AudioCodes SBC

in
Microsoft Teams Environment
Essentials & Configuration
Itzik Mey-Tal
[email protected]

AudioCodes Academy
https://www.audiocodes.com/services-support/audiocodes-academy
Course Objectives

• After completing this course, you will be able to:

• Configure AudioCodes equipment using various management tools

• Understand the operating, maintenance and monitoring tools of AudioCodes equipment
• Troubleshoot and debug AudioCodes equipment
• Integrate the Mediant SBC in the Microsoft Teams environment that require integrated
voice components
• Become familiar with Teams Direct Routing related voice configuration aspects
• Become familiar with SBC application functionalities
• Understand the Survivability concept

2
Lessons & Course Timetable
Day 1 Day 3
AudioCodes Introduction Teams System Overview
AudioCodes Management Interface Introduction SBC Configuration for Teams
AudioCodes Documentation Hands-on Lab 3 – Teams to SIP Trunk Connection
GWs & SBC Product Line SBC Number & Message Manipulation Introduction
Hands-on Lab 1 – Management Interface Usage Hands-on Lab 4 – SBC Message Manipulation

Day 2 Day 4
SBC Application Description Digital GWs Basic Configuration
SBC Basic Terminology SBC Survivability
SBC Configuration SBC High Availability
Debugging Tools Hands-on Lab 5 – SBC Survivability
SBC Wizard (optional)
Hands-on Lab 2 – SBC Routing Certification Exam
3
Lesson 1

AudioCodes Introduction
AudioCodes in a glance

• Market leader in VoIP networking products

• Recognized brand for quality & performance
• Deployed in over than 100 countries in service provider and enterprise networks
• Global partnerships with leading telecom players
• Large Fortune 100 install base
• 1000 employees worldwide, ~40% R&D
• More than 29 years of VoIP expertise
• Public since 1999 (NASDAQ:AUDC)

https://www.audiocodes.com/corporate/about-audiocodes 5
Global Presence and Support

• Worldwide presence:
• Headquarters: Israel
• North America: USA and Canada
• APAC: Singapore, China, Japan, India, Korea, Australia, Hong Kong, etc.
• EMEA: Germany, UK, France, Netherland, Russia, Italy, South Africa, Poland, Sweden, etc.
• CALA: Brazil, Mexico, Argentina, Colombia, etc.
• Global Distribution Network covering more than 100 countries
• Support Centers covering all time zones
• 3 Logistics Centers in North America, EMEA and APAC

6
Broadest Portfolio of Products

Management/Apps
Routing Manager OVOC CloudBond 365/SBA UMP Apps

Room Solutions
& IP Phones All-In-One
405 445 450/C450 470 Video Collaboration Bar Personal Webcam UC-HRS Speakers Conference Phone

Virtual & Cloud SBC

Mediant VE (Virtual Edition) Mediant CE (Cloud Edition)

Pure SBC
Mediant 2600/B Mediant 4000/B Mediant 90xx Mediant SE Software Edition

Hybrid SBC/Gateway
Mediant 500/L Mediant 800B/C Mediant 1000B Mediant 3100

Gateways/Adaptors
MP-2xx MP-1xx MP-124 MP1288
7
The Voice Experts @ Your Service

Network Voice Project Planning & Site Survey, AudioCodes

Readiness Management Design Installation & Academy
Assessments Design
Implementation
Implement

Test

5 10 20 25 30 35

24x7 Technical Hardware Local Technician Software Remote

Support Replacement Dispatch Upgrades Monitoring
12

9 3

12
End to End 9 3
Managed Services 6

8
Technical Training – Career Certifications
• Two types of Certification Levels:

• ACA – AudioCodes Certified Associate

• Basic level certification
• Required for the installation and maintenance of AudioCodes devices

• ACP – AudioCodes Certified Professional

• Advanced level certification
• Required for the installation, maintenance and advanced troubleshooting
of all AudioCodes networking products in advanced customer scenarios
• Prerequisite: ACA certification and 6 months of field experience as ACA

* Certificates are valid for two years

9
Technical Training – Career Certifications
• Record of Participation courses:
• AudioCodes SBC: Fundamentals
• AudioCodes CCE: Installation & Configuration
• AudioCodes Routing Manager (ARM) Participation
• AudioCodes OVOC
• VoIP and SIP Fundamentals
• ACA courses:
• AudioCodes SBC: Essentials & Configuration
• AudioCodes SBC in Microsoft Teams Environment: Essentials & Configuration
• AudioCodes SBC in Microsoft Skype for Business Environment: Essentials & Configuration
• AudioCodes Enterprise GW: Essentials & Configuration
• AudioCodes MSBR: Essentials & Configuration
• AudioCodes SBC Testing & Troubleshooting
• ACP courses:
• AudioCodes SBC: Advanced Interworking & Security
• AudioCodes SBC: Advanced Routing & Multitenancy
• AudioCodes SBC in Microsoft Teams Environment: Advanced

10
AudioCodes Website

https://www.audiocodes.com 11
Lesson 2

AudioCodes Devices Management Interface

Introduction
Objectives

• After completing this lesson, you will:

• Be familiar with the AudioCodes GUI
• Know how to assign IP Networking parameters
• Be familiar with the Maintenance Interface
• Understand ini file structure
• Know how to upgrade/downgrade firmware
• Know how to update the License Key

13
Management and Maintenance Options
Embedded Web Server Command Line Interface (CLI)

Configuration file REST-based programs

referred to as the ini file (such as AudioCodes’ OVOC)

14
Assigning Networking Parameters

• HTTP using Web browser

• Console/CLI
• DHCP
• BootP

15
Default Factory IP Address
Product Default
MP-11x FXS and FXS/FXO devices – 10.1.10.10/16
MP-124 FXO devices – 10.1.10.11/16
MP-1288
Mediant 500/L/Li E-SBC
Mediant 800B/C E-SBC
Mediant 1000B E-SBC
Mediant 2600 SBC 192.168.0.2/24
Mediant 3100 SBC
Mediant 4000/B SBC
Mediant 9030/9080 SBC
Software SBC (Mediant SE/VE/CE)

Mediant 500L/Li MSBR LAN – 192.168.0.1/24 (DHCP Server enable)

Mediant 800 MSBR WAN – DHCP Client

16
Assigning IP Address – HTTP

• Disconnect the SBC from the network and connect it to a PC

• Change the PC’s IP address and subnet mask to correspond with the SBC's factory
default networking parameters
• Open a Web browser and access the Web interface
• Change the networking parameters via ‘IP Interfaces’
• Reconnect the SBC and your PC to the network
• Restore your PC’s IP address and subnet mask to their original settings

17
Assigning IP Address – HTTP

18
Assigning IP Address – Console/CLI

• Establish a Console (VGA or COM) or CLI (Telnet/SSH) session with the device
• Use these communications port settings:
• Baud Rate: 115,200 bps
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None
• At the CLI prompt, type the following (case sensitive):
• Default Username: Admin
• Default Password: Admin

19
Assigning IP Address – RS-232

Username: Admin
Username: Admin
Password: Admin Password: *****

Mediant 800> enable

Password: Admin Password: *****

Mediant 800# configure network

Mediant 800(config-network)# interface network-if 0

Mediant 800(network-if-0)# ip-address 10.15.17.55

Note: Changes to this parameter will take effect when applying the 'activate' or 'exit’ command

Mediant 800(network-if-0)# prefix-length 16

Note: Changes to this parameter will take effect when applying the 'activate' or 'exit' command

After ‘exit’ the address Mediant 800(network-if-0)# gateway 10.15.0.1

Note: Changes to this parameter will take effect when applying the 'activate' or 'exit' command
changed. For remote
connection, logon Mediant 800(network-if-0)# exit
again using the new IP
Mediant 800(config-network)# exit
address
Mediant 800# write
Writing configuration...done

Mediant 800#

20
Assigning IP Address – DHCP
• Dynamic Host Control Protocol – provides a mechanism for allocating IP addresses dynamically so that
addresses can be reused
• After the Device is powered up if DHCP is enabled (DHCPEnable = 1), the Device attempts to obtain its IP
address and other network parameters from the DHCP server

21
Assigning IP Address – BootP

• Bootstrap Protocol allows a host to configure itself dynamically

• Provides two main services:
• Assigns IP address and networking parameters
• Provides the name of the software (cmp) file and configuration (ini) file to be loaded by
the device (via TFTP)
• Provides the IP address of the TFTP server
• MediaPack
• Hardware reset triggers a BootP request
• Mediant
• BootP request on startup is not supported on Mediant SBCs
• To force a BootP request, press the Reset button for 30 seconds (Rescue Mode)

22
Configuration File (ini file)

Serial Number = Decimal representation of the last

6 digits of the MAC address (i.e., 00:90:8F:49:5A:31)

7.40.250 – Major software version

A – Indicates that this is a SIP version (e.g., not Megaco)
262 – Minor software version

23
Configuration File (ini file)

Stand-alone Parameters

Table Parameters

24
ini File Parameters
• The ini file can be loaded via BootP/TFTP, Web interface, or using the automatic update mechanism
• Case insensitive
• Lines beginning with semi-colon (;) as first character are ignored
• Carriage Return must be each line’s final character
• Number of spaces before and after equal ( = ) is irrelevant
• Values of string parameters must be placed between two single quotes ( ‘ ’ )
• Syntax errors in value can cause unexpected errors (may be set to wrong values)
• Syntax error in the parameter name is ignored (error message is generated)
• When a parameter is missing from the ini file, its default is assigned
• Subsection names are optional [Optional Sub Section Name]

Parameter_Name1 = Parameter_Value
Parameter_Name2 = Parameter_Value
Parameter_Name3 = ‘String’

; REMARK
25
ini File Table Parameters

• Tables are used in ini files to represent parameters that have several instances
(e.g., Coders, Proxy servers, Routing tables, etc.)
• Examples:

26
AudioCodes INI Viewer & Editor
• A simple viewer and editor for configuration (INI) files used by AudioCodes Media
Gateway and Session Border Controller (SBC) products
• Two Modes:
• View Mode:
• Standalone and Table parameters can be viewed
in a very friendly way
• Edit Mode:
• Standalone and Table parameters can be edited
(modified, added, removed, etc.) for a very easy
way of changing their contents
• Once this is done, the new INI file can be saved
and uploaded to the device in order to apply the
new configuration

27
Accessing the Web Interface

Default Username: Admin

Default Password: Admin
28
GUI Areas

Toolbar providing
Company Logo Menu Bar Containing the Menus frequently required
• Setup command buttons
• Monitor
• Troubleshoot

Alarm bell icon: Displays the

number of active alarms
generated by the device

Button displaying
the username of
the currently
logged in user

29
GUI Areas

Tab bar containing tabs pertaining to the selected menu:

• Setup menu:
• IP Network
• Signaling & Media
• Administration
• Monitor menu:
• Monitor
• Troubleshoot menu:
• Troubleshoot

Navigation Tree

30
GUI Areas

Work pane:
Where configuration pages are displayed

31
GUI Areas

Search box for

searching parameter
names and values

32
Tool Bar

Button Description

Save Saves parameter settings to flash memory

Reset Resets the device
Opens a drop-down menu list with frequently needed commands:
Configuration Files to load or save an ini file
Auxiliary File to load auxiliary files such as: Dial Plans, Call Progress Tones, others
Actions
License Key to determine features, capabilities and available resources
Software Upgrade to upgrade the device's software
Configuration wizard
Displays the number of active alarms generated by the device
Opens a drop-down menu and:
Logon Name Shows the logged in user’s access level and session time
(i.e., Admin) Allow password change
Allows to Logout 33
Modifying/Saving Parameters
• When changing parameter values, the changed
parameter has a yellow background

• To save configuration changes to volatile memory

(RAM), click the Apply button
• A dot appears next to parameters changed from
their default values

• Modifications to parameters with on-the-fly

capabilities are immediately applied to the device
and immediately take effect
• Parameters displayed with a lightning symbol are
not changeable on-the-fly and require a device
reset
34
Modifying/Saving Parameters

• If you click the Apply button after modifying parameters a red rectangle appears
surrounding the Save button
• This is a reminder to save your settings to flash memory

• If you click the Apply button after modifying parameters that take effect only after
a device reset, a red rectangle appears surrounding the both, the Save and Reset
buttons
• This is a reminder to later save your settings to flash memory and reset the device

35
Stand-alone Parameters Indications Meaning

Parameters changed and not applied are highlighted

A dot appears next to parameters changed from their

default values and when the Apply button was clicked

Changes on parameters displaying a lightning-bolt icon,

require to be saved to flash memory followed by a device
reset for your changes to take effect

Typically required parameters are displayed in bold font

An invalid value for a parameter reverts to its previous

value and is surrounded by a colored border

To get help on a parameter, hover your mouse over the

parameter's field
A pop-up help appears, displaying a brief description of
the parameter

36
Table Parameters – General Description

Page title (name of table) Navigation bar for scrolling Search tool for searching
Also displays the number of through the table's pages parameters and values
configured rows as well as the Sort can be done
number of invalid rows by any column

Added table rows displaying

Adds a new row to the table only some of the table
Modifies the selected row parameters
Deletes the selected row

Detailed view of a selected row, displaying all parameters

Link to open the "child" table of the "parent" table.

