UCPrimer
  • Tech Blog
  • About UCPrimer.com

Deploy MS Teams Direct Routing using Ribbon SBC1000

10/31/2019

7 Comments

 
Picture
In a previous blog post a technical deep dive on deploying enterprise voice on Microsoft Teams was provided. In this post, we supplement and complete the discussion holistically by providing configuration guidance of a certified Session Border Controller (SBC) for Direct Routing. In this lab, we leverage the same tenant with Office365 E5 licenses and deploy a Ribbon (formerly Sonus) SBC1000 along with a PSTN SIP Trunk from Masergy including DID numbers. Detailed configuration screen shots of the SBC will be provided along with explanatory notes. Special thanks to DMUnified for assistance with the SBC!
​The technical details of deploying Microsoft Phone System Direct Routing is already well documented on the MS-Docs site and shall not be repeated here. In this blog post we focus specifically on configuring a Ribbon SBC1000 for direct routing. In a nutshell, Direct Routing lets organizations using MS Teams connect a certified Session Border Controller (SBC) to Microsoft Phone System to provide PSTN connectivity with Microsoft Teams clients and devices, as shown in the following diagram
Picture
First and foremost, our SBC1000 is running firmware revision 8.0.2 as shown below. This is also the latest revision at the time of this post. Compared with older revisions, there are some enhancements such as a better wizard for Teams Direct Routing and the auto-creation of other elements which we'll dive into later. New firmware revisions are always available on the Ribbon portal.
Picture
Picture
The SBC is deployed in the perimeter network has 1 GigE interface connected to the internal facing network and the other to the external facing network that is behind the firewall:
Picture
The SBC has a hostname and domain and the FQDN corresponds to a Common Name of the SSL certificate obtained from a certified CA provider, in our case it is GoDaddy. Other fields required include the DNS and NTP servers:
Picture
For the certificate, we generated the CSR on the SBC and obtained a single domain SSL certificate from GoDaddy and loaded it onto the SBC as shown below:
Picture
We also need to upload the GoDaddy Root CA certificates and the Microsoft Direct Routing CA Certificate into the SBC's Trusted CA certificate table as shown below:
Picture
With the basic networking configuration in place, we can start configuring Teams direct routing on the SBC. As mentioned, the SBC1000 provides a wizard for easy configuration. The first step requires us to specify the scenario parameters as shown below:
Picture
Next we specify the SIP Trunk parameters. Typically SIP trunk providers will allocate 2 IP addresses for the Border Element Server which we enter into the wizard along with UDP/5060. We also need to specify the public facing network interface of the SBC as the Signaling/Media Source IP. Since our SBC is behind a NAT firewall, we also need to enable Outbound NAT traversal and specify the public IP address that resolves to our SBC's FQDN. All these are shown in the diagram below:
Picture
To complete the wizard we review the parameters and click "Finish" to start the creation of the various components:
Picture
The wizard will also automatically create the necessary components for Teams direct routing to function properly. These include:
  • Call Routing - Transformation and Call Routing Table
  • Signaling Groups
  • SIP Profiles
  • SIP Server Tables
  • Media - Media Profiles, SDES-SRTP Profiles and Media list

In the SBC, all call routing occurs between Signaling Groups. 
Signaling Groups are the logical representations of call-handling systems such as private branch extensions (PBX), Microsoft Teams Phone System or on-premise Skype for Business Servers, fax machines and analog phones. In order to route any call to or from a call system connected to SBC, you must first configure a Signaling Group to represent that device or system. The following list illustrates the hierarchical relationships of the various Telephony routing components of a SBC call system:
  • Signaling Group — describes the source call and points to a routing definition known as a Call Route Table
    • Call Route Table — contains one or more Call Route Entries
      • Call Route Entries points to the destination Signaling Group(s)
Each call routing entry describes how the call should be routed and also points to a Transformation Table which defines the conversion of names, numbers and other fields when routing a call.

