Prerequisites

SBC Configuration

This quick start document shows the steps and interlational parameters required to configure a UX to successfully route calls. The configuration process of a UX should always begin with running a wizard; however, the wizard only needs to be run for the very first configuration.

Network Diagram

Figure : Network Diagram

Before Beginning

As a prerequisite to installing the RBA feature, check the following items:

• STUN Setting on the SBC
• Installed ASM Image
• RBA License
• DNS Configuration

STUN Setting

Configure Send STUN Packets to Enabled in the Media | Media System Configuration.

Figure : STUN Setting

RBA Image

Is your ASM running an SBA image compatible with your Lync Server? If you're running Lync 2013, be sure your ASM image is the Lync 2013 SBA image. The Lync 2013 SBA image is available from downloads.net.com.

Under the Tasks Tab | Application Solution Module | Reinitialize the pull-down selection will supply the possible images currently available on your ASM. Update your ASM images if you are implementing Lync Server 2013 and there is no Lync 2013 image available on your ASM.

Figure : Reinitialization

Check the RBA License

Verify that your SBC is licensed for the RBA feature.

Figure : Check RBA License

 

DNS Configuration

Add both SBCs to the DNS server. In the example, SBC2000 is the HQ SBC and SBC1000 is the remote network SBC. The DNS server is configured only with the LAN-side IP addresses of these nodes, 10.1.1.74 and 10.1.2.71, respectively.

Add the FQDNs and IP addresses for nodes that are part of the RBA feature:

• Remote-network SBC
• HQ SBC
• HQ ASM
• Lync Server

Figure : DNS Configuration

Lync Server Topology Configuration

The remote-network SBC must be added to the Lync Topology. Follow these steps:

• Open the Topology Builder
• Add a new Branch Site
• Add the SBC as a PSTN Gateway

Open the Lync Topology Builder

1. Start the Topo Builder

   Figure : Start Topology Builder

    

    

    

2. Enter Login Credentials

   Figure : Login Credentials

   

    

    

3. Download the Topology

   Figure : Download Topology

   

    

    

4. Specify a Filename

   Figure : Specify Filename

   

    

    

5. Confirm Changes

   Figure : Confirm

   

New Branch Site

Add a new Branch Site. In the example, Taveuni is the new remote branch.

1. Right-click on Branch Sites and select New Branch Site

   Figure : New Branch Site

   

    

    

2. Enter the remote site identity

   Figure : Remote Site Identity

   

    

    

3. Configure the site details

   Figure : Site Details

   

    

    

New PSTN Gateway

Add sbc1000.sbc.net as Taveuni's PSTN Gateway.

Figure : New PSTN Gateway

Figure : Define PSTN Gateway

Figure : Define IP Address

Figure : Define Root Trunk

Publish

Finally, Publish the newly configured topology.

Figure : Publish Topology

Figure : Publishing Wizard Complete

 

Lync Server Configuration

Create a new Site Voice Policy

1. Click New

   Figure : New

   

    

    

2. Add a Site Policy

   Figure : Add Site Policy

   

    

    

3. Select the remote site you just added to the Lync topology.

   Figure : Select Remote Site

   

    

    

4. Add a new PSTN Usage

   Figure : Add PSTN Usage

    

    

    

5. Supply a Name and Add a Route

   Figure : Name and Route

   

    

    

6. Configure a call route pattern

   Figure : Configure Call Route Pattern

    

    

    

7. Add a Trunk

   Figure : Add Trunk

   

    

    

8. Choose the newly added remote-network SBC

   Figure : Select Trunk

   

    

    

9. Click OKat each of the configuration layers

   Figure : Configuration Level 1

   

   Figure : Configuration Level 2

   

   Figure : Configuration Level 3

   

    

Commit New Site Voice Policy

Commit the changes to the Voice Policy

1. Click the Commit pulldown and Commit All

   Figure : Commit All

   

    

    

2. Click OK.

   Figure : OK Configuration Settings

   

Verify Route and PSTN Usage

Verify the Route and PSTN Usages were added properly in the previous steps.

1. In the top navigation bar, click Route. Ensure that the route was added.

   Figure : Ensure Route Added

   

    

    

2. In the top navigation bar, click PSTN Usage. Ensure that the PSTN Usage was added.

   Figure : Ensure PSTN Usage Added

   

    

Create a User New Dial Plan

Similar to the previous steps, the following configuration adds User templates as opposed to Site templates.
To enable the RBA function, Lync users will have User-level Dial Plans and Voice Policies. The next steps create those policies.