Only appears if the table has a "child" table
37
Table Syntax
• The table is divided into three main areas: General, Matching characteristics and Action to take
• If the incoming call matches the characteristics of a rule, then the call is sent to the destination
configured for that rule
• Non-configured parameter fields
may appear with different values,
for example: “-1”, “0” or empty

38
Numbers Notation for Routing and Manipulation
• Flexible numbers notations for describing the prefix and/or suffix source
and/or destination phone numbers and SIP URI usernames:

▪ Prefix [n-m] or Suffix (n-m)

▪ Represents a range of numbers

▪ Prefix [n,m,...] or Suffix (n,m,...) Destination Username Pattern Source Username Pattern
▪ Represents multiple numbers 5 7x*
▪ Multiple ranges such as [n-m,s-t] are also supported 5* 1xxx
▪ Up to three digits can be used to denote each number 5# 1xxx#
(5) 976[4,5,7-9]xxx#
▪ x (letter ‘x’) 2[1-4,7,9] 2[2,6,7,9]
▪ Represents any single digit [100-150,222,244,300-499] 2[1-4]
6[100-300] (555)
▪ * (asterisk symbol)
▪ Represents any number
6[100-300]# [1-5][12,34][500-599]
976(99) *
▪ # (Pound symbol) (88[1-4])
▪ Represents the end of a number

39
Numbers Notation – Examples
• [2,3,4,5,8]xxx
• represents four-digit numbers or more that start with 2, 3, 4, 5 or 8
• Can write: [2-5,8]xxx
• [5200-5299]#
• represents four-digit numbers that start with 5200 to 5299
• 12345
• represents any number that starts with 12345
• 12345xx#
• represents seven-digit numbers that start with 12345 (from 1234500 to 1234599)
• 123[100-200]#
• represents six-digit numbers that start with 123 [123100 to 123200]
• (100)
• represents any number that finishes with 100
• (266[1-9])
• represents any number that finishes with 2661 to 2669
• 1[2,7][33,66]
• represents any number that start with 1233, 1266, 1733 or 1766 40
Fields to Match

• Device attempts to match patterns at the top of the table first (first match)
• More specific rules should be at the top and more generic ones at the bottom

Take the rule up

‘551’ will never match because ’55’

matches every prefix that starts with ’55’
41
Assigning Rows from other Tables

• Tables may contain parameters assigned a value which is a row referenced from
another table

A View button opens the

row-referenced table

42
Table Parameters Invalid Values Indications
• When adding a row:
• If a mandatory parameter’s value, which is a row referenced from another table is not assigned,
after clicking Apply, an error message is displayed at the bottom of the dialog box
• Clicking Cancel closes the dialog box and the row is not added to the table
• To add the row, you must configure the parameter

43
Table Parameters Invalid Values Indications
• When editing a row:
• If a parameter’s configuration is changed so that it's no longer assigned with a referenced
row from another table, when the dialog box is closed, the Invalid Line icon appears for
the table in which the parameter is configured, in the shown locations:

Item in the Navigation tree that Page title of the table. The total number of invalid rows in the
opens the table table is also displayed with the icon

'Index' column of the row to which the parameter belongs

44
Table Parameters Invalid Values Indications

• When a parameter assigned a value which is an invalid row referenced from

another
• The Invalid Reference Line Icon is displayed for the table in which the parameter is
configured, in the shown locations

Page title of the table. The total number of invalid rows in the table
is also displayed with the icon

'Index' column of the row to which the parameter belongs

Item in the Navigation tree that opens the table

45
Searching for Configuration Parameters

• Parameter names (standalone or table) and values can be searched in the Web
interface
• The search key can include the full parameter name (Web or ini file name) or a substring
of it
• For a substring, all parameters containing the substring in their names are listed in the
search result
• The search key for a parameter value can include alphanumeric and certain characters
• The key can be a complete value or a partial value
• When the device completes the search, it displays a list of found results based on
the search key
• Each possible result, when clicked, opens the page on which the parameter or value is
located

46
Searching for Configuration Parameters

Search can be by name or by value

47
Setup Menu: IP Network Option
• Home Page: NETWORK VIEW

IP Interfaces can be added, VLANs can be

edited, viewed or deleted added, edited,
viewed or deleted

Ethernet Groups
can be, edited
or viewed

Physical Ports
can be, edited
or viewed

48
Setup Menu: Signaling & Media Option
• Home Page: TOPOLOGY VIEW

Trunk Groups
can be added IP top view (i.e.
Tel view
related to the WAN)
(i.e. related to the PSTN)

SIP Interfaces can be added SIP Interfaces can be added Media Realms can
and shown at the top or and shown at the top or be added and shown
bottom (GW application) bottom (SBC application) at the top or bottom

IP bottom view (i.e.

related to the LAN)

IP Groups can be added

49
Setup Menu: Signaling & Media Option
• Home Page: TOPOLOGY VIEW

Click to edit,
show, or delete
parameters or
tables

Hover to see the

basic configuration

50
Setup Menu: Signaling & Media Option
• Home Page: TOPOLOGY VIEW

Direct links to the SBC’s

Direct links to the main parameters and
Gateway’s main tables
parameters and tables

The links between SIP Interfaces, Media

Realms and IP Groups are shown

Indications of valid or invalid configuration on tables or parameters

51
Setup Menu: Administration Option
• Home Page: TIME & DATE

Displays and allows to configure Displays and allows to configure

the local time and date the UTC, offset and DST

Displays and allows to configure

the NTP server information

52
Web Local Users Table

User levels:
• Monitor
• Administrator
• Security Administrator
• Master 53
Maintenance Actions
• Reset Device: After a Web reset, the device starts from Flash
• Lock: The device doesn't accept any new incoming calls
• Save to Flash: Save the running configuration to the memory
• Graceful Option: Shutdown will perform only after X configured sec. or no more active traffic exists

• Yes: The device locks only after a user-defined duration, configured in the 'Lock • Enable to terminate (close) existing TLS/TCP client
Timeout' field. During this interval, no new traffic is accepted, allowing only connections and reject new incoming TLS/TCP client
existing calls to continue until the timeout expires. If at any time during this connections during the locked state.
timeout there are no active calls, the device locks. If there are still active calls • Disable (default), existing client connections will
when the timeout expires, the device terminates them and locks remain, and incoming TLS/TCP client connections
• No: The device locks immediately, terminating all existing traffic will be accepted during the locked state
54
Maintenance: Configuration File

Load/Save ini Configuration File

To restore the defaults, use ‘Restore Factory Defaults’

with/without checked ‘Preserve basic connectivity’
Addition way, use an empty ini file

Configuration, Auxiliary and Certificate files can be

loaded to and saved from the device as a single,
packaged file
The feature is typically used for backup and loading
the backup to other devices

55
Configuration Package Files
• ini.ini (ini configuration file)
• LOGO.dat (image file used as the logo in the Web interface)
• FAVICON.dat (favicon file used for Web browsers)
• CPT.dat (Call Progress Tone file)
• PRT.dat (Pre-recorded Tone file)
• AMD.dat (Answer Machine Detection file)
• SBC_Wizard.dat (SBC Configuration Wizard template file)
• CAS file – present only if a CAS file was previously loaded to the device
• Certificate files (<ctx_id>.crt, <ctx_id>.root, <ctx_id>.pkey)
• DialPlanRule.csv (Dial Plan file)

56
Maintenance: Auxiliary Files
• Various auxiliary files can be
loaded to the device

57
Maintenance: Upgrading & Downgrading Software

• The device can be updated with software (cmp file), configuration (ini file), auxiliary files and
license key using:
• Web interface
• BootP/TFTP utility
• Automatic Update Mechanism

58
Maintenance: License Key

• Supplied with SBC and digital gateways (not relevant for MP-1xx)
• Determines features, capabilities and available resources
• Provided in string format or in a txt file to be loaded to the device
• Stored in the device's non-volatile flash memory
• After loading the new key, the device must be reset
• Two options for manage the license:
• Local on the SBC
• By AudioCodes OVOC

59
License Types for SBCs
• Local License
• By loading a license key to the device, without requiring the OVOC

• Fixed License
• Allows a 'tenant' operator to update licenses from a central pool in a simple process
• The operator can allocate and de-allocate the licenses for the devices in the pool according to their capacity
requirements
• Requires SBCs loaded with version 7.0 or later

• Floating License – Cloud Mode

• This mode manages the license per tenant in the Cloud using the AudioCodes Floating License Service
• Requires SBCs loaded with version 7.2.202 or later and OVOC version 7.4.3000 or later

• Floating License – Flex Pool Mode

• It supports a Floating License across a network without the need to connect to a public cloud and enables service to
continue uninterrupted for a grace period once the license has expired
• Requires SBCs loaded with version 7.2.256.300 or later and OVOC version 7.8 or later

60
Local License Key

61
Device License Key in Fixed Pool Mode

62
Device License Key in Cloud Mode

63
Device License Key in Flex Pool Mode

64
Monitor Menu
• Home Page: MONITOR

Shows the IP Address, Firmware, Type of Devices and Serial Number

Displays status and

information on the hardware

Displays SBC’s statistics and information on

calls, transactions and registration

65
Device Information

66
Troubleshoot Menu

• Home Page: MESSAGE LOG

67
Auto-Completion Editor
• Auto-completion for parameters whose values are configured using a special syntax
• An Editor button is displayed alongside their fields, which when clicked, opens a syntax editor
• As text is typed in the field, the user is prompted with optional syntax

68
AdminPage

• Used to configure parameters that don’t appear in the Web interface

69
Lesson 3

AudioCodes Documentation
Lesson Objectives

• After completing this lesson, you will:

• Understand how to obtain technical documentation from AudioCodes’ Web site
• Be familiar with the different documents that AudioCodes publishes regularly for its'
products
• Understand how to use the documents for configuration and maintenances purposes

71
Obtaining AudioCodes Documentation

• You can access all AudioCodes' documentation from AudioCodes Web site
• This includes:
• Technical documentation (user manuals, hardware installation manuals, configuration
and release notes)
• Homologation material (regulatory information)
• Partner/channel material (interoperability guides etc.)
• Marketing material (white papers, application notes, product notices, etc.)

72
Obtaining Document

73
Obtaining Document (Cont.)

• Use the following filters to search for you document:

• Product Family: Choose the family to which the product belongs
• Product: Choose the required product
• Software Version: Choose software version (e.g., Version 7.4)
• Documentation Type: Choose the type of document (e.g., User Manuals)
• Example

74
Specific Documentation

• For each product, the User’s Manual documents are published per release:
• Analog Gateways (MediaPack family):
• MP-11x & MP-124, MP-1288

• Digital Gateways and/or SBCs (Mediant family):

• Mediant 500/L/Li, 800B/C, 1000B, 2600, 3100, 4000/B, 90xx, SW VE/SE/CE

75
Hardware Installation Manual

• Hardware description and step-by-step

procedures for installing and cabling the device
• Divided into chapters, such as:
• Overview of the product
• Unpacking the device
• Physical description
• Mounting the device
• Cabling the device
• Hardware maintenance

76
Enterprise Gateways and SBCs User’s Manual

• Main document for configuration and maintenance

• Divided into parts, such as:
• Overview of the product
• Getting started
• Management tools
• General System Settings
• General Configuration
• Specific applications’ description and configuration
• Maintenance
• Status, Performance Monitoring and Reporting
• Diagnostics
• Appendixes
• Identified by software release version
77
Additional Documentation – Release Notes

• Besides the previous manuals there are other

useful documents
• Release Notes
• One per software release
• Includes:
• New features
• Updates
• Bugs fixing
• Workarounds on existing constraints
• Others

78
Additional Documentation

• Complementary Guides
• Includes
• Reference Guides
• Design Guides
• Security Guidelines
• Utilities Guides
• Others

• Identified by software release version

79
Additional Documentation – Configuration Notes

• Configuration Notes
• Document providing a detailed description on how
to configure a specific feature/function/application
for a product
• Normally referenced by the User’s Manual

80
Lesson 4

Gateways and SBC Product Line

Lesson Objectives

• After completing this lesson you’ll be able to:

• Identify AudioCodes analog and digital gateways
• Identify AudioCodes products that support SBC

82
Analog Gateways Overview

• Analog FXS and FXO VoIP gateways

• Available configurations:
• MP-112 featuring 2 FXS ports
• MP-114 featuring 4 FXS / FXO / Mixed FXS + FXO ports
• MP-118 featuring 8 FXS / FXO / Mixed FXS + FXO ports
• MP-124 featuring 24 FXS ports
• MP-1288 featuring up to 288 FXS ports (SBC capability)

• Firmware file:
• MP-11x gateways (FXS and FXO) use the same firmware (.cmp) file *
• MP-124 gateway requires it own firmware file *
• MP-1288 gateway requires it own firmware file

Note: The latest maintenance firmware version for MP-11x and MP-124 is 6.6

83
Analog Gateways Portfolio

MP-112 MP-114 MP-118 MP-124 MP-1288

Number of
analog ports
2 4 8 24 288

FXS / FXO FXS FXS / FXO FXS / FXO FXS FXS

Power Supply AC AC AC AC / DC AC / DC

84
Digital Gateways Overview

• Digital PRI and BRI VoIP gateways

• Up to 16000 simultaneous calls Mediant 500L Mediant 500 Mediant 1000B
• SBC capability (some of them)
• Analog capability (some of them)
Mediant 800B Mediant 800C Mediant 3100

Mediant 5000
Mediant 8000

Note:
• The latest maintenance firmware version for Mediant 5000 and 8000 is 6.6

85
SBC Portfolio

Hybrid SBC/Gateway
Mediant 500/L Mediant 800B/C Mediant 1000B Mediant 3100

Pure SBC
Mediant 2600 Mediant 4000/B Mediant 90xx Mediant SE Software Edition

Virtual & Cloud SBC

Mediant VE (Virtual Edition) Mediant CE (Cloud Edition)

86
Hybrid SBC Portfolio

Mediant 500L/Li E-SBC Mediant 500 E-SBC Mediant 800B/C E-SBC Mediant 1000B E-SBC Mediant 3100 SBC

Small Enterprise, SMB, SMB, SME, Enterprise,

End customer SMB
Branch Branch Branch Service Providers
SIP Trunk, SIP Trunk,
Demarcation Device, SIP Trunking, SIP Trunking,
Application Survivability, Survivability,
SIP Trunking TDM Trunking TDM Trunking
TDM Trunking TDM Trunking

