Category Archives: Direct Routing

Part3 – Setup the PSTN Trunk for the Direct Routing Configuration for Microsoft Teams

Continuing the previous article now we’ll go through the next steps that is required to complete the enterprise voice configuration. Now we have setup the AudioCodes SBC , configured SIP trunk from Office 365 to SBC the next step is to setup PSTN trunk from the SBC to the Telephony Provider.

If there is already an existing setup then this part is not required because the configuration will be already present in that case. In this article we will have a look at how to configure the PSTN Trunk for a new telephony provider.

There are multiple PSTN Sip Providers that we can use to complete this configuration. In our case we have chosen Telnyx as the PSTN Sip Provider for this demo purpose. They provide us the flexibility to purchase numbers as low as 10 USD and hence have chosen this for our testing.

Over here we are not going to deep dive much into Telnyx configuration since our task is to create a PSTN Trunk between them and our SBC. So we will go through only the steps that is required to complete the Direct Routing Configuration.

The moment when we subscribe with Telnyx they provide an advance credit of 10 USD and a portal like below. As per the Telnyx documentation we need to create a new SIP connection to our SBC in the below section where we could see they have a SIP connection with their backend system as a default setup.

So over here have created a new SIP connection to the SBC as below. In order to proceed click on Add SIP connection. Added a name Teams SIP Connection Type – FQDN – Provide the SBC published FQDN – Keep the rest default – Finally use the authentication type credentials and use their login details that was received when registered and click save.

Now we have the inbound/outbound configuration that needs to be completed and have to choose number format, SIP Transport Protocol, SIP region based on our requirement.

And the moment when we expand the expert settings we could see the audio/video codec types that we need to choose based on our requirement.

And for the outbound have to choose the correct country where the number have been purchased.

Finally we need to create the outbound voice profile and whitelist the country where the call will be done. The outbound connection type can be selected as FQDN since we have the available SBC FQDN for the Direct Routing which will be published in the internet.

Whitelist of the country can be done by just searching for the appropriate country over the Available Regions and Countries section on the left and adding them to the selected regions and countries over the right side. FQDN connections need to chosen from the Connection’s outbound settings in the SIP Connections section of the portal which is shown in the outbound tab in SIP connection section.

Finally we need to purchase the numbers from them and setup a DID to a SIP connection. This is mandatorily required to receive the inbound calls from the PSTN Provider. We can navigate to numbers choose the number that needs to be setup as DID . Navigate to connection or app and choose the SIP connection that was created between Telnyx and the SBC. There is option to assign multiple DIDs to a single SIP connection , however since its our testing we have used only one in our example.

Having completed the configuration on the SIP provider portal, we need to setup few more configuration on the SBC part.

There are 3 configurations that needs to be completed on the SBC part.

  1. Sip Proxy
  2. IP Group
  3. Define Coders

Now we need to setup proxy sets to establish outbound and inbound connections from the SBC.

The appropriate ipaddress have to be chosen based on the location as per this information. In the Proxy addresses add the appropriate Ip addresses in the new proxy set type. The Transport type must be UDP. In our example have selected TCP and UDP for testing purposes.

Now we need to define the IP Group to denote the source and destination of the calls and associate them with the proxy sets created for the PSTN Trunk.

Having completed this the final step is to define the coders that is supported by Telnyx. This can be completed by navigating to the coders & profiles and selecting the coder groups.

The moment when it is completed we are ready to assign the number to the Teams Client. On a successful number assignment as per this article we get the assigned number.

And we receive the dial pad as below with the number.

Having reached this state the there are few scenarios that are not getting successful and may be it might require additional tweaking in my test environment which I haven’t visited for a quite long time. An inbound call is not getting successful. The SBC is not responding to Inbound INVITE from Telnyx even though it is listening on the port.

I will test further on the configuration and probably update the results in the upcoming posts. Similarly depending on your requirements, you may need to set more configurations such as IP profiles ,Routing , Additional Codecs and Proxy Sets.

Regards

Sathish Veerapandian

Part 2 – Configure AudioCodes SBC for Microsoft Teams Direct Routing

Continuing the previous article there are few more steps to complete the configuration of the Direct Routing with the office 365 tenant and in this article we will run through those steps.