1. Click Dial Plan in the top navigation. Click New_and select _New User Plan.

   Figure : New User Dial Plan

   

    

    

2. Enter the information for your site and click OK.

   Figure : OK Information

   

    

    

Create A New User Voice Policy

Create the Voice Policy that will be used with for the remote-network users.

1. Click Voice Policy in the top navigation. Click New and select User Policy.

   Figure : Voice Policy

   

    

    

2. Fill in the form as shown using information for your particular installation.

   Figure : Fill in Form

   

    

    

3. Click New under Associated PSTN Usages.

   Figure : New Associated PSTN Usages

   

    

Create a New PSTN Usage

Create a PSTN Usage to be used with the User-level policies.

1. Create a New PSTN Usage record.

   Figure : Create PSTN Usage Record

   

    

    

2. Enter your site-specific configuration information.

   Figure : Enter Configuration Information

   

    

    

3. Click Add for Associated Trunk

   Figure : Add Associated Trunk

   

    

    

4. Select the remote-network SBC gateway

   Figure : Select Trunk

   

    

    

5. Click OKfor all the configuration layers.

   Figure : Configuration Level 1

   

    

   Figure : Configuration Level 2

   

   Figure : Configuration Level 3

   

    

    

Commit Changes

Commit the additions to your Lync configuration.

1. Click the Commit pulldown, then select Commit All.

   Figure : Commit All

   

    

    

2. Click OK.

   Figure : OK Configuration Settings

   

    

    

3. Verify the Route was added.

   Figure : Verify Route Added

   

    

    

4. Verify the PSTN Usagewas added.

   Figure : Verify PSTN Usage Added

   

    

Add or Move a User into the New Remote Location

You will need to have a user homed to the remote-network location.

1. Click Users in the left-hand navigation. Enter the name of the user to move to the remote network and click Find.

   Figure : Find User

   

    

    

2. In the Edit pulldown, select Show Details.

   Figure : Show Details

   

    

    

3. Set the Dial Plan and Voice Policy of the user to thos of the remote network Userpolicies.

   Figure : Edit Lync Server User

   

    

Configure the Network Configuration

The Network Configuration controls how the CAC policies are applied. Follow the instructions to properly configure the Lync Network Configuration to interoperate with the RBA 3G4G link changes.

1. Click Network Configuration in the left-hand navigation. Click Global in the top navigation, click the Edit pulldown, and select Show Details.

   Figure : Show Details

   

    

    

2. Ensure that the CAC and Bypass options are selected. Change the settings and commit, if necessary.

   Figure : Edit Global Setting

   

    

    

Create a New Bandwidth Policy

Create a Bandwidth Policy to be used to control the CAC from the RBA function.

1. Click Bandwidth Policy in the top navigation and select New.

   Figure : New Bandwidth Policy

   

    

    

2. Enter the bandwidth specification for your remote network link, then click Commit.

   Figure : Enter Bandwidth Specification

    

   
   

Create a New Region

Create regions to be used with the RBA feature. There will be a region for the HQ, as well as the remote-network.

1. Click Region in the top navigation and select New.

   Figure : New Region

   

    

    

2. Add a record for the remote region and Commit.

   Figure : Remote Region Record

   

    

    

3. Click New to add the second region.

   Figure : Add Second Region

   

    

4. Add a record for the HQ site and Commit.

   Figure : HQ Site Record

    

Create a new Site

Create sites to be used for the RBA function. Again, there will be a HQ site, as well as a remote site.

1. Click Site in the top navigation and select New.

   Figure : New Site

   

    

    

2. Enter the information for your remote site. Click Commit.

   Figure : Remote Site Information

   

    

    

3. Click New and enter the information for your HQ site. Click Commit.

   Figure : HQ Site Information

   

    

Create New Subnets

IP addresses are used by the Lync Server to identify the origin of a Lync client. Create subnet records for both the HQ and remote network sites.

