Ribbon Documentation Portal will be unavailable Thursday February 2nd 2023 between 2:00 PM EST ~ 12:00 PM. More Info

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


CSS Stylesheet
h1, h2, {font-size: 18pt !important;}
h3 {font-size: 16pt !important;}
h4 {font-size: 14pt !important;}
h5 {font-size: 14pt !important;}


CSS Stylesheet
.wiki-content h1 {
border-top: 1px solid rgb(145,150,153);
}


Table of Contents
Panel

Table of Contents
maxLevel3



Noprint

Add_workflow_for_appnotes
AUTH2UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd5909df, userName='null'}
AUTH1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cef10cbb, userName='null'}
REV7UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26ced50c92, userName='null'}
REV6UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd5909df, userName='null'}
REV4UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c8a10148, userName='null'}
REV1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cebf0c50, userName='null'}


Internal_display_only



 

Pagebreak

Overview

This document describes the configuration steps required for the Ribbon SBC Core to successfully interoperate with Microsoft Teams. All feature and serviceability test cases completed and passed successfully.

Info
titleReferences:


Note

You can configuer Ribbon SBC Core using any one of the methods defined under sections A and B depending on your requirements and level of comfort.

Scope

This document provides the Ribbon SBC Core (SWe/5xx0/5400/7000) configuration with Microsoft® Teams for documented products and their versions. This is a general reference document that requires user input during the configuration. For EMA configuration, the screen captures in this document are limited to only the necessary provisioning areas.

This document provides a sample of the Ribbon SBC 5400 configuration used during compliance testing.

Non-Goals

This document does not provide the test case details, success criteria, processes, and execution steps of testing that was performed. Also, this document does not focus on either the PSX configuration or provisioning areas for Microsoft Teams. These non-goals are covered in a separate configuration guide.

Configuration Overview

The following configurations in this document are for reference only. Other configurations are also based on customer requirements.

Pagebreak

Introduction

Microsoft® TAP (Technology Adoption Program) Testing is performed between Microsoft® Teams and the Ribbon’s SBC Core (SWe/5400/5210/5110/7000). This document outlines the configuration, observations, and the overall testing experience with the device under test (DUT).

Audience

This is a technical document intended for telecommunications engineers with the purpose of configuring both the Ribbon SBC and the third-party product.

  • Navigating the third-party product as well as the Ribbon SBC Command Line Interface (CLI) is required. 
  • Understanding the basic concepts of TLS/TCP/UDP, IP/Routing, and SIP/SRTP is also necessary to complete the configuration and any required troubleshooting.

Requirements

The sample configuration uses the following equipment and software:

Caption
0Table
1Requirements
3Requirements


Product

Equipment

Software Version

Ribbon Networks

Ribbon SBC 5400
BMC
BIOS
ConnexIP OS
RibbonDB
EMA
SBX

V06.02.01-F003
V03.16.00-R000
V02.06.00
V05.01.00-F003
V06.02.01-F003 
V06.02.01-F003 
V06.02.01-F003

Third-party Equipment

Microsoft Teams

v.2018.7.3.2 i.ASEA.3

Teams Client1.1.00.28562 

Administration and Debugging Tools

Wireshark2.4.4


 


Reference Configuration

The following figure illustrates the connectivity between the third-party and the Ribbon SBC Core.

 
Caption
0Figure
1High Level Architecture of Deploying Teams
3High Level Architecture For Teams deployment

                                                                       

Image Modified



 


Support

For any questions regarding this document or the content herein, contact your maintenance and support provider.

Third-Party Product Features

Refer to the Microsoft Teams' test plan for complete product features details.

View file
nameDR_SBC_Certification_Program_Partner_Spec_v1.3.pdf
height250

Prerequisites

  • Deploy Microsoft Teams configuration in Office 365 with proper licenses
  • Verify clients have necessary licenses for making an enterprise voice call.
Note

The following commands and configurations are only for reference, other configurations are also based on the customer's requirement.

Pagebreak

Anchor
Section A
Section A
Section A: Configuring with CLI

General Configuration

Codec Entry

Create a Codec Entry with the supported codec and packet size of 20:

Code Block
set profiles media codecEntry G711-default dtmf relay rfc2833
set profiles media codecEntry G711-default packetSize 20
commit


Info

To enable comfort noise, use G711SS-DEFAULT codec profile.


RTCP

Configure the RTCP interval:

Code Block
set system media mediaRtcpControl senderReportInterval 5
commit


SIP Domain

  1. Specify the global SIP Domain name. 
  2. Specify your SBC's FQDN (example: abc.example.com)

Code Block
set global sipDomain SIP.PSTNHUB.MICROSOFT.COM
set global sipDomain SIP2.PSTNHUB.MICROSOFT.COM
set global sipDomain SIP3.PSTNHUB.MICROSOFT.COM
set global sipDomain ABC.EXAMPLE.COM
commit


DSP Resource Allocation

This configuration only applies if the SBC is deployed with (hardware) DSP resources. If this is not the case, executing this configuration step has no negative impact.

Code Block
set system mediaProfile compression 75 tone 25
commit


Note

This configuration is not required for SWe Core 7.2 release onwards.

 


Anchor
LRBT_Profile
LRBT_Profile
LRBT Profile

  1. Create a Local Ringback Tone (LRBT) profile that is attached to the Teams side. 
  2. Enable Dynamic LRBT.
Code Block
set profiles media toneAndAnnouncementProfile LRBT_PROF
set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone signalingTonePackageState enable makeInbandToneAvailable enable
set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags useThisLrbtForIngress enable
set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags dynamicLRBT enable
commit

Microsoft Teams Configuration on SBC

IP Interface Group

Create an IP interface group.

Note

Replace "x.x.x.x" with SBC's packet interface (pkt) IP address towards Teams (example pkt1 IP). 'y' with its prefix length.


Code Block
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName IOTGCM portName pkt1
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ipAddress x.x.x.x prefix Y
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled
commit
 


Zone

Info

This Zone groups the set of objects used for the communication to MS Teams.

Configure the domain name and attach it with appropriate zone.

Code Block
set addressContext default zone TEAMS_ZONE id 4
set addressContext default zone TEAMS_ZONE domainName abc.example.com
commit
 


SIP Signaling Port

Set the SIP Signaling port which is a logical address used to send and receive SIP call signaling packets and is permanently bound to a specific zone. 

Info

The Ribbon SBC Core listens on two ports, one defined under sipSigPort for TCP & UDP and plus one port for TLS to receive incoming traffic.


Note

Replace "x.x.x.x" with SIP Signaling Port IP address towards Teams.