Sessions 60 250 400 150 5000

SRTP-RTP 60 200 300 120 5000

Transcoding N/A N/A 114 96 3072

Registers 200 1500 2000 600 20000

4*Analog, 4*Analog, 12*Analog, 8*BRI, 24*Analog, 20*BRI,

Media Gateway 8*64 E1/T1
4*BRI 1*E1/T1 4*E1/T1 6*E1 or 8*T1

MSBR √ √ √ X X

OSN X X √ √ X
87
Pure SBC Portfolio

Mediant 2600 SBC Mediant 4000/B SBC Mediant 9030/9080 SBC Mediant SE
Large Enterprise, Large Enterprise,
Enterprise, Service Providers,
End customer Service Providers, Service Providers,
Contact Center OEM
Contact Centers Contact Centers
SIP trunking, SIP trunking, SIP Trunking,
Application SIP Trunking
Service Provider Access SBC Service Provider Access SBC SP Access SBC
Sessions 600 5000 30000/70000 70000
SRTP-RTP 600 3000/5000 30000/40000 40000
600 2400/5000 9080 only - 30000 25000
Transcoding
(with MPM4) (with MPM) (with Media Component) (with Media Component)
Registers Up to 8000 Up to 20000 Up to 200000/500000 Up to 500000
OSN √ √ X X

88
Virtual & Cloud SBC Portfolio

Mediant VE Mediant CE (Cloud Edition)

Enterprise
Enterprise
End customer ISVs & OEMs
Service Providers
Service Providers
SIP Trunking SIP Trunking
Application
Service Provider Access SBC Service Provider Access SBC
Sessions 24000 70000
SRTP to RTP 10000 40000
Up to 12,000 30000
Transcoding
(with Media Component) (with Media Component)
Registers 75000 500000

89
Open Solutions Network (OSN) Server Hosted Mediant

Parameter OSN3C OSN4B OSN6 OSN7

Intel® Pentium® Processor Intel® Xeon® Processor Intel® Core™ i7-5850EQ Intel® Pentium® Processor
CPU D1508 D-1527 Processor D Series
2 Cores, 3M Cache, 2.20 GHz 4 Cores , 6M Cache, 2.20 GHz 4 Cores, 6M Cache, 2.7 GHz 2 Cores, 3M Cache, 2.60 GHz
Memory 8 GB 16 GB 32 GB 16 GB
Hard Up to 2 hard drives (HDMX modules) 500 GB HDD or 120GB
128 GB SSD (or higher, for special request)
Drives SSD (2 HDD can work in Raid1)

• 2 Gigabit Ethernet external (rear panel)

• 2 Gigabit Ethernet external (rear panel)
• 1 Gigabit Ethernet internal bus, connected to the Mediant
• 1 Gigabit Ethernet internal bus, connected to the Mediant
Interfaces • USB 2.0
• 3 USB 2.0
• RS-232
• VGA
• Graphics

• Mediant 1000B
Mediant • Mediant 800B
• Mediant 2600B (just for SBA)
Types • Mediant 800C
• Mediant 4000B
90
Multi-Service Business Routers – MSBR

• Dual Processors (CMX & RMX)

• WAN port: WAN Gigabit Ethernet, T1 WAN, SHDSL, ADSL/VDSL
• Strong CLI management
• Data Routing capabilities by providing static routing and dynamic routing protocols such as
RIP/OSPF and BGP
• Supports a selection of WAN interfaces providing flexibility connecting to Service Providers
• Firewall
• QoS
• 3G/4G connection used as primary WAN interface or as backup when primary WAN fails

• Products:
• Mediant 500/L/Li
• Mediant 800B/C

91
Media Processing Module (MPM)

• Optional, customer-ordered AMC-based module

• Provides additional Digital Signaling Resources (DSP) required for transcoding call
sessions
• Different MPM module types are available:
• MPM4 module, providing 4 DSPs (up to 600 sessions)
• MPM8 module, providing 8 DSPs (up to 2400 sessions)
• MPM8B module, providing 8 DSPs (up to 2400 sessions)
• MPM12B module, providing 12 DSPs (up to 3250 sessions)
• Up to three MPM modules can be installed
• Both (MPM4 and MPM8) module types can be installed in the same Mediant
2600/4000 chassis
• Both (MPM8B and MPM12B) module types can be installed in the same Mediant
4000B chassis

92
Media Transcoder (MT) and Media Transcoding Cluster (MC)

• External DSP resources for media-related features requiring DSPs

• 2 types of deployment:
• Hardware based on the Mediant 4000B chassis and MPM8B or/and MPM12B modules
• Virtual based on Mediant VE platform and virtual DSPs
• Supported only by Mediant 9080 and SW-SBC VE
• Each MT device support up to 5000 media session
• As transcoding needs increase, multiple MT devices can be configured as farm of
Media Transcoding Cluster (MC)
• Up to 8 MTs for hardware-based appliance
• Up to 5 MTs for virtual based appliance
• Provides load-sharing and cluster redundancy
• MT cannot be shared by multiple SBC devices

93
Media Transcoding Cluster (MC)
• The Media Transcoding Clusters are "hidden" from the endpoints being serviced by the SBC
• Requires a suitable License Key

94
SBCs journey to the cloud
30000 1.2
Fixed

• SBC traffic demands are dynamic allocation

25000 1
• Sizing an SBC for worst-case scenario
is cost prohibitive 20000 0.8
Active Calls
• SBC elasticity is key for resource

Active calls
Dynamic
optimization – you can start small 15000 allocation 0.6
and grow as needed
10000 0.4

5000 0.2

0 0
calls Resources

95
Mediant Cloud Edition SBC (Mediant CE)
• Separated signaling and media processing (built out of dedicated functional blocks)
• Elastic Media Cluster (traffic-based scalability)
• Full SBC functionality
• Single management point
• Multi Cloud (Amazon AWS and Microsoft Azure)
• Built-in HA

Signaling and management

CLI
SC SC REST
Stack API

Manager
MC MC MC MC MC … Automation
- New SBC Stack Manager
- REST API for all actions
media media media - CLI for scripting languages
Virtual infrastructure - NFV and DevOps API
(compute, storage, networking)
96
Hands-on Lab 1

Management Interface Usage

Lesson 5

SBC Application Description

Lesson Objectives

• After completing this lesson you’ll know:

• Where and how to have the SBC located

• SBC functions

99
SBC Definition

• A device/application which:
• Manages a VoIP session by performing:
• Session setup
• Call conducting
• Session tear down
• Enforces Security, QoS and Call Admission Control (CAC)
• Often installed at a demarcation point between one network segment (Un-Trusted)
and another (Trusted)

100
What are Session Border Controllers For?

• Connectivity (Connect between any SIP servers)

• Security (DDoS, Call theft, Eavesdropping)
• Quality Assurance (Monitor call quality, Report on quality
issues, Quality enhancements, Call recording)
• Regulatory Compliance (Emergency calls, lawful interception)
• Media Services (RTP/SRTP, Coder Transcoding)
• Statistics and Billing information

101
SBC Implementations

• Logical Applications/Topologies options:

• Local IP-PBX with SIP Trunk by ITSP
• Hosted IP-PBX
• Two Local IP-PBXs (SIP Normalization)

• Logical Deployment options:

• SBC connected with one leg to LAN
• SBC connected with one leg to DMZ
• SBC connected with one leg to DMZ and another leg to LAN

• Physical SBC Connections:

• Number of ports used for each logical connection, with/without 1+1 port redundancy

102
Applications / Topologies

• Local IP-PBX with SIP Trunk by ITSP

Enterprise
Network
IP-Phones users
FEU

LAN SBC SIP Trunk WAN

IP-PBX ITSP

103
Applications / Topologies

• Hosted IP-PBX

Enterprise
Network
IP-Phone users

SBC
LAN WAN

Hosted
IP-PBX

104
Applications / Topologies

• Two Local IP-PBXs (SIP Normalization)

IP-Phones Enterprise
Network

LAN 1

SBC

IP-Phones

LAN 2

IP-PBX

105
Logical SBC Connections – One Leg LAN

IP-Phone

Firewall

LAN WAN

IP-PBX

DMZ
ITSP

106
Logical SBC Connections – One Leg DMZ

IP-Phone

Firewall

LAN WAN

IP-PBX

DMZ
ITSP

107
Logical SBC Connections – One-Leg DMZ and One-Leg LAN

IP-Phone

Firewall

LAN WAN

IP-PBX

DMZ
ITSP

108
Physical SBC Connections

• One-Leg (DMZ or LAN) LAN

• Only 1 port required (1 cable)

• Optional: 2 ports, 1+1 redundancy (2 cables) DMZ

• VLAN-Aware Switch
LAN
• Only 1 port required (1 cable)
• Optional: 2 ports, 1+1 redundancy (2 cables)
DMZ

• Two-Legs (LAN and DMZ)

• 2 ports used (2 cables) LAN

• 4 ports used, 1+1 redundancy (4 cables)

DMZ

109
SBC VoIP Features

• NAT Traversal
• Transcoding
• Topology Hiding
• VoIP Firewall
• SIP Routing
• SIP Normalization
• Survivability

110
NAT Traversal

• Enables communication with ITSP/SIP Trunk using globally unique IP addresses

IP-PBX
FW Public IP address
182.30.15.20

Enterprise WAN
LAN

SBC IP address ITSP

10.15.11.1 Soft Switch

111
NAT Traversal (cont’d.)

• SBC supported Far End Users (FEU)

• Maintaining remote NAT binding state by frequent FEU registration time
• First incoming RTP Packet for NAT Traversal using symmetric RTP
• Protocols that can traverse SBC:
• Audio
• Video
• Application
• Text
Home LAN

Public
IP PBX
Internet
Enterprise LAN
FEU

FEU registers in device DB

Offloading FEU refresh Registrations
Maintaining remote NAT binding
112
SBC Transcoding

• Coder Transcoding
• RTP <-> SRTP
• Fax/Modem translations
• RFC 2833 <-> Transparent DTMF <-> SIP INFO
• Transrating
• Voice gain adjustments

SRTP RTP
G.711 G.729
IP/PBX ptime:20 T.38 ITSP
SfB RFC 2833 ptime:30 Soft Switch
SIP INFO
113
Topology Hiding

• Hides the Internal Network

• SBC implements back-to-back user agent (B2BUA):
• VIA stripping
• Independent Route/Record Route per leg
• Use SBC Contact info
• Change Call-ID per leg
• Restrict Caller-ID
• Host Name modification

114
VoIP Firewall

• SIP Signaling
SIP Invite
• SIP classification
• Deep Stateful Packet Inspection (SPI) of all SIP signaling packets
• Packets not belonging to a valid SIP dialog are discarded
Layer 3-4
• RTP Firewall

Discard Message
• Opening pin holes according to Offer/Answer negotiation Authenticate
• DPI of all RTP packets
Layer 5-7
SBC
Firewall

Message admitted

115
Comprehensive Security

IDS Security
Abnormal behavior detection Server

Layer 3-4 Access List

Wire Speed
Rate limiting

Enterprise
Core
CAC
Classification #calls,
Message /Routing call rate,
TLS and Policy SIP layer bit rate,…
Internet/Peers SRTP Malformed access list
SIP SIP
Context
Identification
116
SBC Routing

117
SIP Normalization

• Solves interoperability issues between SIP user agents

• Manipulation of SIP URI user and host
• SIP Header Manipulations
• P-Asserted-ID conversions
• Session timer conversions
• Early media conversions
• Register to ITSP on behalf of the IP-PBX
• Flexible REFER and Forward handling
• And more

118
SBC Survivability

• 3 survivability features:
• Routing calls to alternative routes such as:
• ITSP
• IP-PBX
• Routing calls between user agents in the local network using a dynamic DB
(built according to registrations of SIP user agents)
• Fallback to the PSTN based on E1/T1 connection (Hybrid devices)

119
Lesson 6

SBC Basic Terminology

Objectives

• After completing this lesson, you will:

• Be familiar with the SBC terminology
• Know what is an SRD, SIP Interface and Media Realm
• How this is associated to IP Groups and Proxy Sets

121
Main SBC Operation Modes

• B2BUA
• Maintains independent sessions toward the endpoints
• Processing an incoming request as a User Agent Server (UAS) on the inbound leg
• Processing the outgoing request as a User Agent Client (UAC) on the outbound leg
• SIP messages are modified regarding headers between the legs
• The device's interworking features may be applied
UAC UAS UAC UAS
Request Request

• Stateful Proxy Server

• SIP messages traverse the device transparently (with minimal interference) between
the inbound and outbound legs
• No topology hiding
UAC UAS
Request

122
Signaling Routing Domain (SRD)

• Logical representation of the entire SIP-based VoIP network containing groups of

SIP users and servers
• Typically, only a single SRD is required, and this is the recommended configuration
topology
• Multiple SRDs are required only for multi-tenant deployments, where it "splits" the
device into multiple logical devices

123
Media Realms

• Range of UDP ports associated with an IP network interface

• Used by SBC to perform media (Audio, Video, Fax) anchoring functionality
• Defines maximum number of sessions (based on the ports range)
• Can be assigned to the SIP Interface and/or the IP Group

124
SIP Interface

• The SIP Interface represents a Layer-3 network (Bounded)

• SIP Interface is associated with one and only one SRD
• It defines a local SBC listening port for SIP signaling traffic on a local, logical IP
Network Interface
• Defines the application, SBC or GW (relevant just for Hybrid devices)
• The SIP Interface is used to receive and send SIP messages with a specific SIP entity
(IP Group)
• Multiple SIP Interfaces may represent multiple SIP entities in the VoIP network:
• SIP Trunk
• LAN IP-PBX
• Remote WAN users

125
IP Group

• An entity with a set of definitions and behaviors which represents a SIP Group in the IP
Network
• 3 Types of IP Group:
• Server: Used when the destination address is known
• User: Represents a group of users where their location is dynamically obtained by the device when
REGISTER
• Gateway: Applicable where the SBC receives requests to and from a gateway representing multiple users
• Used to classify incoming SIP dialog-initiating requests to a source IP Group, based on Proxy
Set ID
• Used in IP-to-IP routing rules to denote the source and destination of the call
• It is highly recommended not do modify IP Group ID 0
• You should configure this specific IP Group when it is used for the Gateway Interface (e.g., PSTN fallback)

126
Proxy Set

• A Proxy Set is a group of Proxy servers defined by IP address or Fully Qualified

Domain Name (FQDN)
• Represents the destination (address) of the Server-type IP Group
• Each Proxy server address can define:
• Destination SIP port
• Transport type
• Load balancing
• Redundancy mechanisms
• Can be used for message classification
• Keep alive mechanism can be implemented
127
IP-to-IP Routing