1. Click Subnet in the top navigation and select New.

   Figure : New Subnet

   

    

    

2. Enter the IP network information for the remote network.

   Figure : IP Network Information - Remote Network

   

    

    

3. Click Newand enter the IP network information for the HQ network.

   Figure : IP Network Information - HQ Network

   

    

    

Create a Region Link

Create a Region Link between the sites.

1. Click Region Link in the top navigation and select New.

   Figure : New Region Link

   

    

    

2. Using the pulldowns, select the HQ Region, the Remote Region and the Bandwidth Policy profile you previously created.

   Figure : Select From Pulldowns

   

    

Create a New Region Route

Create a Region Route for the Region Link.

1. Click Region Route in the top navigation and select New.

   Figure : New Region Route

   

    

    

2. Add the Network Regions as shown and add the newly created Region Link.

   Figure : Add Network Regions

   

    

    

Domain Controller Configuration

The RBA ASM computer must be added to the Domain Controller as noted below. The computer must also be added to the RTCUniversalServerAdmins group.

1. On the Domain Controller, open the Server Manager

   Figure : Open Server Manager

   

    

    

2. Add a new computer to Active Directory. You should have already selected a FQDN for the ASM module during the DNS Configuration section.

   Figure : Add new Computer

   

    

    

3. Input the name of the ASM computer

   Figure : Input Name of ASM Computer

    

    

    

4. Add the computer to the RTCUniversalServerAdminsgroup

   Figure : Add Computer

   

    

    

5. Click OK

   Figure : OK User or Group

   

    

    

6. Click OK

   Figure : OK new Object

   

    

    

Configuring the RBA

1. Verify the ASM Board is Available using the Tasks Tab | Operational Statusselection

   Figure : Verify ASM Board

   

    

    

2. Click Setup SBA in the left-hand navigation

   Figure : Setup SBA

   

3. Click the ASM Config Tab and supply the information for your ASM. Click Apply.

   Figure : Apply ASM Information

   

    

    

4. Click the Domain tab and supply the domain information for your network. Click OK. It will take a minutes to add the ASM to the domain and reboot.

   Figure : Domain Tab

   

    

    

5. The Current Activity Panel will show when the domain join and rebooting processes are complete

   Figure : Current Activity Panel

   

    

    

6. Click the Deploy SBA tab and select Prepare SBA. This will install the necessary components for the ASM to process the CAC changes supplied by the remote-network SBC. It will take approximately 30 minutes for the installation to complete.

   Figure : Prepare SBA

   

    

    

IP Routing

Ensuring the WAN and IPsec traffic use the appropriate routes is crucial to successful RBA failover.

SBC 1000 Static Routes

1. Click the Settings Tab and select Static Routes as shown in the diagram

   Figure : Static Routes

   

2. On the remote-network SBC, add a Static IP Route

   Figure : Add Static IP Route

   

    

    

3. Create a default route that points to the WAN interface on the HQ SBC. Set the Metric to 1.

   Figure : Create Default Route - Metric 1

   

    

    

4. Create another default route that points to the IPsec interface on the HQ SBC. Set the Metric to 2.

   Default routes are required for the automated routing failover to function. Only use default routes.

   Figure : Create Default Route - Metric 2

   

    

    

5. Verify the newly added static routes

   Figure : Verify Static Routes

   

    

    

SBC 2000 Static Routes

On the HQ SBC, add specific subnet routes that point to the remote-network. One route should use the remote-network SBC's WAN connection (metric 1), the other should point to the Internet gateway (metric 2).

• When the WAN is up, the WAN-specific route to the remote-network will be used.
• When the WAN is down, the default Internet router will be used to send the traffic via the 3G4G carrier network.

Figure : Static IP Route Table

SIP Server Tables and Signaling Groups

Configure the SIP Servers and Signaling Groups for both HQ and remote-network SBCs.