Code Block
set addressContext default zone TEAMS_ZONE id 4 sipSigPort 4 ipInterfaceGroupName LIF2 ipAddressV4 x.x.x.x portNumber 5060 transportProtocolsAllowed sip-tls-tcp
set addressContext default zone TEAMS_ZONE id 4 sipSigPort 4 state enabled mode inService
commit

 

 



Anchor
DNS Group
DNS Group
DNS Group

Create DNS objects for DNS resolution within a particular zone. Use the interface which has public connectivity.

Code Block
set addressContext default dnsGroup EXT_DNS
set addressContext default dnsGroup EXT_DNS type ip interface LIF2 server DNS2 ipAddress 8.8.8.8 state enabled
set addressContext default zone TEAMS_ZONE dnsGroup EXT_DNS
commit
 

 



Anchor
Packet Service Profile (PSP)
Packet Service Profile (PSP)
Packet Service Profile (PSP)

Create a Packet Service Profile (PSP) for the Teams side. The PSP is specified within the SIP trunk group configuration.

Code Block
set profiles media packetServiceProfile TEAMS_PSP
set profiles media packetServiceProfile TEAMS_PSP codec codecEntry1 G711-default
set profiles media packetServiceProfile TEAMS_PSP rtcpOptions rtcp enable
set profiles media packetServiceProfile TEAMS_PSP preferredRtpPayloadTypeForDtmfRelay 101
set profiles media packetServiceProfile TEAMS_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable
set profiles media packetServiceProfile TEAMS_PSP secureRtpRtcp flags enableSrtp enable
set profiles media packetServiceProfile TEAMS_PSP flags ssrcRandomize enable
commit


IP Signaling Profile (IPSP)

Create an IP signaling profile for the Teams side. The IPSP is specified within the SIP trunk group configuration.

Code Block
set profiles signaling ipSignalingProfile TEAMS_IPSP ipProtocolType sipOnly
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags includeReasonHeader enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags includeTransportTypeInContactHeader enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags routeUsingRecvdFqdn enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags sendPtimeInSdp enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags sendRtcpPortInSdp enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags storePChargingVector enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes relayFlags notify enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags publishIPInHoldSDP enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes relayFlags statusCode4xx6xx enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags minimizeRelayingOfMediaChangesFromOtherCallLegAll enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags relayDataPathModeChangeFromOtherCallLeg enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes transparencyFlags mwiBody enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useZoneLevelDomainNameInContact enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useIpSignalingPeerDomainInRequestUri enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes flags disable2806Compliance enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes privacy flags includePrivacy enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes redirect flags forceRequeryForRedirection enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes transport type1 tlsOverTcp 
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useIpSignalingPeerDomainInRequestUri enable
set profiles signaling ipSignalingProfile TEAMS_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable
commit

SIP Trunk Group

Create a SIP Trunk Group for the Teams side and assign the IPSP, PSP and LRBT profiles configured above.

For ingressIpPrefix, replace "x.x.x.x" and "y" with the IP address and prefix length that needs to be allowed from Teams.

Info

Teams SIP Proxy server does not support the Update method and requires a Re-Invite. Teams SIP Proxy Server only supports new RFC for call hold that is a=inactive.


Code Block
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG media mediaIpInterfaceGroupName LIF2
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG signaling honorMaddrParam enabled
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG policy media packetServiceProfile TEAMS_PSP
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG policy signaling ipSignalingProfile TEAMS_IPSP
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG downstreamForkingSupport enabled
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG signaling rel100Support enabled
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG services dnsSupportType a-only
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG ingressIpPrefix X.X.X.X Y
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG signaling relayNonInviteRequest enabled
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG signaling methods update reject
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG policy media toneAndAnnouncementProfile LRBT_PROF
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG mode inService state enabled
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG media sdpAttributesSelectiveRelay enabled
commit

 


Path Check Profile

Create a path check profile that is attached to the Teams side.

Code Block
set profiles services pathCheckProfile Teams_OPTIONS protocol sipOptions sendInterval 20 replyTimeoutCount 1 recoveryCount 1
commit
set profiles services pathCheckProfile Teams_OPTIONS transportPreference preference1 tls-tcp
commit

IP Peer

  1. Create an IP Peer with the Fully-Qualified Domain Name (FQDN) of the endpoints.
  2. Assign the IP Peer to the Teams Zone. 
  3. Assign the path check profile created.
Code Block
set addressContext default zone TEAMS_ZONE ipPeer TEAMS_PEER policy sip fqdn sip.pstnhub.microsoft.com fqdnPort 5060
set addressContext default zone TEAMS_ZONE ipPeer TEAMS_PEER pathCheck profile Teams_OPTIONS 
set addressContext default zone TEAMS_ZONE ipPeer TEAMS_PEER pathCheck profile Teams_OPTIONS hostName sip.pstnhub.microsoft.com hostPort 5060 state enabled
commit


Info

For TLS, the Ribbon SBC Core increments the port number of the IP-Peer with one while sending out any call. Configure a port less what remote peer is listening on. Please note, this is only applicable for TLS protocol.

 


Anchor
SMM to Modify Options Messages
SMM to Modify Options Messages
SMM to Modify Options Messages

 


Note

Microsoft Teams requires the SBC's FQDN in the 'From:' and 'Contact:' header. In below SMM configuration replace;

  1. "user_input1" with SBC's fqdn.
  2. "user_input2" with sipSigPort number plus one (For example, if sipSigPort is configured as 5060 then 'user_input2' will be 5061).
  3. "user_input3" with sipSigPort IP address configured in TEAMS_ZONE.


Code Block
set profiles signaling sipAdaptorProfile Modify_Options state enabled
set profiles signaling sipAdaptorProfile Modify_Options advancedSMM disabled
set profiles signaling sipAdaptorProfile Modify_Options profileType messageManipulation
set profiles signaling sipAdaptorProfile Modify_Options rule 1 applyMatchHeader one
set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 2 type header
set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 2 header
set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 2 header name Contact
set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 type header
set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 operation regsub
set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 from
set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 from type value
set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 from value "<sip:user_input1:user_input2;transport=tls>"
set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 to
set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 to type header
set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 to value Contact
set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 regexp
set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 regexp string .*
set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 regexp matchInstance all
set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 1 type message
set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 1 message
set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 2 type header
set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 2 header
set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 2 header name From
set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 type header
set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 operation regsub
set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 from
set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 from type value
set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 from value "<sip:user_input1:user_input2;transport=tls>"
set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 to
set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 to type header
set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 to value From
set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 regexp
set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 regexp string <sip:user_input3>
set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 regexp matchInstance all
set profiles signaling sipAdaptorProfile Modify_Options rule 3 criterion 1 type message
set profiles signaling sipAdaptorProfile Modify_Options rule 3 criterion 1 message
set profiles signaling sipAdaptorProfile Modify_Options rule 3 criterion 1 message messageTypes request
set profiles signaling sipAdaptorProfile Modify_Options rule 3 criterion 1 message methodTypes options
set profiles signaling sipAdaptorProfile Modify_Options rule 3 criterion 1 message condition exist
set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 type header
set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 operation add
set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 headerPosition last
set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 from
set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 from type value
set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 from value RibbonSBC
set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 to
set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 to type header
set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 to value User-Agent
commit
 


Adding SMM Profile to Teams Zone

Code Block
set addressContext default zone TEAMS_ZONE messageManipulation outputAdapterProfile Modify_Options
commit
 


Anchor
Outbound SMM Profile for Teams Trunk Group
Outbound SMM Profile for Teams Trunk Group
Outbound SMM Profile for Teams Trunk Group

Create a smm profile for the modification headers and crypto profile.