• IP-to-IP routing rules define the routes for routing calls between SIP entities
• The routing rules typically employ IP Groups to denote the source and destination
of the call
• Various other source and destination methods can be used
• For example, the source can be a source host name while the destination can be an IP
address or based on an LDAP query

128
SBC Routing
IP-to-IP call destination can be:
• Registration Database and User IP Group
• Proxy Set associated with the destination IP Group
(allows redundancy and/or load balancing)
• IP Group Set
• Destination Tag
• Based on incoming Request-URI
• Destination address based on:
• IP-Address
• Host Name (FQDN)
• Port
• Transport Type
• SIP Interface
• Based on Hunt Group
• Based on Dial Plan File
• External ENUM server query
• External LDAP server query
• Third-party Routing Server
• Gateway
• Internal
129
SBC IP-to-IP Routing

• The IP-to-IP Routing Table also provides:

• Alternative routing
• Re-routing of SIP requests
• Least Cost Routing (LCR)
• Call Forking

130
Inbound and Outbound Number Manipulation

• IP-to-IP Inbound and Outbound manipulation lets you manipulate the user part of
the SIP URI in the SIP message for a specific entity
• Inbound manipulation is done on messages received from the SIP entity
• Outbound manipulation is done on messages sent to the SIP entity

User@Host
[email protected]

131
Message Manipulation Set (MMS)

• A combination of rules, specified as a

set or group of actions, to be
attached to IP Group
• IP Group page display 2 fields:
• Inbound Message Manipulation Set
• Set of rules applied on incoming
messages (received from the SIP
entity)
• Outbound Message Manipulation Set
• Set of rules applied on outgoing
messages (sent to the SIP entity)

Incoming Message SBC Outgoing Message

132
Classification Process

• A process that provide:

• SIP Firewall
• Source IP Group
• There are four steps in the classification process: 1
1. Device‘s registration database (AOR)
2. Proxy Set
3. Classification Table
2
4. Reject or Allow unclassified source

• Each stage is done only if the

previous stage fails
• If the SBC doesn't find a matching rule 4
(i.e., classification fails), the dialog is rejected
133
CMR Process (CMR = Classify, Manipulate, Route)

Reject Dialog

No match No match No match

Leg1
Incoming Outgoing
SIP Interface Classification Routing
Message Message
Leg2
Pre-Parsing
Manipulation Inbound Outbound
(SIP Interface) Message Manipulation Set Message Manipulation Set
(IP Group) (IP Group)
Pre-Classification
Manipulation
(SIP Interface)
Inbound Outbound
Source and/or Destination Source and/or Destination
Number Manipulation Number Manipulation

(Optional)

134
SIP Trunk Example

IP-PBX
TLS 5061
SBC
DefaultSRD

Media Port Pool SBC Tables: Media Port Pool

(Ports 7000-7500) Classification Process (Ports 6000-6500)
IP2IP Routing Tables
SBC Manipulation
SBC SIP Interface SBC SIP Interface
Enterprise TLS Port 5061 + UDP Port 5085 UDP Port 5060 WAN
LAN
Gateway SIP Interface (Optional) Gateway Tables: Gateway SIP Interface (Optional)
UDP Port 5050 IP-to-Tel Table TCP Port 5070
Tel-to-IP Table
GW Routing Tables
GW Manipulation Tables

Fax Server ITSP

FXS E1
UDP 5085 UDP 5060

Analog Lines
PSTN
PSTN

135
Lesson 7

SBC Configuration
Lesson Objectives

• After completing this lesson you’ll know how to:

• Configure the parameters required by the SBC

137
Topology Configuration Example – One Leg LAN

Configuration Stage:
SBC IP: 10.15.11.1 /16 ITSP 1. IP Interface
IP-PBX
Server 1: 200.100.10.5 2. SRD
IP: 10.15.11.2 /16
Server 2: 200.100.10.1 3. Media Realms
Transport Type: TCP 4. SIP Interface
Transport Type: UDP
Listening Port: 5050 5. Proxy Set
Listening Port: 5060
Media Realm: 7000 (50 legs) 6. IP-Group
Media Realm: 8000 (50 legs) 7. IP Profile
Coder: G.711Alaw
Coder: G.711Alaw 8. Routing
9. NAT Translation
10. Classification

Firewall
LAN IP: 10.15.0.1
WAN: 200.100.10.2

138
Configure IP Addresses – IP Interface Table

139
IP Address – Physical to Interface

140
Initial Topology View

Default values for SRDs, IP Groups,

SIP Interfaces, Media Realms

141
SRD Table
• Default SRD is already pre-configured

Defines the device's operational mode for the SRD

142
Media Realm Table

• The default Media Realm is used for SIP Interfaces and IP Groups for which you have not
assigned a Media Realm
• Ports are allocated in chunks of 4, 5 or 10 (device dependent) called media session legs

143
Media Realm Extensions

• Media Realm Extensions let you configure a Media Realm with different port ranges or/and
different interfaces
• This means that the Media Realm is distributed across multiple interfaces
• The number of Media Realm Extensions that can be configured depend on the platform

144
Configuring Media Realms – Example

145
SIP Interface Table

• Default SIP Interface is already pre-configured and assigned to the default SRD
• Bounded to Layer-3 network
• Defines a local listening port for SIP signaling traffic on a local logical IP network

146
SIP Interface Table Record
• By default, if you do not configure a name, the device
automatically assigns the name • Assigns a Media Realm

• Select Network Interface

• Select SBC or GW application

• Select UDP, TCP and/or

TLS port/s

• Defines the SIP response code that the device sends if a received SIP request (OPTIONS, REGISTER, or
INVITE) fails the SBC Classification process
• The valid value can be a SIP response code from 400 through 699, or it can be set to 0 to not send any
response at all (recommended for security reasons)
• The default response code is 500 (Server Internal Error)

147
Configure SIP Interface Table – Example

148
IP to Local Signaling and Media Resources
• Multiple SIP Interfaces represent multiple layer 3 networks
• Media Realm shared between multiple SIP Interfaces
SIP Interface 1

Media Realm 1
LAN
IP Interface 1
Physical Network 1
SIP Interface 2

Media Realm 2

SIP Interface 3
DefaultSRD_0
SIP Interface 4
IP Interface 3
Media Realm 4
WAN/DMZ
Physical Network 2
SIP Interface 5

IP Interface 4 Media Realm 5

SIP Interface 6
149
Proxy Sets Table

150
Proxy Sets Table

• Define the Proxy Set Name

• Select Redundancy mechanisms

Parking or Homing

Defines an arbitrary
name to easily identify
the Proxy Set Set Hot Swap

Select SIP Interface

Enable Load Balancing

Enable Keep-Alive
Defines how the device classifies IP calls to the Proxy Set
This parameter is applicable only if the IP Group table's
parameter, 'Classify by Proxy Set' is set to Enable

151
Proxy Address Child Table

• Enter Proxy IP address or FQDN

• Enter Destination SIP port & Transport type

152
Define Proxy Set IP-PBX – Example

153
Define Proxy Set ITSP – Example

154
IP Group Table

155
IP Group Table – General Parameters
IP Group Name

Defines the display location of the IP

Group in the Topology view

3 types: Server, User, Gateway

Proxy Set Name associated with the Server

IP Group
IP Profile, assigned to the IP Group. The
default is ‘None’

Media Realm, assigned to the IP Group.

Choose the name defined in the Media
Realm Table from the drop-down list

The Request-URI host name used in INVITE

and REGISTER messages sent to this IP
Group, or the host name in the From
header of INVITE messages received from
this IP Group
156
IP Group Table – SBC General Parameters
Enables classification of incoming SIP dialogs (INVITEs) to
the IP Group, based on the Proxy Set assigned to the IP
Group (Applicable only to Server-type IP Groups)

Defines the device's operational mode for the IP Group.

Options:
• Not Configured = (Default)
• B2BUA
• Call Stateful Proxy
• Microsoft Server (for One-Voice Resiliency feature)

Defines call forking of INVITE messages to up to five

separate SIP outgoing legs for User-type IP Groups.
This occurs if multiple contacts are registered under the
same AOR in the device's registration database.
Options:
• Sequential = (Default)
• Parallel
• Sequential Available Only

• Defines a hostname, which the device uses to overwrite the hostname of the URI in certain SIP headers. When the device forwards a SIP message
to this IP Group, the configured hostname overwrites the host part in SIP headers that are concerned with the source of the message
• The parameter is applicable only when the IP Group is the destination of the call
• This parameter has higher priority than the 'SIP Group Name' parameter of the source IP Group
157
IP Group Table – SBC Other Tabs

Inbound/Outbound Message Manipulation Set:

Assigns a Message Manipulation Set (rule) to the IP Group

158
Define IP Group 1 (IP-PBX) – Example

159
Define IP Group 2 (ITSP) – Example

160
IP Profile

• A set of configuration parameters

• Provides high-level adaptation when connected to a variety of equipment, each
of which requires different system behavior
• Assigned to IP Groups

161
IP Profile
• The configurable parameters for the IP Profile are divided into sections:
• General parameters
• Media Security parameters Related to SRTP
• SBC Signaling parameters
• SBC Early Media parameters
• SBC Registration parameters
• SBC Forward and Transfer parameters Related to SIP Signaling on the SBC
• SBC Hold parameters
• SBC Media parameters
• SBC Fax parameters
• Media parameters Related to Media on the SBC
• Quality of Service parameters
• Jitter Buffer parameters
• Gateway General parameters
• Voice
• Gateway DTMF parameters
• Gateway Fax and Modem parameters
• Answer Machine Detection parameters
• Local Tones parameters
162
IP Profile

163
IP to IP Routing Table

164
IP to IP Routing Table – General and Match Sections
Route Row / Alternative Route / Forking Group

Defines the IP Group from where the IP call is received

Defines the SIP dialog request type:

• All (default)
• INVITE
• REGISTER
• SUBSCRIBE
• INVITE and REGISTER
• INVITE and SUBSCRIBE
• OPTIONS

From Message Condition Table

Defines the reason for re-routing the SIP

request : Any/3xx/Refer

Defines the IP Group that initiated (sent) the SIP

redirect response 3xx or REFER

165
IP to IP Routing Table – Action Section

Determines the destination type to which the outgoing SIP dialog is sent.
This can be IP Group, Destination Address, ENUM, LDAP, Request URI, Gateway, etc.

Defines a SIP response code (e.g., 200 OK) or a redirection response. The
parameter is applicable only when the 'Destination Type' parameter in this
table is configured to Internal – example: Reply(Response='200') 166
Configuring IP-to-IP Call Routing Rules – Example

167
Define NAT Translation – Example
• NAT rules for translating source IP addresses per VoIP interface:
• SIP Control
• Media Traffic
• The Global address is set in the SIP Via and Contact headers as well as in the o= and c= SDP fields

168
First Incoming Packet Mechanism for Remote Users

• The device identifies whether the UA is located behind NAT by comparing the
source IP address of the first received media packet with the IP address and UDP
port of the first received SIP Invite message (Contact header's IP address) when the
SIP session was started

169
Define Classification Rules (Optional)

170
Message Conditions (Optional)

171
Lesson 8

Debugging Tools
Troubleshooting Guidelines

• Understanding the problem

• What are the expected results?

• What are the actual results?

• Collecting data

• Use the relevant data collection tools for problem investigation

173
Collecting Data

• When reporting a problem, provide AudioCodes Support with:

1. Accurate, clear and detailed problem description
2. Test setup (network diagram, call direction, etc.)
3. Uploaded ini file
4. Syslog trace (without missing messages)
5. Unfiltered Wireshark
• Advanced (per request):
• PSTN traces for PSTN problems
• DSP traces for problems related to voice quality, Modem/Fax, DTMF detection,
etc.

174
What is Syslog?

• Standard for forwarding log messages in an IP network

• A Syslog server is used to remotely record logging information
• Syslog information sent by the device is a collection of error, warning and system
messages that record every internal operation of the device
• Syslog messages are marked with a sequential number
• A Syslog server usually adds the time the message was received and the source IP
address

175
Syslog Message Format - Example
08:59:10.239 10.15.11.1 local0.notice [S=1974] [SID=a929c9:21:24] ( lgr_sbc)( 1773) Classification Succeeded - Source IP Group #2 (ITSP), - Dest Routing Policy #0
08:59:10.239 10.15.11.1 local0.notice [S=1975] [SID=a929c9:21:24] ( lgr_flow)( 1774) (#3091)SBCRoutesIterator::Change State From: InitialCSRRouting To : InitialRouting
08:59:10.240 10.15.11.1 local0.notice [S=1976] [SID=a929c9:21:24] ( lgr_flow)( 1775) (#3091)SBCRoutesIterator::Change State From: InitialRouting To : AlternativeRouting
08:59:10.241 10.15.11.1 syslog.error 4 packets missing
08:59:10.241 10.15.11.1 local0.notice [S=1981] [SID=a929c9:21:24] ( media_service)( 1780) ServicesMngr: Allocate SBC leg. current active: 1 and max is: 120
08:59:10.242 10.15.11.1 local0.notice [S=1982] [SID=a929c9:21:24] ( lgr_flow)( 1781) (#3091)SBCRoutesIterator::Next route found: Rule #1, Route by: IPGroup , IP Group ID: 1 (SfB), Live:True
08:59:10.242 10.15.11.1 local0.notice [S=1983] [SID=a929c9:21:24] ( lgr_sbc)( 1782) Routing Succeeded -IP2IPRouting Rule #1

Timestamp Message Sequence Number Unique SIP call session and device identifier
and IP Address In this example 4 messages Example: SID=a929c9:21:24
were lost <last 6 characters of device's MAC address>
<number of times device has reset>
<unique SID counter indicating the call session

Type of Message
Syslog generates the following types of messages:
• error: Indicates that a problem has been identified that requires immediate handling
• warning: Indicates an error that might occur if measures are not taken to prevent it
• notice: Indicates that an unusual event has occurred
• info: Indicates an operational message
• debug: Messages used for debugging

176
Enabling Syslog
• Enable Syslog
• Set Syslog Server IP
address and port
• Select the Syslog level
(recommended ‘Detailed’)