SBC 1000 SIP Server Table

1. Click SIP Server Tablesin the left-hand navigation

   Figure : SIP Server Tables

   

    

    

2. Add a SIP Server Table

   Figure : Add SIP Server Table

   

    

    

3. Enter a description and click Apply.

   Figure : Apply Description

   

    

    

4. Click the newly added SIP Server Table

   Figure : Click New SIP Server Table

    

    

    

5. Enter the information for the HQ SBC

   Figure : HQ SBC Information

    

    

    

SBC 1000 Signaling Groups

1. Click Signaling Groupsin the left-hand navigation. Add a Signaling Group for the HQ SBC.

   Figure : Signaling Groups

   

    

    

2. Add the information to the newly added SG.

   Figure : Add SG Information

    

    

    

SBC 2000 SIP Server Table

1. On the HQ SBC, add a SIP Server Table that points to the remote-network SBC

   Figure : Add SIP Server Table

   

    

    

SCB 2000 Signaling Groups

1. On the HQ SBC, add a Signaling Group that points to the remote-network SBC

   Figure : Add Signaling Group

   

    

    

2. On both SBCs, ensure that the Signaling Groups come Up

   Figure : Ensure Signaling Groups Come Up - SBC 1000

    

   Figure : Ensure Signaling Groups Come Up - SBC 2000

   

    

    

Verification

Verifying Routing

On the HQ SBC, verify that the Routing Table shows the route to the remote network using the WAN IP address of the remote SBC. In this case, the route to 10.1.2.0 (remote network) uses the remote SBC's 134.56.242.16 as the gateway.

Figure : Routing Table

Testing Connectivity over the WAN Link

Using a Command Prompt window from a PC on the remote network.

• Ping the FQDN of the remote SBC. It should return remote-side private IP address (10.1.2.71 in this example).

  C:\Users\Administrator.SBC>ping sbc1000.sbc.net
  
  Pinging sbc1000.sbc.net [10.1.2.71] with 32 bytes of data:
  Reply from 10.1.2.71: bytes=32 time<1ms TTL=64
  Reply from 10.1.2.71: bytes=32 time<1ms TTL=64
  
  Ping statistics for 10.1.2.71:
      Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 0ms, Maximum = 0ms, Average = 0ms
  

• Then ping the FQDN of the HQ SBC. It should return the IP address on the private side of the HQ network (10.1.1.74 in the example, not134.56.242.15)

  C:\Users\Administrator.SBC>ping sbc2000.sbc.net
  
  Pinging sbc2000.sbc.net [10.1.1.74] with 32 bytes of data:
  Reply from 10.1.1.74: bytes=32 time=1ms TTL=63
  Reply from 10.1.1.74: bytes=32 time<1ms TTL=63
  

• Ping the FQDN of the Lync Server
• Ping the FQDN of the Domain Controller
• Ping the FQDN of the DNS Server
• Ping the FDQN of the RBA

All the returned IP addresses must be on the private-side of the HQ network (e.g. 10.1.1.x)

From a PC on the HQ side of the network

• Ping the FQDN of the Remote SBC. It should return a remote LAN IP address.

  C:\Users\Administrator>ping sbc1000.sbc.net
  
  Pinging sbc1000.sbc.net [10.1.2.71] with 32 bytes of data:
  Reply from 10.1.2.71: bytes=32 time=5ms TTL=63
  Reply from 10.1.2.71: bytes=32 time=3ms TTL=63
  Reply from 10.1.2.71: bytes=32 time=3ms TTL=63
  Reply from 10.1.2.71: bytes=32 time=3ms TTL=63
  
  Ping statistics for 10.1.2.71:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 3ms, Maximum = 5ms, Average = 3ms
  

• Ping a PC on the remote LAN. Check that the default router on the remote LAN PC is set to the (remote) SBC's LAN interface address (10.1.2.71 in the example).

Test a Lync to Lync Call

At this point you should be able to call Lync-to-Lync over the WAN.

Creating the IPsec Tunnel

Use the following steps to configure an IPsec tunnel between the remote and HQ SBCs.

SBC1000 IPsec Configuration

The following steps configure the remote SBC to generate an IPsec tunnel to the HQ SBC when the WAN is down.

1. Click IPsec | Tunnel Tablein the left-hand navigation.

   Figure : Tunnel Table

   

    

    

2. Add a Tunnel Table

   Figure : Add Tunnel Table

   

    

    

3. Enter the configuraton information for your IPsec tunnel.

• The Local Subnet Address must be programmed with IP information for the remote network.

• The Remote Subnet Addressmust be programmed with IP information for the HQ network.

  Figure : Enter Configuration Information

  

   

   

SBC2000 IPsec Tunnel Configuration

The following steps configure the HQ SBC to receive an IPsec tunnel from the remote SBC when the WAN is down.

1. Configure an IPsec tunnel on the HQ SBC with information appropriate to your network. On the HQ SBC, the Local Subnet Address is the HQ network, the Remote Subnet Addressis the remote network subnet(s).

