Configuring Sonus SBC 5000 Series with Microsoft Lync 2013

Configuration Guide SBC 5000 Series Configuration Guide For use with Microsoft Lync 2013 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the prior written permission of Sonus Networks, Inc. 2 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. Contents 1. 2. Introduction .................................................................................... 4 1.1. Special Notes ...................................................................................................................... 5 1.2. Network Topology ............................................................................................................... 5 1.3. Hardware/Software Requirements ...................................................................................... 6 Configuring Sonus SBC 5000 Series ............................................. 7 2.1. Configuration Workflow ....................................................................................................... 7 2.2. Quick Start Examples .......................................................................................................... 8 2.2.1. Using TCP ....................................................................................................................... 8 2.2.2. Using TLS/SRTP ........................................................................................................... 12 2.2.3. Using IPv6 ..................................................................................................................... 13 2.3. 3. Configuration Details ......................................................................................................... 14 2.3.1. Using TCP ..................................................................................................................... 14 2.3.1.1. Global Configuration ...................................................................................................... 14 2.3.1.2. Lync Side Configuration ................................................................................................ 15 2.3.1.3. Service Provider Side Configuration ............................................................................. 21 2.3.1.4. Global Call Routing Configuration ................................................................................. 21 2.3.2. Using TLS/SRTP ........................................................................................................... 23 2.3.2.1. Global Configuration ...................................................................................................... 23 2.3.2.2. Lync Side Configuration ................................................................................................ 24 2.3.3. Using IPv6 ..................................................................................................................... 25 2.3.3.1. Lync Side Configuration ................................................................................................ 25 Appendix A: TLS Certificates ....................................................... 26 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 3 of 30 1. Introduction This document provides a configuration guide for Sonus SBC 5000 Series (Session Border Controller) when connecting to Microsoft Lync 2013. This configuration guide supports features given in Lync 2013 test plan ‘TDS_Oip-SIP-SBCW15’. The below list gives the features verified using this configuration guide.  Basic Inbound Calls  Basic Outbound Calls  Codecs  Early Media  RTP-RTCP  Simultaneous Ringing  TLS/ SRTP  Additional SIP Headers Support  Hold-Resume  Call Forward  Transfer  Conference  Load Balancing and Failover  Failover and Routing  Anonymous Caller Representation  Mapping and Error Handling Section 2 provides the templates used for provisioning SBC 5000 to support these features. Additional configuration may require based on network requirements. It also provides Quick Start Examples for SBC 5000 configuration. Appendix A provides the configuration procedure for TLS certificate using Microsoft Active Directory Certificate Service. 4 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 1.1.  Special Notes Special Note None 1.2. Network Topology Figure 1 Sonus SBC 5000 with Lync 2013 Server The figure above shows the Lync 2013 Server Topology used in IOT testing. In this, SBC is configured with 1 trunk on Lync Side and 1 trunk on Service Provider Side. Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 5 of 30 1.3. Hardware/Software Requirements Equipment Software Sonus Networks • SBC 5000 Series • BMC • BIOS • ConnexIP OS • SonusDB • EMA • SBX 4.0.0R000 V2.4.1 V2.1.2 02.00.02-R000 sonusdb-V04.00.00R000 ema- V04.00.00-R000 sbc-V04.00.00-R000 Third-party Equipments  6 of 30 Microsoft Lync 2013 5.0.8308.0 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 2. Configuring Sonus SBC 5000 Series This section provides Command Line Interface (CLI) based templates as well as Quick Start Examples to configure SBC 5000 with Lync 2013. These templates needs to be used for reference alone. Additional configuration may be required based on network requirements. 2.1. Configuration Workflow |---- Global Configuration | |---- Codec Entry | |---- RTCP Interval | |---- SIP Domain | |---- Tones and Announcement Profile | |--- Lync Side Configuration | |----Configuring Profiles | | |----Path Check Profile | | |----Packet Service Profile | | |----IP Signaling Profile | | |----Feature Control Profile | |----Configuring Address Context | | |----IP Interface Group | | |----Zone | | |----SIP Signaling Port | | |----DNS Group | | |----SIP Trunkgroup | | |----IP Peer | | |----Static Route | |---- Global Call Routing Configuration | |----Lync Side Routing | | |----Routing Label | | |----Standard Route | |----Service Provider Side Routing Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 7 of 30 | | |----Routing Label | | |----Standard Route 2.2. Quick Start Examples Lync Side SBC 5000 SP Side sbc.domain.com Lync Cluster SP Network 10.10.10.11:5060 fc00::10:f:f:f:11:5060 lync.domain.com Med1 - 10.10.10.22:5068 Med2 - 10.10.10.23:5068 Med1 - fc00::10:f:f:f:22:5068 Med2 - fc00::10:f:f:f:23:5068 2.2.1. SIP Trunk SIP Trunk AddressContext: a1 Zone: LYNC_ZONE Media Interface: LIF1 Network Interface: pkt0 SIP Trunkgroup: LYNC_TG 20.20.20.11:5060 fc00::20:f:f:f:11:5060 AddressContext: a1 Zone: SP_ZONE : Media Interface: LIF2 Network Interface: pkt1 SIP Trunkgroup: SP_TG 20.20.20.22:5060 fc00::20:f:f:f:22:5060 Using TCP Global Configuration [ 1 ] Create Codec Entry # G.711 Codec set profiles media codecEntry G711_2833_20 dtmf relay rfc2833 set profiles media codecEntry G711_2833_20 packetSize 20 # G.711 Codec with Silence Suppresion for Comfort Noise set profiles media codecEntry G711SS_2833_20 sendSid enable dtmf relay rfc2833 set profiles media codecEntry G711SS_2833_20 packetSize 20 [ 2 ] Set RTCP Interval set system media mediaRtcpControl senderReportInterval 5 [ 3 ] Create SIP Domains for Mediation Servers to be used with Call Transfer set global sipDomain med1.domain.com set global sipDomain med2.domain.com [ 4 ] Configuring Tone And Announcement Profile set profiles media toneAndAnnouncementProfile LRBT_PROF set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone signalingTonePackageState enable set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags useThisLrbtForIngress enable set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags dynamicLRBT enable set system mediaProfile compression 75 tone 25 8 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. Lync Side Configuration Note: The pathCheck Profile on Lync IP-Peer needs to be disabled while switching from TCP to TLS and vice versa. [ 1 ] Create Path Check Profile set profiles services pathCheckProfile LYNC_OPTIONS protocol sipOptions sendInterval 20 replyTimeoutCount 1 recoveryCount 1 [ 2 ] Create Packet Service Profile # Using G.711 Codec set profiles media packetServiceProfile LYNC_PSP set profiles media packetServiceProfile LYNC_PSP codec codecEntry1 G711_2833_20 set profiles media packetServiceProfile LYNC_PSP rtcpOptions rtcp enable terminationForPassthrough enable set profiles media packetServiceProfile LYNC_PSP preferredRtpPayloadTypeForDtmfRelay 101 set profiles media packetServiceProfile LYNC_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable # Using G.711 Codec with Silence Suppresion for Comfort Noise set profiles media packetServiceProfile LYNC_PSP set profiles media packetServiceProfile LYNC_PSP codec codecEntry1 G711SS_2833_20 set profiles media packetServiceProfile LYNC_PSP rtcpOptions rtcp enable terminationForPassthrough enable set profiles media packetServiceProfile LYNC_PSP preferredRtpPayloadTypeForDtmfRelay 101 set profiles media packetServiceProfile LYNC_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable set profiles media packetServiceProfile LYNC_PSP packetToPacketControl transcode