Info

Replace 'user_input1' with SBC's FQDN.


Code Block
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 applyMatchHeader one
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 2 type header
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 2 header
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 2 header name From
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 type token
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 operation modify
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 from
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 from type value
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 from value user_input1
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 to
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 to type token
set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 applyMatchHeader one
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 1 type message
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 1 message
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 2 type header
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 2 header
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 2 header name P-Asserted-Identity
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 type token
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 operation modify
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 from
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 from type value
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 from value user_input1
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 to
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 to type token
set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 1 type message
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 1 message
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 1 message condition exist
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 2 type messageBody
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 2 messageBody
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 2 messageBody condition exist
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 type messageBody
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 operation regstore
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 from
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 from type messageBody
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 from messageBodyValue all
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 to
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 to type variable
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 to variableValue var1
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 regexp
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 regexp string "a=crypto.*?\r\n"
set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 regexp matchInstance one
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 1 type message
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 1 message
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 1 message condition exist
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 2 type variable
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 2 variable
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 2 variable condition exist
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 2 variable variableID var1
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 type variable
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 operation regsub
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 from
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 from type value
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 from value "|2^31\r\n"
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 to
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 to type variable
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 to variableValue var1
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 regexp
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 regexp string "\r\n"
set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 regexp matchInstance one
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 1 type message
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 1 message
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 1 message condition exist
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 2 type variable
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 2 variable
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 2 variable condition exist
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 2 variable variableID var1
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 type messageBody
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 operation regsub
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 from
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 from type variable
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 from variableValue var1
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 to
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 to type messageBody
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 to messageBodyValue all
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 regexp
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 regexp string "a=crypto.*?\r\n"
set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 regexp matchInstance one
commit

Attaching Outbound SMM Profile

Code Block
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG signaling messageManipulation outputAdapterProfile Modify_Options 
commit
 


IP Static Route

Create a default route for the destination IP to come inside the network via a particular interface.

Info

Replace "x.x.x.x" with destination IP, "Y" with the prefix length and "z.z.z.z" with the PKT1 gateway IP address.


Code Block
set addressContext default staticRoute X.X.X.X Y Z.Z.Z.Z LIF2 PKT1_V4 preference 100
commit


PSTN Side Configuration

Packet Service Profile (PSP)

Create a Packet Service Profile (PSP) for the PSTN side. The PSP is specified within the SIP Trunk Group configuration.

Code Block
set profiles media packetServiceProfile PSTN_PSP
set profiles media packetServiceProfile PSTN_PSP codec codecEntry1 G711-default
set profiles media packetServiceProfile PSTN_PSP rtcpOptions rtcp enable
set profiles media packetServiceProfile PSTN_PSP preferredRtpPayloadTypeForDtmfRelay 101                                   
set profiles media packetServiceProfile PSTN_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable
commit


Note

If PSTN does not support RTCP, disable RTCP flag in the PSTN PSP, and enable "terminationForPassthrough" flag on TEAMS PSP. Refer Teams PSP configuration.

 


IP Signaling Profile (IPSP)

Create an IP Signaling Profile (IPSP) for the PSTN side. The IPSP is specified within the SIP Trunk Group configuration.

Code Block
set profiles signaling ipSignalingProfile PSTN_IPSP
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags includeReasonHeader enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags sendPtimeInSdp enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags sendRtcpPortInSdp enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags routeUsingRecvdFqdn enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags minimizeRelayingOfMediaChangesFromOtherCallLegAll enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags relayDataPathModeChangeFromOtherCallLeg enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes relayFlags notify enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes relayFlags statusCode4xx6xx enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags includeTransportTypeInContactHeader enable
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes flags disable2806Compliance enable
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes redirect flags forceRequeryForRedirection enable
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes transport type1 tcp
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes transport type2 udp
set profiles signaling ipSignalingProfile PSTN_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable
commit


IP Interface Group

Create an IP interface group. 

Info

Replace "x.x.x.x" with SBC's pkt0 IP address and 'y' with its subnet mask. Use the SBC system name for "ceName".


Code Block
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName IOTGCM portName pkt0
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName IOTGCM ipAddress x.x.x.x prefix y
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 mode inService state enabled
commit


Zone

Create a Zone that groups the set of objects that are used for the communication to PSTN. 

Code Block
set addressContext default zone PSTN_ZONE id 2
commit


SIP Signaling Port

Create a SIP Signaling port which is  the logical address permanently bound to a specific zone which is used to send and receive SIP call signaling packets. 

Info

Replace "x.x.x.x" with SBC's pkt0 IP address.


Code Block
set addressContext default zone PSTN_ZONE id 2 sipSigPort 1 ipInterfaceGroupName LIF1 ipAddressV4 x.x.x.x portNumber 5060 transportProtocolsAllowed sip-tcp,sip-udp,sip-tls-tcp
set addressContext default zone PSTN_ZONE id 2 sipSigPort 1 mode inService state enabled
commit


SIP Trunk Group

Create a SIP Trunk Group towards PSTN side and assign the PSP, IPSP and LRBT Profiles configured above. 

Info

For ingressIpPrefix, replace "x.x.x.x" and "y" with the IP address and subnet mask that you want to allow from PSTN.


Code Block
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG media mediaIpInterfaceGroupName LIF1
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG policy media packetServiceProfile PSTN_PSP
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG policy signaling ipSignalingProfile PSTN_IPSP 
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG downstreamForkingSupport enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling rel100Support enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG services dnsSupportType a-only
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG ingressIpPrefix X.X.X.X Y
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG mode inService state enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling honorMaddrParam enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling relayNonInviteRequest enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG media sdpAttributesSelectiveRelay enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG policy media toneAndAnnouncementProfile LRBT_PROF
commit
 


IP Peer

Create an IP Peer with the Fully-Qualified Domain Name (FQDN) or IP address of the endpoint and assign it to the PSTN Side.

Info

Replace "x.x.x.x" with PSTN IP address.