   Figure : Create IPsec Tunnel Entry

    

    

    

Verification

In this section you will test the IPsec tunnel to ensure connectivity exists when the WAN link is down.

Preparing for Verification

1. Pull the cable from the WAN port on the Remote SBC. You must pull the cable from the WAN port on the Remote SBC for this verification step. Downing the WAN port results in automatically disabling the WAN IP route.

2. Manually remove the WAN Route from the HQ SBC

   Figure : Remove WAN Route

   

    

    

3. On the Remote SBC, use the refresh button to verify the Service Status is Link Up.

   Figure : Verify Service Status

   

    

    

4. The Signaling Groups should come back up after the IPsec tunnel is esablished.

   Figure : Signaling Groups - SBC 1000

    

   Figure : Signaling Groups - SBC 2000

   

Verifying PC Connectivity

1. From a remote LAN PC, ping the FQDN of the HQ SBC. Note that the Round Trip Time (time) is much longer than that for the ping over the WAN link.

   root@sbc1000:~# ping sbc2000.sbc.net
   PING sbc2000.sbc.net (10.1.1.74) 56(84) bytes of data.
   64 bytes from 10.1.1.74: icmp_req=1 ttl=64 time=76.2 ms
   64 bytes from 10.1.1.74: icmp_req=2 ttl=64 time=75.4 ms
   ^C
   --- sbc2000.sbc.net ping statistics ---
   2 packets transmitted, 2 received, 0% packet loss, time 1000ms
   

1. Make a Lync call from between remote and HQ lync clients. The clients should ring and answer.

Re-add the HQ SBC WAN Route

Before proceeding, replace the HQ SBC WAN route to the remote SBC.

Figure : Create Static IP Route Entry

 

Configuring for Automated Switchover

With the successful testing of the static IPsec tunnel, it is time to make the tunnel dynamic so that the 3G4G link is only used activated when the WAN is down.

1. Modify the Remote SBC IPsec Tunnel Activation to Link Monitor Action and click OK.

   Figure : Modify Tunnel Activation

   

    

    

SBC 1000 CAC Profiles

The CAC profiles are transmitted to the Lync Server via the HQ SBC when the WAN transitions link states.

Create the CAC Profiles on the Remote SBC

1. Click WAN in the left-hand navigation and select CAC Profiles.

   Figure : CAC Profiles

   

    

    

2. Create a profile for the WAN up situation. Set the bandwidths according to your desired WAN link configuration and capacity. Click Applywhen finished.

   Figure : Create Profile for WAN Up

   

    

    

3. Now, create a CAC profile for WAN down. Setting the Bandwidth State to Disabledresults in any HQ<>remote-network calls being routed over the PSTN.

   Figure : Create CAC Profile for WAN Down

   

    

    

SBC 1000 Link Monitor Configuration

The Link Monitors provide the ability for the remote SBC to know whether the WAN is up and available.'

1. Click Link Monitor Configuration

   Figure : Link Monitor Configuration

   

    

    

2. Add a monitor to monitor the public IP interface of the HQ SBC and click Apply.

   Figure : Monitor Public IP Interface

   

    

    

3. Add a monitor to monitor the 3G4G router port. Associate this Link Monitor with the IPsec Tunnel you recently created. With this link activated (due to WAN down), the IPsec tunnel will be automatically started.

   Figure : Monitor 3G4G Router Port

   

    

    

Verification

Verify the following tables on the remote SBC

Figure : Verify CAC Profile Table

Figure : Verify Link Monitor Configuration Table

SBC 2000 Link Monitor Configuration

Configure a Link Monitor on the HQ SBC in order that it may dynamically adjust its internal routing table when the WAN link switches. The Link Monitor is configured to monitor the WAN side only.

1. Create a fake CAC entry. This entry will be ignored for purposes of bandwidth adjustment.

   Figure : Create Fake CAC Entry

   

    

    

2. Create a Link Monitor that monitors the WAN interface of the remote SBC.

   Figure : Create Link Monitor

   

    

    

Verification

Verify the condition of the routes and IPsec links.

WAN Link Up

HQ SBC

With the WAN link up, the HQ SBC routing table and Link Monitor should resemble the following.