177
Message Log
• View the Syslog messages sent by the device

178
AudioCodes Syslog Viewer
• A Syslog application provided with the student utilities kit

179
AudioCodes Syslog Viewer
Stop/Start Writing Log Pause/Resume Logging Flow Diagram

Clear On-Line Syslog Zoom In/Out Disable Auto scroll Options Search Text

Open Saved File Open External Viewer Freeze Display Search Options Search

Number of Error and

Total Number of Warning Messages in
lines in the Log File the Log File

180
AudioCodes Syslog Viewer
• Syslog can be enabled simultaneously in several devices, reporting to the same Syslog Server

Syslog form different IP Addresses can be viewed

181
AudioCodes Syslog Viewer
• SIP/SDP messages are properly arranged to be easily identified for analysis

182
AudioCodes Syslog Viewer
• The SIP/SDP flow diagram can be viewed, refreshed and exported

SIP Flow
Diagram

183
AudioCodes Syslog Viewer
• The SIP/SDP <-> ISDN flow diagram can be viewed

184
AudioCodes Syslog Viewer
• Each arrow on the SIP/SDP flow diagram points to the right place in the trace
Highlighted

Points to

SIP Flow
Diagram

185
AudioCodes Syslog Viewer
• CDR info

186
AudioCodes Syslog Viewer
• Extracting Single Call

187
AudioCodes Syslog Viewer

Options

188
Wireshark

189
Wireshark

• Freeware packet sniffer application enabling you to view traffic passed over the
network
• Advantages:
• Used for live/offline network troubleshooting and analysis
• Strong filtering
• SIP Call flow and Play sound
• And more
• AudioCodes add advance filtering for DTM/DSP debug

190
Capture Interfaces

• Capture > Options…

• Select the network interface currently used by the computer

191
Capture Output & Options

192
Wireshark Main Window

Filter Bar

Packet list
pane

Packet details pane

Packet bytes
pane

193
Coloring Rules

• Assign a color to each protocol to facilitate quick analysis

• Define general rules e.g., TCP, UDP at the bottom of the coloring list because
processing is from top to bottom until a match is found

194
Generating Call Flow

• Visually represents entire call flow

• Telephony > VoIP Calls

195
Playing RTP Stream

196
Analyzing RTP Data Stream

• Extracts audio from data packets

197
Debug Recording

198
What is Debug Recording (DR)?

• A feature used to capture and record traffic sent and/or received by the device
• It is used for advanced debugging when you need to analyze internal messages and
signals
• The device can send debug recording packets to a debug capturing server
• Can record different types of traffic such as
• Media streams (RTP, T.38 and PCM)
• PSTN signaling (ISDN, CAS, SS7)
• Control messages (SIP, MGCP, MEGACO)
• Networking streams (such as HTTP and SCTP)
• Other internal information (such as DSP Events)

199
Debug Recording Advantages

• Can record all IP traffic sent by/received from the device

• Can record actual voice signal arriving from the TDM (before it enters the DSP)
• Useful for recording network traffic in environments where hub or port mirroring is
unavailable
• Useful for recording internal traffic between two endpoints on the same device
• Can include Syslog messages
• Debug Recording packets are captured using Wireshark or a similar tool (Wireshark
versions older than Wireshark 3.4.0 requires AudioCodes proprietary Plug-in)

200
Viewing DR Messages in Wireshark
• Start Wireshark ACDR Filter

• In the Filter field, type "acdr" to

view the debug recording
messages
• Note that the source IP address of
the messages is by default the
OAMP IP address of the device
• The device adds the header Proprietary Header
"AUDIOCODES DEBUG
RECORDING" to each debug
recording message

201
Activating the Debug Recording (DR)
• To set the address/port of the debug recording server:

To filter IP Network Traces by Ethernet Port or VLAN

Default, a log for IP network traces records all the
packets received and sent on all the device's physical
Ethernet ports

Defines the IP address of the server for capturing

debug recording

Defines the port of the server for capturing debug

recording. The default is 925

202
Configuring filtering rules

• To configure logging filtering rules:

203
Configuring filtering rules

Defines the value for the selected Filtering Type

Defines where the device sends the log file

0. Syslog Server
1. Debug Recording Server (Default)
2. Local Storage
3. Call Flow Server (i.e., OVOC)

Defines the filter criteria:

1. Any (default) Defines the type of messages to include in the log file
2. Trunk ID = Filters log by Trunk ID (only Gateway application) 0. (Default) Not configured
3. Trunk Group ID = Filters log by Trunk Group ID (only Gateway application) 1. Signaling (only Debug Recording)
4. Trunk & B-channel = (only Gateway application) 2. Signaling & Media (only Debug Recording)
5. FXS or FXO = (only Gateway application) 3. Signaling & Media & PCM (only Debug Recording)
6. Tel-to-IP = Filters log by Tel-to-IP routing rule (only Gateway application) 4. PSTN Trace (only Debug Recording)
7. IP-to-Tel = Filters log by IP-to-Tel routing rule (only Gateway application) 5. CDR Only (applicable only if the 'Log Destination' parameter is
8. IP Group = Filters log by IP Group configured to Syslog Server or Local Storage)
9. SRD = Filters log by SRD 6. Call Flow (the device sends SIP messages in XML format to OVOC)
10. Classification = Filters log by Classification rule (only SBC application) 7. SIP Only (includes only SIP messages - (only Debug Recording)
11. IP-to-IP Routing = Filters log by IP-to-IP routing rule (only SBC application)
12. User = Filters log by user
13. IP Trace = Filters log by an IP network trace, Wireshark-like expression
14. SIP Interface = Filters log by SIP Interface Enables (default) or disables the rule
15. System Trace = Filters the log to include logged information not related to calls 204
Lesson 9

SBC Wizard (Optional)

SBC Wizard – Overview

• User-friendly online tool designed to get AudioCodes Mediant SBC up and running
quickly and easily
• Step-by-step setup process, presenting the configuration options in a clear way
• Eliminates configuration errors and troubleshooting
• Easy to install Windows-based application
• Includes predefined configurations for a wide range SBC deployments (SIP trunk,
hosting etc.) with a variety of service providers and IP-PBXs
• Automatic software updates
• Built-in online help
• Available as web built-in and stand-alone application

206
Welcome Page

207
SIP Trunk Configuration

208
System Parameters

209
Interfaces

210
IP-PBX Parameters

211
ITSP Parameters

212
Number Manipulation

213
Remote Users (FEU)

214
Summary

215
Finish

216
Hands-on Lab 2

SBC Routing
Lesson 10

Teams System Brief Overview

Legacy Environment

Traditional PBX Deployment

Connectivity
PSTN
Endpoint Trunk
PBX

• PBX is a Phone System

• Provide voice features to the customers
• Connect calls between users
• Send/receive calls to/from PSTN
• Endpoints
• Users which consume PBX features
• Trunk
• Connect the PBX to the PSTN network
220
Moving to the Cloud

• Endpoints
• Desktop clients running on PC, MAC and Web
• Mobile clients running on iOS and Android OSs
• IP Phones Phone System
Office 365 & Teams

• Phone System
• Provide PBX features for all Teams users (appropriate license is required)

• Trunk
• Calling Plan
• Direct Routing

221
Connecting Phone System to the PSTN

• Calling Plan
• Calling in Teams is powered by Phone System (formerly known as Cloud PBX)
• PSTN connectivity provided directly by Microsoft
• No on-premises equipment required
• New phone numbers from Microsoft or port existing numbers (if available)

• Direct Routing
• Connecting Office 365 with the customer infrastructure
• Using existing customer phone numbers
• SBC on-premises integrates with existing PSTN connectivity or/and old PBX

222
Microsoft Teams Direct Routing

Customer Network
Telephony Trunk Internet
SBC Phone System
PSTN Office 365 & Teams
Provider

Analog
Devices IP-PBX

• Allows customers to connect their Voice Trunks

directly to Office 365 Phone System, when
• Allows customers with users in the Microsoft Cloud paired with Direct Routing,
to continue using 3rd party systems such as PBXs, provides a full enterprise
IP-PBXs and Analog Telephony Adaptors (ATA) calling experience for
devises helping preserve key investments Office 365 users in Teams

223
How MSFT connect to Office 365 over the Internet

Corporate Network Internet MSFT Network

Full control Very limited control Zero jitter & loss
Full responsibility Can select ISP Latency only imposed by
Higher costs for managed Usually higher BW distance & Speed of light
WAN connections at lower costs Part of Office 365 & Azure

Corporate Network Internet MSFT Network

224
Teams Direct Routing Signaling Path
Teams Services
Call
Controller PSTN HUB SIP Proxy

Azure

Internet User outside

corporate
network
DMZ
Corporate
Network User on Certified Session Border
corporate Controller(s)
ITSP
network

HTTP REST signaling

SRTP Media
SIP signaling
225
Teams Direct Routing call without Media ByPass
Teams Services
Call
Controller PSTN HUB SIP Proxy

Media
Processor
Azure

Internet User outside

corporate
network
DMZ
Corporate
Network User on Certified Session Border
corporate Controller(s)
ITSP
network

HTTP REST signaling

SRTP Media
SIP signaling
226
Teams Direct Routing call with Media ByPass (1)
• Customer SBC has a public IP and media ports opened to the Internet

Teams Services

Call
Controller PSTN HUB SIP Proxy

Azure

Internet
Internet User outside
corporate
network
DMZ
Firewall with
Corporate NAT
Network LAN
Certified Session Border
HTTP REST signaling User on Controller(s) ITSP
SRTP Media corporate
SIP signaling network
227
Teams Direct Routing call with Media ByPass (2)

• Client located outside of the Customer premises

• SBC not directly accessible from the Internet (behind NAT)
Teams Services

Call
Controller PSTN HUB SIP Proxy

Azure Transport Relay

Internet
Internet User outside
corporate
network
Firewall with
NAT
Corporate
Network LAN
Certified Session Border
HTTP REST signaling User on Controller(s) ITSP
SRTP Media corporate
SIP signaling network
228
Interactive Connectivity Establishment (ICE)

• Typically, all devices located behind NAT (home network, office network, etc.)
• For devices behind NATs and/or firewalls to send media (RTP) between one
another, they need to discover each other's IP address and port as seen by the
"outside" world
• Media bypass leverages protocols called ICE on the Microsoft Teams client and ICE
lite on the SBC
• These protocols enable Direct Routing to choose the best optimized media path
• ICE and ICE Lite are WebRTC standards
• For detailed information about these protocols, see RFC 5245

229
STUN, TURN and ICE

• Session Traversal Utilities for NAT (STUN)

• A standardized set of methods, including a network protocol, for traversal of network
address translator (NAT) gateways in applications of real-time voice, video, messaging,
and other interactive communications
• Traversal Using Relays around NAT (TURN)
• A protocol that relays the media in case of traversal of NAT or a firewall issue
• The ICE is a standard that describes how to coordinate STUN and TURN to make a
connection between parties
1. ICE first tries to make a connection using the client's private local address
2. If that fails (which it will for clients behind NATs), ICE obtains an external (public)
address using a STUN server
3. And if that fails, traffic is routed through a TURN relay server (which has a public
address)

230
Dial Plans

• Normalize phone numbers:

• PSTN network might expect different phone number than user want to dial

• Normalize all phone numbers to E.164 format

• Example:
• User dial 555 123 4567
• Normalized number is +1 555 123 4567
• Dial Plan has set of rules for having numbers normalized

• Teams has a built in rules for the most common normalization rules

• Custom rules can be build to allow short digit calling

• E.g. to allow to dial extensions directly

232
Voice Routing Basics
User from Germany makes Usage evaluated in order
a call to the USA Every usage can have multiple routes

Voice
Yes
Voice Routing Policy Try the call via SBC(s)
routing At least one route
policy PSTN Usage Record 1 matches the dialed in the route(s)
exists ? PSTN Usage Record 2 pattern
PSTN Usage Record 3
No
success
No match All SBC’s not
User
functional
has MS No
Calling
Plan ?

Yes

Domestic Domestic only

only ?

International

Call via MS Calling Plan Call Failed Call via Direct Routing 233
Direct Routing Benefits

Interoperability Leverage existing

with third-party contracts with DID for every user
systems service providers

Less Hardware
Where Calling Can be combined Footprint
Plans not available with Calling Plans (compared to
Skype for Business)

234
Direct Routing Enterprise Model

Enterprise Network

Session Border Controller

DMZ

Management
Station (OAMP) Internet Phone System
LAN
Firewall
SIP Trunk

ATA

ITSP
PSTN
Analog Devices IP-PBX

235
Direct Routing Hosting Model
Service Provider Network

Session Border Controller

Phone System

Customer 1

DMZ

Internet Phone System

Management LAN Firewall
Station (OAMP)
Customer 2

SIP Trunk

ITSP

Phone System

Customer 3

PSTN
236
Direct Routing Solution Components
PSTN Provider Customer Network

Private Connection
or Internet
Internet
PSTN Network

Requirements to each involved party:

Carrier Customer Microsoft

Telephony Trunk E5 or E3 + Phone System O365 License for each user Phone System
Support Contract with provider or carrier Teams Clients
GW application as an Option AudioCodes SBC with Public IP, FQDN, DNS record Support
and Public Trusted Certificate
Configuration
Access to the SBC from Office365 guidelines/documentation
Configuration of the SBC with Office 365 and Carrier
Open ports in the corporate firewall for signaling
and media to/from Direct Routing
237
SBC FQDN Requirements

IP: 99.66.240.133 Internet Phone System

DNS Name: sbc1.contoso.com (Cloud PBX)

DNS name registered in Can be used for

Examples of FQDNs
Office 365 Tenant SBC FQDN
contoso.onmicrosoft.com Using *.onmicrosoft.com domains is not supported for SBC names

• sbc1.contoso.com
contoso.com • ussbcs15.contoso.com
• Non-valid name: sbc1.customers.contoso.com

• sbc1.customers.contoso.com
customers.contoso.com • sbc2.customers.contoso.com
• Non-valid name: test.sbc3.customers.contoso.com
238
Add Domain in Office 365
• Login to the admin center at https://admin.microsoft.com as a Tenant Administrator
• On the left menu,
click Settings,
then Domains
• Go through wizard
for adding new
domain

