description: ITSP SIP Profile

  • Select the newly-created SIP Server Table and select Create SIP Server > IP/FQDN
  • Enter the following and click OK:
    • Server Host
      • Host FQDN/IP: <ItspEndpointFqdn>
      • Port: 5060
      • Protocol: UDP
    • Transport
      • Monitor: SIP Options
      • Remote Authorization and Contacts
      • Remote Authorization Table: ITSP Remote Authorization Table

Core Configuration

Create O365 Transformation Table

  • Navigate to Call Routing on the Settings tab and select click Transformation
  • Remove the Default Passthrough Untouched entry
  • Click Create (the + icon)
  • Enter the following and click OK:
    • Description: From O365

  • Select the newly-created Transformation Table and click Create (the + icon)
  • Enter the following and click OK:
    • Description: Passthrough
    • Match Type: Mandatory (Must Match)
    • Input Field
      • Value: (.*)
    • Output Field
      • Value: \1

Create ITSP Transformation Table

  • Navigate to Call Routing on the Settings tab and select click Transformation
  • Click Create (the + icon)
  • Enter the following and click OK:
    • Description: From ITSP

  • Select the newly-created Transformation Table and click Create (the + icon)
  • Enter the following and click OK:
    • Description: Passthrough
    • Match Type: Mandatory (Must Match)
    • Input Field
      • Value: (.*)
    • Output Field
      • Value: \1

Create O365 Call Routing Table

  • Navigate to Call Routing on the Settings tab and select click Call Routing Table
  • Remove the Default
    Route Table entry
  • Click Create (the + icon)
  • Enter the following and click OK:
    • Description: From O365

Create ITSP Routing Table

  • Navigate to Call Routing on the Settings tab and select click Call Routing Table
  • Remove the Default Route Table entry
  • Click Create (the + icon)
  • Enter the following and click OK:
    • Description: From ITSP

Create O365 Signalling Group

  • Navigate to Signaling Groups on the Settings tab and select click Add SIP SG
  • Enter the following and click OK:
    • Description: O365 Signalling Group
    • SIP Channels and Routing
      • Call Routing Table: From O365
      • No. of Channels: <MaxChannelCount>
      • SIP Profile: O365 SIP Profile
      • SIP Server Table: O365 SIP Server
      • Load Balancing: Register All
    • Media Information
      • Supported Audio Modes: DSP, Proxy, Direct
      • Supported Video/Application Modes: None
      • Play Ringback: Auto on 180/183
      • Tone Table: UK Tone Table
      • Early 183: Enable
      • RTCP Multiplexing: Enable
    • Listen Ports:
      • Row 1
        • Port: 5061
        • Protocol: TLS
        • TLS Profile ID: O365 TLS Profile
    • SIP IP Details
      • Teams Local Media Optimization: Disable
      • Signaling/Media Source IP: <O365Interface>
      • ICE Support: Enabled
      • Outbound NAT Traversal: Static NAT
      • NAT Public IP (Signaling/Media): <PublicIpAddress>
    • Federated IP/FQDN
      • Row 1
        • IP/FQDN: sip.pstnhub.microsoft.com
        • Netmask/Prefix: 255.255.255.255
      • Row 2
        • IP/FQDN: sip2.pstnhub.microsoft.com
        • Netmask/Prefix: 255.255.255.255
      • Row 3
        • IP/FQDN: sip3.pstnhub.microsoft.com
        • Netmask/Prefix: 255.255.255.255

Create ITSP Signalling Group

  • Navigate to Signaling Groups on the Settings tab and select click Add SIP SG
  • Enter the following and click OK:
    • Description: ITSP Signalling Group
    • SIP Channels and Routing
      • Call Routing Table: From ITSP
      • No. of Channels: <MaxChannelCount>
      • SIP Profile: ITSP SIP Profile
      • SIP Server Table: ITSP SIP Server
    • Media Information
      • Supported Audio Modes: DSP, Proxy, Direct
      • Media List ID: ITSP Media List
      • Tone Table: UK Tone Table
    • SIP IP Details
      • Outbound NAT Traversal: Static NAT
      • NAT Public IP (Signaling/Media): <PublicIpAddress>
    • Listen Ports:
      • Row 1
        • Port: 5060
        • Protocol: UDP
    • Federated IP/FQDN
      • Row 1
        • IP/FQDN: <ItspEndpointFqdn>
        • Netmask/Prefix: 255.255.255.255