Figure : HQ SBC Routing Table

Figure : HQ SBC Link Monitor

Remote SBC

1. With the WAN link up, the remote SBC's routing table should point to the WAN interface on the HQ SBC.

   Figure : Routing Table - Point to WAN Interface

   

    

    

2. The Link Monitor Table should be Readyon the WAN link

   Figure : Link Monitor Table - Ready

   

    

    

3. The IPsec tunnel should be Link Down

   Figure : IPsec Tunnel - Link Down

   

    

    

Lync Server

Verify the Lync Bandwidth Profile using the Bandwidth Policy Service Monitor, which is installed as a component of the optional Lync Server Resource Kit (available from the Microsoft Lync Server website).

1. Open Windows Explorer to C:\Program Files\Microsoft Lync Server 2013\ResKit\BandwidthPolicyServiceMonitor and select PDPMonUI.exe.

   Figure : Select PDPMonUI.exe

   

    

    

2. Expand the server name in the left-hand navigation and select the expanded server.

   Figure : Expanded Server Name

   

    

    

3. Click the Topology Infotab

   Figure : Topology Info tab

   

    

    

4. Verify the bandwidth settings are for the WAN up values.

   Figure : Verify Bandwidth Settings

   

    

    

Lync Clients

Test a call between a HQ and Remote Lync client. Calls between HQ and Lync clients should connect directly over the WAN without need for a PSTN connection.

WAN Link Down

Downing the WAN Link should result in the following status. With the WAN link down, verify your implementation to the following:

HQ SBC Status

1. On the HQ SBC, the WAN Link Monitor should show down and the IPsec tunnel up.

   Figure : Link Monitor Service Status

   

   Figure : IPsec Tunnel Service Status

   

    

    

Remote SBC Status

On the Remote SBC, the Link Monitor should show the 3G4G link up, the WAN link down, and the IPsec tunnel up.

Figure : 3G4G Link Up and WAN Link Down

Figure : IPsec Tunnel Link UP

Lync Server

Within two or three minutes, the Bandwidth Policy should automatically update to the WAN down bandwidth values.

Figure : Bandwidth Policy Update

Lync Clients

Test a call between a HQ and Remote Lync client. In the WAN down condition, you should be able to call between HQ and Remote Lync clients. The calls should utilize the PSTN connection between the SBCs.

Setting the Remote SBC to TLS

The remote SBC must beconfigured to TLS/SRTP in order for the remote Lync clients to send calls over the PSTN during a 3G4G failover. The following steps will assist you in configuring the Lync Server and remote SBC for TLS/SRTP.

1. On the Lync Server, start the Topology Builder and Edit Properties for the remote site Trunk.

   Figure : Edit Properties

   

    

    

2. Change the port and configuration to support TLS as shown.

   Figure : Change Port and Configuration

   

    

    

3. Publish the topology.

   Figure : Publish Topology

   

    

    

Certificate for the SBC

Certificates are required for TLS/SRTP functionality. The following steps will assist you in installing certificates on the remote SBC.

1. Click the Taskstab.

   Figure : Tasks Tab

    

    

    

2. Click Lync Setupin the left-hand navigation

   Figure : Lync Setup

   

    

    

3. Obatin the root certificate from your network administrator and copy it to your PC. From the webui, click Import Trusted CA Certificateas shown.

   Figure : Import Trusted CA Certificate

   

    

    

4. Set the Mode to File Upload and Browseto find the file containing the root certificate.

   Figure : CA Certificate File Upload

   

    

    

5. Click OKto import the root certificate.

   Figure : Import Root Certificate

   

    

    

6. Click the Generate CSRto generate a certificate request for the SBC. You will send this certificate request to be signed by the your certificae authority.

   Figure : Generate CSR

   

    

    

7. Copy and paste the certificate request into a file and send it to your root certificate authority for signing.

   Figure : Result

   

8. When the signed certificate is returned, click the Sonus SBC Certificatetab and import the certificate.

   Figure : Import Certificate

   

    

    

9. Set the Mode to File Upload and Browseto find the file containing the SBC certificate.

   Figure : SBC Server Certificate File Upload

    

    

    

10. Verify the SBC and root certificates

    Figure : Sonus SBC Certificate

    

    Figure : Trusted CAs

    

     

     

Setting the SIP Server and Signaling Group for TLS/SRTP

1. On the remote SBC, set/create the Lync Server SIP Server as shown.

   Figure : Set/Create Lync Server SIP Server

   

    

    

2. Set/create a Lync Server Signaling Group as shown.

   Figure : SIP Signaling Group Details

    

    

    

3. The Lync Server Signaling Group should come up

   Figure : Lync Server Signaling Group - Up

   

    

    

RBA Data Flows

WAN Up Flow

Figure : WAN Up Flow

WAN Down Instant Message Flow

Figure : WAN Down Instant Message Flow

WAN Down Lync-to-Lync Call Flow

Figure : WAN Down Lync-to-Lync Call Flow

1. As an IP router, the SBC forwards the SIP request from the remote Lync to the Lync Server
2. Lync server sends a SIP request to the remote SBC (as a SIP --> PSTN gateway)
3. Remote SBC dials the HQ SBC via PSTN
4. HQ SBC (as a SIP Gateway) sends a SIP request to the Lync server
5. Lync Server sends SIP Request to the HQ Lync client
6. Remote Lync client audio bypasses directly to the remote SBC.

Troubleshooting

This section contains troubleshooting tips and suggests for various issues that may arise during RBA implementation.

Prepare SBA not run

A wireshark trace which shows an exception due to an unrecognized cmdlet is likely due to the Prep SBA function not being executed. Review the Configuring the RBA section of this document.

Figure : Prep SBA Function Not Executed

RBA computer not a member of RTCUniversalServerAdmins group

Should the CAC bandwidths fail to change when the active link is switched between the WAN and the 3G4G link and this message appears in the RBA system Event Log, then the RBA computer (ASM) is not a member of the RTCUniversalServerAdmins group. See the Domain Controller Configuration section of this document.

Syslog message: LOCAL0.ERR: SymComms.ExecutePowerShell: Exception occured Cannot open database "xds" requested by the login. The login failed.\r\nLogin failed for user 'SBC\RBA1$'.. Could not connect to SQL server : [Exception= 

A gpresult comamnd run from directly from the RBA computer (ASM) which shows that the computer is not a member of the RTCUniversalServerAdmins group.

C:\Users\Administrator>gpresult /R

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 4/5/2013 at 9:07:11 AM

RSOP data for SBC\Administrator on RBA1 : Logging Mode
-------------------------------------------------------

OS Configuration: Member Server
OS Version: 6.1.7601
Site Name: Default-First-Site-Name
Roaming Profile: N/A
Local Profile: C:\Users\Administrator
Connected over a slow link?: No

COMPUTER SETTINGS
------------------
CN=rba1,CN=Computers,DC=sbc,DC=net
Last time Group Policy was applied: 4/5/2013 at 8:06:36 AM
Group Policy was applied from: demo4.sbc.net
Group Policy slow link threshold: 500 kbps
Domain Name: SBC
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups
-------------------------------------------------------
System Mandatory Level
Everyone
BUILTIN\Users
NT AUTHORITY\SERVICE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
BITS
CertPropSvc
EapHost
hkmsvc
IKEEXT
iphlpsvc
LanmanServer
MMCSS
MSiSCSI
RasAuto
RasMan
RemoteAccess
Schedule
SCPolicySvc
SENS
SessionEnv
SharedAccess
ShellHWDetection
wercplsupport
Winmgmt
wuauserv
LOCAL
BUILTIN\Administrators

Service Status Stays Yellow

Check the routing table on the remote SBC. The remote SBC must use default routes (0.0.0.0/0) rather than network routes.

Figure : Link Monitor Configuration Table

Figure : Route Table With No Default Routes

OPTIONS with Carrier's IP address

If the HQ SBC receives OPTIONS with the 3G4G carrier's source IP address, then the configured routing or hosts are incorrect. Make sure that the SBC are configured to use only the LAN interface addresses.