For detailed instructions:

http://aka.ms/adddomain

239
Public Trusted Certificate for the SBC
• Microsoft strongly recommends that you request the certificate for the SBC by generating a
Certification Signing Request (CSR)
• The certificate needs to have the SBC FQDN in the subject, Common Name (CN), and Subject
Alternate Name (SAN) fields
• Alternatively, Direct Routing supports a wildcard in the common name or SAN, and the
wildcard needs to conform to standard RFC HTTP Over TLS
• An example would be using *.contoso.com in the CN and SAN, which would match the SBC FQDN
sbc.contoso.com, but wouldn’t match with sbc.test.contoso.com

*.contoso.com

240
SBC Domain Names in Enterprise Model

Register subdomain in customer tenant sbc1.contoso.com

Activate domain by adding at least one O365 user [email protected]

Configure trunk from the Service Provider to the customer tenant

Internet
Phone System
IP: 10.10.10.10 Office 365 & Teams
DNS Name: sbc1.contoso.com

241
SBC Domain Names in Hosting Model
Default SIP Domain: Service Provider Default SIP Domain:
Enterprise1.fr Enterprise 1 Enterprise 3 Enterprise3.nl
Default SIP Domain:
Registered Domain: contoso.com Registered Domain:
sbc1.customers.contoso.com sbc3.customers.contoso.com
Domain for customers:
Default SIP Domain: customers.contoso.com Default SIP Domain:
Enterprise2.com Enterprise4.net

Registered Domain: Enterprise 2 Enterprise 4 Registered Domain:

sbc2.customers.contoso.com sbc4.customers.contoso.com

Service Provider Configuration

Deploy and configure SBC
Register domain name in the Service Provider Tenant customers.contoso.com
Activate domain by adding at least one user with matching SIP address [email protected]
Request wildcard certificate *.customers.contoso.com
Define FQDN with customer subdomain for SBC (each DNS record will point to the same IP address of the sbc1.customers.contoso.com
Service Provider SBC) sbc2.customers.contoso.com
sbc3.customers.contoso.com
sbc4.customers.contoso.com
Each Customer Configuration
Register and activate subdomain in the Customer Tenant sbc1.customers.contoso.com
Configure trunk from Service Provider to customer tenant 242
Lesson 11

SBC Direct Routing Configuration for Teams

Lesson Objectives

• After completing this lesson you’ll:

• Understand the configuration required at the Office 365 (Microsoft side)

• Know the relevant SBC parameters needed for Teams to SIP trunk configuration

244
Prerequisites (1)
• Before getting started make sure that the following License Keys exist:
• TEAMS: enables working with Microsoft Teams and add support of SILK and OPUS voice coders
(from 7.20A.25x.xxx firmware release)
• MediaEncryption, StrongEncryption and EncryptControlProtocol: enable working with TLS and SRTP
• SBC Sessions: enables SBC (IP-to-IP) feature

245
Prerequisites (2)

• In addition you need to have the following:

• Public IP address
• FQDN name matching subdomain in customer tenant
• Public certificate, issued by one of the Microsoft approved CA’s.
The currently supported Certification Authorities can be found at:
https://docs.microsoft.com/en-us/microsoftteams/direct-routing-plan#public-trusted-certificate-for-the-sbc

❖ This configuration section will cover only the relevant parts related to Teams Direct Routing
SIP trunk connectivity
246
Create SBC instance on the
Office 365 Tenant
in Enterprise Model

247
Login to the Teams Admin Center
• Login at https://admin.teams.microsoft.com as a Tenant Administrator

248
Add new SBC to Direct Routing
• Select Voice and then select Direct Routing
• Under SBCs click Add

249
Add new SBC to Direct Routing (cont.)
• Fill SBC FQDN and port, enable the GW and configure rest of required parameters, then click Save

User
+11115551005

Voice Policy

PSTN Usage

Route

PSTN Gateway

• Notes:
• FQDN must be part from the added domains to the tenant
• For enabling MediaBypass use PowerShell command 250
Add Voice Routing
• Add, Assign or edit your Voice Routing to the added SBC
User
+11115551005

Voice Policy

PSTN Usage

Route

PSTN Gateway

251
Add Voice Routing (cont.)
• Assign SBC and PSTN Usage to the ‘Voice Routing’
User
+11115551005

Voice Policy

PSTN Usage

Route

PSTN Gateway

252
Add Voice Routing Policy
• Navigate to Voice Routing Policies and add a new Routing Policy
User
+11115551005

Voice Policy

PSTN Usage

Route

PSTN Gateway

253
Add Voice Routing Policy (cont.)
• Create the Voice Policy and assign the PSTN Usage
User
+11115551005

Voice Policy

PSTN Usage

Route

PSTN Gateway

254
Connect to Office 365 Tenant

• All Teams users should be enabled for Enterprise Voice and an assigned DID
• Currently, this can be done only by using Microsoft CLI PowerShell commands
• From PowerShell connect to Office 365 tenant:
• $credential = Get-Credential -UserName [Admin]@[Tenant] -Message "Enter your Password:"
• Connect-MicrosoftTeams -Credential $credential

• Having the users Enabled and the DID numbers assigned:

• Set-CsUser -Identity [email protected] -EnterpriseVoiceEnabled $true -OnPremLineURI tel:+11115551005
• Note: you can enable also Voice Mail with -HostedVoiceMail $true

255
Assign the user to the Voice Routing Policy
• Navigate to Teams Users, select the relevant user/s, then click Edit Settings
User
+11115551005

Voice Policy

PSTN Usage

Route

PSTN Gateway

256
Assign the user to the Voice Routing Policy (cont.)
• Change the Voice routing policy and click Apply
User
+11115551005

Voice Policy

PSTN Usage

Route

PSTN Gateway

257
 Configuring SBC
for Enterprise Model

258
SBC Configuration

SBC connects to the WAN through a DMZ network

LAN Port Session Border Controller LAN Port

Vlan ID 1 Vlan ID 2
LAN DMZ

Phone System
WAN

Management Firewall
Station (OAMP)

ITSP

259
Configure VLAN’s & IP Interface’s

• LAN and WAN VLANs configuration

• IP Interface Table

260
NTP Servers
• Network Time Protocol (NTP)
• Synchronizes the system time to a time source within the network
• Eliminating any potential issues should the local system clock 'drift' during operation
• The client requests a time update from the user-defined

261
TLS Contexts

• The TLS Contexts table lets you

configure up to 100 TLS
certificates (device dependent)
• The device is shipped with a
default TLS Context (ID 0 and
string name "default")
• The default context can’t be
deleted

262
Creating TLS Context

• Configuring TLS Context for Teams Direct Routing

263
How to Configure Certificate

• The Procedure:
• Generating a Certificate Signing Request (CSR)
• Requesting Device Certificate from CA
• Obtaining Trusted Root Certificate from CA
• Deploying Device and Trusted Root Certificates on the SBC

264
Creating CSR

265
Signed Certificate

• Uploading the Certificate Obtained from the Certification Authority

In case of wildcard certificate usage

Note: Be aware that described above method will create signed certificate for only one device,
on which Certificate Sign Request was generated (and signed with private key). In order to be
able to use the same wildcard certificate on “multiple devices”, use alternative methods.
266
Trusted root certificate

• Import and verify the certificate details

267
Device Certificate Information

• Certificate details

268
Proxy Sets Table

Defines an arbitrary
name to easily identify
the Proxy Set Set Hot Swap

Select SIP Interface

Enable Load
Balancing
Select TLS Context

Enable Keep-Alive

Defines the DNS query record type for resolving the proxy
server’s host name (FQDN) into an IP address(es)
Options: Not configured, A-Record, SRV, NAPTR
269
Proxy Address Child Table
• Enter Microsoft Teams Direct Routing FQDN

270
Media Security

• SRTP is a mandatory requirement

271
Coder Group
• The Coder Group ID for this entity will be assigned to its corresponding IP Profile
• Microsoft Teams Direct Routing supports the SILK and OPUS coders
• SILK Payload Type
to be changed to:
• SILK-NB = 103
• SILK-WB = 104

272
Teams & ITSP IP Profiles
Parameter Value Parameter Value
Name Teams (arbitrary descriptive name)
Name SIPTrunk (arbitrary descriptive name)
Media Security
SBC Media Security Mode Secured (SRTP only) Media Security
SBC Early Media
SBC Media Security Mode Not Secured (RTP only)
By Media (required, as Microsoft Teams
Remote Early Media RTP Detection Direct Routing does not send RTP SBC Media
Mode immediately to remote side when it sends a
SIP 18x response) Allowed Audio Coders SIPTrunk Allowed Coders
SBC Media
Preference (lists Allowed Coders first
Extension Coders Group AudioCodersGroups_1
Allowed Coders Mode and then original coders in received SDP
RFC 2833 Mode Extend offer)
Lite (required only when Media Bypass
ICE Mode SBC Signaling
enabled on Microsoft Teams)
SBC Signaling P-Asserted-Identity Header
Add (required for anonymous calls)
SIP Update Support Not Supported Mode
Remote re-INVITE Support Supported Only With SDP SBC Forward and Transfer
Remote Delayed Offer Support Not Supported
SBC Forward and Transfer Remote REFER Mode Handle Locally
Remote REFER Mode Handle Locally
Remote Replaces Mode Handle Locally
Remote 3xx Mode Handle Locally
SBC Hold Remote 3xx Mode Handle Locally
Inactive (Microsoft Media Stack doesn’t
support format with a=inactive and
Remote Hold Format
IP=0.0.0.0. So, the SBC will replace 0.0.0.0
with its IP address)
273
Teams IP Profile
• SBC Media Security Mode = Secured
• Mandatory – SRTP only
• Remote Early Media RTP Detection Mode = By Media
• Teams does not send RTP/SRTP immediately to the remote side when it sends a SIP 18x response
• SIP Update Support = Not Supported
• UPDATE method not supported before and after the call is connected
• Remote re-INVITE = Supported Only With SDP
• Re-INVITE is supported, but only with SDP
• If the incoming re-INVITE arrives without SDP, the SBC creates an SDP and adds it to the outgoing re-INVITE
• Remote Delayed Offer Support = Not Supported
• The SBC does not allow INVITE requests without SDP
• The SBC creates an SDP and adds it to the outgoing offer
• RFC 2833 Mode = Extend
• Each outgoing offer/answer includes RFC 2833 in the offered SDP
• Remote Refer Mode = Handle Locally
• Teams does not support receiving SIP REFER messages
• Incoming REFER request message is handled without forwarding it to the Teams
• Remote 3xx Mode = Handle Locally
• Teams does not support receiving SIP 3xx messages 274
SDP Codecs offered list manipulation

• Allowed coders:
• Determine coders to be used for a specific SBC leg
• Excluded coders are removed from the SDP offer

• Extension codes:
• Extends the Media offering’s coders
• Extended coders are added only on the outgoing leg

• Preference mode Parameter - manipulation options:

• Extension coders are added at the end of the coder list (default)
• Extension coders arranged according to order in the Allowed Coders Group table

275
Coder Transcoding Flow
SBC Leg 1 SBC Leg 2
SBC

Allowed Extension Allowed

Coders Coders Coders
IP Group 1 IP Group 2
IP Profile IP Profile

Allowed Extension Allowed

Coders Coders Coders

276
ICE Lite

• The SBC is located at the WAN (one leg in the WAN or DMZ) and has global address
• Hence SBC required to implement only ICE Lite
• SBC as Lite agent only use host candidates and do not generate connectivity checks
• It supports remote endpoints that initiate ICE connectivity checks to discover their
workable public IP address with the SBC
• Therefore, the device supports the receipt of STUN binding requests for
connectivity checks of ICE candidates and responds to them with STUN responses
• Note that in the response to the INVITE message received from the remote
endpoint, the device sends only a single candidate for its own IP address
• This is the IP address that the client uses as a remote IP address

277
ICE and Candidates

278
Candidates

Transport IP + Port

1 – for RTP
Foundation
2 – for RTCP
IP address
Priority
type

IP address type:
host = Host Candidates: the local IP address and ports of all active network cards on the device
srflx = Reflexive Candidates (STUN): list of IP-address & ports allocated by a NAT device
relay = Relay Candidates (TURN): list of IP-addresses & ports of the TURN servers (used when STUN cannot be used)
279
Generic call flow from SIP Trunk to Teams

SIP Trunk SBC Teams

INVITE (SDP)
SDP includes:
INVITE (SDP)
100 Trying
Session attribute: ice-lite
Candidates list
1
100 Trying
180 Ringing
180 Ringing
200 OK (SDP)
SDP includes Media Server IP 2
200 OK (SDP)

Ack Media Stream with Media Server

Ack

STUN Binding Use-candidate request 3

Request
STUN Binding
success respond
Use-candidate response 4
INVITE (SDP) SDP includes Teams Client candidate
INVITE (SDP)
to be used 5
200 OK (SDP)
200 OK (SDP)

Media Stream with Teams Client

280
Invite Message (1)
SBC → Teams

281
SIP 200 OK Message (2)
Teams → SBC

282
STUN Message – Binding Request (3)

Teams → SBC

283
STUN Message – Binding Success Response (4)

SBC → Teams

284
Re-Invite Message from Teams (5)
Teams → SBC

285
IP Group Table – SBC Other Parameters
• Defines the host name (FQDN) that SBC uses in the SIP
message's Via and Contact headers
• This is specially required by Microsoft

• SBC sends SIP requests and responses to the source IP address

received in the previous SIP message
• This especially useful in scenarios where endpoints are located
behind a NAT firewall (and SBC is unable to identify this using
its regular NAT mechanism)

• Enables the SBC to apply certain IP Group settings to keep-alive

SIP OPTIONS messages that are sent by the SBC to the MS
Teams
• Required only for Enterprise Model
286
IP Group Table – SBC General Parameters

Classification Table will be used in order

to introduce more strict classification

Note: In Hosting Model, IP Group should be created for each customer

287
Classification Table
• Condition to be attached

Required only for Enterprise Model

288
Condition Table

• Needed for classifying Teams as the Source of the messages

289
IP to IP Routing Table (For Enterprise Model)

Source IP Request Call ReRoute Dest IP

Index Name Dest Type Internal Action
Group Type Triger IP Group Group
0 Terminate OPTIONS Any OPTIONS Internal Reply(Response='200')
1 Refer from Teams Any REFER Teams Request URI Teams
2 Teams to ITSP Teams IP Group ITSP
3 ITSP to Teams ITSP IP Group Teams