Currently the SBC is up and running configured with the certificates and required SBC DNS records now the next step is to enable the direct routing. Well there are two options to enable the Direct Routing via skype online powershell session or via the Microsoft Teams Admin center. In our example we will try to enable them via the Teams admin center.

Before doing this make sure to meet the network prerequisite that is required for Direct Routing and have written an article about the same almost a year ago.

Login to the admin portal with the appropriate credentials.

Enter the DNS name of the SBC that was configured in our case its sbc.nl.exchangequery.com

Subsequently we must add all the required information over here. One important point to note over here is that the SIP signaling port that is present by default is port 5067. The Direct Routing SIP Trunk can be configured only by using a TLS connection. We can choose the SIP port any port of our choice. If we try to configure the port 5060 it will not work since the TCP connectivity is not supported due to security reasons.

Enabling SIP option defines if an SBC will or won’t send SIP options messages and will be included in the monitoring. Rest of all the information have to be enabled as per the requirement. Also look into Location based routing and media optimization based on the requirement. Once done click on save and the configuration is complete.

But we could see that the SBC status shows error message and the configuration seems to be unsuccessful. Even after the configuration is completed even after loading the named certificate, intermediate and the root on the audiocodes we could see that the TLS connectivity status still shows as inactive. In addition to that we also see the SIP option status shows us the warning message as well.

Now further drill down into the logs gives us more additional information of the reason why it is failing. Still we we do have the correct certificates uploaded but the connection seems not completed.

So the initial thought was the issue with the firewall however the firewall connectivity was already completed and could ping the SBC on port 5061.

When looking into the audiocodes documentation came to know that in addition to the normal named certificate for the DNS Name its mandatory to upload the Baltimore Trusted Root Certificates. This is mandatorily required for establishing a Mutual TLS Connection with the Microsoft Teams Network.

So the DNS name of Microsoft Teams pstnhub.microsoft.com is using this certificate provided from baltimore and hence this import is required for establishing the mutual TLS connection.

We can Download the certificate from https://cacert.omniroot.com/bc2025.pem and follow the same procedure stated on previous article part 1 to import them on the Audiocodes SBC and make sure they are present on the Trusted Root Certificates.

The first part that we need to complete before the certificate validation is to ensure that the NTP server is setup correctly. This is a mandatory requirement for these two remote parties validating the certificates for setting up the mutual TLS connection between them.

You can go to setup – Administration – Time & Date and configure your NTP server.

Further to the NTP server there are few more configurations that need to be performed on the AudioCodes SBC which we will see below.

Configure the Proxy Sets: Add Microsoft SIP PSTN FQDNs

We have 3 Microsoft FQDNs as of now and all of them needs to be added over here and make sure the transport type is set to TLS.

Navigate to SetUp – Signaling & Media – Proxy Sets and add the 3 FQDNs over here.

SIP Interfaces:

We need to configure SIP interfaces for Teams Direct Routing as well. Configure as below. Keep the Enable TCP Keepalive option. SetUp- Signaling & Media – Core Entities – SIP Interfaces

Media Realms:

We need to configure Media Realms for Teams Direct Routing. Configure the settings as below. Select the default media realm as No. SetUp – Signaling & Media – Core Entities – Media Realms

Configure IP Groups:

Configure IP Groups as below – Make sure the Topology location is set as Up

In the Advanced make sure to mention the SBC published external FQDN. Keep the classify by proxy set Disable and keep the Client Forking Mode as Sequential.

Configure Coder Groups:
We need to add the supported coder groups for the leg SBC and the Direct Routing Configuration.
Teams supports OPUS and SILK Coders.

Inorder to configure the coder groups navigate to SetUp- Signaling & Media – Coders & Profiles – Coder Groups and mention the below values for Teams Direct Routing Leg. Later you might need to configure one for the SIP Trunk based on the coders they support.

Its mandatory to enable the SIP options for the SBC to monitor and for that we need to enable some configurations on the session border controller. In order to do that go to Setup- Signaling & Media – SBC – Routing – IP-to-IP Routing and configure all the required routing as per your requirement.

So we need to make sure other options are configured as per the documentation of the Audiocodes. Finally after the all the steps are done we can see the Teams Direct Routing Configuration is showing successful in the Teams Admin Center.