[2012-04-04 17:01:32,550] 4202 0031 com.sonus.sbc.sip DEBUG (TransportLayer.cpp:810) - DataReadCB: Received message on [134.56.242.15]:5060 from [166.137.185.63]:34539 size=469, data: 0x2beb24, current chunk: 0
[2012-04-04 17:01:32,550] 4203 0030 com.sonus.sbc.sip TRACE (SipMessage.cpp:98) - SipMessage: ctor msg 0x320918 35789
[2012-04-04 17:01:32,551] 4204 002f com.sonus.sbc.sip TRACE (MessageHeader.cpp:301) - decodeLite: headerType=Via, commaDetection=1
[2012-04-04 17:01:32,551] 4205 002e com.sonus.sbc.sip TRACE (SipMessage.cpp:634) - decodeHeaders: SIP message Header type Allow
[2012-04-04 17:01:32,551] 4206 002d com.sonus.sbc.sip TRACE (SipMessage.cpp:634) - decodeHeaders: SIP message Header type Call-ID
[2012-04-04 17:01:32,551] 4207 002c com.sonus.sbc.sip TRACE (SipMessage.cpp:634) - decodeHeaders: SIP message Header type Content-Length
[2012-04-04 17:01:32,551] 4208 002b com.sonus.sbc.sip TRACE (SipMessage.cpp:634) - decodeHeaders: SIP message Header type CSeq
[2012-04-04 17:01:32,551] 4209 002a com.sonus.sbc.sip TRACE (SipMessage.cpp:634) - decodeHeaders: SIP message Header type From
[2012-04-04 17:01:32,551] 4210 0029 com.sonus.sbc.sip TRACE (SipMessage.cpp:634) - decodeHeaders: SIP message Header type Max-Forwards
[2012-04-04 17:01:32,551] 4211 0028 com.sonus.sbc.sip TRACE (SipMessage.cpp:634) - decodeHeaders: SIP message Header type Supported
[2012-04-04 17:01:32,551] 4212 0027 com.sonus.sbc.sip TRACE (SipMessage.cpp:634) - decodeHeaders: SIP message Header type To
[2012-04-04 17:01:32,551] 4213 0026 com.sonus.sbc.sip TRACE (SipMessage.cpp:634) - decodeHeaders: SIP message Header type User-Agent
[2012-04-04 17:01:32,551] 4214 0025 com.sonus.sbc.sip TRACE (SipMessage.cpp:634) - decodeHeaders: SIP message Header type Via
[2012-04-04 17:01:32,551] 4215 0024 com.sonus.sbc.sip DEBUG (SipMessage.cpp:1202) - decodedLength:469 decoded 0x320918:
[2012-04-04 17:01:32,551] 4216 0023

OPTIONS sip:sbc2000.sbc.net:5060 SIP/2.0
Allow: INVITE, ACK, CANCEL, BYE, UPDATE, NOTIFY, OPTIONS, REFER, REGISTER
Call-ID: call-71280200-0000-0010-0C13-0@10.1.2.71
Content-Length: 0
CSeq: 123 OPTIONS
From:  <sip:Anonymous@10.1.2.71:5060>;tag=8638f210-1
Max-Forwards: 70
Supported: replaces,update,100rel
To:  <sip:Anonymous@sbc2000.sbc.net:5060>
User-Agent: SONUS SBC1000/2000 3.0.0v222 UX
Via: SIP/2.0/UDP 10.1.2.71:5060;branch=z9hG4bK-UX-8638-f210-0180


[2012-04-04 17:01:32,552] 4217 0022 com.sonus.sbc.sip TRACE (sipApplication.cpp:1264) - tlDataReceived: No errors found. Processing message.
[2012-04-04 17:01:32,552] 4218 0021 com.sonus.sbc.sip TRACE (sipSignalingGroup.cpp:1522) - {SG(1) 0x30b808} CanAccept: Reject msg: call=1, transport=0, filter=0 localPort=0
[2012-04-04 17:01:32,552] 4219 0020 com.sonus.sbc.sip DEBUG (sipSignalingGroupConfig.cpp:713) - getBestSubnet: 166.137.185.63 - 0.0.0.0
[2012-04-04 17:01:32,552] 4220 001f com.sonus.sbc.sip DEBUG (sipSignalingGroupConfig.cpp:713) - getBestSubnet: 166.137.185.63 - 166.137.185.63
[2012-04-04 17:01:32,552] 4221 001e com.sonus.sbc.sip DEBUG (sipSignalingGroupConfig.cpp:713) - getBestSubnet: 166.137.185.63 - 0.0.0.0

RBA Command Working Properly

This wireshark trace shows a properly working cmdlet to change the CAC bandwidth policies.

Figure : Wireshark Trace

rev 0.2