Search

Page tree
Skip to end of metadata
Go to start of metadata

 

Table of Contents

 

Document Overview

This document provides a configuration guide for the Ribbon series SBC Core when connecting to Microsoft Teams.

This document is highly divided into four different sections:

Configuration with ERE

  • Configuring Ribbon SBC Core Series with CLI
  • PSTN Side Configuration
  • Configuration Required for Teams Media Bypass
  • SIP Manipulations (SMM) Used

Configuration with EMA

  • Teams Side Configuration on SBC
  • Configuration Required for Teams Media Bypass
  • PSTN Side Configuration on SBC
  • SIP Manipulations (SMM) Used

You can configure the SBC Core with ERE or EMA.

Configuration for Site Failover

Configuration for SBC Hosting Scenario

Scope

This document provides the Ribbon SBC (SWe/5k/7k) Core configuration with Microsoft® Teams for documented products and their versions. This is a general reference document that requires user input during the configuration. For EMA configuration, the screen captures in this document are limited to only the necessary provisioning areas.

Non-Goals

This document does not provide the test case details, success criteria, processes, and execution steps of testing that was performed. Also, this document does not focus on either PSX configuration or provisioning areas for Microsoft (MS) Teams. This would be covered in a separate configuration guide.

Introduction

Microsoft® TAP (Technology Adoption Program) Testing is performed between Microsoft® Teams and Ribbon’s SBC (SWe/5400/5210/5110/7000) Core. This document outlines the configuration, observations, and the overall testing experience with the device under test (DUT).

 

Document History

Table : Document History

DateNameComment
23/Oct/2018Ankit ShuklaInitial Draft


Audience

This is a technical document intended for telecommunications engineers with the purpose of configuring both the Ribbon SBC and the third-party product. Navigating the third-party product as well as the Ribbon SBC Command Line Interface (CLI) is required. Understanding the basic concepts of TLS/TCP/UDP, IP/Routing, and SIP/SRTP is also necessary to complete the configuration and any required troubleshooting.

 

Requirements

The sample configuration uses the following equipment and software:

Table : Requirements

Product

Equipment

Software Version

Ribbon Networks

Ribbon SBC 5400
BMC
BIOS
ConnexIP OS
RibbonDB
EMA
SBX

V06.02.01-F003
V03.16.00-R000
V02.06.00
V05.01.00-F003
V06.02.01-F003 
V06.02.01-F003 
V06.02.01-F003

Third-party Equipment

Microsoft Teams

v.2018.7.3.2 i.ASEA.3

Teams Client1.1.00.28562 

Administration and Debugging Tools

Wireshark2.4.4

Reference Configuration

The following figure illustrates connectivity between the third-party and the Ribbon SBC Core

 

Figure : High Level Architecture of Deploying Teams

                                                                       

 

Support

For any questions regarding this document or the content herein, contact your maintenance and support provider.

Third-Party Product Features

 Refer to the Microsoft Teams' test plan for complete product features details.


 

Prerequisites

Microsoft Teams' configuration should be deployed in Office 365 with proper licenses. Verify clients have necessary licenses for making enterprise voice call.

 

SBC Configuration

This section provides a sample of the Ribbon SBC 5400 configuration used during compliance testing. The following commands and configurations are only for reference, other configurations are also possible based on the requirement.

Global Configuration

Codec Entry

Create a Codec Entry with the supported codec on the network.

 

set profiles media codecEntry G711-default dtmf relay rfc2833
set profiles media codecEntry G711-default packetSize 20
commit

RTCP

Configuring the RTCP interval.

 

set system media mediaRtcpControl senderReportInterval 5
commit

SIP Domain

Specify the global SIP Domain name.

 

set global sipDomain SIP.PSTNHUB.MICROSOFT.COM
set global sipDomain SIP2.PSTNHUB.MICROSOFT.COM
set global sipDomain SIP3.PSTNHUB.MICROSOFT.COM
set global sipDomain RIBBON.INTEROPDOMAIN.COM
commit

DSP Resource Allocation

This configuration only applies if the SBC has been deployed with (hardware) DSP resources. If it has not, executing this configuration step has no negative impact. 

Note: Subsequent configuration section (Packet service profiles) do not attempt transcoding, so the lack of compression resources will not impact the overall SBC configuration in this document.

 

set system mediaProfile compression 75 tone 25
commit

 

LRBT Profile

Create a Local Ringback Tone (LRBT) profile that will be attached to the Teams side. Enable Dynamic LRBT.

 

set profiles media toneAndAnnouncementProfile LRBT_PROF
set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone signalingTonePackageState enable makeInbandToneAvailable enable
set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags useThisLrbtForIngress enable
set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags dynamicLRBT enable
commit

 

Path Check Profile

Create a path check profile that will be attached to the Teams side.

 

set profiles services pathCheckProfile Teams_OPTIONS protocol sipOptions sendInterval 20 replyTimeoutCount 1 recoveryCount 1
commit
set profiles services pathCheckProfile Teams_OPTIONS transportPreference preference1 tls-tcp
commit

 

Microsoft Teams Configuration on SBC

Packet Service Profile (PSP)

Create a Packet Service Profile (PSP) for the Teams side. The PSP will be specified within the SIP trunk group configuration.