Code Block
set addressContext default zone PSTN_ZONE ipPeer PSTN_IPP ipAddress X.X.X.X ipPort 5060
commit


Note

If FQDN is configured, attach DNS group to the PSTN Zone.


IP Static Route

Create a default route for the destination IP to come inside the network via a particular interface.

Info

Replace "x.x.x.x" with destination IP, "Y" with the subnet mask and "z.z.z.z" with the PKT0 gateway IP address.


Code Block
set addressContext default staticRoute X.X.X.Z Y Z.Z.Z.Z LIF1 PKT0_V4 preference 100        
commit


Routing Label

Create a Routing Label with a single Routing Label Route to bind the PSTN or Teams Trunk Group with the PSTN or Teams IP Peer.

Code Block
set global callRouting routingLabel TEAMS_RL routingLabelRoute 1 trunkGroup TEAMS_TG ipPeer TEAMS_PEER inService inService
set global callRouting routingLabel PSTN_RL routingLabelRoute 1 trunkGroup PSTN_TG ipPeer PSTN_IPP inService inService
commit

 


Routing

Ensure Routing is put in place to send calls to the correct destination. Number based routing is used for the purpose of this scenario; however, you may use additional routing options. The configuration of both standard and username routes are performed to ensure that no matter how the called party is addressed (a number or a username), the SBC routes the message to the Core.

Create Route entries for standard Trunk Group routing with Matching Criteria and a Routing Label destination.

Code Block
set global callRouting route none Sonus_NULL Sonus_NULL standard 962042 1 all all ALL none Sonus_NULL routingLabel PSTN_RL
set global callRouting route none Sonus_NULL Sonus_NULL standard 777888500 1 all all ALL none Sonus_NULL routingLabel TEAMS_RL
set global callRouting route none Sonus_NULL Sonus_NULL username Sonus_NULL Sonus_NULL all all ALL none SIP.PSTNHUB.MICROSOFT.COM routingLabel TEAMS_RL
set global callRouting route trunkGroup TEAMS_TG PTFY06 standard Sonus_NULL Sonus_NULL all all ALL none sip.pstnhub.microsoft.com routingLabel TEAMS_RL
set global callRouting route trunkGroup TEAMS_TG PTFY06 standard Sonus_NULL Sonus_NULL all all ALL none sip2.pstnhub.microsoft.com routingLabel TEAMS_RL
set global callRouting route trunkGroup TEAMS_TG PTFY06 standard Sonus_NULL Sonus_NULL all all ALL none sip3.pstnhub.microsoft.com routingLabel TEAMS_RL
commit

Anchor
TLS Configuration
TLS Configuration
TLS Configuration

Generate a CSR with OpenSSL (example)

Code Block
# Generate a private key (Use any Linux box to execute openssl cmds)
openssl genrsa -out /opt/sonus/csrkey.key 2048

# Generating the CSR requires another openssl command along with file location, name of your newly created key, path and file name for your CSR. 
# You are also prompted for information to populate the CSR.
openssl req -new -key /opt/sonus/csrkey.key -out /opt/sonus/certcsr.csr

 
The Country Name is mandatory and takes a two-letter country code:US
The State or Province Name field requires a full name:Taxes
The Locality Name field is for your city or town:Plano
In the Organization Name field, add your company or organization:Ribbon
Organizational Unit Name is an optional field for your department or section:Engineering
The Common Name field is used for the Fully Qualified Domain Name (FQDN) of the server (can be * if it is a wildcard): *.example.com
Email address is an optional field for this request: You can hit Enter to skip forward
The challenge password: <User define>
Company name: Ribbon
 
 
# After receiving the CSR with above information, provide it to CA (Certificate Authority). You will then receive the proper CA signed certificate in .crt format that is convertable into other formats using openssl. 
# By default, you should receive two or more certificate from CA (depanding upon your CA). One is the SBC certificate, and other is CA's root and intermediate certificate. 
# Upload the certificates to the SBC at /opt/sonus/external and convert them into SBC-readable format, i.e. SBC certificate is in .pem or .p12 format and root certificate is in .cer or .der.
 
#Converting .crt to .pem USING OPENSSL for SBC certificate.
openssl x509 -in sbc_cert.crt -out sbc_cert.der -outform DER
openssl x509 -in sbc_cert.der -inform DER -out sbc_cert.pem -outform PEM
 
#After generating sbc_cert.pem file, convert it to .p12 format using below command.
openssl pkcs12 -export -out sbc1_cert.p12 -in sbc_cert.pem -inkey /opt/sonus/csrkey.key
 
#CONVERTING CRT to CER USING OPENSSL for CA's root and intermediate certificate.
openssl x509 -in root_cert.crt -out root_cert.cer -outform DER
 
 
## Use Baltimore's Root Certificate which is downloadable from the below link. It is present in .pem format. Convert it to .cer format using openssl command.
### http://certificate.fyicenter.com/319_Root_CA_Baltimore_CyberTrust_Root_CyberTrust_Baltimore_IE.html
 
#CONVERTING PEM to CER USING OPENSSL
openssl x509 -outform der -in Baltimore_cert.pem -out Baltimore_cert.cer
 
After converting all these certificates upload them on SBC at /opt/sonus/external location.
 


Generate required certificates 

Code Block
#Create Crypto Suite Profile.
set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES-CM-128-HMAC-SHA1-80

#Import Public CA Root Certificate into database.
set system security pki certificate CA_ROOT_CERT type remote fileName root_cert.cer state enabled

#Import Baltimore Certificate into database.
set system security pki certificate BALTIMORE_CERT type remote fileName Baltimore_cert.cer state enabled

#Import Public CA Certified SBC Server Certificate into database
set system security pki certificate SBC_CERT filename sbc1_cert.p12 passPhrase <Password defined during CSR generation> state enabled type local

#Create TLS Profile
set profiles security tlsProfile TLS_PROF clientCertName SBC_CERT serverCertName SBC_CERT cipherSuite1 tls_ecdhe_rsa_with_aes_256_cbc_sha384 cipherSuite2 tls_ecdhe_rsa_with_aes_128_cbc_sha authClient true allowedRoles clientandserver acceptableCertValidationErrors invalidPurpose
set profiles security tlsProfile TLS_PROF v1_1 enable
set profiles security tlsProfile TLS_PROF v1_0 disable
set profiles security tlsProfile TLS_PROF v1_2 enable
commit

#Configure Packet Service Profile with Crypto Suite
set profiles media packetServiceProfile TEAMS_PSP secureRtpRtcp cryptoSuiteProfile CRYPT_PROF
set profiles media packetServiceProfile TEAMS_PSP secureRtpRtcp flags enableSrtp enable
set profiles media packetServiceProfile TEAMS_PSP secureRtpRtcp flags allowFallback disable

#Configure SIP Signailng Port
set addressContext default zone TEAMS_ZONE sipSigPort 4 state disable mode outOfService
set addressContext default zone TEAMS_ZONE sipSigPort 4 tlsProfileName TLS_PROF
set addressContext default zone TEAMS_ZONE sipSigPort 4 state enable mode inService
commit


Note
Teams SIP Proxy server only supports TLS version 1.2 with specific ciphersuit. At time of documentation Ribbon SBC support tls_ecdhe_rsa_with_aes_128_cbc_sha and tls_ecdhe_rsa_with_aes_256_cbc_sha384.
 