The components are shown in the screen captures below :
Picture
Picture
We need to go through each of these components to make sure the parameters are correct. Lets begin with Call Routing Transformation. There are two entries one for each direction of the call - From Teams to SIP Trunk and from SIP Trunk to Teams. Since we are not doing any manipulation, the parameters for this lab are basically a "passthrough" configuration as shown below: 
Picture
Picture
Next, the Call Routing table. Again, there are two entries one for each direction of the call - From Teams to SIP Trunk and from SIP Trunk to Teams. The parameters for SIP Trunk to Teams as shown below:
Picture
Picture
And parameters for Teams to SIP Trunk are shown below:
Picture
Picture
Next lets look at the Signaling Groups. There are two groups, one for Teams which is shown below:
Picture
Picture
And the second signaling group is for the SIP Trunk:
Picture
Picture
Each Signaling Group has an associated SIP Profile that defines parameters. Thus there are also two SIP Profiles in this lab. The first profile is for Teams and is shown below:
Picture
Picture
The second profile is for the SIP Trunk Border Element (BE) and is shown below:
Picture
Picture
SIP Server Tables contain information about the SIP devices connected to the SBC Edge. The entries in the tables provide information about the IP Addresses, ports, and protocols used to communicate with each server. The Table Entries also contain links to counters that are useful for troubleshooting. Again there are two SIP Server Tables, the first being for MS Teams as shown below:
Picture
And the second SIP Server Table is for the SIP Trunk Border Element where there will be 2 entries since there is a primary and secondary:
Picture
Next we look at the Media Configuration. In this lab we are using the default values in the SBC and thus the firewall ports must be opened accordingly:
Picture
Next lets look at the Media profiles for the Direct Routing trunk. Media profiles for the G.711 A and U law codecs are shown below:
Picture
Picture
The media configuration also includes an SDES-SRTP Profile. SDES-SRTP Profiles define a cryptographic context which is used in SRTP negotiation. SDES-SRTP Profiles required for enabling encryption and SRTP are applied to Media Lists. SDES-SRTP Profiles was previously named Media Crypto Profiles. This is shown below:
Picture
Finally, we look at Media Lists. Media Lists allow you to specify a set of codecs and fax profiles that are allowed on a given SIP Signaling Group. They contain one or more Media Profiles, which must first be defined in Media Profiles. These lists allow you to accommodate specific transmission requirements, and SIP devices that only implement a subset of the available voice codecs. To use a Media List, select it, from the Media List field of a SIP Signaling Group or Call Routing Table entry. On our SBC, we have two media lists, one for Teams as shown below:
Picture
Picture
And the second Media List for the SIP Trunk as shown below:
Picture
Picture
Last but not least, we use the default Tone Tables defined on the SBC:
Picture
This concludes this rather long blog post on configurating MS Teams Direct Routing using RIbbon SBC1000 and SIP Trunk. In the next post, we will configure Media Bypass on this environment.
7 Comments
Rizwan Ullah link
2/22/2020 05:53:56 am

Hello

I really enjoyed your article. It is a great one.

"My question is"

Microsoft Phone system provide an E.164 number format but our existing PBX works on 4 digits extension number. Now, when we would route the call received from Teams > PBX > Trunks (as the existing IP PBX cannot be removed and has analogue trunks) how would PBX receives the call and route it outbound if the teams user wants to make an outbound call and vice versa?

Thanks

Reply
Harish Kumar
8/7/2020 11:10:22 am

hi rizwan, you will need to setup sip trunk from pbx to sbc. and rest is at pbx for what call to go to analog lines and which call to pbx extension. teams user can be set with 4 digit tel uri at sbc we can remove and add digits as well.

Reply
Jim
10/27/2020 12:52:23 pm

Great guide...you got me about 97% of the way there!

The one thing I'm trying to overcome is that i previously used SFB unassigned numbers and announcements to forward specific numbers in our range out to MS Teams auto attendants and call queues. Since there is no unassigned number functionality in teams, I'm using a transformation table that converts the specified number when it hits the gateway to the sip address of the call queue (ie, hg_83942374834@domain.com) and added that table to the call routing that directs calls from PSTN to Teams Direct Routing. The call does route as expected, but it seems to fail when it hits Teams...
480 Temporarily Unavailable

REASON: Q.850;cause=31;text="1e181a52-7748-4192-9023-0e888d6d26b7;No callee endpoints were found."

Any ideas?

Reply
harish kumar
12/9/2020 11:49:02 pm

hi jim,

you need to check the resource account associated with the landing number. it should be in E.164 and assigned to resource account with virtual license.

Reply
DJ
12/6/2020 05:27:42 am

I get below error when i try to upload my .pem file i recevied from go daddy under SBC Primary Certificate. I have also uploaded .crt x2 files under CA. Also Baltimore Microsoft certificate. This is a SBC swelite running on Azure.

"Failed to authenticate (Server) certificate, X509 Verify Error ( 2): (unable to get issuer certificate)"

Any idea why?

Reply
Brennon Kwok link
12/7/2020 05:45:03 am

Hi DJ

This can happen if the certificate subject name (SN) does not match the FQDN of the SBC. Can you check this?

Reply
harish kumar
12/9/2020 10:59:20 pm

Hi DJ,

The error appears to be due to missing the complete certificate chain.
There is 2 ways.
1. You get the certificate with complete chain in PFX format and upload this should solve your problem.
2. You can use .pem certificate, since you are using godaddy as your public CA please upload the root and intermediate certificate before uploading the ssl certificate.
3. As @BRENNON KWOK Mention check for the SN of SBC FQDN in certificate.

hope this helps.

Reply

Your comment will be posted after it is approved.


Leave a Reply.

    Picture
    Picture

    Important Links

    Microsoft Teams Docs
    Microsoft Learn

    ​Microsoft MVP Blogs

    Michael Tressler’s Blog
    Michael’s MTR Quick Tip Videos
    Jimmy Vaughan’s Blog
    Jeff Schertz
    Adam Jacobs
    James Cussen
    ​Damien Margaritis

    Archives

    September 2022
    August 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    June 2021
    April 2021
    March 2021
    December 2020
    October 2020
    September 2020
    August 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    March 2019
    November 2018
    October 2018
    September 2018
    August 2018
    June 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    August 2017
    July 2017
    April 2017
    March 2017
    February 2017
    January 2017
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    January 2016
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    September 2012
    August 2012

    Categories

    All
    Edge
    Exchange 2013
    Hybrid
    Lpe
    Lync 2010
    Lync 2013
    Mobility
    Oauth
    Office365
    Polycom
    Ucs

    RSS Feed

    This website uses marketing and tracking technologies. Opting out of this will opt you out of all cookies, except for those needed to run the website. Note that some products may not work as well without tracking cookies.

    Opt Out of Cookies