 

set profiles media packetServiceProfile TEAMS_PSP
set profiles media packetServiceProfile TEAMS_PSP codec codecEntry1 G711-default
set profiles media packetServiceProfile TEAMS_PSP rtcpOptions rtcp enable
set profiles media packetServiceProfile TEAMS_PSP preferredRtpPayloadTypeForDtmfRelay 101
set profiles media packetServiceProfile TEAMS_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable
set profiles media packetServiceProfile TEAMS_PSP secureRtpRtcp flags enableSrtp enable
set profiles media packetServiceProfile TEAMS_PSP flags ssrcRandomize enable
commit

 

IP Signaling Profile (IPSP)

Create an IP signaling profile for the Teams side. The IPSP will be specified within the SIP trunk group configuration

 

set profiles signaling ipSignalingProfile TEAMS_IPSP ipProtocolType sipOnly
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags includeReasonHeader enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags includeTransportTypeInContactHeader enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags routeUsingRecvdFqdn enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags sendPtimeInSdp enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags sendRtcpPortInSdp enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags storePChargingVector enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes relayFlags notify enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags publishIPInHoldSDP enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes relayFlags statusCode4xx6xx enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags minimizeRelayingOfMediaChangesFromOtherCallLegAll enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes flags relayDataPathModeChangeFromOtherCallLeg enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes transparencyFlags  mwiBody enable
set profiles signaling ipSignalingProfile TEAMS_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes  flags disable2806Compliance enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes  privacy flags includePrivacy  enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes  redirect flags forceRequeryForRedirection  enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes  sipHeadersAndParameters callForwarding diversionHeaderTransparency  enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes  sipHeadersAndParameters callForwarding dataMapping none
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes  transport type1 tlsOverTcp 
set profiles signaling ipSignalingProfile TEAMS_IPSP ingressIpAttributes  flags sendSdpIn200OkIf18xReliable enable
set profiles signaling ipSignalingProfile TEAMS_IPSP egressIpAttributes domainName useIpSignalingPeerDomainInRequestUri enable
commit

 

IP Interface Group

Create an IP interface group and assign its interface and IP address.

set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName IOTTESLA portName pkt1
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 ipAddress 115.XXX.XXX.XXX prefix 27
set addressContext default ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled
commit

 

Zone

This Zone groups the set of objects that are used for the communication to MS Teams. Configure the domain name and assign DNS server to the zone.


set addressContext default zone TEAMS_ZONE id 4
set addressContext default zone TEAMS_ZONE domainName ribbon.interopdomain.com
commit


SIP Signaling Port

A SIP Signaling port is a logical address which is used to send and receive SIP call signaling packets and is permanently bound to a specific zone.

 

set addressContext default zone TEAMS_ZONE id 4 sipSigPort 4 ipInterfaceGroupName LIF2 ipAddressV4 115.XXX.XXX.XXX portNumber 5060 transportProtocolsAllowed sip-tls-tcp
set addressContext default zone TEAMS_ZONE id 4 sipSigPort 4 state enabled mode inService
commit

 

DNS Group

DNS Groups set DNS objects that may be used for DNS resolution within a particular Zone.

 

set addressContext default dnsGroup EXT_DNS
set addressContext default dnsGroup EXT_DNS type ip interface LIF2 server DNS2 ipAddress 8.8.8.8 state enabled
set addressContext default zone TEAMS_ZONE dnsGroup EXT_DNS
commit


SIP Trunk Group

Create a SIP Trunk Group for the Teams side and assign the IPSP, PSP and LRBT profiles configured above. For,ingressIpPrefix kindly replace x.x.x.x with the IP address that you want to allow from Teams server.

Note: Teams SIP Proxy server does not support the Update method and requires a Re-Invite. Teams SIP Proxy Server only supports new RFC for call hold that is, a=inactive.

 

set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG media mediaIpInterfaceGroupName LIF2
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG signaling honorMaddrParam enabled
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG policy media packetServiceProfile TEAMS_PSP
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG policy signaling ipSignalingProfile TEAMS_IPSP
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG downstreamForkingSupport enabled
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG signaling rel100Support enabled
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG services dnsSupportType a-only
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG ingressIpPrefix X.X.X.X X
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG signaling relayNonInviteRequest enabled
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG signaling methods update reject
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG policy media toneAndAnnouncementProfile LRBT_PROF
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG mode inService state enabled
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG media sdpAttributesSelectiveRelay enabled
commit


IP Static Route

Create a default route to the subnet's next hop IP for the interface and IP Interface Group.

 

set addressContext default staticRoute X.X.X.X X 115.X.X.X LIF2 PKT1_V4 preference 100
commit


IP Peer

Create an IP Peer with the Fully-Qualified Domain Name (FQDN) of the endpoints and assign it to the Teams Zone. Assign the path check profile created.

 

set addressContext default zone TEAMS_ZONE ipPeer TEAMS_PEER policy sip fqdn sip.pstnhub.microsoft.com  fqdnPort 5060
set addressContext default zone Teams_ZONE ipPeer TEAMS_PEER pathCheck profile Teams_PATHCHECK 
set addressContext default zone Teams_ZONE ipPeer TEAMS_PEER pathCheck profile Teams_PATHCHECK hostName sip.pstnhub.microsoft.com hostPort 5060 state enabled
commit

 

PSTN Side Configuration

Packet Service Profile (PSP)

Create a Packet Service Profile (PSP) for the PSTN side. The PSP will be specified within the SIP Trunk Group Configuration. 

 

set profiles media packetServiceProfile PSTN_PSP
set profiles media packetServiceProfile PSTN_PSP codec codecEntry1 G711-default
set profiles media packetServiceProfile PSTN_PSP rtcpOptions rtcp enable
set profiles media packetServiceProfile PSTN_PSP preferredRtpPayloadTypeForDtmfRelay 101                                   
set profiles media packetServiceProfile PSTN_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable
commit


IP Signaling Profile (IPSP)

Create an IP Signaling Profile (IPSP) for the PSTN side. The IPSP will be specified within the SIP Trunk Group Configuration.

 

 

set profiles signaling ipSignalingProfile PSTN_IPSP
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags includeReasonHeader enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags sendPtimeInSdp enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags sendRtcpPortInSdp enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags routeUsingRecvdFqdn enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags minimizeRelayingOfMediaChangesFromOtherCallLegAll enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags relayDataPathModeChangeFromOtherCallLeg enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes relayFlags notify enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes relayFlags statusCode4xx6xx enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable
set profiles signaling ipSignalingProfile PSTN_IPSP commonIpAttributes flags includeTransportTypeInContactHeader enable
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes flags disable2806Compliance enable
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes redirect flags forceRequeryForRedirection enable
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes sipHeadersAndParameters callForwarding dataMapping none
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes sipHeadersAndParameters callForwarding diversionHeaderTransparency enable
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes transport type1 tcp
set profiles signaling ipSignalingProfile PSTN_IPSP egressIpAttributes transport type2 udp
set profiles signaling ipSignalingProfile PSTN_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable
commit

 

IP Interface Group

The following configuration is for a Ribbon 5400 system that uses a single port for PSTN connectivity.

 

set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName IOTTESLA portName pkt0
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName IOTTESLA ipAddress 172.XXX.XXX.XXX prefix XX
set addressContext default ipInterfaceGroup LIF1 ipInterface PKT0_V4 mode inService state enabled
commit

Zone

This Zone groups the set of objects that are used for the communication to Teams for Business. Configure the domain name and assign DNS server to the zone

 

set addressContext default zone PSTN_ZONE id 2
set addressContext default zone PSTN_ZONE domainName ptfy06.interopdomain.com
commit

SIP Signaling Port

A SIP Signaling port is a logical address permanently bound to a specific zone which is used to send and receive SIP call signaling packets.

 

set addressContext default zone PSTN_ZONE id 2 sipSigPort 1 ipInterfaceGroupName LIF1 ipAddressV4 172.XXX.XXX.XXX portNumber 5060 transportProtocolsAllowed sip-tcp,sip-udp,sip-tls-tcp
set addressContext default zone PSTN_ZONE id 2 sipSigPort 1 mode inService state enabled
commit

SIP Trunk Group

Create a SIP Trunk Group towards PSTN side and assign the PSP, IPSP and LRBT Profiles configured above.

 

set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG media mediaIpInterfaceGroupName LIF1
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG policy media packetServiceProfile PSTN_PSP
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG policy signaling ipSignalingProfile PSTN_IPSP 
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG downstreamForkingSupport enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling rel100Support enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG services dnsSupportType a-only
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG ingressIpPrefix X.X.X.X X
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG mode inService state enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling honorMaddrParam enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG signaling relayNonInviteRequest enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG media sdpAttributesSelectiveRelay enabled
set addressContext default zone PSTN_ZONE sipTrunkGroup PSTN_TG policy media toneAndAnnouncementProfile LRBT_PROF
commit
 

IP Peer

Create an IP Peer with the Fully-Qualified Domain Name (FQDN) or IP address of the endpoint and assign it to the PSTN Side.

 

set addressContext default zone PSTN_ZONE ipPeer PSTN_IPP ipAddress 172.XXX.XXX.XXX ipPort 5060
commit

IP Static Route

Create a default route to the subnet’s next hop IP for the interface and IP Interface Group.

 

set addressContext default staticRoute X.X.X.X X 172.16.102.1 LIF1 PKT0_V4 preference 100
commit

 

Routing Label

Create a Routing Label with a single Routing Label Route to bind the PSTN or Teams Trunk Group with the PSTN or Teams IP Peer.

 

set global callRouting routingLabel TEAMS_RL routingLabelRoute 1 trunkGroup TEAMS_TG ipPeer TEAMS_PEER inService inService
set global callRouting routingLabel PSTN_RL routingLabelRoute 1 trunkGroup PSTN_TG ipPeer PSTN_IPP inService inService
commit

Routing

Routing must be put in place to send calls to the correct destination. For the purpose of this scenario, we have used number based routing, but additional routing options may be used.

The configuration of both standard and username routes are done to ensure that no matter how the called party is addressed (a number or username) the SBC will route the message to the Core.

Create Route entries for standard Trunk Group routing with Matching Criteria and a Routing Label destination.

 

set global callRouting route none Sonus_NULL Sonus_NULL standard 962042 1 all all ALL none Sonus_NULL routingLabel PSTN_RL
set global callRouting route none Sonus_NULL Sonus_NULL standard 777888500 1 all all ALL none Sonus_NULL routingLabel TEAMS_RL
set global callRouting route none Sonus_NULL Sonus_NULL username Sonus_NULL Sonus_NULL all all ALL none SIP.PSTNHUB.MICROSOFT.COM routingLabel TEAMS_RL
set global callRouting route none route none Sonus_NULL Sonus_NULL standard 962052 1 all all ALL none SIP.PSTNHUB.MICROSOFT.COM routingLabel TEAMS_RL
commit
 
## Alternate Configuration
set global callRouting route trunkGroup TEAMS_TG PTFY06 standard Sonus_NULL 1 all all ALL none SIP.PSTNHUB.MICROSOFT.COM routingLabel TEAMS_RL
set global callRouting route trunkGroup TEAMS_TG PTFY06 standard Sonus_NULL 1 all all ALL none SIP2.PSTNHUB.MICROSOFT.COM routingLabel TEAMS_RL
set global callRouting route trunkGroup TEAMS_TG PTFY06 standard Sonus_NULL 1 all all ALL none SIP3.PSTNHUB.MICROSOFT.COM routingLabel TEAMS_RL
set global callRouting route trunkGroup TEAMS_TG PTFY06 standard Sonus_NULL 1 all all ALL none RIBBON.INTEROPDOMAIN.COM routingLabel PSTN_RL
set global callRouting route trunkGroup PSTN_TG PTFY06 standard Sonus_NULL 1 all all ALL none Sonus_NULL routingLabel TEAMS_RL

 

SIP Message manipulation

Create SIP Adapter profile to modify the incoming and outgoing SIP response on Teams trunk group.

 

1.Profile for removing lifetime parameter: # Apply on inputAdapterProfile of Teams trunk group 
set profiles signaling sipAdaptorProfile Remove_Lifetime state enabled set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 criterion 1 type message set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 criterion 1 message set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 criterion 1 message messageTypes all set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 criterion 1 message condition exist set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 criterion 2 type messageBody set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 criterion 2 messageBody set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 criterion 2 messageBody condition exist set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 action 1 type messageBody set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 action 1 operation regsub set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 action 1 from set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 action 1 from type value set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 action 1 from value "" set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 action 1 to set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 action 1 to type messageBody set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 action 1 to messageBodyValue all set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 action 1 regexp set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 action 1 regexp string "\|1:1" set profiles signaling sipAdaptorProfile Remove_Lifetime rule 1 action 1 regexp matchInstance all   
2. Profile for Modify Headers with domain name: #Apply on outputAdapterProfile of Teams trunk group set profiles signaling sipAdaptorProfile Modify_Headers state enabled set profiles signaling sipAdaptorProfile Modify_Headers rule 1 applyMatchHeader one set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 1 type message set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 1 message set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 1 message messageTypes all set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 2 type header set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 2 header set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 2 header name From set profiles signaling sipAdaptorProfile Modify_Headers rule 1 criterion 2 header condition exist set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 type token set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 operation modify set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 from set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 from type value set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 from value ribbon.interopdomain.com set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 to set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 to type token set profiles signaling sipAdaptorProfile Modify_Headers rule 1 action 1 to tokenValue urihostname set profiles signaling sipAdaptorProfile Modify_Headers rule 2 applyMatchHeader one set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 1 type message set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 1 message set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 1 message messageTypes all set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 2 type header set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 2 header set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 2 header name P-Asserted-Identity set profiles signaling sipAdaptorProfile Modify_Headers rule 2 criterion 2 header condition exist set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 type token set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 operation modify set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 from set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 from type value set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 from value ribbon.interopdomain.com set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 to set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 to type token set profiles signaling sipAdaptorProfile Modify_Headers rule 2 action 1 to tokenValue urihostname set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 1 type message set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 1 message set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 1 message messageTypes all set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 1 message condition exist set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 2 type messageBody set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 2 messageBody set profiles signaling sipAdaptorProfile Modify_Headers rule 3 criterion 2 messageBody condition exist set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 type messageBody set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 operation regstore set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 from set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 from type messageBody set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 from messageBodyValue all set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 to set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 to type variable set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 to variableValue var1 set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 regexp set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 regexp string "a=crypto.*?\r\n" set profiles signaling sipAdaptorProfile Modify_Headers rule 3 action 1 regexp matchInstance one set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 1 type message set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 1 message set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 1 message messageTypes all set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 1 message condition exist set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 2 type variable set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 2 variable set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 2 variable condition exist set profiles signaling sipAdaptorProfile Modify_Headers rule 4 criterion 2 variable variableID var1 set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 type variable set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 operation regsub set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 from set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 from type value set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 from value "|2^31\r\n" set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 to set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 to type variable set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 to variableValue var1 set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 regexp set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 regexp string "\r\n" set profiles signaling sipAdaptorProfile Modify_Headers rule 4 action 1 regexp matchInstance one set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 1 message set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 1 message messageTypes all set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 1 message condition exist set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 2 type variable set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 2 variable set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 2 variable condition exist set profiles signaling sipAdaptorProfile Modify_Headers rule 5 criterion 2 variable variableID var1 set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 type messageBody set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 operation regsub set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 from set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 from type variable set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 from variableValue var1 set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 to set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 to type messageBody set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 to messageBodyValue all set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 regexp set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 regexp string "a=crypto.*?\r\n" set profiles signaling sipAdaptorProfile Modify_Headers rule 5 action 1 regexp matchInstance one   
3. Modifying SIP OPTIONS # Add this to Teams zone message manipulation output adaptor side 
set profiles signaling sipAdaptorProfile Modify_Options state enabled
set profiles signaling sipAdaptorProfile Modify_Options advancedSMM disabled set profiles signaling sipAdaptorProfile Modify_Options profileType messageManipulation set profiles signaling sipAdaptorProfile Modify_Options rule 1 applyMatchHeader one set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 1 type message set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 1 message set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 1 message messageTypes all set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 2 type header set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 2 header set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 2 header name Contact set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 2 header condition exist set profiles signaling sipAdaptorProfile Modify_Options rule 1 criterion 2 header hdrInstance all set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 type header set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 operation regsub set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 from set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 from type value set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 from value "<sip:ribbon.interopdomain.com:5061;transport=tls>" set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 to set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 to type header set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 to value Contact set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 regexp set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 regexp string .* set profiles signaling sipAdaptorProfile Modify_Options rule 1 action 1 regexp matchInstance all set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 1 type message set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 1 message set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 1 message messageTypes all set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 2 type header set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 2 header set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 2 header name From set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 2 header condition exist set profiles signaling sipAdaptorProfile Modify_Options rule 2 criterion 2 header hdrInstance all set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 type header set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 operation regsub set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 from set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 from type value set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 from value "<sip:ribbon.interopdomain.com:5061;transport=tls>" set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 to set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 to type header set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 to value From set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 regexp set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 regexp string <sip:115.110.225.90> set profiles signaling sipAdaptorProfile Modify_Options rule 2 action 1 regexp matchInstance all set profiles signaling sipAdaptorProfile Modify_Options rule 3 criterion 1 type message set profiles signaling sipAdaptorProfile Modify_Options rule 3 criterion 1 message set profiles signaling sipAdaptorProfile Modify_Options rule 3 criterion 1 message messageTypes request set profiles signaling sipAdaptorProfile Modify_Options rule 3 criterion 1 message methodTypes options set profiles signaling sipAdaptorProfile Modify_Options rule 3 criterion 1 message condition exist set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 type header set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 operation add set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 headerPosition last set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 from set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 from type value set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 from value SBC-V06.02.01-F003 set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 to set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 to type header set profiles signaling sipAdaptorProfile Modify_Options rule 3 action 1 to value User-Agent   commit


Configuration Required for Teams Media Bypass

To support Media Bypass on Teams, SBC must support ice and rtcp mux.