Attach TLS Profile to SIP Signaling Port

Code Block
set addressContext default zone Teams_ZONE sipSigPort 4 state disabled mode outOfService
commit
set addressContext default zone Teams_ZONE sipSigPort 4 tlsProfileName TLS_PROF
commit
set addressContext default zone Teams_ZONE sipSigPort 4 state enabled mode inService
commit

 


Anchor
Microsoft Teams Media Bypass
Microsoft Teams Media Bypass
Microsoft Teams Media Bypass


Caption
0Figure
1Microsoft Teams Media Bypass Architecture

Image Modified

 


To support Media Bypass on Teams, the SBC must support ICE and RTCP MUX.

Code Block
#Enabling ICE Lite
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG services natTraversal iceSupport iceWebrtc
commit

#Enabling RTCP Mux
set profiles media packetServiceProfile TEAMS_PSP rtcpOptions rtcpMux enable
commit

Pagebreak

Anchor
Section B
Section B
Section B: Configuring with EMA

Teams Side Configuration on SBC

Login to EMA Page

 


Caption
0Figure
1EMA login

Image Modified

 


Create Codec Entry

  1. Go to: Configuration --> Profile Management.

    Caption
    0Figure
    1Codec Entry

    Image Modified


  2. Go to: Codec Entry --> +New Codec Entry.

    Caption
    0Figure
    1New Codec Entry

    Image Modified


Info

For enabling comfort noise, use G711SS-DEFAULT codec profile.

 


Create RTCP Interval

Go to: All --> System --> Media --> Media RTCP Control.

Caption
0Figure
1RTCP Interval

Image Modified

 


Create Global SIP domain

Go to: All --> Global --> Signaling --> SIP Domain --> + New SIP Domain.

Caption
0Figure
1SIP Domain

Image Modified




Create Tone and Announcement Profile

  1. Go to: All --> Profile --> Media --> Tone And Announcement Profile --> + New Tone And Announcement Profile.

    Caption
    0Figure
    1LRBT Profile

    Image Modified


  2. After saving, Go to localRingbacktone --> LRBT_PROF (From Dropdown).

    Caption
    0Figure
    1Selecting LRBT PROF

    Image Modified


    Caption
    0Figure
    1LRBT Configuration 1/3

    Image Modified


  3. Go to: Local RingBack Tone -> Flags

    Caption
    0Figure
    1LRBT Configuration 2/3

    Image Modified


  4. Go to: All --> System --> Media --> Media Profile

    Caption
    0Figure
    1LRBT Configuration 3/3

    Image Modified


Note

This configuration is not required for SWe Core 7.2 release onwards.

 


Create Pathcheck Profile

  1. Go to: All --> Profile --> Services --> Path check profile --> + New Path check profile.

    Caption
    0Figure
    1PathCheck Profile

    Image Modified


  2. Go to: Transport preference.

    Caption
    0Figure
    1PathCheck Profile Transport Protocol

    Image Modified


Create Zone

Go to: Configuration --> System Provisioning --> Zone --> + New Zone.

Caption
0Figure
1Zone Configuration

Image Modified

 


Create IP Interface Group

  1. Go to: Configuration --> System Provisioning --> IP Interface Group --> + New IP Interface Group.

    Caption
    0Figure
    1IP Interface Group

    Image Modified


  2. Go to: Configuration --> System Provisioning --> Ip Interface --> Ip Interface Group (Created above) --> + New IP Interface.

    Caption
    0Figure
    1IP Interface Group

    Image Modified


Create SIP Signaling Port

  1. Go to: Configuration --> System Provisioning --> SIP Sig Port.
  2. Choose your address context and zone --> + New SIP Sig Port.

    Caption
    0Figure
    1SIP Signaling Port

    Image Modified


    Caption
    0Figure
    1SIP Signaling Port Configuration

    Image Modified


Create DNS Record

  1. Go to: All --> Address Context --> DNS Group --> + New DNS Group.

    Caption
    0Figure
    1DNS Record

    Image Modified


  2. Go to: All --> Address Context --> DNS Group --> local Record --> Server --> +New Server.\
    1. Choose DNS Group configured earlier (EXT_DNS).

      Caption
      0Figure
      1Adding Server Details in DNS

      Image Modified


Add DNS group to Teams_Zone

Go to: Configuration --> System Provisioning --> Zone --> Teams_Zone.

Caption
0Figure
1Adding DNS to Zone

Image Modified

 


Create Media Packet Service Profile (PSP)

  1. Go to: All --> Profile --> Media --> Packet Service Profile --> + New Packet Service Profile.

    Caption
    0Figure
    1Creating PSP

    Image Modified


  2. Go to: All --> Profile -->  Media --> Packet Service Profile --> Codec.

    Caption
    0Figure
    1Attaching Codec Profile in PSP

    Image Modified


  3. Go to: All --> Profile --> Media --> Packet To Packet Control --> RTCP Options.

    Caption
    0Figure
    1RTCP Configuration

    Image Modified


  4. Go to: All --> Profile --> Media --> Secure Rtp RTCP --> Flags.

    Caption
    0Figure
    1RTCP Flags

    Image Modified


Enable SSRC Randomize

Go to: All --> Profiles --> Media --> Packet Services Profile --> Rtcp Options.

Caption
0Figure
1Enabling SSRC Randomize

Image Modified

 


Create IP Signaling Profile (IPSP)

  1. Go to: All --> Profile --> Signaling --> IP Signaling Profile --> + New IP Signaling Profile.

    Caption
    0Figure
    1Configuring IPSP

    Image Modified


  2. Go to: All --> Profile --> Signaling --> IP Signaling Profile --> Common IP Attributes.
    1. Flags

      Caption
      0Figure
      1IPSP - Flags

      Image Modified


    2. Option Tag In Require Header

      Caption
      0Figure
      1Option

      Image Modified


  3. Go to: All --> Profile --> Signaling --> IP Signaling Profile --> Egress IP Attributes.
    1. Number Globalization Profile

      Caption
      0Figure
      1Egress IP Attribute

      Image Modified


    2. Domain Name

      Caption
      0Figure
      1Domain Name

      Image Modified


    3. Flags

      Caption
      0Figure
      1Flags

      Image Modified


    4. Ingress IP Attributes --> Flags

      Caption
      0Figure
      1Ingress IP Attribute

      Image Modified


Create SIP Trunk Group

  1. Go to: All --> Address Context --> Zone --> SIP Trunk Group --> + New SIP Trunk Group.
  2. Select Address Context and Zone (Teams_TG).
  3. After Configuring Trunk Group, refer to Inbound and Outbound SMM required for Teams Trunk group.