Complete the O365 Call Routing entry

  • Navigate to Call Routing on the Settings tab and select click Call Routing Table
  • Select the From O365 Call Routing
    Table and click Create Routing Entry (the + icon)
  • Enter the following and click OK:
    • Route Details
      • Description: To ITSP
      • Number/Name Transformation Table: From O365
    • Destination Information
      • Destination Signaling Groups: (SIP) ITSP Signalling Group
    • Quality of Service
      • Max. R/T Delay: 9999

Complete the O365 Call Routing entry

  • Select the From ITSP
    Call Routing Table and click Create Routing Entry (the + icon)
  • Enter the following and click OK:
    • Route Details
      • Description: To O365
      • Number/Name Transformation Table: From ITSP
    • Destination Information
      • Destination Signaling Groups: (SIP) O365 Signalling Group
    • Quality of Service
      • Max. R/T Delay: 9999

That’s it for this post; in Part 3, we’ll configure Microsoft Teams.

Thanks for reading!

Walkthrough: Direct Routing with Ribbon Edge (Part 1)

_latentC, , , Leave a comment

This post is part of a short series that will explore Microsoft Teams Direct Routing; it’s similar to my previous series, but this time, we’re going to use a Ribbon Edge SBC, specifically a SWe Lite. The aim is to walk you through a configuration that worked for me so that you can potentially speed up your own deployments. In this first post, we’re going to perform the configuration of the environment; this is a little more demanding than the AudioCodes lab as the Ribbon SBC insists (quite rightly) on having its interfaces in different networks.

Pre-requisites

The environment’s hosted on a PC running Hyper-V and looks a bit like this:

As you can see, we have the SBC with three network interfaces (management, internal, and untrusted) and a Windows Server running the Routing and Remote Access Service (RRAS) for LAN routing.

Hyper-V Configuration

  • To define these networks, right-click the Hyper-V server and select Virtual Switch Manager…

  • Select Internal from the list of virtual switch types and click Create Virtual Switch:

  • Enter an appropriate name for the Virtual Switch for the management leg and click OK:

  • Add a further Virtual Switch for the internal interface:

  • Lastly, rename the existing Virtual Switch:

Routing

  • The lab environment I’m using already has a Domain Controller which also hosts DNS, but because there are multiple networks being configured, we need RRAS to perform the routing
  • A Windows Server VM has been created and configured with an IP address for each of the networks (management, internal, and untrusted)
  • We’re going to add the RRAS role and configure the required features; to do so, launch the Windows Admin Center and select the server:

  • Select Roles & Features, locate and select Routing:

  • Click Install
  • Click Yes at the Continue installation prompt:

  • Click the bell icon to confirm installation:

  • Launch Routing and Remote Access from the Start menu:

  • Right-click the server and select Configure and Enable Routing and Remote Access:

  • Click Next:

  • Select Custom configuration and click Next:

  • Select LAN Routing and click Next:

  • Click Finish:

  • Click Start Service:

  • The service will start: (Check out that dialogue from Windows NT!!)

  • Navigate to the IPv4 node, right click Static Routes and select New Static Route:

  • Enter the appropriate values to create a static route to the internet:

Wireless Router

  • Some configuration of my wireless router was also required; this is obviously specific to my environment, but for completeness, I’ve included it here
  • We need to create two static routes on the Wireless Router to route to the Management and Internal networks:

    Note: it’s critical that the router is able to NAT IP addresses other than those associated with the directly-connected network; my router did not support this by default and so I installed the (pretty impressive) dd-wrt

  • Lastly, we need to configure port forwarding for the inbound SIP and Media traffic

OK, that’s it for pre-requisites. We’ll look at configuring the SBC in part 2.

Thanks for reading!

Walkthrough: Microsoft Teams Direct Routing (Part 5)

_latentC, , , , Leave a comment

This post is part of a series that will explore Microsoft Teams Direct Routing. The aim is to walk you through a configuration that worked for me so that you can potentially speed up your own deployments.