#Enabling ICE Lite
set addressContext default zone TEAMS_ZONE sipTrunkGroup TEAMS_TG services natTraversal iceSupport iceWebrtc

#Enabling RTCP Mux
set profiles media packetServiceProfile TEAMS_PSP rtcpOptions rtcpMux enablecommit



TLS Configuration 

Generating a CSR with OpenSSL

 

#Create a configuration object to hold a locally generated RSA key pair
set system security pki certificate SBC_CERT type local-internal

#Generate Key pair and CSR (certificate signing request) for submission to a Certificate Authority (CA)
request system security pki certificate SBC_CERT generateCSR csrSub /C=IN/ST=KA/L=Bangalore/O=Sonus/CN=ribbon.interopdomain.com keySize keySize2K

 

Generate required certificates 


#Create Crypto Suite Profile
## Teams SIP Proxy server only supports TLS version 1.2 with specific ciphersuit 
set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES-CM-128-HMAC-SHA1-80

#Import Public CA Root Certificate into database
set system security pki certificate ROOT_CERT type remote fileName rootcert.cer state enabled

#Import Baltimore Certificate into database
set system security pki certificate BALTIMORE_CERT type remote fileName BAcert.cer state enabled

#Import Public CA Certified SBC Server Certificate into database
set system security pki certificate SBC_CERT filename sbccert.pem state enabled

#Create TLS Profile
set profiles security tlsProfile TLS_PROF clientCertName SBC_CERT serverCertName SBC_CERT cipherSuite1 tls_ecdhe_rsa_with_aes_256_cbc_sha384 cipherSuite2 tls_ecdhe_rsa_with_aes_128_cbc_sha authClient true allowedRolesclientandserver acceptableCertValidationErrors invalidPurpose
set profiles security tlsProfile TLS_PROF v1_2 enabled

#Configure Packet Service Profile with Crypto Suite
set profiles media packetServiceProfile TEAM_PSP secureRtpRtcp cryptoSuiteProfile CRYPT_PROF
set profiles media packetServiceProfile TEAM_PSP secureRtpRtcp flags enableSrtp enable
set profiles media packetServiceProfile TEAM_PSP secureRtpRtcp flags allowFallback disable

#Configure SIP Signailng Port
set addressContext default zone TEAM_ZONE sipSigPort 4 tlsProfileName TLS_PROF

 

Attach TLS Profile to SIP Signaling Port


set addressContext default zone Teams_ZONE sipSigPort 4 state disabled mode outOfService
commit
set addressContext default zone Teams_ZONE sipSigPort 4 tlsProfileName TLS_PROF
commit
set addressContext default zone Teams_ZONE sipSigPort 4 state enabled mode inService
commit

 

Configuration with EMA

Teams Side Configuration on SBC

 

 

 

Login to EMA Page

 

 

Figure : EMA login

 

 

Creating Codec Entry

Go to: Configuration --> Profile Management 

Figure : Codec Entry

 


Go to: Codec Entry --> +New Codec Entry

Figure : New Codec Entry



Creating RTCP Interval

Go to: All --> System --> Media --> Media RTCP Control

Figure : RTCP Interval

 

Creating SIP domain

Go to: All --> Global --> Signaling --> SIP Domain --> + New SIP Domain

Figure : SIP Domain



5. 
Creating Tone and Announcement Profile

Go to: All --> Profile --> Media --> Tone And Announcement Profile --> + New Tone And Announcement Profile

Figure : LRBT Profile

 


After saving,

Goto: localRingbacktone --> LRBT_PROF (From Dropdown)

Figure : Selecting LRBT PROF

 

 

Figure : LRBT Configuration 1/3

 


Go to: Local RingBack Tone -> Flags

Figure : LRBT Configuration 2/3

 

 

Go to: All --> System --> Media --> Media Profile

Figure : LRBT Configuration 3/3



Creating Pathcheck Profile

Go to: All --> Profile --> Services --> Path check profile --> + New Path check profile

Figure : PathCheck Profile

 


Go to: Transport preference

Figure : PathCheck Profile Transport Protocol


Create Zone

Go to: Configuration --> System Provisioning --> Zone --> + New Zone

Figure : Zone Configuration



Create IP Interface Group

Go to: Configuration --> System Provisioning --> IP Interface Group --> + New IP Interface Group

Figure : IP Interface Group

 

 

Go to: Configuration --> System Provisioning --> Ip Interface --> Ip Interface Group (Created above) --> + New IP Interface

Figure : IP Interface Group Configuration


Create SIP Signaling Port

Go to: Configuration --> System Provisioning --> SIP Sig Port

Choose your address context and zone --> + New SIP Sig Port

Figure : SIP Signaling Port

 

 

Figure : SIP Signaling Port Configuration



Create DNS Record

Go to: All --> Address Context --> DNS Group --> + New DNS Group

Figure : DNS Record

 

 

Go to: All --> Address Context --> DNS Group --> local Record --> Server --> +New Server

Choose DNS Group configured earlier (EXT_DNS)

Figure : Adding Server Details in DNS



Adding DNS group to Teams_Zone

Go to: Configuration --> System Provisioning --> Zone --> Teams_Zone

Figure : Adding DNS to Zone

 

 

Creating Media Packet Service Profile (PSP)

Go to: All --> Profile --> Media --> Packet Service Profile --> + New Packet Service Profile

Figure : Creating PSP

 

 


Go to: All --> Profile -->  Media --> Packet Service Profile --> Codec

Figure : Attaching Codec Profile in PSP

 

 

Go to: All --> Profile --> Media --> Packet To Packet Control --> RTCP Options

Figure : RTCP Configuration

 

 

Go to: All --> Profile --> Media --> Secure Rtp RTCP --> Flags

Figure : RTCP Flags

 

 

Enabling SSRC Randomize

Go to: All --> Profiles --> Media --> Packet Services Profile --> Rtcp Options 

 

Figure : Enabling SSRC Randomize



Creating IP Signaling Profile (IPSP)

Go to: All --> Profile --> Signaling --> IP Signaling Profile --> + New IP Signaling Profile

Figure : Configuring IPSP

 

 

Go to: All --> Profile --> Signaling --> IP Signaling Profile --> Common IP Attributes

   a. Flags

Figure : IPSP - Flags

 
 b. Option Tag In Require Header

 

Figure : Option

 

 

Go to: All --> Profile --> Signaling --> IP Signaling Profile --> Egress IP Attributes

    a. Number Globalization Profile

 