    Caption
    0Figure
    1SIP Trunk Config

    Image Modified

     



    1. Media (All --> Address Context --> Zone --> Sip Trunk Group --> Media).

      Caption
      0Figure
      1SIP Trunk Media Flags

      Image Modified


    2. Signaling (All --> Address Context --> Zone --> Sip Trunk Group --> Signaling).

      Caption
      0Figure
      1SIP Trunk Signaling Flags

      Image Modified


    3. Policy (All --> Address Context --> Zone --> Sip Trunk Group --> Policy --> Media).

      Caption
      0Figure
      1Attaching Profile

      Image Modified


    4. Policy (All --> Address Context --> Zone --> Sip Trunk Group --> Policy --> Signaling).

      Caption
      0Figure
      1Attaching Profile - Signaling

      Image Modified


Create Teams IP Peer

Go to: All --> Address Context --> Zone --> IP Peer --> + New IP Peer.

Caption
0Figure
1Teams IP Peer

Image Modified


Caption
0Figure
1Peer Policy

Image Modified


Info

For TLS, the Ribbon SBC Core increments the port number of the IP-Peer with one while sending out any call. Thus always configure a port less what remote peer is listening on. Please note, this is only applicable for TLS protocol.

 


Add Path Check Profile for IP Peer

Go to: All --> Address Context --> Zone --> IP Peer --> Path Check.

Caption
0Figure
1Adding PathCheck Profile

Image Modified

 


Create Routing Label

  1. Go to:  All --> Global --> Call Routing --> Routing Label.
  2. Click on Create Routing Label

    Caption
    0Figure
    1Routing Label

    Image Modified


  3. Click on Create Routing Label Route.

    Caption
    0Figure
    1Adding Route

    Image Modified


  4. Click on Create Route (Provide number towards Teams side).

    Caption
    0Figure
    1Create Number Base Route

    Image Modified


    Caption
    0Figure
    1Route
     


    Caption
    0Figure
    1Route for Transfer

    Image Modified


Info

For call transfer scenario towards PSTN, you need to create a route with both number and domain name. The screenshot above creates a route for any number starting with 9620XXXXXX and domain name will get routed towards Teams_RL.  


Configuration Required for Teams Media Bypass 

 


Enable RTCP Mux

Refer to Media Bypass Topology diagram.

Go to: All --> Profile -->  Media --> Packet Service Profile --> RTCP Options.

Caption
0Figure
1Enabling RTCP Mux

Image Modified



Enable ICE Lite 

Go to: All --> Address Context --> Zone --> SIP Trunk Group --> Services --> NAT Traversal.

Caption
0Figure
1Enabling ICE Lite

Image Modified

 


PSTN Side Configuration on SBC

Create Zone

Go to: Configuration --> System Provisioning --> Zone --> + New Zone.

Caption
0Figure
1PSTN ZONE

Image Modified

 


Create IP Interface Group

  1. Go to: Configuration --> System Provisioning --> IP Interface Group --> + New IP Interface Group.

    Caption
    0Figure
    1PSTN IP Interface Group

    Image Modified


  2. Go to: Configuration --> System Provisioning --> Ip Interface --> Ip Interface Group (Created above) --> + New IP Interface.

    Caption
    0Figure
    1IP Interface

    Image Modified


Create SIP Signaling Port

  1. Go to: Configuration --> System Provisioning --> SIP Sig Port.
  2. Choose your address context and zone --> + New SIP Sig Port.
 


Caption
0Figure
1PSTN SIP Signaling

Image Modified

 


Create IP Signaling Profile (IPSP)

  1. Go to: All --> Profile --> Signaling --> IP Signaling Profile --> + New IP Signaling Profile.

    Caption
    0Figure
    1PSTN IP Signaling Profile

    Image Modified


  2. Go to: All --> Profile --> Signaling --> IP Signaling Profile --> Common IP Attributes.
    1. Flags

      Caption
      0Figure
      1IPSP - Flags

      Image Modified


    2. Option Tag In Require Header

      Caption
      0Figure
      1Option Tag

      Image Modified


    3. Relay Flags

      Caption
      0Figure
      1Relay Flags

      Image Modified


  3. Go to: All --> Profile --> Signaling --> IP Signaling Profile --> Egress Ip Attribute.
    1. Domain Name

      Caption
      0Figure
      1Domain Name

      Image Modified


    2. Privacy

      Caption
      0Figure
      1Privacy flags

      Image Modified


    3. Transport

      Caption
      0Figure
      1Transport

      Image Modified


  4. Go to: All --> Profile --> Signaling --> IP Signaling Profile --> Ingress IP Attributes.
    1. Flags

      Caption
      0Figure
      1Flags

      Image Modified


Create a Packet Service Profile (PSP)
  1. Go to: All --> Profile --> Media --> Packet Service Profile --> + New Packet Service Profile.

    Caption
    0Figure
    1PSTN PSP

    Image Modified


  2. Go to: All --> Profile --> Media --> Packet Service Profile --> Codec.

    Caption
    0Figure
    1Codec Selection

    Image Modified


  3. Go to: All --> Profile --> Media --> Packet Service Profile --> Rtcp Options.

    Caption
    0Figure
    1RTCP Config

    Image Modified


Create Sip Trunk Group

  1. Go to: All --> Address Context --> Zone --> SIP Trunk Group --> + New SIP Trunk Group.
  2. Select Address Context and Zone (PSTN_Zone). 


    Caption
    0Figure
    1SIP Trunk

    Image Modified

     



    1. Media (All --> Address Context --> Zone --> Sip Trunk Group --> Media) 

      Caption
      0Figure
      1Media Flags

      Image Modified


    2. Policy (All --> Address Context --> Zone --> Sip Trunk Group --> Policy)

      Caption
      0Figure
      1Policy

      Image Modified


      Caption
      0Figure
      1Policy

      Image Modified


    3. Signaling

      Caption
      0Figure
      1Signaling

      Image Modified


Create PSTN IP-Peer

Go to: All --> Address Context --> Zone --> IP Peer --> + New IP Peer.

Caption
0Figure
1PSTN IP-Peer

Image Modified


Info

You can configure the IP-Peer as the FQDN or IP address. To configure it as FQDN, refer to Teams' IP Peer configuration snapshot.