only set profiles media packetServiceProfile LYNC_PSP packetToPacketControl codecsAllowedForTranscoding thisLeg g711u otherLeg g711u [ 3 ] Create IP Signaling Profile set profiles signaling ipSignalingProfile LYNC_IPSP set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags includeReasonHeader enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags sendPtimeInSdp enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags publishIPInHoldSDP enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags sendRtcpPortInSdp enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags routeUsingRecvdFqdn enable set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes numberGlobalizationProfile DEFAULT_IP set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes domainName useZoneLevelDomainNameInContact enable set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes transport type1 tcp set profiles signaling ipSignalingProfile LYNC_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable [ 4 ] Create Feature Control Profile set profiles featureControlProfile LYNC_FCP ipProtocolFlags useIpProtocol enable defaultCalledUser enable [ 5 ] Create IP Interface Group set addressContext a1 ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName LYNCSBC portName pkt0 set addressContext a1 ipInterfaceGroup LIF1 ipInterface PKT0_V4 ipAddress 10.10.10.11 prefix 24 set addressContext a1 ipInterfaceGroup LIF1 ipInterface PKT0_V4 mode inService state enabled [ 6 ] Create Zone set addressContext a1 zone LYNC_ZONE id 2 set addressContext a1 zone LYNC_ZONE domainName sbc.domain.com Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 9 of 30 [ 7 ] Create SIP Signaling Port set addressContext a1 zone LYNC_ZONE id 2 sipSigPort 2 ipInterfaceGroupName LIF1 ipAddressV4 10.10.10.11 portNumber 5060 transportProtocolsAllowed sip-tcp state enabled mode inService [ 8 ] Create DNS Group # Configuring External DNS Group set addressContext a1 dnsGroup EXT_DNS set addressContext a1 dnsGroup EXT_DNS type mgmt server DNS1 ipAddress 10.10.10.10 state enabled set addressContext a1 zone LYNC_ZONE dnsGroup EXT_DNS # Configuring Local DNS Group set addressContext a1 dnsGroup LOCAL_DNS set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS1 hostName lync.domain.com data 1 ipAddress 10.10.10.22 state enabled set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS1 hostName lync.domain.com data 2 ipAddress 10.10.10.23 state enabled NOTE: Customer needs to configure centralized-roundrobin if they want strict roundrobin on per request basis. We typically won't recommend this since it is not an optimized for high call rates. If customer wants round robin distribution over the large volume of traffic then they should configure as follows: set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS1 hostName lync.domain.com order roundrobin state enabled set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS1 state enabled set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS2 state enabled hostName med1.domain.com data 1 ipAddress 10.10.10.22 state enabled set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS3 state enabled hostName med2.domain.com data 1 ipAddress 10.10.10.23 state enabled [ 9 ] Create SIP Trunk set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG media mediaIpInterfaceGroupName LIF1 set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG policy media packetServiceProfile LYNC_PSP set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG policy signaling ipSignalingProfile LYNC_IPSP set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG downstreamForkingSupport enabled set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG signaling rel100Support enabled set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG signaling acceptHistoryInfo enabled set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG services dnsSupportType a-only set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG ingressIpPrefix 10.10.10.0 24 set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG policy featureControlProfile LYNC_FCP set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG mode inService state enabled [ 11 ] Create IP Peer set addressContext a1 zone LYNC_ZONE ipPeer LYNC_IPP set addressContext a1 zone LYNC_ZONE ipPeer LYNC_IPP policy sip fqdn lync.domain.com fqdnPort 5068 set addressContext a1 zone LYNC_ZONE ipPeer LYNC_IPP pathCheck profile LYNC_OPTIONS hostName lync.domain.com hostPort 5068 state enabled [ 12 ] Create Static Route set addressContext a1 staticRoute 10.10.10.22 32 10.10.10.1 LIF1 PKT0_V4 preference 100 10 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. Service Provider Side Configuration [ 1 ] Create Packet Service Profile set profiles media packetServiceProfile SP_PSP set profiles media packetServiceProfile SP_PSP codec codecEntry1 G711_2833_20 set profiles media packetServiceProfile SP_PSP rtcpOptions rtcp enable set profiles media packetServiceProfile SP_PSP preferredRtpPayloadTypeForDtmfRelay 101 set profiles media packetServiceProfile SP_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable [ 2 ] Create IP Signaling Profile set profiles signaling ipSignalingProfile SP_IPSP set profiles signaling ipSignalingProfile SP_IPSP commonIpAttributes flags includeReasonHeader enable set profiles signaling ipSignalingProfile SP_IPSP commonIpAttributes flags sendPtimeInSdp enable set profiles signaling ipSignalingProfile SP_IPSP commonIpAttributes flags sendRtcpPortInSdp enable set profiles signaling ipSignalingProfile SP_IPSP egressIpAttributes flags disable2806Compliance enable set profiles signaling ipSignalingProfile SP_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable [ 3 ] Create IP Interface Group set addressContext a1 ipInterfaceGroup LIF2 ipInterface PKT1_V4 ceName LYNCSBC portName pkt1 set addressContext a1 ipInterfaceGroup LIF2 ipInterface PKT1_V4 ipAddress 20.20.20.11 prefix 24 set addressContext a1 ipInterfaceGroup LIF2 ipInterface PKT1_V4 mode inService state enabled [ 4 ] Create Zone set addressContext a1 zone SP_ZONE id 3 [ 5 ] Create SIP Signaling Port set addressContext a1 zone SP_ZONE id 3 sipSigPort 3 ipInterfaceGroupName LIF2 ipAddressV4 20.20.20.11 portNumber 5060 transportProtocolsAllowed sip-tcp,sip-udp state enabled mode inService [ 6 ] Create SIP Trunk set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG media mediaIpInterfaceGroupName LIF2 set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG policy media packetServiceProfile SP_PSP set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG policy signaling ipSignalingProfile SP_IPSP set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG policy media toneAndAnnouncementProfile LRBT_PROF set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG ingressIpPrefix 20.20.20.0 24 set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG mode inService state enabled [ 7 ] Create IP Peer set addressContext a1 zone SP_ZONE ipPeer SP_IPP set addressContext a1 zone SP_ZONE ipPeer SP_IPP ipAddress 20.20.20.22 ipPort 5060 [ 8 ] Create Static Route set addressContext a1 staticRoute 20.20.20.22 32 20.20.20.1 LIF2 PKT1_V4 preference 100 Global Call Routing Configuration [ 1 ] Create Routing Labels set global callRouting routingLabel LYNC_RL routingLabelRoute 1 trunkGroup LYNC_TG ipPeer LYNC_IPP inService inService set global callRouting routingLabel SP_RL routingLabelRoute 1 trunkGroup SP_TG ipPeer SP_IPP inService inService [ 2 ] Create Routes Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 11 of 30 set global callRouting route none Sonus_NULL Sonus_NULL standard 10 1 all all ALL none Sonus_NULL routingLabel LYNC_RL set global callRouting route none Sonus_NULL Sonus_NULL standard 20 1 all all ALL none Sonus_NULL routingLabel SP_RL set global callRouting route none Sonus_NULL Sonus_NULL username Sonus_NULL Sonus_NULL all all ALL none med1.domain.com routingLabel LYNC_RL set global callRouting route none Sonus_NULL Sonus_NULL username Sonus_NULL Sonus_NULL all all ALL none med2.domain.com routingLabel LYNC_RL 2.2.2. Using TLS/SRTP Note: Only difference from Section 2.2.1 is shown below. Global Configuration [ 1 ] Create a configuration object to hold a locally generated RSA key pair set system security pki certificate SBC_CERT type local-internal [ 2 ] Generate Key pair and CSR (certificate signing request) for submission to a Certificate Authority (CA) request system security pki certificate SBC_CERT generateCSR csrSub /C=US/ST=MA/L=Westford/O=Sonus/CN=sbc.domain.com keySize keySize1K [ 3 ] Generate required certificates Note: Follow certification generation procedure given in Appendix A and then copy the Lync Server Root Certificate (rootcert.cer) and Microsoft signed SBC Certificate (servercert.pem) into /opt/sonus/external/ folder of SBC [ 4 ] Create Crypto Suite Profile set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES-CM-128-HMAC-SHA1-80 [ 5 ] Import Lync Root Certificate into database set system security pki certificate