In our example we have 1 SBC, 1 Voice Routes and 0 SBCs with Issues which is a good sign. Since we didn’t initiate any real traffic we could see the message no data.

We do have a very good option to validate the pairing between the Audiocodes SBC and our Tenant Direct Routing. We can see the connectivity is successfully established over here and we can see that the status is showing online without any issues.

Now we have completed the Direct Routing And established the connectivity between SBC and the Teams Tenant there are lot more other configurations that needs to be performed on the SBC to complete the entire enterprise voice configuration. We will look into those on the upcoming articles.

Regards

Sathish Veerapandian

Part 1 – Configure AudioCodes SBC for Microsoft Teams Direct Routing

Microsoft have been providing us the option bring your own sip trunk for enabling the enterprise voice functionality. With Microsoft Teams Direct Routing we can provide the phone system to Teams users ,connect the SIP Trunks and use the local telecommunications provider. This option provides most of the customers for an easy transition to Microsoft Teams in parallel by utilizing the existing infrastructure and moving the users to the new system.

In order to leverage this functionality we need to setup certified session border controllers. Previously there is an article written which can be referred to check the readiness and steps that is required to configure Direct Routing in Microsoft Teams.

In this article series we will see on setting up audiocodes session border controller that will help in configuring the Direct Routing.

There are multiple ways to achieve this and we have an option to configure this from the Azure Market place. We will see on configuring this from the Azure Market Place.

First prerequisite is we need a valid azure subscription. Login to Azure and search in the Azure Market Place for Audio Codes.

Below are the results that we receive and there are few options for us to select over here. For instance we do have an SAAS offering that is fully managed in Azure. For a full setup we have Mediant Virtual Edition Session Border Controller and Cloud Edition Session Border Controller. The Mediant CE edition is more robust ,utilizes the full cloud elasticity and can scale up and down based on the demand. The VE is more of a Virtual edition that can be built easily on Orchestration Solutions and available in the Azure Market place for easier deployments. More information on the description can be found here

Here in this example we choose to use the Virtual Edition Session Border Controller. There are few important key take aways to note down here. While creating it is not allowing us to add them on an existing resource Group and it mandates us to create a new resource group or any existing resource group that is empty. And one more important thing is that the virtual machine name must be all lower case because in the network settings it doesn’t allow to create the dns name with the upper characters.

Next in the virtual machine settings we have the option to choose the computing size. And we have options to choose the OS versions. Here have chosen the latest os version. The cloud-init file is an optional file that can be chosen for automatic provisioning.

Next is the network settings where it provides us the option to set up the NIC interfaces based upon our requirement. Since in this case its a demo we are going with the network interfaces option 1. One more important thing here is that the public ip address has to be static . It picks up the setting static from this template however its better to verify them from the NIC settings once the VM has been deployed.

Finally it comes to the validation screen where we can check all the required settings and click on create.

Once it has been created we see all the required resources have been populated.

You can also see the DNS name that has been created with the static IP

Now when we login to the SBC DNS name we get the Audiocodes console that is ready for configuration.

Now this is running the next important thing is create an A record in the Public DNS and point that to this public ip address. One more important tip here is that this name that has been selected the domain has to be registered in the Office 365 portal.

The next important thing is the certificates configuration on the Mediant SBC. Create a certificate from the public CA and upload them from here Ip Network – Security and TLS Contexts.

In my case im using a certificate that has been provided by digicert for this domain that we are testing. Make sure the file is in password protected and pfx format.

Click on change certificate. There are multiple options to upload the certificate. Here we are choosing the last option upload the certificates from your computer in PFX format and with a password and select load file.

After a successful load file we see the message that states the upload is successful and here we see the red save alert that forces us to update the modified configuration.

We can also see the associated root and intermediate certificates of digicert have been populated over here in the trusted root certificates section.

Finally we have to upload the same certificate in pem format for the SBC

We get the below message after a successful upload of the pem file.

Now we have completed half of the initial readiness of the direct routing configuration and in the next blog we will go through the next steps of the further configuration.

Thanks & Regards

Sathish Veerapandian

<span>%d</span> bloggers like this: