Ribbon Documentation Portal will be unavailable Thursday February 2nd 2023 between 2:00 PM EST ~ 12:00 PM. More Info
Skip to end of metadata
Go to start of metadata

Table of Contents


Document Overview

This document outlines the configuration best practices for the Ribbon QSBC when deployed in Access Network with End Points and BroadSoft with both Hosted and Premise mode. 

Ribbon QSBC ​is a network element deployed to protect​ ​SIP​ based Voice over Internet Protocol​ (VoIP) networks. ​Early deployments of SBCs were focused on the borders between two service provider networks in a peering environment. This role has now expanded to include significant deployments between a service provider's access network and a backbone network to provide service to residential and/or enterprise customers. ​

BroadSoft is a platform for Unified Communications as a Service.


It is not the goal of this guide to provide detailed configurations that will meet the requirements of every customer. Use this guide as a starting point and build the QSBC and BroadSoft configurations in consultation with network design and deployment engineers. 


This is a technical document intended for telecommunications engineers with the purpose of configuring Ribbon QSBCs in Access Deployment with BroadSoft. Steps will require navigating the Product Guide as well as the Operations Guide. Understanding the basic concepts of TCP/UDP, IP/Routing, and SIP/RTP is needed to complete the configuration and any necessary troubleshooting.

This configuration guide is offered as a convenience to Ribbon customers. The specifications and information regarding the product in this guide are subject to change without notice. All statements, information, and recommendations in this guide are believed to be accurate but are presented without warranty of any kind, express or implied, and are provided “AS IS”. Users must take full responsibility for the application of the specifications and information in this guide.

Product and Device Details

The sample configuration in this document uses the following equipment and software:



Software Version

Ribbon Communications

Ribbon QSBCV9.4.0
BroadSoftBroadSoft Network ServerRel_22.0_1.1123
BroadSoft Application Server & MSRel_22.0_1.1123

Network Topology Diagram

This section covers the QSBC deployment topology and the Interoperability Test Lab Topology. 

QSBC Deployment Topology

QSBC Deployment Topology

Interoperability Test Lab Topology

The following lab topology diagram shows connectivity between Broadsoft and Ribbon QSBC.

Interoperability Test Lab Topology

Section A: QSBC Configuration

Default Login Details 

SSH login to the QSBC

QSBC Basic Configuration

1. Create Vnet for both the realms.

cli vnet add v1
cli vnet edit v1 ifname eth2 primary-gateway x.x.x.x
cli vnet add v2
cli vnet edit v2 ifname eth3 primary-gateway y.y.y.y

Replace "x.x.x.x" with the SBC's Ethernet interface (eth) Gateway IP address (example eth2 IP) and "y.y.y.y" with the SBC's Ethernet interface (eth) Gateway IP address (example eth3 IP).

2. Create the realm and associate it to the Vnet created above.

cli realm add ACCESS
cli realm edit ACCESS vnet v1 rsa x.x.x.x mask y.y.y.y emr alwayson imr alwayson medpool 1
cli realm add CORE
cli realm edit CORE vnet v2 rsa c.c.c.c mask y.y.y.y emr alwayson imr alwayson medpool 2

Replace "x.x.x.x" with the SBC's Ethernet interface (eth) IP address (example eth2 IP), and "y.y.y.y" with its netmask.

Provide mediapool id configured in mdevices.xml (example medpool 1).

Replace "c.c.c.c" with the SBC's Ethernet interface (eth) IP address (example eth3 IP), and "y.y.y.y" with its netmask.

Provide mediapool id configured in mdevices.xml (example medpool 2).

3. Create the endpoints.

The endpoints can be created dynamically or statically.

The endpoint in QSBC for the real phones are created dynamically, hence the following configuration should be done. 

nxconfig.pl -e obp -v 1
nxconfig.pl -e allow-dynamicendpoints -v 1

The Broadsoft Application server and Network server will be added as static endpoints. The static endpoints can be created as follows.

cli iedge add proxy1 1
cli iedge edit proxy1 1 realm CORE type sipproxy sip enable static x.x.x.x contact x.x.x.x:p
cli iedge add proxy2 1
cli iedge edit proxy2 1 realm CORE type sipproxy sip enable static y.y.y.y contact y.y.y.y:p

Replace "x.x.x.x" with Broadsoft Network server ip and p with port. Replace "y.y.y.y" with BroadSoft Application server Ip and "p" with port info.

We can have two different  "p" for the same endpoint if using two different port values.

4. Add calling plan and calling route with QSBC peer to peer mode (will not be needed for hosted scenario).

cli cp add cp1
cli cr add cr1
cli cr edit cr1 dest 240720 prefix 240720 calltype dest
cli cp add cp1 cr1              

DNS Configuration

1. Clear the DNS cache.

systemctl restart named
nxconfig.pl -e dnscacheinterval 0

2. Configure QSBC For SRV Query only at endpoint level.

cli iedge edit proxy2 <uport> locatingsipserver SRV
cli iedge edit proxy1 <uport> locatingsipserver SRV

Where proxy2 is Broadsoft Application server endpoint name and proxy1 is Network server endpoint name with <uport> as 1.

3. Create a zone file to resolve the Ip's of Broadsoft Application server and Broadsoft Network server.

Example for DNS zone file with SRV record:

$TTL 3600

@ IN SOA InDns06.broadsoft.com. root.broadsoft.com. (
2019080909 ; Serial number (yyyymmdd-num)
8H ; Refresh
2M ; Retry
4W ; Expire
1D ) ; Minimum
IN NS InDns06

as.ipv4 A

as.ipv6 AAAA 0::0

InDns06 A t.t.t.t

ns1 A z.z.z.z
broadsoft.com IN A x.x.x.x
broadsoft.com IN A y.y.y.y
;;as A x.x.x.x
;;@ IN 60 NS broadsoft.com.

;; IN A x.x.x.x
_sip._udp.ns1 86400 IN SRV 0 0 5060 ns1
_sip._udp.broadsoft.com. 86400 IN SRV 0 0 5060 broadsoft.com

Replace "x.x.x.x" with Broadsoft Primary Application server Ip and "y.y.y.y" with Broadsoft Secondary Application server IP.

Replace "t.t.t.t" with your DNS IP and "z.z.z.z" with Broadsoft Network server IP.

Replace broadsoft.com with domain name of Broadsoft Application server, and replace ns1 with Broadsoft Network server domain name.

License Upload 

  1. Collect iserverlc file from QSBC team and execute the below command.
    nxconfig.pl -l iserverlc.xml
  2. Restart the SBC using ist;iss;

If issues occur during the license upload, manually copy the license file "iserverlc.xml" to /usr/local/nextone/bin/ location in QSBC, and restart it using "ist;iss".

QSBC - BroadSoft Hosted Scenario Configuration

SBCs must direct SIP requests to the BroadWorks Network Server to determine the hosting Application Server for the user. The Network Server responds to the SBC’s request with a 302 Redirect, and the 302 supplies the Application Server address, hence SBC will send the request to the Application server.

All requests inbound to the SBC from BroadWorks will originate from the Application Server, so the SBC must be configured to accept requests from Application Server address.

The following are the configurations to work in a hosted setup environment, where the initial signal goes to Network Server and then to AS.

1. Create an IEdge group for the Redirect Server using the following command.

 cli igrp add <iedge group name>

With this command, you are adding one IEdge group on your SBC.


<iedge group name> is the name you want to assign to the group you are creating.

2. Assign the Redirect Server endpoint to the IEdge group you just created using the following command.

 cli iedge edit proxy1 <uport> igrp <iedge group name>

where: proxy1 <uport> identifies the Redirect Server endpoint and <iedge group name> identifies the IEdge group you just created for it.

3. For the Application Server endpoint pointed to by the Request-URI in incoming messages, set the netserver_group option to the IEdge group for the Redirect Server using the following command

 cli iedge edit proxy2 <uport> netserver_group <iedge group name>

where: proxy2 <uport> identifies the Application Server endpoint and <iedge group name> is the IEdge group for the Redirect Server to which the incoming.

QSBC - BroadSoft Premise Scenario Configuration

The SBC sends SIP requests directly to the BroadWorks Application Server. All requests inbound to the SBC from BroadWorks originate from the Application Server, so the SBC must be configured to accept requests from Application Server address.

For Premise setup, disable the netserver_group configuration on AS endpoint using the following command:

cli iedge edit <regid> <uport> netserver_group none


Refer to Section C for advanced scenario configuration.

Section B: BroadSoft Configuration

Follow the sequence below to configure BroadSoft.

Accessing Broadsoft - Application Server

Enter the credentials and click login.

User Search

From the Broadsoft home page:

  • Navigate to Profile > Users 
    • This page displays users in a group or department. You can display all users or look for specific users.
  • To display all users: 
    • Click Search
  • To display specific users: 
    • Enter your search criteria and click Search. You can search for users by User ID, Last Name, First Name, Phone Number, Extension, Department, and whether the user is In Trunk Group

Assign Services to the User

Click on Assign Services to assign or un-assign services and service packs for a user. If a service or service pack is unassigned the service data that has been filled out will be lost.

Use this page to display the service packs and individual services available to be assigned to a user.

Using this page, you can also:

  • Assign service packs to a user

  • Un-assign service packs from a user

Ensure all the required services like Authentication and supplementary services like Call Forwarding, Call Transfer, Call Waiting, etc. are assigned to the user.

Enable Authentication

Navigate to Profile > Users > Utilities and select Authentication.

Use this screen to change the user's authentication password. This password is used to authenticate an IP phone, which allows calls to be made over Internet Protocol (IP) based networks.  

The authentication password and username can be different from the system password and user ID that are used at initial system login. While you can choose to use the same name and password for authentication and initial login, they allow access to different services. The password restrictions may differ.

  1. Enter the User Name and Password.
  2. Click Apply.

Handling the Incoming Calls

As required, enable or disable the services to handle the incoming calls by navigating to Profile > Users > Incoming Calls.

This page displays menu items used to handle incoming calls. You can activate or deactivate some services by turning them on or off on the page for the service. To access these pages, click on the link for that service.

Accessing Broadsoft Network Server

Ensure QSBC SipSg IP (configured towards Broadsoft) is allowed in the Network server in order to receive 3xx Redirect response with multiple AS FQDNs in Contact header. Open the browser and enter Broadsoft Network Server IP.

Provide the admin username and password, and click Login.

Allow QSBC Sipsig IP on NS 

Navigate to Network > Routing NEs, and click Add.

This page allows the user to add routing network elements (NEs). Once added, the routing NE appears on the Routing NEs page. 

A routing NE is a network element that provides connectivity to remote networks, for example, the PSTN. A routing NE is a system provider-owned device. It can either be a network gateway or a proxy server used to "front" network gateways.

  1. Provide a name for the Routing NE.
  2. Select the appropriate Routing Profile.
  3. Click Save.

Navigate to Network > Routing NE Addrs, and click Add.

From this screen, add routing network element (NE) addresses. Once added, the routing NE address displays on the Routing NE Addrs screen.

  1. To add, select Routing NE Name created in the previous step from the drop down.
  2. Add Sipsg IP and port.
  3. click Save.

Section C: Scenario Specific Configuration

Execute the following commands to relay SUBSCRIBE messages with Auth header.

cli realm edit <ACCESS REALM> sipauth sub cli realm edit <CORE REALM> sipauth sub

Execute the following commands so that QSBC goes for a SRV query.

cli iedge edit <regid of NS of BSFT> <uport> locatingsipserver SRV
cli iedge edit <regid of AS of BSFT> <uport> locatingsipserver SRV

Take TCP dump to capture DNS query on QSBC.

tcpdump -i any -w "filename.pcap"

Execute the following commands to relay REFER messages with Auth header.

cli realm edit <ACCESS REALM> sipauth refer
cli realm edit <CORE REALM> sipauth refer

Execute the following command to disable the session expires timer.

nxconfig.pl -e sessiontimersupport -v 0

Execute the following command to change the session expires timer and min-sec timer.

nxconfig.pl -e sipsess -v <time in sec>
nxconfig.pl -e sipminse -v <time in sec>

For Network Conference, add the FMM to have FQDN instead of IP in "REFER-TO" header of out going (towards BSFT) REFER message.

File fmmConfiguration.fmm has the following FMM:

cli fmm trigger add check-invite-response-t sip-header
cli fmm trigger edit check-invite-response-t method is("INVITE")
cli fmm trigger edit check-invite-response-t msg.type is("response")
cli fmm trigger edit check-invite-response-t header.name is("Contact")

cli fmm action add check-invite-response-a modify
cli fmm action edit check-invite-response-a check-invite-response-t.uri.hostport ""

cli fmm rule add check-invite-response-r
cli fmm rule edit check-invite-response-r condition check-invite-response-t
cli fmm rule edit check-invite-response-r actions check-invite-response-a

cli fmm profile add check-invite-response-p
cli fmm profile edit check-invite-response-p rules check-invite-response-r

Copy the file “fmmConfiguration.fmm” on Q-SBC let say at /usr/local/nextone/fmm/ fmmConfiguration.fmm

Run the following commands:

cli fmm import fmmConfiguration.fmm
cli realm edit <egress_realm_name> fmm-egress-profile modify_Refer-To-p

Execute the following commands to modify the expires header and min sec header.

nxconfig.pl -e obpxfactor -v <sec>
nxconfig.pl -e age-timeout -v <sec>
nxconfig.pl -e sipminse -v <sec>

Execute the following command to change the port.

cli iedge edit <regid> <uport> contact <URI>:[<port>];

Execute the following command to increase the size of sip message buffer.

nxconfig.pl -e sipmaxmsgsize -v <integer>

Features/Services Supported on QSBC

Sr. No.Features/ServicesSupported
1Basic Registration with Authentication

2Basic Registration with reg-key 

33xx Response handling with maddr

4Basic calls

5CANCEL Scenario

6User Busy

7Session Audit

8Session Timers

9Music on Hold

10Remote Ringback

11Local Ringback followed by Remote Ringback

12Call Forward

13Voice Portal

14Anonymous call: Trusted and Non-trusted endpoint

15Calling Name with Unicode Characters

16DIVERSION Header: Single and Multiple Redirects


18Blind Transfer
19Attended Transfer

20Local Conference

21Network Conference



24Call Waiting

25DNS SRV query

26Video call



Not supported


This detailed reference configuration guide describes the configuration steps for the Ribbon QSBC in Access deployment with Broadsoft Application Server in Hosted and Premise mode.