LYNC_CERT type remote fileName rootcert.cer state enabled [ 6 ] Import Microsoft Certified SBC Server Certificate into database set system security pki certificate SBC_CERT fileName servercert.pem state enabled [ 7 ] Create TLS Profile set profiles security tlsProfile TLS_PROF clientCertName SBC_CERT serverCertName SBC_CERT cipherSuite1 rsa-with3des-ede-cbc-sha cipherSuite2 rsa-with-aes-128-cbc-sha authClient true allowedRoles clientandserver acceptableCertValidationErrors invalidPurpose 12 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. Lync Side Configuration [ 1 ] Configure Packet Service Profile with Crypto Suite set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp cryptoSuiteProfile CRYPT_PROF set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags enableSrtp enable set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags allowFallback disable NOTE: If media Bypass is disabled on LYNC set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags resetEncDecROCOnDecKeyChange disable set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags resetROCOnSRTPRekey enable NOTE: If media Bypass is enabled on LYNC set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags resetROCOnSRTPRekey disable set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags resetEncDecROCOnDecKeyChange enable [ 2 ] Configure IP Signaling Profile set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes transport type1 tlsOverTcp [ 3 ] Configure SIP Signailng Port set addressContext a1 zone LYNC_ZONE sipSigPort 2 tlsProfileName TLS_PROF transportProtocolsAllowed sip-tls-tcp [ 4 ] Configure IP Peer set addressContext a1 zone LYNC_ZONE ipPeer LYNC_IPP policy sip fqdn lync.domain.com fqdnPort 5067 set addressContext a1 zone LYNC_ZONE ipPeer LYNC_IPP pathCheck profile LYNC_OPTIONS hostName lync.domain.com hostPort 5067 state enabled 2.2.3. Using IPv6 Note: Only difference from Section 2.2.1 is shown below. The staticRoute, ipPeer, ingressIpPrefix needs to be configured as per IPv6 addressing scheme. Lync Side Configuration [ 1 ] Create IP Interface Group set addressContext a1 ipInterfaceGroup LIF1 ipInterface PKT0_V4 altIpAddress fc00::10:f:f:f:11 altPrefix 64 [ 2 ] Create SIP Signaling Port set addressContext a1 zone LYNC_ZONE id 2 sipSigPort 2 ipAddressV6 fc00::10:f:f:f:11 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 13 of 30 2.3. Configuration Details 2.3.1. Using TCP 2.3.1.1. Global Configuration 1. Configuring Codecs Configure codec entry and specify dtmf and comfort noise parameters on the same G.711 Codec Entry set profiles media codecEntry G711_2833_20 dtmf relay rfc2833 set profiles media codecEntry G711_2833_20 packetSize 20 G.711SS Codec Entry set profiles media codecEntry G711SS_2833_20 sendSid enable dtmf relay rfc2833 set profiles media codecEntry G711SS_2833_20 packetSize 20 Parameter Description sendSid Enable sending comfort noise 2. Configuring RTCP Interval Specify interval for RTCP sender reports set system media mediaRtcpControl senderReportInterval 5 Parameter Description senderReportInterval Set interval (in seconds) to generate sender/receiver report 3. Configuring Tone And Announcement Profile Configure tones to play RBT during call transfer set profiles media toneAndAnnouncementProfile LRBT_PROF set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone signalingTonePackageState enable set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags useThisLrbtForIngress enable 14 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags dynamicLRBT enable set system mediaProfile compression 75 tone 25 4. Configuring SIP Domains Specify SIP Domains for Mediation Servers to be used with Call Transfer set global sipDomain <MED_DOMAIN> Parameter Description <MED_DOMAIN> Mediation Server domain name. Multiple entries required to be added in cases of pool of mediation servers. 