In this fifth post, we’re going to configure Microsoft Teams Local Media Optimization (LMO). Configuring LMO if useful if you have SBCs/PSTN gateways (referred to as the Downstream SBC) providing PSTN connectivity, but it isn’t possible/desirable to also connect them to Office 365. In this configuration, the media from the client flows directly to the Downstream SBC and does not route via the Office 365-connected SBC (referred to as the Proxy SBC). In this way, the media path is optimised.

There are some pre-requisites before getting started:

  • The initial setup of the SBC (see Part 1)
  • The configuration of the SBC (see Part 2)
  • The Microsoft Teams configuration (see Part 3)
  • Ensure you have sufficient capacity to host a second SBC VM
  • Lots of patience (this is quite fiddly)

SBC Setup

  • Perform the base SBC configuration for a second SBC as per the notes in Post 1
  • Configure the internal certificate only as per Post 2

Remove the proxy SBC’s ITSP configuration

Remove the Routes

  • Navigate to SETUP > SIGNALING & MEDIA > SBC > Routing > IP-to-IP Routing
  • Remove the ITSP O365 to ITSP and ITSP to O365 entries

Remove the Allowed Coders Groups

  • Navigate to SETUP > SIGNALING & MEDIA > CODERS & PROFILES > Allowed Audio Coders Groups
  • Remove the O365 entry
  • Remove the ITSP entry

Note: We’ll retain the Coder Group containing G.711 A-law

Remove the ITSP IP Profile

  • Navigate to SETUP > SIGNALING & MEDIA > CODERS & PROFILES > IP Profiles
  • Remove the ITSP entry

Remove the ITSP IP Group

  • Navigate to SETUP > SIGNALING & MEDIA > CORE ENTITIES > IP Groups
  • Remove the ITSP entry

Remove the ITSP Proxy Set

  • Navigate to SETUP > SIGNALING & MEDIA > CORE ENTITIES > Proxy Sets
  • Remove the ITSP entry

Remove the ITSP Media Realm

  • Navigate to SETUP > SIGNALING & MEDIA > CORE ENTITIES > Media Realms
  • Remove the ITSP entry

Remove the ITSP SIP Interface

  • Navigate to SETUP > SIGNALING & MEDIA > CORE ENTITIES > SIP Interfaces
  • Remove the ITSP entry

Reconfigure the Proxy SBC

Configure the internal Media Realm

  • Navigate to SETUP > SIGNALING & MEDIA > CORE ENTITIES > Media Realms
  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Name: Internal
      • Topology Location: Down
      • IP Interface Name: #1 [LAN+MGMT]
      • UDP Port Range Start: <UdpPortRangeStart> (configure this as per your requirements)
      • Number Of Media Session Legs: <SessionLegs> (configure this as per your requirements)

Configure inter-SBC SIP interface

  • Navigate to SETUP > SIGNALING&MEDIA > CORE ENTITIES > SIP Interfaces
  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Name: SBC
      • Topology Location: Down
      • Network Interface: #1 [LAN+MGMT]
      • UDP Port: 0
      • TCP Port: 0
      • TLS Port: 5061
    • MEDIA
      • Media Realm: #1 [Internal]
    • SECURITY
      • TLS Context Name: #1 [Internal]

Configure the inter-SBC Proxy Set

  • Navigate to SETUP > SIGNALING&MEDIA > CORE ENTITIES > Proxy Sets
  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Name: SBC
      • SBC IPv4 SIP Interface: #1 [SBC]
      • TLS Context Name: #1 [Internal]
    • KEEP ALIVE
      • Proxy Keep-Alive: Using OPTIONS

Configure inter-SBC Proxy Addresses

  • Navigate to SETUP > SIGNALING&MEDIA > CORE ENTITIES > Proxy Sets
  • Select the SBC entry, scroll to the bottom of the page and click the Proxy Address 0 items >> link
  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Proxy Address: sbc02.<Domain>.:5061
      • Transport Type: TLS

Reconfigure the O365 IP Profile

  • Navigate to SETUP > SIGNALING&MEDIA > CODERS & PROFILES > IP Profiles
  • Select the 0365 entry and click Edit
  • Enter the following and click APPLY:
    • SBC Signalling
      • Remote Representation Mode: Add Routing Headers
    • SBC Forward and Transfer
      • Remote REFER Mode: Regular
      • Remote 3xx Mode: Transparent

Configure inter-SBC IP Profile

  • Navigate to SETUP > SIGNALING&MEDIA > CODERS & PROFILES > IP Profiles
  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Name: SBC
    • MEDIA SECURITY
      • SBC Media Security Mode: Secured
    • SBC MEDIA
      • Extension Coders Group: #0 [AudioCodesGroup_1]
    • SBC SIGNALING
      • P-Asserted-Identity Header Mode: Add
    • SBC FORWARD AND TRANSFER
      • Remote REFER Mode: Regular
      • Remove Replaces Mode: Standard
      • Remote 3xx Mode: Transparent

Reconfigure IP Groups

  • Navigate to SETUP > SIGNALING&MEDIA > CORE ENTITIES> IP Groups
  • Select the O365 entry and click Edit
  • Enter the following and click APPLY:
    • GENERAL
      • Internal Media Realm: #1 [Internal]
    • SBC ADVANCED
      • Teams Media Optimization Handling: Teams Decides
      • Teams Media Optimization Initial Behavior: Direct Media
      • Call Setup Rules Set ID: 0

  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Name: SBC
      • Proxy Set: #1 [SBC]
      • IP Profile: #2 [SBC]
      • Media Realm: #1 [Internal]
    • SBC GENERAL
      • Classify By Proxy Set: Enable
    • SBC ADVANCED
      • Tags: Site=sbc02.<Domain>
    • MESSAGE MANIPULATION
      • Outbound Message Manipulation Set: 2

Configure Call Setup Rules

  • Navigate to SETUP > SIGNALING&MEDIA > SIP DEFINITIONS > Call Setup Rules
  • Click New
  • Enter the following and click APPLY:
    • CONDITION
      • Condition: Var.Session.0 == ”
    • ACTION
      • Action Subject: Var.Session.0
      • Action Type: Modify
      • Action Value: Header.Request-URI.URL.Host.Name

  • Click New
  • Enter the following and click APPLY:
    • CONDITION
      • Condition: Var.Session.0 != ”
    • ACTION
      • Action Subject: DstTags.Site
      • Action Type: Modify
      • Action Value: Var.Session.0

Configure Message Manipulation Rules

  • Navigate to SETUP > SIGNALING&MEDIA > MESSAGE MANIPULATION > Message Manipulations
  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Index: 0
      • Name: Privacy Header
      • Manipulation Set ID: 2
    • MATCH
      • Condition: Header.Privacy contains ‘id’
    • ACTION
      • Action Subject: Header.Privacy
      • Action Type: Remove

Re-Configure IP-to-IP Call Routing Rules

  • Navigate to SETUP > SIGNALING&MEDIA > SBC > Routing > IP-to-IP Routing
  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Name: O365 to SBC
    • MATCH
      • Source IP Group: O365
    • ACTION
      • Destination Type: Destination Tag
      • Routing Tag Name: Site

  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Name: SBC to O365
    • MATCH
      • Source IP Group: SBC
    • ACTION
      • Destination Type: IP Group
      • Routing Tag Name: O365

Reconfigure the Classification rule

  • Navigate to SETUP > SIGNALING&MEDIA > SBC > Classification
  • Select the O365 entry and click Edit
  • Enter the following and click APPLY:
    • Name: O365 Downstream
    • Destination Host: sbc02.<Domain>

Configure a new Classification rule for OPTIONS

  • Click New
  • Enter the following and click APPLY:
    • Name: O365 Proxy
    • Source IP Address: 52.114.*.*
    • Destination Host: sbc01.<Domain>
    • Message Condition: O365-Contact
    • Action Type: Allow
    • Source IP Group: #0 [O365]

Configure the Downstream SBC

Configure the ITSP Media Realm

  • Navigate to SETUP > SIGNALING&MEDIA > Core Entities
  • Select the existing realm and click Edit
  • Enter the following and click APPLY:
    • GENERAL
      • Name: ITSP
      • Topology Location: Up
      • IP Interface Name: #1 [WAN]
      • UDP Port Range Start: <UdpPortRangeStart> (configure this as per your requirements)
      • Number Of Media Session Legs: <SessionLegs> (configure this as per your requirements)

Configure the Internal Media Realm

  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Name: Internal
      • Topology Location: Down
      • IP Interface Name: #0 [LAN+MGMT]
      • UDP Port Range Start: <UdpPortRangeStart> (configure this as per your requirements)
      • Number Of Media Session Legs: <SessionLegs> (configure this as per your requirements)

Configure ITSP SIP interface

  • Navigate to SETUP > SIGNALING&MEDIA > CORE ENTITIES > SIP Interfaces
  • Select the existing interface and click Edit
  • Enter the following and click APPLY:
    • GENERAL
      • Name: ITSP
      • Topology Location: Up
      • Network Interface: #1 [WAN]
      • UDP Port: 5060
      • TCP Port: 0
    • MEDIA
      • Media Realm: #1 [ITSP]
    • SECURITY
      • TLS Context Name: <Null>

Configure inter-SBC SIP interface

  • Click New
  • Select the existing interface and click Edit
  • Enter the following and click APPLY:
    • GENERAL
      • Name: SBC
      • Topology Location: Down
      • Network Interface: #1 [LAN+MGMT]
      • UDP Port: 0
      • TCP Port: 0
      • TLS Port: 5061
      • Enable TCP Keepalive: Enable
    • MEDIA
      • Media Realm: #1 [Internal]
    • SECURITY
      • TLS Context Name: #1 [Internal]

Configure the ITSP Proxy Set

  • Navigate to SETUP > SIGNALING&MEDIA > CORE ENTITIES > Proxy Sets
  • Select the existing interface and click Edit
  • Enter the following and click APPLY:
    • GENERAL
      • Name: ITSP
      • SBC IPv4 SIP Interface: #1 [ITSP]
    • KEEP ALIVE
      • Proxy Keep-Alive: Using OPTIONS

Configure the inter-SBC Proxy Set

  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Name: ITSP
      • SBC IPv4 SIP Interface: #1 [ITSP]
    • KEEP ALIVE
      • Proxy Keep-Alive: Using OPTIONS

Configure ITSP Proxy Address

  • Select the ITSP entry, scroll to the bottom of the page and click the Proxy Address 0 items >> link
  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Proxy Address: <ItspFqdn> (Configure as per your PSTN provider)
      • Transport Type: UDP
      • Proxy Priority: 0
      • Proxy Random Weight: 0

  • Click the Back button

Configure SBC Proxy Address

  • Select the SBC entry, scroll to the bottom of the page and click the Proxy Address 0 items >> link
  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Proxy Address: SBC01.<Domain>:5061
      • Transport Type: TLS
      • Proxy Priority: 0
      • Proxy Random Weight: 0

Configure ITSP Coder Groups

  • Navigate to SETUP > SIGNALING&MEDIA > CODERS & PROFILES > Coder Groups
  • Select Coder Group Name 0 : AudioCodersGroup_0
  • Confirm the following are set:
    • 1st Entry
      • Coder Name: G.711-Alaw
      • Packetization Time: 20
      • Rate: 64
      • Payload Type: 8
      • Silence Suppression: Disabled

Configure inter-SBC Coder Groups

  • Select Coder Group Name 1 : Does Not exist
  • Enter the following and click APPLY:
    • 1st Entry
      • Coder Name: G.711-Alaw
      • Packetization Time: 20
      • Rate: 64
      • Payload Type: 8
      • Silence Suppression: Disabled

  • Configure ITSP IP Profile
    • Click New
    • Enter the following and click APPLY:
      • GENERAL
        • Name: ITSP
      • MEDIA SECURITY
        • SBC Media Security Mode: Not Secured
      • SBC EARLY MEDIA
        • Remote Early Media RTP Detection Mode: By Signaling
      • SBC MEDIA
        • Extension Coders Group: #0 [AudioCodesGroup_0]
      • SBC SIGNALING
        • P-AssertedIdentity Header Mode: Add
      • SBC FORWARD AND TRANSFER
        • Remote REFER Mode: Handle Locally
        • Remote Replaces Mode: Handle Locally
        • Remote 3xx Mode: Handle Locally

