 | In a previous blog post a technical deep dive on deploying enterprise voice on Microsoft Teams was provided. In this post, we supplement and complete the discussion holistically by providing configuration guidance of a certified Session Border Controller (SBC) for Direct Routing. In this lab, we leverage the same tenant with Office365 E5 licenses and deploy a Ribbon (formerly Sonus) SBC1000 along with a PSTN SIP Trunk from Masergy including DID numbers. Detailed configuration screen shots of the SBC will be provided along with explanatory notes. Special thanks to DMUnified for assistance with the SBC! |
The technical details of deploying Microsoft Phone System Direct Routing is already well documented on the MS-Docs site and shall not be repeated here. In this blog post we focus specifically on configuring a Ribbon SBC1000 for direct routing. In a nutshell, Direct Routing lets organizations using MS Teams connect a certified Session Border Controller (SBC) to Microsoft Phone System to provide PSTN connectivity with Microsoft Teams clients and devices, as shown in the following diagram
First and foremost, our SBC1000 is running firmware revision 8.0.2 as shown below. This is also the latest revision at the time of this post. Compared with older revisions, there are some enhancements such as a better wizard for Teams Direct Routing and the auto-creation of other elements which we'll dive into later. New firmware revisions are always available on the Ribbon portal.
 |  |
The SBC is deployed in the perimeter network has 1 GigE interface connected to the internal facing network and the other to the external facing network that is behind the firewall:
The SBC has a hostname and domain and the FQDN corresponds to a Common Name of the SSL certificate obtained from a certified CA provider, in our case it is GoDaddy. Other fields required include the DNS and NTP servers:
For the certificate, we generated the CSR on the SBC and obtained a single domain SSL certificate from GoDaddy and loaded it onto the SBC as shown below:
We also need to upload the GoDaddy Root CA certificates and the Microsoft Direct Routing CA Certificate into the SBC's Trusted CA certificate table as shown below:
With the basic networking configuration in place, we can start configuring Teams direct routing on the SBC. As mentioned, the SBC1000 provides a wizard for easy configuration. The first step requires us to specify the scenario parameters as shown below:
Next we specify the SIP Trunk parameters. Typically SIP trunk providers will allocate 2 IP addresses for the Border Element Server which we enter into the wizard along with UDP/5060. We also need to specify the public facing network interface of the SBC as the Signaling/Media Source IP. Since our SBC is behind a NAT firewall, we also need to enable Outbound NAT traversal and specify the public IP address that resolves to our SBC's FQDN. All these are shown in the diagram below:
To complete the wizard we review the parameters and click "Finish" to start the creation of the various components:
The wizard will also automatically create the necessary components for Teams direct routing to function properly. These include:
In the SBC, all call routing occurs between Signaling Groups. Signaling Groups are the logical representations of call-handling systems such as private branch extensions (PBX), Microsoft Teams Phone System or on-premise Skype for Business Servers, fax machines and analog phones. In order to route any call to or from a call system connected to SBC, you must first configure a Signaling Group to represent that device or system. The following list illustrates the hierarchical relationships of the various Telephony routing components of a SBC call system:
The components are shown in the screen captures below :
- Call Routing - Transformation and Call Routing Table
- Signaling Groups
- SIP Profiles
- SIP Server Tables
- Media - Media Profiles, SDES-SRTP Profiles and Media list
In the SBC, all call routing occurs between Signaling Groups. Signaling Groups are the logical representations of call-handling systems such as private branch extensions (PBX), Microsoft Teams Phone System or on-premise Skype for Business Servers, fax machines and analog phones. In order to route any call to or from a call system connected to SBC, you must first configure a Signaling Group to represent that device or system. The following list illustrates the hierarchical relationships of the various Telephony routing components of a SBC call system:
- Signaling Group — describes the source call and points to a routing definition known as a Call Route Table
- Call Route Table — contains one or more Call Route Entries
- Call Route Entries points to the destination Signaling Group(s)
- Call Route Table — contains one or more Call Route Entries
The components are shown in the screen captures below :
 |  |
We need to go through each of these components to make sure the parameters are correct. Lets begin with Call Routing Transformation. There are two entries one for each direction of the call - From Teams to SIP Trunk and from SIP Trunk to Teams. Since we are not doing any manipulation, the parameters for this lab are basically a "passthrough" configuration as shown below:
Next, the Call Routing table. Again, there are two entries one for each direction of the call - From Teams to SIP Trunk and from SIP Trunk to Teams. The parameters for SIP Trunk to Teams as shown below:
And parameters for Teams to SIP Trunk are shown below:
Next lets look at the Signaling Groups. There are two groups, one for Teams which is shown below:
And the second signaling group is for the SIP Trunk:
Each Signaling Group has an associated SIP Profile that defines parameters. Thus there are also two SIP Profiles in this lab. The first profile is for Teams and is shown below:
The second profile is for the SIP Trunk Border Element (BE) and is shown below:
SIP Server Tables contain information about the SIP devices connected to the SBC Edge. The entries in the tables provide information about the IP Addresses, ports, and protocols used to communicate with each server. The Table Entries also contain links to counters that are useful for troubleshooting. Again there are two SIP Server Tables, the first being for MS Teams as shown below:
And the second SIP Server Table is for the SIP Trunk Border Element where there will be 2 entries since there is a primary and secondary:
Next we look at the Media Configuration. In this lab we are using the default values in the SBC and thus the firewall ports must be opened accordingly:
Next lets look at the Media profiles for the Direct Routing trunk. Media profiles for the G.711 A and U law codecs are shown below:
The media configuration also includes an SDES-SRTP Profile. SDES-SRTP Profiles define a cryptographic context which is used in SRTP negotiation. SDES-SRTP Profiles required for enabling encryption and SRTP are applied to Media Lists. SDES-SRTP Profiles was previously named Media Crypto Profiles. This is shown below:
Finally, we look at Media Lists. Media Lists allow you to specify a set of codecs and fax profiles that are allowed on a given SIP Signaling Group. They contain one or more Media Profiles, which must first be defined in Media Profiles. These lists allow you to accommodate specific transmission requirements, and SIP devices that only implement a subset of the available voice codecs. To use a Media List, select it, from the Media List field of a SIP Signaling Group or Call Routing Table entry. On our SBC, we have two media lists, one for Teams as shown below:
And the second Media List for the SIP Trunk as shown below:
Last but not least, we use the default Tone Tables defined on the SBC:
This concludes this rather long blog post on configurating MS Teams Direct Routing using RIbbon SBC1000 and SIP Trunk. In the next post, we will configure Media Bypass on this environment.
RSS Feed