290
Number Manipulation Tables – Examples

• Destination Phone Number Manipulation (Inbound Manipulations Table)

• If the destination starts with ‘+’, remove the ‘+’

• Destination Phone Number Manipulation (Outbound Manipulations Table)

• For all calls toward Teams, add ‘+’

291
Hands-on Lab 3

Teams to SIP Trunk Connection

Lesson 12

SBC Number & Message Manipulation

Lesson Objectives

• After completing this lesson, you’ll:

• Understand the reasons for Number & Message Manipulation

• Know how to perform Number & Message Manipulation

294
Reminder: CMR Process

Reject Dialog

No match No match No match

Leg1
Incoming Outgoing
SIP Interface Classification Routing
Message Message
Leg2
Pre-Parsing
Manipulation Inbound Outbound
(SIP Interface) Message Manipulation Set Message Manipulation Set
(IP Group) (IP Group)
Pre-Classification
Manipulation
(SIP Interface)
Inbound Outbound
Source and/or Destination Source and/or Destination
Number Manipulation Number Manipulation

(Optional)

295
SBC Number Manipulation

• Done according to manipulation tables, similar to what’s done for routing

• Select manipulation rule in a table according to:
• Source IP Group
• Source and/or destination host and/or user prefixes
• Outbound manipulations are done after routing
• Outbound manipulation rule matching can be done by destination IP Group

296
SBC Inbound Number Manipulations

• Configure rules to manipulate SIP URI user part (source and destination)
of inbound SIP dialog requests
• Rules can be applied to user-defined SIP request type (INVITE,
SUBSCRIBE and/or REGISTER)
• Manipulation of Destination URI user part performed on these SIP
headers:
• Request URI
• To
• Remote-Party-ID (if it exists)
• Manipulation of Source URI user part is performed on these SIP
headers:
• From
• P-Asserted (if it exists)
• P-Preferred (if it exists)
• Remote-Party-ID (if it exists)

297
SBC Inbound Number Manipulations

298
SBC Inbound Number Manipulations – Match Area
• Name
• Additional Manipulation: use same matching
condition as row listed above
• Manipulation Purpose: Defines the purpose
of the manipulation
• Request Type: SIP request type to which the
rule is applied
• Source IP Group: the IP Group from where the
incoming INVITE is received
• Source Username Pattern
• Source Host
• Destination Username Pattern
• Destination Host

299
SBC Inbound Number Manipulations – Action Area
• Manipulated Item: Determines whether the Source or Destination SIP URI user part is
manipulated
• Remove From Left
• Remove From Right
• Leave From Right: Defines the number of characters that you want retained from
the right of the user part
• Prefix to Add
• Suffix to Add

300
SBC Outbound Number Manipulations

• Configure rules to manipulate SIP URI user part (Source and Destination)
of outbound SIP dialog requests
• Rules can be applied to user-defined SIP request type (INVITE,
SUBSCRIBE and/or REGISTER)
• Manipulation of Destination URI user part performed on these SIP
headers:
• Request URI
• To
• Remote-Party-ID (if it exists)
• Manipulation of Source URI user part is performed on these SIP
headers:
• From
• P-Asserted (if it exists)
• P-Preferred (if it exists)
• Remote-Party-ID (if it exists)

301
SBC Outbound Number Manipulations

302
SBC Outbound Number Manipulations Match Area

• Same parameters as inbound, except for:

• Destination IP Group
• IP Group where the INVITE is being sent
• Calling Name Pattern
• Pattern of the calling name (Caller ID)
Appears in the SIP From header
• Message Condition
• Assigns a Message Condition rule as a
matching characteristic
• Reroute IP Group
• Defines the IP Group that initiated (sent) the
SIP redirect response. The parameter
functions together with the 'Call Trigger'
parameter

303
SBC Outbound Number Manipulations Action Area
• Same parameters as in Inbound except for:
• Manipulated Item
• Determines whether the Source, Destination SIP URI or Calling Name user part is manipulated
• Privacy Restriction Mode
• Determines user privacy handling by restricting source user identity in outgoing SIP dialogs

Transparent (default)
Don’t change privacy
Restrict
Remove Restriction

304
Message Manipulation

305
Why SIP Message Manipulation?

• Key SBC requirements:

• Each customer has distinct requirements for SBC fundamentals of Security, Interworking and
Interoperability
• Multiple devices support SIP but do not interwork because of differences in how the protocol
is implemented or interpreted
• Manipulation customizes SIP messaging on either side to what devices in that network
segment expect
• ITSPs or enterprises may have policies for which SIP messaging fields should be present before
a SIP call enters their network
• Resolves incompatibilities between SIP devices inside the enterprise network or between
networks
• Self-service programmable tool that saves the time required to develop a software ‘patch’ for
each customer

306
Message Manipulation

• A combination of rules, specified as a set or group of actions, to be attached to an IP Group

• On the SBC application Message Manipulation rules can be applied pre-classification or
post-classification
• Pre-classification Process:
• On incoming SIP dialog-initiating messages (e.g., INVITE) prior to the classification process
• The Manipulation Set ID is assigned to the SIP Interface on which the call is received

• Post-classification Process:
• On inbound and/or outbound SIP messages after the call has been successfully classified
• The Manipulation Set ID is assigned to the relevant IP Group in the IP Group table

307
Message Manipulation Set (MMS)

• IP Group pages display 2 fields:

• Inbound manipulation set
• Set of rules to apply to incoming messages (from this IP Group)
• Outbound manipulation set
• Set of rules to apply to outgoing messages (to this IP Group)

308
Inbound/Outbound Manipulation
• Applied per message and not per call
• For example:
• IP Group 1 has 2 Message Manipulation Sets, one for Outbound and one for Inbound, for the same call:
• Incoming INVITE goes through Inbound MMS
• 100, 180 and 200 OK responses go through Outbound MMS
• IP Group 2 has 2 Message Manipulation Sets, one for Outbound and one for Inbound, for the same call:
• Outgoing INVITE goes through Outbound MMS
• 100, 180 and 200 OK responses go through Inbound MMS

Invite Invite

100 Try IP Group 1 100 Try

Inbound Message Manipulation Set = 1
180 Ringing Outbound Message Manipulation Set = 2 180 Ringing
200 OK 200 OK
IP-PBX IP Group 2 ITSP
Inbound Message Manipulation Set = 3
Outbound Message Manipulation Set = 4

309
Message Manipulation Configuration

• Message Manipulation Table used to configure rules and relate them to a set of rules
• Rule configuration enables adding, modifying or removing most message content
• A rule can be conditionally applied
• Removing/Adding mandatory SIP Headers is not allowed
• Modifying Mandatory SIP Headers is allowed, performed only on requests to initiate new
dialogs
• Mandatory Headers include:
• Request URI, To, From, Contact, Via, CSeq, Call-Id and Max-Forwards
• Mandatory SDP headers include:
• v, o, s, t ,c, m
• When multiple rules apply to the same header, the second rule applies to the first rule’s
result string

310
Message Manipulation – Manipulation Set ID

• Post-Classification Process: message manipulation is done on inbound and/or outbound SIP

messages after the call has been successfully classified
• Each Manipulation Set rule contains a Manipulation Set ID
• Same Manipulation Set ID can be configured for multiple rules
• Assigned to IP Group for inbound and/or outbound messages

311
Message Manipulation – Syntax

312
Message Manipulation – Message Type
• The Message Type to manipulate General Match Action
• Rule applied only if this is the message type Manipulation Row Message Action Action Action
Name Condition
Set ID Role Type Subject Type Value

• Syntax: method.message-role.response-code
• Method
• Invite, Subscribe, Refer – rule applies only to specific messages
• Unknown – Unknown methods also allowed
• Any (or empty) – No limitation on method type
• Message-role
• Request – Rule applies only on requests
• Response – Rule applies only on Response message
• Response-code Examples:
• 3xx – Any redirection response • Invite
• 200 – Only 200 OK response
• Invite.Request
• Invite.Response.180
• Register
• Any
313
Message Manipulation – Condition
• Rule-matching criteria (conditions) General Match Action
• If criterion (condition) exists, rule applies Manipulation Row Message Action Action Action
Name Condition
Set ID Role Type Subject Type Value

• Syntax: <option type> <match-type> match-condition

• Editor Options:
• Header, Body, Param, Var, SrcTags, DstTags, Message
• Match-type
• “==” , “!=” , “>” , “<” , “>=” , “<=” , “contains” , “!contains”, “exists”, “!exists”, “len>”, “len<“, “len==“,
sufix, prefix, insubnet, !insubnet, “regex”
• Logical-expression
• “AND” – Logical And
• “OR” – Logical Or

Examples:
• header.contact contains ‘audiocodes.com’
• header.from.url.user == ‘100’ OR header.from.url.user == ‘200’ OR header.from.url.user == ‘300’
• header.from.url.user == ‘100’ AND header.to.url.user == ‘200’
314
Message Manipulation – Action Element
• SIP Header on which manipulation is performed General Match Action
• Message element that changes Manipulation Row Message Action Action Action
Name Condition
Set ID Role Type Subject Type Value

• Syntax: ("header"/"body").message-element-name [.header-index] [.(sub-element/sub-element-param)]

• Editor Options:
• Header, Body, Param, Var, Message
• Message-element-name – Name of message element
• From, To, Application/SDP
• Header-index – Header's index in the list of headers (if several same-type headers arrive)
• 0 or none = first header
• 1 = second header
• 4 = fifth header
• Sub-element – Header's element Examples:
• User, Host • header.via.2
• header.from
• header.contact.url.user
• header.referred-by.url.host
315
Message Manipulation – Action Type

General Match Action

Manipulation Row Message Action Action Action
Name Condition
Set ID Role Type Subject Type Value

• The action to be performed on the element

• Syntax:
• Add = adds a new header (or parameter or body)
• Remove = removes a header (or parameter or body)
• Modify = sets the element to the new value (replace the entire element)
• Normalize = removes unknown SIP message elements before forwarding the message
• Add Prefix = adds the value at the beginning of the element string
• Remove Prefix = removes the value from the beginning of the element string Recommended:
• Add Suffix = adds the value at the end of the element string Regular expression
• Remove Suffix = removes the value from the end of the element string

316
Message Manipulation – Action Value

• Value to use in the manipulation General Match Action

Manipulation Row Message Action Action Action
Name Condition
Set ID Role Type Subject Type Value

• Syntax: (string/message-element/param)("+"(string/message-element/param))
• String
• ‘test.local’, ‘<sip:[email protected]:5067>’
• Message-element
• header.from.user, header.contact.url.user
• Param Examples:
• param.ipg.src.user, param.call.dst.host • '3600‘
• Combination • ‘Bob’
• param.ipg.dst.host + ‘.com’ • header.to.url.host
• 'Mike@'+Header.To.URL.Host.Name
• Param.IPG.Dst.User+'com'

317
Message Manipulation – Row Role

General Match Action

Manipulation Row Message Action Action Action
Name Condition
Set ID Role Type Subject Type Value

• Determines which condition to use for this table row’s rule

• 2 options:
• Use Current Condition = use only the condition entered in this row
• Use Previous Condition = use the condition of the rule configured directly above this row
(to perform the defined action)
• When multiple manipulations rules apply to the same header, the next rule applies
to the result string of the previous rule

318
SIP Message Normalization

• Feature that can be enabled per manipulation rule when Action Type is set to "Normalize“
• Removes unknown or non-standard SIP message elements before forwarding the message
• These elements can include SIP headers, SIP header parameters, and SDP body fields
• The device normalizes the following SIP elements:
• URLs:
• User part is normalized
• Headers:
• Unknown header parameters are removed
• URLs are normalized
• SDP Body:
• Removes unnecessary SDP fields (except m=, v=, o=, s=, c=, t=, and r=)
• Removes unknown media with all its attributes

319
SIP Message Normalization – Examples

General Match Action

Manipulation Message Action Action
Name Row Role Condition Action Type
Set ID Type Subject Value
Use Current
Example 1 1 invite header.to Normalize
Condition
Use Current
Example 2 4 invite message Normalize
Condition

• Example 1:
• To header before normalization:
• To: <sip:1-800-300-500;[email protected];user=phone;UnknownUrlParam>
• To header after normalization:
• To: <sip:[email protected];user=phone>
• Example 2:
• All the headers to be normalized
320
SIP Message Normalization – Body Example
General Match Action
Manipulation Set
Name Row Role Message Type Condition Action Element Action Type Action Value
ID
Use Current
Example 3 4 invite body.sdp Normalize
Condition

SDP before normalization SDP after normalization

v=0 v=0
o=SMG 791285 795617 IN IP4 10.33.2.17 o=SMG 791285 795617 IN IP4 10.33.2.17
s=Phone-Call s=Phone-Call
i=A Seminar on the session description protocol c=IN IP4 10.33.2.26
u=http://www.example.com/seminars/sdp.pdf t=0 0
[email protected] (Jane Doe) m=audio 6000 RTP/AVP 8
c=IN IP4 10.33.2.26 a=rtpmap:8 pcma/8000
t=0 0 a=sendrecv
m=unknown 6000 RTP/AVP 8 a=ptime:20
a=unknown
a=sendrecv
a=ptime:20
m=audio 6000 RTP/AVP 8
a=rtpmap:8 pcma/8000
a=sendrecv
a=unknown
a=ptime:20
321
SIP Message Manipulation – Example Rules

322
SIP Message Manipulation – Example Rules

323
Example: Change Referred-By to Diversion
• ITSP expects Diversion and not Referred-By

324
SIP Interface Pre-Classification

• Assigned a Message Manipulation Set ID to the SIP Interface

• Applied SIP Message Manipulation rules on incoming SIP initiating-dialog request messages
received on this SIP Interface, prior to the Classification process
• By default, no Message Manipulation Set ID is defined

