In the previous blog post a Ribbon SBC1000 was configured for Teams Direct Routing using SIP Trunk from Masergy and tests calls made using the new Poly CCX Native Teams phones. That setup was configured with the default non media-bypass where media always flowed between the SBC and Microsoft Office365 Teams media processors or relays. As a follow up to that, this blog posts walks through the configuration of media bypass in the same lab setup, allowing media to flow directly between the Teams phones and the SBC, thereby simplifying the media flow allowing for potentially better call quality. Since it is fairly straightforward to configure media bypass, this post also provides wireshark packet capture on the SBC to show the media flow between non media-bypass and media-bypass calls
- Media bypass leverages protocols called Interactive Connectivity Establishment (ICE) on the Teams client and ICE Lite on the SBC. Hence we need to enable ICE Lite on our Ribbon SBC1000 which was possible from verion 8.0.2 of the SBC firwmare
- For internal networks, the Teams client must be able to access the public IP of the SBC from the internal network to leverage media bypass. This is the recommended solution when a user is in the same network as the SBC.
- For external networks, the Teams client can either access the SBC public IP directly for media bypass, otherwise if it cannot then the client will communicate to SBC via Transport Relays. For media optimization purposes, Microsoft recommends only allowing transport relays to access the SBC public IP. However just for testing purposes to show the media bypass flows, we will allow the Teams phones to reach the public IP of the SB in our setup.
- Media Processors are always in the path for end user non-bypassed calls, but never in the path for bypassed calls. Media Processors are always in the path for all voice applications such as Call Park, Organizational Auto Attendant, and Call Queues
To begin configuring for media bypass, we first make sure that ICE Lite is enabled on the SBC1000 Sigaling Group Table for the Teams Direct Routing connection as shown below:
Inbound Public (Internet to SBC):
- Media for SBC 1000: UDP 17586-21186 (default)
- Media for SBC 2000: UDP 19386-28386 (default)
Outbound Public (SBC to Internet):
- Media: UDP 50000-50019
- If the device that handles the NAT between the Teams Client and SBC Public IP is performing PAT (Port Address Translation), verify that this device has the source port range of the Teams Client media or open all the ports from 1024 to 65535.
Before enabling Media Bypass, lets first do a packet capture of the Teams phone making a call to PSTN without media bypass. As can be seen in the wireshark screenshot below, all media traffic is flowing between the Teams media processor and the SBC, and between the SBC and the SIP trunk. Hence the media traffic on the phone is always going to the O365 cloud:
In conclusion, media bypass enables Teams clients to shorten the path of media traffic and reduce the number of hops in transit for better performance. With media bypass, media is kept between the Session Border Controller (SBC) and the client instead of sending it via the Microsoft Phone System and this hopefully this blog posts serves as a reference on the configuration of SBC and also showing the actual network packet trace of both media-bypass and non media-bypass scenarios.