 


Create Routing Label

  1. Go to: All --> Global --> Call Routing --> Routing Label.
  2. Click on New “Create Routing Label”.

    Caption
    0Figure
    1Routing Label

    Image Modified


  3. Click on Routing Label Route.

    Caption
    0Figure
    1Routing Label Route

    Image Modified


  4. Click on Create Route.

    Caption
    0Figure
    1Adding Route

    Image Modified


Security Configuration

Create PKI Profile

  1. Go to: All --> System --> Security --> PKI --> Certificate --> New Certificate

    Caption
    0Figure
    1New Certificate

    Image Modified


  2. After Saving it. Click on the created certificate (MS_CERT) --> Certificate Commands --> Generate CSR.

  3. Provide the required information to generate the CSR. 

    Caption
    0Figure
    1Generate CSR

    Image Modified


    Note

    MS Teams support Key Size2k only.


    Caption
    0Figure
    1CSR Info

    Image Modified


    Caption
    0Figure
    1CSR

    Image Modified


  4. Copy the CSR above and generate the certificate by a known Public CA. After receiving the certificate, upload the following certificate:
    • SBC certificate (must use .pem or .p12 format)
    • CA’s root and intermediate certificate (must use .der format)
    • Baltimore’s root certificate (must use .der format)
    Note

    For converting the certificate format, refer to "TLS Configuration" page under Section A.


  5. Go to: Administration --> System Administration --> File Upload --> Add files to Queue.
  6. Add and upload all required certificates.

    Caption
    0Figure
    1Adding files to Queue

    Image Modified


  7. Click on “Upload All Files”.

    Caption
    0Figure
    1Uploading Files

    Image Modified


Certificate Profile 

  1. Go to: All --> System --> Security --> PKI --> Certificate.

    Caption
    0Figure
    1Certificate

    Image Modified


  2. Provide the certificate name in the “File Name” that you have uploaded and make the state “Enabled”.
  3. Similarly create a profile for remote certificates (Root, Intermediate, and Baltimore).

    Caption
    0Figure
    1Creating Remote cert profile

    Image Modified


    Caption
    0Figure
    1Baltimore Cert

    Image Modified


Create Crypto Profile

  1. Go to: All --> Profile --> Security --> Crypto Suite Profile --> + New Crypto Suite Profile.

    Caption
    0Figure
    1Crypto Profile

    Image Modified


  2. Go to: All --> Profile --> Security --> Crypto Suite Profile --> Entry.
  3. Choose created profile --> New Entry.

    Caption
    0Figure
    1Crypto Entry

    Image Modified


Create TLS Profile

Go to: All --> Profile --> Security --> TLS Profile --> + New TLS Profile.

Caption
0Figure
1TLS Profile

Image Modified


Caption
0Figure
1TLS Prof Cont

Image Modified


Note

Teams SIP Proxy server only supports TLS version 1.2 with specific ciphersuit.

At the time of publishing this document, the Ribbon SBC supports following ciphersuits:

  1. tls_ecdhe_rsa_with_aes_128_cbc_sha
  2. tls_ecdhe_rsa_with_aes_256_cbc_sha384.

 


Attach TLS Profile to SIP Sig Port

  1. Go to: Configuration --> System Provisioning --> SIP Sig Port.
  2. Choose SIP Sig interface on the Teams side (make state disable and mode out of service).
 


Caption
0Figure
1Adding TLS Prof

Image Modified

Pagebreak


Anchor
Section C
Section C
Section C: Configuring Site Failover

This feature will allow the SBC to failover to another site of Office 365 when a primary data center site is down.

Currently, Microsoft Office 365 has the following sites:

  • sip.pstnhub.microsoft.com
  • sip2.pstnhub.microsoft.com
  • sip3.pstnhub.microsoft.com
 


Caption
0Figure
1Site Failover

Image Modified


Code Block
## Adding IP-Peer
set addressContext default zone TEAMS_ZONE ipPeer TEAMS_PEER policy sip fqdn sip.pstnhub.microsoft.com fqdnPort 5060
set addressContext default zone TEAMS_ZONE ipPeer TEAMS1_PEER policy sip fqdn sip2.pstnhub.microsoft.com fqdnPort 5060
set addressContext default zone TEAMS_ZONE ipPeer TEAMS2_PEER policy sip fqdn sip3.pstnhub.microsoft.com fqdnPort 5060

## Adding IP-Peer in RoutingLabel
set global callRouting routingLabel TEAMS_RL routingLabelRoute 1 routeType trunkGroup trunkGroup TEAMS_TG ipPeer TEAMS_PEER inService inService
set global callRouting routingLabel TEAMS_RL routingLabelRoute 2 routeType trunkGroup trunkGroup TEAMS_TG ipPeer TEAMS1_PEER inService inService
set global callRouting routingLabel TEAMS_RL routingLabelRoute 3 routeType trunkGroup trunkGroup TEAMS_TG ipPeer TEAMS2_PEER inService inService

## Adding Reason Code in Cranckback Profile
set profiles callRouting crankbackProfile default reason code 41

Pagebreak

Anchor
Section D
Section D
Section D: Configuring SBC Hosting Scenario  


Understanding the SBC Hosting Scenario Example

A Microsoft partner sells telephony services delivered to Microsoft Teams to multiple independent enterprise customers (tenants). This partner may or may not be a PSTN carrier. Refer to Configure a Session Border Controller for multiple tenants for more information regarding Microsoft partner requirements in support of multiple tenants. The following example shows an SBC Core device deployed at the Microsoft partner data center. The following steps are configured on each independent enterprise tenant:

  1. Communication between the enterprise tenant's Teams clients and the enterprise's legacy PBX based clients.
  2. Communication between the enterprise tenant's Teams clients and the PSTN supported by the Microsoft partner.
 


Caption
0Figure
1Hosting scenario

Image Modified


Info

Teams Direct Routing in support of multiple tenants requires wildcard certificate support.

 


This example uses Microsoft partner's SBC FQDN as customers.interopdomain.com, and an example Tenant's SBC FQDN as tenant1.customers.example.com 

The requirements for this configuration includes:

  1. A Public IP address for the SBC.
  2. A Microsoft partner's SBC FQDN that points to the Public IP address of the SBC (e.g. tenant1.customers.example.com).
  3. The ability to create a Tenant's SBC FQDN sub-entry to the Microsoft partner's SBC FQDN (e.g. tenant1.customers.example.com).
  4. A wildcard certificate that protects the Microsoft partner's SBC FQDN, as well as the Tenant's SBC FQDN sub-entry (e.g. SAN=customers.example.com, SAN=*.customers.example.com).
  5. To enable the tenant's FQDN (e.g. tenant1.customers.example.com), create a user with this FQDN and proper license.  