Configure SBC IP Profile

  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Name: SBC
    • MEDIA SECURITY
      • SBC Media Security Mode: Secured
    • SBC EARLY MEDIA
      • Remote Early Media RTP Detection Mode: By Media
    • SBC MEDIA
      • Extension Coders Group: #0 [AudioCodesGroup_1]
      • ICE Mode: Lite
      • RTCP Mode: Generate Always
    • SBC SIGNALING
      • SIP UPDATE SUPPORT: Not Supported
      • Remote reINVITE Support: Supported only with DSP
      • Remote Delayed Offer Support: Not Supported
    • SBC FORWARD AND TRANSFER
      • Remote REFER Mode: Handle Locally
      • Remote Replaces Mode: Handle Locally
      • Remote 3xx Mode: Handle Locally
    • SBC HOLD
      • Remote Hold Format: Inactive

Configure ITSP IP Group

  • Navigate to SETUP > SIGNALING & MEDIA > CORE ENTITIES> IP Groups
  • Select the existing entry and click Edit
  • Enter the following and click APPLY:
    • GENERAL
      • Name: ITSP
      • Topology Location: Up
      • Type: Server
      • Proxy Set: #1 [ITSP]
      • IP Profile: #2 [ITSP]
      • Media Realm: #1 [ITSP]
      • SIP Group Name: sbc02.<Domain>
    • SBC GENERAL
      • Classify By Proxy Set: Enable

Configure SBC IP Group

  • Click New
  • Enter the following and click APPLY:
    • GENERAL
      • Name: SBC
      • Type: Server
      • Proxy Set: #1 [SBC]
      • IP Profile: #2 [SBC]
      • Media Realm: #1 [Internal]
      • SIP Group Name: sbc02.<Domain>

Configure SRTP

  • Navigate to SETUP > SIGNALING&MEDIA > MEDIA > Media Security
  • Enter the following and click APPLY:
    • GENERAL
      • Media Security: Enable

Configure IP-to-IP Call Routing Rules

  • Navigate to SETUP > SIGNALING&MEDIA > SBC > Routing > IP-to-IP Routing
  • Click New
  • Enter the following and click APPLY:
    • 1st rule
      • GENERAL
        • Name: Terminate OPTIONS
      • MATCH
        • Source IP Group: Any
        • Request Type: OPTIONS
      • ACTION
        • Dest Type: Dest Address
        • Destination Address: Internal
    • 2nd rule
      • GENERAL
        • Name: REFER from O365
      • MATCH
        • Source IP Group: Any
        • Call Trigger: REFER
        • ReRoute IP Group: #1 [SBC]
      • ACTION
        • Dest Type: IP Group
        • Dest IP Group: #1 [SBC]
    • 3rd rule
      • GENERAL
        • Name: SBC to ITSP
      • MATCH
        • Source IP Group: #1 [SBC]
      • ACTION
        • Dest Type: IP Group
        • Dest IP Group: #0 [ITSP]
    • 3rd rule
      • GENERAL
        • Name: ITSP to SBC
      • MATCH
        • Source IP Group: #1 [ITSP]
      • ACTION
        • Dest Type: IP Group
        • Dest IP Group: #0 [SBC]

We’ll complete the configuration in the next post in the series.

Thanks for reading!

Walkthrough: Microsoft Teams Direct Routing (Part 4)

_latentC, , Leave a comment

This post is part of a series that will explore Microsoft Teams Direct Routing. The aim is to walk you through a configuration that worked for me so that you can potentially speed up your own deployments.

In this fourth post, we’re going to review the media paths and codecs utilised in various scenarios, having configured Direct Routing in the previous posts.

There are some pre-requisites before getting started:

  • The initial setup of the SBC (see Part 1)
  • The configuration of the SBC (see Part 2)
  • The Microsoft Teams configuration (see Part 3)
  • Install the Skype for Business Online PowerShell module
  • Installed the AudioCodes Syslog tool

Review the SDP

Comparing bypass and non-media bypass calls

Review the SDP with bypass disabled

  • With bypass disabled in the Microsoft Teams SBC configuration, reviewing the SDP in the initial INVITE from O365 shows that the candidates offered to the SBC are in the two IP address ranges Microsoft use for media (52.112.0.0/14 and 52.120.0.0/14 ):

Review the SDP with bypass enabled

  • Next, we enable media bypass so that media flows from the Teams client to the SBC via the Media Processors; issue the following command:
    Set-CsOnlinePSTNGateway -Identity sbc01.<Domain> -MediaBypass $true

  • With bypass now enabled in the Microsoft Teams SBC configuration (and after waiting an unreasonably long time), reviewing the SDP in the initial INVITE from O365 shows that the candidates offered to the SBC include the reflexive address of the SBC:

Compare transcoded vs. non-transcoded calls

Review the codecs listed in the SDP of a non-transcoded call

  • Click on the invite from O365 (in this example, 52.114.75.24)
  • Scroll down and review the SDP; note the range of codecs offered:

  • Next, click on the invite from the SBC to the ITSP (in this example, 27.111.15.65)
  • Note the SDP; with the existing configuration, no transcoding is taking place, so the offered codecs are the same (or thereabouts) as the offer from O365:

  • Next, click the SDP that comes back from the ITSP; note that the SDP only contains G.711 A-law:

  • Lastly, review the SDP sent back to O365; we can see that the negotiated media is G.711 A-law:

Reviewing transcoding

Review the codecs listed in the SDP of a transcoded call

  • Configure the use a defined set of coders
  • Log onto the SBC and navigate to SETUP > SIGNALING&MEDIA > CODERS & PROFILES > Allowed Audio Coders Groups
  • Click New
  • Enter the following and click APPLY:
    • Name: O365

  • Click New
  • Enter the following and click APPLY:
    • Name: ITSP

  • Select the O365 entry and click the Allowed Audio Coders 0 items >> link at the bottom of the page
  • Click New
  • Enter the following and click APPLY:
    • Coder: SILK-NB

  • Repeat for SILK-WB
  • Click the Back arrow
  • Select the ITSP entry and click the Allowed Audio Coders 0 items >> link at the bottom of the page
  • Click New
  • Enter the following and click APPLY:
    • Coder: G.711 A-law

Configure the IP Profiles

  • Navigate to SETUP > SIGNALING&MEDIA > CODERS & PROFILES > IP Profiles
  • Select the O365 entry and click Edit
  • Enter the following and click APPLY:
    • SBC Media
      • Allowed Audio Coders: #0 [O365]

  • Select the ITSP entry and click Edit
  • Enter the following and click APPLY:
    • SBC Media
      • Allowed Audio Coders: #1 [ITSP]

Enable DSP Resources

  • Navigate to SETUP > SIGNALING&MEDIA > SBC > SBC General Settings
  • Enter the following and click APPLY:
    • GENERAL
      • SBC Performance Profile: Optimized for transcoding

  • Click Reset

Review the SDP for codecs

  • Once the SBC is back up, make a call
  • Review the SDP in the initial INVITE from O365, noting the wide range of codecs offered:

  • Review the SDP in the initial INVITE to the ITSP, noting that it contains G.711 A-law only:

  • Review the 183 Session Progress back from the ITSP:

  • And now the 183 Session Progress back to O365:

  • Different codecs are being used for each leg of the call, proving transcoding is functional

Disable Transcoding

Due to a hardware issue (long, boring story), I’m going to disable transcoding again at this point; there’s no need to perform these steps, it’s just so any SDP in future posts makes sense.

Configure the IP Profiles

  • Navigate to SETUP > SIGNALING&MEDIA > CODERS & PROFILES > IP Profiles
  • Select the O365 entry and click Edit
  • Enter the following and click APPLY:
    • SBC Media
      • Allowed Audio Coders: —

  • Select the ITSP entry and click Edit
  • Enter the following and click APPLY:
    • SBC Media
      • Allowed Audio Coders: —

Disable DSP Resources

  • Navigate to SETUP > SIGNALING&MEDIA > SBC > SBC General Settings
  • Enter the following and click APPLY:
    • GENERAL
      • SBC Performance Profile: Optimized for SIP

  • Click Reset

OK, that’s enough for now. In the next post, we’ll take a look at Local Media Optimization (LMO).

Thanks for reading!

Walkthrough: Microsoft Teams Direct Routing (Part 3)

_latentC, , Leave a comment

This post is part of a series that will explore Microsoft Teams Direct Routing. The aim is to walk you through a configuration that worked for me so that you can potentially speed up your own deployments.