Figure : Egress IP Attribute

   

 b. Domain Name

 

Figure : Domain Name

     

c. Flags

 

Figure : Flags

 

 d. Ingress IP Attributes --> Flags

 

Figure : Ingress IP Attribute



Creating SIP Trunk Group

Go to: All --> Address Context --> Zone --> SIP Trunk Group --> + New SIP Trunk Group

Select Address Context and Zone (Teams_TG)

 

Figure : SIP Trunk Config

 

 

a. Media (All --> Address Context --> Zone --> Sip Trunk Group --> Media) 

 

Figure : SIP Trunk Media Flags

 


b. Signaling (All --> Address Context --> Zone --> Sip Trunk Group --> Signaling)

 

Figure : SIP Trunk Signaling Flags

 


c. Policy (All --> Address Context --> Zone --> Sip Trunk Group --> Policy --> Media)

 

Figure : Attaching Profile

 

 

Policy (All --> Address Context --> Zone --> Sip Trunk Group --> Policy --> Signaling)

 

Figure : Attaching Profile - Signaling



Creating Teams IP Peer

Go to: All --> Address Context --> Zone --> IP Peer --> + New IP Peer

 

Figure : Teams IP Peer

 

 

Figure : Peer Policy



Adding Path Check Profile for IP Peer

Go to: All --> Address Context --> Zone --> IP Peer --> Path Check

 

Figure : Adding PathCheck Profile


Creating Routing Label

Go to:  All --> Global --> Call Routing --> Routing Label

Click on Create Routing Label.

Figure : Routing Label

 


Click on Create Routing Label Route

 

Figure : Adding Route

 

 

Click on Create Route (Provide number towards Teams side)

 

Figure : Create Number Base Route

 

 

Figure : Create Username Base Route

 

 

Figure : Route For Transfer

 

For call transfer scenario towards PSTN, you need to create a route with both number and domain name. Above screenshot will create a route for any number starting with 9620XXXXXX and domain name will get routed towards Teams_RL. 

 

 

Configuration Required for Teams Media Bypass 

 

Enabling ICE Lite 

Go to: All --> Address Context --> Zone --> SIP Trunk Group --> Services --> NAT Traversal

 

Figure : Enabling ICE Lite

 

Enabling RTCP Mux

Go to: All --> Profile -->  Media --> Packet Service Profile --> RTCP Options

 

Figure : Enabling RTCP Mux


PSTN Side Configuration on SBC

Create Zone

 

Go to: Configuration --> System Provisioning --> Zone --> + New Zone

 

Figure : PSTN ZONE

Creating IP Interface Group

Go to: Configuration --> System Provisioning --> IP Interface Group --> + New IP Interface Group

 

Figure : PSTN IP Interface Group



Go to: Configuration --> System Provisioning --> Ip Interface --> Ip Interface Group (Created above) --> + New IP Interface

 

Figure : IP Interface




Create SIP Signaling Port

Go to: Configuration --> System Provisioning --> SIP Sig Port

Choose your address context and zone --> + New SIP Sig Port

 

Figure : PSTN SIP Signaling



Creating IP Signaling Profile (IPSP)

Go to: All --> Profile --> Signaling --> IP Signaling Profile --> + New IP Signaling Profile

 

Figure : PSTN IP Signaling Profile

 

 

Go to: All --> Profile --> Signaling --> IP Signaling Profile --> Common IP Attributes

a. Flags

 

Figure : IPSP - Flags

 

 

b. Option Tag In Require Header

 

Figure : Option Tag

 

 

c. Relay Flags

 

Figure : Relay Flags

 

 

 

Go to: All --> Profile --> Signaling --> IP Signaling Profile --> Egress Ip Attribute

a. Domain Name

 

Figure : Domain Name

 

 

b. Privacy

 

Figure : Privacy flags

 

 

c. Transport

 

Figure : Transport

 

 

Go to: All --> Profile --> Signaling --> IP Signaling Profile --> Ingress IP Attributes

a. Flags

 

Figure : Flags

 

Creating a Packet Service Profile (PSP)

Go to: All --> Profile --> Media --> Packet Service Profile --> + New Packet Service Profile

 

Figure : PSTN PSP

 

 

Go to: All --> Profile --> Media --> Packet Service Profile --> Codec

 

Figure : Codec Selection

 


Go to: All --> Profile --> Media --> Packet Service Profile --> Rtcp Options

 

Figure : RTCP Config

 


Creating Sip Trunk Group

Go to: All --> Address Context --> Zone --> SIP Trunk Group --> + New SIP Trunk Group

Select Address Context and Zone (PSTN_Zone)

 

Figure : SIP Trunk

 

a. Media (All --> Address Context --> Zone --> Sip Trunk Group --> Media) 

 

Figure : Media Flags

 

b. Policy (All --> Address Context --> Zone --> Sip Trunk Group --> Policy)

 

Figure : Policy

 

 

Figure : Policy

 

c. Signaling

 

Figure : Signaling



Creating PSTN IP-Peer

Go to: All --> Address Context --> Zone --> IP Peer --> + New IP Peer

 

Figure : PSTN IP-Peer



Creating Routing Label

Go to: All --> Global --> Call Routing --> Routing Label

Click on New “Create Routing Label”

 

Figure : Routing Label

 

 

Click on Routing Label Route

 

Figure : Routing Label Route

 

 

Click on Create Route

 

Figure : Adding Route

 

Security Configuration 

Creating PKI Profile

 

Go to: All --> System --> Security --> PKI --> Certificate --> New Certificate

 

Figure : New Certificate

 

 

After Saving it. Click on the created certificate (MS_CERT) --> Certificate Commands --> Generate CSR

 

Figure : Generate CSR

 

 

Provide the required information to generate the CSR. 

MS Teams support Key Size2k Only.