325
SIP Interface Pre-Parsing Manipulation Sets

• Messages can be manipulated in their original format (plain text) as received from
the network
• Pre-Parsing Manipulation is done before Pre-Classification Manipulation and
Classification
• Pre-parsing rules assigned to the SIP Interface
• Regular expression (regex) is used to search for (match) in the incoming message as
well as to replace the matched pattern
• Parent – Child Table type

326
SIP Interface Pre-Parsing
• Messages can be manipulated in their original format (plain text) as received from the network
• Pre-Parsing Manipulation is done before Pre-Classification Manipulation and Classification
• Pre-parsing rules assigned to the SIP Interface
• Regular expression (regex) is used to search for (match) in the incoming message as well as to replace the matched
pattern
• Parent – Child Table type

327
Hands-on Lab 4

SIP Header Manipulation

Lesson 13

Digital Gateways Basic Configuration

Objectives

• After completing this lesson, you will:

• Know how to configure the basic gateway parameters

330
Configuring TDM Bus
• TDM Bus Clock Source (Network/Internal)
• Clock source on which the gateway synchronizes
• TDM Bus Local Reference
• Determines the Trunk ID used to synchronize the
gateway’s clock when using external clock
• TDM Bus PSTN Auto Clock Reverting
• Enables the PSTN trunk Auto-Fallback Reverting
feature
• TDM Bus PSTN Auto FallBack Clock
• Disable = Recovers the clock from the E1/T1 line
defined by parameter ‘TDM Bus Local Reference’
• Enable = Recovers the clock from any connected
synchronized slave E1/T1 line
• Apply only if the TDM Bus Clock Source parameter is
set to Network and TDM Bus PSTN Auto Clock
Reverting is set to Enable
• PCM Law Select (A-law/µ-law)
• Usually A-Law for E1 and µ-Law for T1
331
Configuring Key Trunk Parameters

• Protocol Type
• Sets the PSTN protocol to be used for this trunk
• If ‘Protocol Type’ of all PRI trunks displays 'None', select the protocol type (E1/T1) for a single
trunk and reset the gateway
• Only after the reset you will be able to continue configuring the trunks
• Clock Master
• Determines Tx clock source of E1/T1 line
• Recovered (0) = Generate clock according to Rx of E1/T1 line
• Generated (1) = Generate clock according to internal TDM bus
• ISDN Termination Side
• User side = ISDN User Termination Side (TE)
• Network side = ISDN Network Termination Side (NT)
• Select 'User side' when the PSTN or PBX side is configured as 'Network side’ and
vice-versa
332
Configuring Key Trunk Parameters

333
Configuring Key Trunk Parameters

334
Digital Trunk Points of Information

• All Trunk spans must be of the same Line Type (all E1 or all T1)
• Different flavors of same Line Type (E1/T1) can be configured on available Trunks
(e.g., E1 Euro ISDN and E1 QSIG)
• Trunks are referenced in ini file and Syslog messages as ‘0-7’ regardless of whether
physical Trunks are numbered ‘1-8’

E1 Euro ISDN E1 QSIG

335
Trunk Group Table – E1/T1 and/or FXS

• Used to assign Trunk Groups, Profiles and logical telephone numbers to the
gateway's channels
• Trunks or B-Channels that are not defined are disabled

336
Trunk Group Settings

• Determines the method by which new calls are assigned to channels within each Trunk
Group ID
• If such a rule doesn't exist (for a specific Trunk Group), the global rule defined by the
Gateway General Settings’ Channel Select Mode parameter applies

337
Coder Group Table
• Allows you to configure coders for the Gateway
• The first coder in the list has the highest priority
• A coder can appear only once in the table
• The Packetization Time determines how many coder payloads are combined into a single RTP packet
• The Gateway always uses the packetization time requested by the remote side for sending RTP packets
• Enable/Disable the Silence Suppression option per coder

338
Outbound IP Routing Table (Tel2IP)
• Used to route outgoing calls from Tel to IP

339
IP to Trunk Group Routing (IP2Tel)
• Used to route incoming IP calls to trunk groups
• Route the call to Trunk Group ID

340
Number Manipulation
• Manipulation can occur before or after a routing decision is made
• Number Manipulation tables for incoming and outgoing calls are
provided
• Used to modify Destination and Source telephone numbers so that
calls can be routed correctly
• Using Manipulation Tables, you can:
• Allow/Restrict Caller ID information
• Assign NPI/TON to IP-to-Tel calls

341
Routing Mode Parameters

• The Tel to IP Routing Mode and IP to Tel Routing Mode parameters determine the
order between routing calls to Trunk Groups and manipulation of the number
• Route calls before manipulation (default)
• Route calls after manipulation

342
Lesson 14

SBC Survivability
Lesson Objectives

• After completing this lesson you’ll:

• Understand the survivability concept
• Configure the SBC for survivability support
• Configure the SBC for PSTN Fallback

344
SBC Survivability

• 3 survivability features:
• Routing calls to alternative routes such as:
• ITSP
• IP-PBX

• Routing calls between user agents in the local network using a dynamic DB
(built according to registrations of SIP user agents)
• Fallback to the PSTN based on E1/T1 connection (Hybrid devices)

345
SBC Survivability
• Continuous VoIP service for enterprise users on WAN isolation

Soft Switch 2

2
PSTN WAN Soft Switch 1

E1/T1 1
4

3
SIP Signaling + Media (RTP)

ITSP Health SIP Check

Internal Calls in WAN isolation

Enterprise
LAN IP to PSTN Calls in WAN isolation

346
Survivability Methodology

• Based on the IP-to-IP Routing Table

• Alternative Route Options:
• Route Row (default):
• The first route – main routing rule. SBC first attempts to route the call to it
• Alt Route Ignore Inputs:
• If the call cannot be routed to the Route Row, the call is routed to this alternative route
• This route will apply regardless of incoming SIP dialog's input characteristics
• Alt Route Consider Inputs:
• If the call cannot be routed to the Route Row, the call is routed to this alternative route
• Apply only if the incoming SIP dialog matches this routing rule's input characteristics
• Group Member Ignore Inputs:
• This routing rule is a member of the Forking routing rule
• The incoming call is also forked to the destination of this routing rule
• The matching input characteristics of the routing rule are ignored
• Group Member Consider Inputs:
• This routing rule is a member of the Forking routing rule
• The incoming call is also forked to the destination of this routing rule only if the incoming call matches this
rule's input characteristics
347
Survivability Methodology

The alternative routing entry must be defined

in the next consecutive table entry index

348
Define Alternative Reasons Set Table
• The Alternative Reasons Set table lets you configure groups of SIP response codes for SBC call release
(termination) reasons that trigger alternative routing
• This feature works together with the Proxy Hot Swap feature, which is configured in the Proxy Sets table
• If no response, or ICMP or SIP 408 response is received, the SBC attempts to use the alternative route
even if no entries are configured in the ‘Alternative Reasons Set table‘

349
Define Alternative Reasons Rules Table

350
Assign the Alternative Reasons Set to Destination IP Group

• To apply your configured alternative routing reason rules, you need to assign the
Alternative Reasons Set for which you configured the rules, to the relevant IP Group
in the IP Groups table, using the 'SBC Alternative Routing Reasons Set' parameter

351
SBC Survivability for IP-PBX Users

Normal Mode
Survivability Mode
Fallback to PSTN
352
Define Media Realms

353
Define SIP Interfaces

354
Define Proxy Set – IP-PBX

355
Define Proxy Set – ITSP1

356
Define Proxy Set – ITSP2

357
Define IP Groups

358
IP to IP Routing Table – Options Termination

359
IP to IP Routing Table – IP-PBX to ITSP1 (Primary Route)

360
IP to IP Routing Table – IP-PBX to ITSP2 (Alternative Route)

361
IP to IP Routing Table – Calls to IP-PBX

362
Define Alternative Routing Set

• If no response, or ICMP or SIP 408 response is received, the SBC attempts to use the
alternative route even if no entries are configured in the ‘Alternative Routing Set‘

363
Assign the Alternative Reasons Set to Destination IP Group

364
Configure the TDM Bus for the Gateway

365
Configure the Digital Trunk

366
Configure the Trunk Group – E1/T1

• Used to assign Trunk Groups, Profiles and logical telephone numbers to the
gateway's channels

367
Configure the Trunk Group Settings
• Determines the method by which new calls are assigned to channels within each Trunk Group

368
IP to Trunk Group Routing (IP2Tel)

• Used to route incoming IP calls to trunk groups

• Route the call to Trunk Group ID

369
Tel to IP Routing (Tel2IP)

• Used to route outgoing IP calls

• Route the calls to the IP-PBX IP Group

370
Define IP to IP Routing Table
• Add the Gateway entry to SBC IP-to-IP Routing Table:

371
SBC Survivability for LAN Users

Server IP-Group
Hosted IP-PBX
Server 1: 201.10.1.1
Server 2: 201.10.1.2
User IP-Group

Normal Mode
Survivability Mode

372
Define IP Group – LAN Users

373
User IP Group Classification

374
Define IP to IP Routing Table

• Terminate Options

375
Define IP to IP Routing Table

• Add the Registration support

376
Define IP to IP Routing Table

• Route coming from Hosted IP-PBX to the LAN Users

377
Define IP to IP Routing Table

• Route between LAN Users and the Hosted IP-PBX

378
Define IP to IP Routing Table

• If connection to the Hosted

IP-PBX fails, LAN Users calls
will be alternative routed to
the LAN Users

379
Define IP to IP Routing Table

• All the other alternative calls

will be routed to the PSTN
over the E1/T1 connection

380
Lesson 15

SBC High Availability

Lesson Objectives

• After completing this lesson you’ll be able to:

• Understand the High Availability (HA) concept
• Understand the HA architecture
• Understand how to configure HA

382
High Availability Overview

• The device's High Availability (HA) feature provides 1+1 system redundancy using
two Mediant devices
• If failure occurs in the active device, a switchover occurs to the redundant device
which takes over the call handling process ensuring the continuity of call services
• All active calls (signaling and media) are maintained upon switchover
• Only IP calls are maintained during a switchover
• For those devices supporting the Gateway function, PSTN calls are dropped by sending
a SIP BYE message to the IP side. This is because only the active device is physically
connected to the PSTN interfaces

383
High Availability Architecture

• Provides full redundancy between the two Mediant devices

• One of the devices is in Active state while the second is in Redundant state
• In the Redundant device, only the Maintenance interface is active
• Management of the HA pair is done only through the Active device
• Upon a major functional failure in the Active device, the Redundant device
becomes active
• Supported in:
• Mediant 500
• Mediant 800
• Mediant 2600
• Mediant 4000
• Mediant 9000
• Software SBC

384
Two Box Redundancy flow

ITSP

Active Mediant

SYNC
IP-PBX

New Active
Standby Mediant
Mediant

Enterprise
LAN

385
Two Box Redundancy flow

ITSP

Active
New Mediant
Standby Mediant

IP-PBX

SYNC
New Active Mediant

Enterprise
LAN

386
HA License Key

387
High Availability Configuration

• Since both devices have the same IP address, in the initial configuration stage,
they cannot both be connected to the network
• To initially configure HA:
1. Configure HA on the first device
2. Burn the configuration to flash and power down
3. Configure HA on the second device
4. Burn the configuration to flash and reset
5. Power up the first device

388
IP Interfaces

Maintenance
Interface

389
Physical Network Connections

• A dedicated physical group for the Maintenance Interface

• Shared physical group – the physical port group used for the Maintenance Interface
is also used for other interfaces (i.e., OAMP, Media, and/or Control) in addition to
the Maintenance Interface

Maintenance

Network Port 2 Network Port 2

Network Port 1 Network Port 1 Network Port 1 Network Port 1

Network Network and

Maintenance

390
HA Setting
• The remote maintenance IP Interface
• Devices Names
• Network Monitor:
• The SBC can monitor a specified network entity, using pings
• If the device does not receive a ping response from the entity, a switchover to the redundant device occurs

• Defines the minimum number of monitored rows (configured

in the HA Network Monitor table) whose destinations are
unreachable that are required to trigger an HA switchover
• The valid value is 1 to 10. The default is 1
391
HA Network Monitor
• Network Monitor:
• The SBC can monitor a specified network entity, using pings
• If the device does not receive a ping response from the entity, a switchover to the redundant device
occurs

Read-only field displaying the connectivity

(reachable) status with the monitored
row, which is based on ping results

392
Preempt Mode

• On default configuration the system is HA symmetric – each unit that become

Active will stay Active
• The system can be configured in Preempt mode which allows specifying one of the
units as the favorite/prioritized unit between the two units
• When working in Preempt mode, each unit should be configured with priority and
whenever a unit with higher priority is recovering from a failure, it will become
active again (performs an Auto-Switchover after HA sync. has ended)

393
Preempt Mode

• Enable the HA Preempt feature

• Set the priority level of the device in the 'Preempt Priority' field
• Typically, you would configure the active device with a higher priority level (number) than the
redundant device (range 1-10)

394
HA Status in the Monitor Page

• Synchronizing - Redundant device is synchronizing

with Active device
• Operational - The device is in HA mode
• Stand Alone - HA is configured, but the Redundant
device is missing, and HA is currently unavailable

395
Initialization Process

• When only one device is running, it is in stand-alone state

• When the second device is loaded, it recognizes the Active device (through the
Maintenance network) and acquires the HA Redundant state
• Synchronization between the Active and Redundant devices may take several
minutes in which the Active device provides the Redundant device with all its
current configuration settings (including loaded files and *.cmp)
• Once loaded to the Redundant device, the Redundant device reboots to apply the
new configuration

396
HA Software Upgrade

• Two types of software upgrade are available on HA system:

• Hitless – first the Redundant unit burn and reboot with new software version and a switch over
is done, then the other unit is doing the same and a switch back is issued to return to original
system setup, this method preserve service, but it is more complex and take more time
• System Reset – both Active and Redundant units burn and reboot with new software version,
this method is quick and simple, but it does not preserve service

397
High Availability Maintenance

• Manual Switch Over

• The redundant SBC take over and the active device will reset
• Reset The Redundant Board
• The redundant SBC resets

398
Hands-on Lab 5

SBC Survivability
 Thank You

Stay in the loop