In this third post, we’re going to configure Microsoft Teams to enable Direct Routing, having already performed the SBC configuration in Part 1 and Part 2.

There are some pre-requisites before getting started:

  • The initial setup of the SBC (see Part 1)
  • The configuration of the SBC (see Part 2)
  • A functioning Office 365 Tenant
  • Install the Skype for Business Online PowerShell module
  • A user is licensed for Microsoft Teams

Configure Microsoft Teams

Connect to Microsoft Teams

  • Run the following at a PowerShell prompt, entering appropriate credentials at the prompt:
    Import-Module SkypeOnlineConnector
$userCredential = Get-Credential
$sfbSession = New-CsOnlineSession -Credential $userCredential
Import-PSSession $sfbSession

Define the SBC

At the PowerShell prompt, enter the following:

New-CsOnlinePSTNGateway -Fqdn sbc01.<Domain> -Enabled $true -SipSignalingPort 5061 -MaxConcurrentSessions 100

 Configure PSTN Usages

  • At the PowerShell prompt, enter the following:

    Set-CsOnlinePstnUsage -Identity "Global" -Usage @{add="UK-All"}

Configure Voice Routes

  • At the PowerShell prompt, enter the following:

    New-CsOnlineVoiceRoute -Name "UK-All" -OnlinePstnGatewayList "sbc01.<Domain> " -NumberPattern ".*" -OnlinePstnUsages "UK-All"

Configure a Voice Routing Policy

  • At the PowerShell prompt, enter the following:

    New-CsOnlineVoiceRoutingPolicy -Identity "UK" -OnlinePstnUsages "UK-All"

Assign the Voice Routing Policy to a test user

  • At the PowerShell prompt, enter the following:

    Grant-CsOnlineVoiceRoutingPolicy -PolicyName "UK" -Identity "User01@<Domain>"

Enterprise Voice-enable the user and configure a phone number

  • At the PowerShell prompt, enter the following:

    Set-CsUser -Identity "User01@<Domain>" -EnterpriseVoiceEnabled $true -HostedVoiceMail $true -OnPremLineURI "tel:+<TelephoneNumber>"

Validation

Review the SBC Configuration

  • Connect to the SBC by FQDN; no SSL error should be shown:

  • The IP Groups should be green
  • Navigate to MONITOR > MONITOR > VOIP STATUS > Proxy Sets Status
  • Check the STATUS of each of the Proxy Addresses is ONLINE

Review the Teams Admin Center Configuration

  • Launch the Teams Admin Center
  • Navigate to Voice > Direct Routing

  • The SBC defined earlier should be listed
    • The TLS connectivity status should be marked Active; if not, check DNS and the TLS Contexts configuration on the SBC
    • The SIP options status should be marked Active; if not, check DNS and the Proxy Sets configuration on the SBC

Testing

Install the AudioCodes Syslog tool

  • Download the Syslog viewer from AudioCodes
  • Select a machine to install the tool; in my environment, it will be installed on a Windows Server
  • Double-click the syslogViewer-setup file to begin the installation
  • Click Next:

  • Click Next:

  • Click Next:

  • Click Finish:

Configure the SBC to send Syslog data to the Syslog viewer tool

  • Log onto the SBC and navigate to TROUBLESHOOT > LOGGING > Logging Settings
  • Enter the following and click APPLY:
    • SYSLOG
      • Syslog Server IP: <SyslogMachineIpAddress>

Launch the Syslog viewer tool

  • All being well, you should see information from the SBC:

  • If no information is present, you may need to add a firewall rule to allow the traffic

Make a call

  • Log into Microsoft Teams using your test account:

  • Click on the Calls app (in the left-hand rail) and click Dial a number:
  • Enter a phone number and click Call:

  • Answer the call, confirm two-way audio and end the call:

Confirm the syslog can be viewed:

  • Click the ‘snowflake’ icon in the Syslog viewer to stop the log scrolling

  • Click the ‘i‘ icon to show the SIP ladder diagrams:

  • Click the Show calls only checkbox; the call should be displayed:

That’s the basic Microsoft Teams configuration complete. In the next post, we’ll dive into the SDP.

Thanks for reading!