Figure : CSR Info

 

 

Figure : CSR

 

 

Copy above CSR and generate the certificate by a known Public CA. After receiving the certificate, upload following certificate:

  1. SBC certificate (have to be in .pem or .p12 format)
  2. CA’s root and intermediate certificate (have to be in .der format)
  3. Baltimore’s root certificate (have to be in .der format)

Download the Baltimore certificate from the following location:

http://certificate.fyicenter.com/319_Root_CA_Baltimore_CyberTrust_Root_CyberTrust_Baltimore_IE.html

 

Go to: Administration --> System Administration --> File Upload --> Add files to Queue

Add and upload all required certificates

 

Figure : Adding files to Queue


Click on “Upload All Files”

 

Figure : Uploading Files


Certificate Profile 

Go to: All --> System --> Security --> PKI --> Certificate

 

Figure : Certificate

 

 

Provide the certificate name in the “File Name” that you have uploaded and make the state “Enabled”.

Similarly create a profile for remote certificates (Root, Intermediate, and Baltimore).

 

 

Figure : Creating Remote cert profile

 

 

Figure : Baltimore Cert


Creating Crypto Profile

Go to: All --> Profile --> Security --> Crypto Suite Profile --> + New Crypto Suite Profile

 

Figure : Crypto Profile

 

Go to: All --> Profile --> Security --> Crypto Suite Profile --> Entry

Choose created profile --> New Entry

Figure : Crypto Entry

Creating TLS Profile

Go to: All --> Profile --> Security --> TLS Profile --> + New TLS Profile

 

MS Teams only support TLS version 1.2 and its supported ciphers.

Figure : TLS Profile

 

 

Figure : TLS Prof Cont


Attaching TLS Profile to SIP Sig Port

Go to: Configuration --> System Provisioning --> SIP Sig Port

Choose SIP Sig interface towards Teams side (make state disable and mode out of service)

 

Figure : Adding TLS Prof


SIP Manipulations (SMM) Used
 

SIP Adaptor profile for removing MKI parameter

Go to: All --> Profile --> Signaling --> SIP Adaptor Profile --> + New SIP Adaptor Profile

 

1. Creating SMM profile for removing lifetime parameter

Attach the following SMM rule on Teams trunk group on input Adaptor profile

 

Figure : SMM

 

2. Creating SMM profile for Modifying Headers

Attach the following SMM rule on Teams trunk group on output Adaptor profile

Figure : Header Modification

 

 

Figure : Rule 2

 

 

Attach the above create SMM rule towards Teams side on input Adaptor profile

Go to: All --> Address Context --> Zone --> SIP Trunk Group --> Signaling --> Message Manipulation 

Figure : Attaching SMM



3. Creating SMM profile for modifying Options header

Figure : SMM Modifying Options

 

 

Figure : Rule 2

 

 

Figure : Rule 3

 

Site Failover 

This feature will allow SBC to failover to another site of Office 365 when a primary data center site is down.

Currently, Microsoft Office 365 has the following sites:

 

Figure : Site Failover

 

 

## Adding IP-Peer
set addressContext default zone TEAMS_ZONE ipPeer TEAMS_PEER policy sip fqdn sip.pstnhub.microsoft.com fqdnPort 5060
set addressContext default zone TEAMS_ZONE ipPeer TEAMS1_PEER policy sip fqdn sip2.pstnhub.microsoft.com fqdnPort 5060
set addressContext default zone TEAMS_ZONE ipPeer TEAMS2_PEER policy sip fqdn sip3.pstnhub.microsoft.com fqdnPort 5060

## Adding IP-Peer in RoutingLabel
set global callRouting routingLabel TEAMS_RL routingLabelRoute 1 routeType trunkGroup trunkGroup TEAMS_TG ipPeer TEAMS_PEER inService inService
set global callRouting routingLabel TEAMS_RL routingLabelRoute 2 routeType trunkGroup trunkGroup TEAMS_TG ipPeer TEAMS1_PEER inService inService
set global callRouting routingLabel TEAMS_RL routingLabelRoute 3 routeType trunkGroup trunkGroup TEAMS_TG ipPeer TEAMS2_PEER inService inService

## Adding Reason Code in Cranckback Profile
set profiles callRouting crankbackProfile default reason code 41



SBC Hosting Scenario 

 

Understanding the SBC Hosting Scenario

Example:

A Microsoft partner sells  telephony services delivered to Microsoft Teams to multiple independent enterprise customers (tenants). This partner may or may not be a PSTN carrier. Please Refer to Configure a Session Border Controller for multiple tenants for more information regarding Microsoft partner requirements in support of multiple tenants. The following example shows an SBC Core device deployed at the Microsoft partner data center. The following steps are configured on each independent enterprise tenant:

  1. Communication between the enterprise tenant's Teams clients and the enterprise's legacy PBX based clients.
  2. Communication between the enterprise tenant's Teams clients and the PSTN supported by the Microsoft partner.

 

 

Figure : Hosting scenario

 

Teams Direct Routing in support of multiple tenants requires wildcard certificate support.

This example uses Microsoft partner's SBC FQDN as myMicrosoftPartner.com, and an example Tenant's SBC FQDN as tenant1.myMicrosoftPartner.com

The following are requirements for configuration:

  1. A Public IP address for the SBC.
  2. A  Microsoft partner's SBC FQDN that points to the Public IP address of the SBC (e.g. myMicrosoftPartner.com).
  3. The ability to create a Tenant's SBC FQDN sub-entry to the Microsoft partner's SBC FQDN (e.g. tenant1.myMicrosoftPartner.com).
  4. A wildcard certificate that protects the Microsoft partner's SBC FQDN, as well as the Tenant's SBC FQDN sub-entry (e.g. SAN=myMicrosoftPartner.com, SAN=*.myMicrosoftPartner.com).

 

Configure Microsoft Partner's DNS Server for SBC FQDN

Configure the Microsoft Partner DNS server that hosts the Microsoft partner's SBC FQDN.

 

Executing Party

Description

Example

Microsoft partner

Create a DNS A entry for the Microsoft partner's SBC FQDN.

myMicrosoftPartner.com -> X.X.X.X


Update Microsoft Partner's DNS Server For Each New Tenant

Update the Microsoft Partner DNS server that host the Microsoft partner's SBC FQDN for each new tenant the partner wishes to offer Direct Routing services from the SBC. 