The requirements from the Tenant's side:

  1. Create a DNS A entry for Tenant's SBC FQDN
    Example: tenant1.customers.example.com -> X.X.X.X

  2. Add the Tenant's SBC FQDN as the Domains for the tenant. The customer then provides the TXT entry to the Microsoft partner.
    Example: tenant1.customers.example.com

  3. Create a DNS TXT entry for the Tenant's SBC FQDN to validate the SBC connection
    Example: tenant1.customers.example.com TXT -> MS=54621XXXXX

 


Note

Using ERE for multi-tenant deployment, the Ribbon SBC Core has limitations to scale up to around 500 tenants. To have more tenants onboard, deploy the Ribbon SBC Core with a PSX.

To re-create multiple sipSigPort, re-use the same public IP with a different port number, and with a difference of two port numbers.

 


Update SBC Configuration for Each New Tenant

For each tenant, configure a separate zone, SIP signaling port, and trunk group. 

Note

You can have common or separate PSP and IPSP groups depending on your requirement. Refer to Section-A for PSP and IPSP configuration.


Code Block
## Create Zone for tenantA
set addressContext default zone TEAMS_Tenant_A id 10
set addressContext default zone TEAMS_Tenant_A domainName tenant1.customers.example.com
 
## Create SIP Signaling Port
set addressContext default zone TEAMS_Tenant_A id 10 sipSigPort 12 ipInterfaceGroupName LIF2 ipAddressV4 115.X.X.X portNumber 5064 transportProtocolsAllowed sip-tls-tcp
set addressContext default zone TEAMS_Tenant_A sipSigPort 12 tlsProfileName TLS_PROF
set addressContext default zone TEAMS_Tenant_A id 10 sipSigPort 12 state enabled mode inService

## Create DNS Group
set addressContext default dnsGroup EXT_DNS
set addressContext default dnsGroup EXT_DNS type ip interface LIF2 server DNS2 ipAddress 8.8.8.8 state enabled
set addressContext default zone TEAMS_Tenant_A dnsGroup EXT_DNS

## Create SIP Trunk
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG media mediaIpInterfaceGroupName LIF2
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG signaling honorMaddrParam enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG policy media packetServiceProfile TEAMS_A_PSP
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG policy signaling ipSignalingProfile TEAMS_A_IPSP
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG downstreamForkingSupport enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG signaling rel100Support enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG services dnsSupportType a-only
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG signaling relayNonInviteRequest enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG signaling methods notify allow
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG ingressIpPrefix X.X.X.X X
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG policy media toneAndAnnouncementProfile LRBT_PROF
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG mode inService state enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG media sdpAttributesSelectiveRelay enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG signaling messageManipulation outputAdapterProfile domainname_A


Code Block
## Create Zone for tenantB
set addressContext default zone TEAMS_Tenant_B id 12	
set addressContext default zone TEAMS_Tenant_B domainName tenant2.customers.example.com
 
## Create SIP Signaling Port
set addressContext default zone TEAMS_Tenant_B id 12 sipSigPort 14 ipInterfaceGroupName LIF2 ipAddressV4 115.X.X.X portNumber 5066 transportProtocolsAllowed sip-tls-tcp
set addressContext default zone TEAMS_Tenant_B sipSigPort 14 tlsProfileName TLS_PROF
set addressContext default zone TEAMS_Tenant_B id 12 sipSigPort 14 state enabled mode inService

## Create DNS Group
set addressContext default dnsGroup EXT_DNS
set addressContext default dnsGroup EXT_DNS type ip interface LIF2 server DNS2 ipAddress 8.8.8.8 state enabled
set addressContext default zone TEAMS_Tenant_B dnsGroup EXT_DNS

## Create SIP Trunk
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG media mediaIpInterfaceGroupName LIF2
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG signaling honorMaddrParam enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG policy media packetServiceProfile TEAMS_B_PSP
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG policy signaling ipSignalingProfile TEAMS_B_IPSP
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG downstreamForkingSupport enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG signaling rel100Support enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG services dnsSupportType a-only
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG signaling relayNonInviteRequest enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG signaling methods notify allow
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG ingressIpPrefix X.X.X.X X
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG policy media toneAndAnnouncementProfile LRBT_PROF
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG mode inService state enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG media sdpAttributesSelectiveRelay enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG signaling messageManipulation outputAdapterProfile domainname_B
 


SMM Required for Hosting Solution

Note

Create separate SMM Profile with the domain name of each tenant's FQDN and apply it on their respective trunk group.


Code Block
## SMM Rule
set profiles signaling sipAdaptorProfile domainname state enabled
set profiles signaling sipAdaptorProfile domainname advancedSMM disabled
set profiles signaling sipAdaptorProfile domainname profileType messageManipulation
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 2 type header
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 2 header
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 2 header name contact
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 3 type token
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 3 token
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 type token
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 operation modify
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 from
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 from type value
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 from value tenant1.customers.example.com
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 to
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 to type token
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 1 type message
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 1 message
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 2 type header
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 2 header
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 2 header name From
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 3 type token
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 3 token
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 type token
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 operation modify
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 from
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 from type value
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 from value tenant1.customers.example.com
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 to
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 to type token
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 1 type message
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 1 message
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 2 type header
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 2 header
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 2 header name To
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 3 type toke
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 3 token
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 type token
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 operation modify
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 from
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 from type value
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 from value tenant1.customers.example.com
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 to
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 to type token
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 to tokenValue urihostname

Pagebreak

Anchor
Section E
Section E
Section E: Basic Troubleshooting Steps

TLS Negotiation Issues

  • Port number:

    There are few areas that results in TLS negotiation issue. One of the them is assigning of incorrect port. Please make sure of the following: 

    • By default, MS Teams listens on port number 5061

    • Configure port number 5060 on Teams IP-Peer as Ribbon SBC Core increments the port by 1 when transport protocol is TLS 

    • For tenant's SBC configuration on Teams, use the same port number that is configured under SBC' sipSigPort

 


  • Certificates:

    There can be issues during certificate exchange resulting in failure of TLS negotiation. Please note the following points for troubleshooting:

    • Make sure to install root and all intermediate certificates provided by your CA on the SBC

    • Make sure that SBC's FQDN configured on the Teams side is the same as that on SBC's certificate

    • In case of a wildcard certificate, make sure the correct number of spaces exist before the domain name

      Example: A wild card certificate generated for *.example.com is not valid for *.customers.example.com. Refer to Tls Configuration section for detailed explanation on SBC supported certificate format.

       


  • SIP 403 Response to SIP OPTIONS: 

    There can be a situation when Teams SIP Proxy server responds with a SIP 403 to SIP OPTIONS request from SBC Core. This behavior is observed when Core SBC do not send domain information OR sends incorrect domain information to the Teams SIP Proxy. In either case, please verify the following:

    • Verify that SBC Core sends its FQDN in the 'From' and 'Contact' headers

    • Also, please make sure to configure the same as above on Teams SIP Proxy Server

    • Ensure SMM is applied to modify these headers in SIP Options Request