 

Step 1: Create a DNS A entry for Tenant's SBC FQDN

Executing Party: Microsoft partner

Example: tenant1.myMicrosoftPartner.com -> X.X.X.X

 

Step 2: Add the Tenant's SBC FQDN as the Domains for the tenant. The customer will then provide the TXT entry to the Microsoft partner.

Executing Party: Tenant

Example: tenant1.myMicrosoftPartner.com

 

Step3: Create a DNS TXT entry for the Tenant's SBC FQDN to validate the SBC connection

Executing Party: Microsoft partner

Example: tenant1.myMicrosoftPartner.com TXT -> MS=54621XXXXX

 

Update SBC Configuration for Each New Tenant

For each tenant, we will be configuring a separate zone, SIP signaling port, and trunk group. 

Note: You can have common or separate PSP & IPSP groups depending on your requirement.

 

## Create Zone for tenantA
set addressContext default zone TEAMS_Tenant_A id 10
set addressContext default zone TEAMS_Tenant_A domainName tenant1.myMicrosoftPartner.com
 
## Create SIP Signaling Port
set addressContext default zone TEAMS_Tenant_A id 10 sipSigPort 12 ipInterfaceGroupName LIF2 ipAddressV4 115.110.225.90 portNumber 5064 transportProtocolsAllowed sip-tls-tcp
set addressContext default zone TEAMS_Tenant_A sipSigPort 12 tlsProfileName TLS_PROF
set addressContext default zone TEAMS_Tenant_A id 10 sipSigPort 12 state enabled mode inService

## Create DNS Group
set addressContext default dnsGroup EXT_DNS
set addressContext default dnsGroup EXT_DNS type ip interface LIF2 server DNS2 ipAddress 8.8.8.8 state enabled
set addressContext default zone TEAMS_Tenant_A dnsGroup EXT_DNS

## Create SIP Trunk
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG media mediaIpInterfaceGroupName LIF2
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG signaling honorMaddrParam enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG policy media packetServiceProfile TEAMS_A_PSP
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG policy signaling ipSignalingProfile TEAMS_A_IPSP
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG downstreamForkingSupport enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG signaling rel100Support enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG services dnsSupportType a-only
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG signaling relayNonInviteRequest enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG signaling methods notify allow
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG ingressIpPrefix X.X.X.X X
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG policy media toneAndAnnouncementProfile LRBT_PROF
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG mode inService state enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG media sdpAttributesSelectiveRelay enabled
set addressContext default zone TEAMS_Tenant_A sipTrunkGroup TEAMS_A_TG signaling messageManipulation outputAdapterProfile domainname
## Create Zone for tenantB
set addressContext default zone TEAMS_Tenant_B id 12	
set addressContext default zone TEAMS_Tenant_B domainName tenant2.myMicrosoftPartner.com
 
## Create SIP Signaling Port
set addressContext default zone TEAMS_Tenant_B id 12 sipSigPort 14 ipInterfaceGroupName LIF2 ipAddressV4 115.110.225.90 portNumber 5066 transportProtocolsAllowed sip-tls-tcp
set addressContext default zone TEAMS_Tenant_B sipSigPort 14 tlsProfileName TLS_PROF
set addressContext default zone TEAMS_Tenant_B id 12 sipSigPort 14 state enabled mode inService

## Create DNS Group
set addressContext default dnsGroup EXT_DNS
set addressContext default dnsGroup EXT_DNS type ip interface LIF2 server DNS2 ipAddress 8.8.8.8 state enabled
set addressContext default zone TEAMS_Tenant_B dnsGroup EXT_DNS

## Create SIP Trunk
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG media mediaIpInterfaceGroupName LIF2
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG signaling honorMaddrParam enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG policy media packetServiceProfile TEAMS_B_PSP
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG policy signaling ipSignalingProfile TEAMS_B_IPSP
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG downstreamForkingSupport enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG signaling rel100Support enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG services dnsSupportType a-only
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG signaling relayNonInviteRequest enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG signaling methods notify allow
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG ingressIpPrefix X.X.X.X X
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG policy media toneAndAnnouncementProfile LRBT_PROF
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG mode inService state enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG media sdpAttributesSelectiveRelay enabled
set addressContext default zone TEAMS_Tenant_B sipTrunkGroup TEAMS_B_TG signaling messageManipulation outputAdapterProfile domainname

 

SMM Require for Hosting Solution

Note: You need to replace domain name for each tenant FQDN


## SMM Rule
set profiles signaling sipAdaptorProfile domainname state enabled
set profiles signaling sipAdaptorProfile domainname advancedSMM disabled
set profiles signaling sipAdaptorProfile domainname profileType messageManipulation
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 2 type header
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 2 header
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 2 header name contact
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 3 type token
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 3 token
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile domainname rule 1 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 type token
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 operation modify
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 from
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 from type value
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 from value tenant1.myMicrosoftPartner.com
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 to
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 to type token
set profiles signaling sipAdaptorProfile domainname rule 1 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 1 type message
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 1 message
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 2 type header
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 2 header
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 2 header name From
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 3 type token
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 3 token
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile domainname rule 2 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 type token
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 operation modify
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 from
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 from type value
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 from value tenant1.myMicrosoftPartner.com
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 to
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 to type token
set profiles signaling sipAdaptorProfile domainname rule 2 action 1 to tokenValue urihostname
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 1 type message
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 1 message
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 1 message messageTypes all
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 2 type header
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 2 header
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 2 header name To
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 3 type toke
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 3 token
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile domainname rule 3 criterion 3 token tokenType urihostname
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 type token
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 operation modify
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 from
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 from type value
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 from value tenant1.myMicrosoftPartner.com
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 to
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 to type token
set profiles signaling sipAdaptorProfile domainname rule 3 action 1 to tokenValue urihostname


Conclusion

This document describes the configuration steps required for the Ribbon SBC 5XX0 to successfully interoperate with Teams. All feature and serviceability test cases were completed and passed successfully.