2.3.1.2. Lync Side Configuration 1. Configuring Path Check Profile Specify conditions to check connectivity with Lync using Path Check Profile set profiles services pathCheckProfile <LYNC_PATHCHECK> protocol sipOptions sendInterval 20 replyTimeoutCount 1 recoveryCount 1 Parameter Description <LYNC_PATHCHECK> Patch check profile name for Lync Protocol Enable sip OPTIONS for Lync connectivity check sendInterval Set ping Interval (in seconds) towards Lync replyTimeoutCount Set consecutive timeouts before adding the Lync to the Blacklist recoveryCount Set consecutive successful responses before removing the Lync from the Blacklist 2. Configuring Packet Service Profile Configure Packet Service Profile and specify required parameters on the same Configuring PSP with G.711 Codec set profiles media packetServiceProfile <LYNC_PSP> set profiles media packetServiceProfile <LYNC_PSP> codec codecEntry1 G711_2833_20 set profiles media packetServiceProfile <LYNC_PSP> rtcpOptions rtcp enable terminationForPassthrough enable set profiles media packetServiceProfile <LYNC_PSP> preferredRtpPayloadTypeForDtmfRelay 101 set profiles media packetServiceProfile <LYNC_PSP> silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 15 of 30 Configuring PSP with G.711SS Codec for Comfort Noise set profiles media packetServiceProfile <LYNC_PSP> set profiles media packetServiceProfile <LYNC_PSP> codec codecEntry1 G711SS_2833_20 set profiles media packetServiceProfile <LYNC_PSP> rtcpOptions rtcp enable terminationForPassthrough enable set profiles media packetServiceProfile <LYNC_PSP> preferredRtpPayloadTypeForDtmfRelay 101 set profiles media packetServiceProfile <LYNC_PSP> silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable set profiles media packetServiceProfile <LYNC_PSP> packetToPacketControl transcode only set profiles media packetServiceProfile <LYNC_PSP> packetToPacketControl codecsAllowedForTranscoding thisLeg g711u otherLeg g711u Parameter Description <LYNC_PSP> Packet Service Profile name on Lync side rtcpOptions rtcp Enable RTCP use for the call preferredRtpPayloadTypeForDtmfRelay Set payload type for DTMF relay silenceInsertionDescriptor Set payload type for SID heartbeat Enable sending of SID packets during silence period packetToPacketControl Enable transcoding to allocate DSP resources for sending SID terminationForPassthrough Enable termination of RTCP session at SBC for generating Sender Report 3. Configuring IP Signaling Profile Configure IP Signaling Profile and specify require parameters on the same set profiles signaling ipSignalingProfile <LYNC_IPSP> set profiles signaling ipSignalingProfile <LYNC_IPSP> commonIpAttributes flags includeReasonHeader enable set profiles signaling ipSignalingProfile <LYNC_IPSP> commonIpAttributes flags sendPtimeInSdp enable set profiles signaling ipSignalingProfile <LYNC_IPSP> commonIpAttributes flags sendRtcpPortInSdp enable set profiles signaling ipSignalingProfile <LYNC_IPSP> commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable set profiles signaling ipSignalingProfile <LYNC_IPSP> commonIpAttributes flags publishIPInHoldSDP enable set profiles signaling ipSignalingProfile <LYNC_IPSP> commonIpAttributes flags routeUsingRecvdFqdn enable set profiles signaling ipSignalingProfile <LYNC_IPSP> egressIpAttributes numberGlobalizationProfile DEFAULT_IP set profiles signaling ipSignalingProfile <LYNC_IPSP> egressIpAttributes domainName useZoneLevelDomainNameInContact enable set profiles signaling ipSignalingProfile <LYNC_IPSP> egressIpAttributes transport type1 tcp set profiles signaling ipSignalingProfile <LYNC_IPSP> ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable Parameter Description <LYNC_IPSP> IP Signaling Profile name on Lync side includeReasonHeader Enable ‘Reason’ header in responses towards Lync 16 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. sendPtimeInSdp Enable ‘ptime’ in SDP towards Lync suppressReplaceTag Enable suppress of ‘REPLACE’ tag in ‘Require’ header towards Lync as per Lync requirement useZoneLevelDomainNameInContact Set zone level domain name in all requests/ responses towards Lync publishIPInHoldSDP Includes SBC’s IP in SDP for Hold sendSdpIn200OkIf18xReliable Enable SDP in final 200 OK response messages when provisional 18x responses are reliable towards Service Provider transport Set transport preference to TCP while sending the request out towards Lync routeUsingRecvdFqdn Enable handling of ‘Refer-To’ fqdn for routing 4. Configure Feature Control Profile Enable ‘Domain Based Routing’ for Call Transfer scenario set profiles featureControlProfile <LYNC_FCP> ipProtocolFlags useIpProtocol enable defaultCalledUser enable Parameter Description <LYNC_FCP> Feature Control Profile name on Lync side. 5. Configuring IP Interface Group Create IP Interface Group and assign IP interface to the same. Also, assign media IP/Prefix of SBC to be used on lync side to this IP interface. set addressContext <ADDRCONTXT> ipInterfaceGroup <LYNC_INFG> ipInterface <LYNC_INF> ceName <SBC_NAME> portName <SBC_PORT> set addressContext <ADDRCONTXT> ipInterfaceGroup <LYNC_INFG> ipInterface <LYNC_INF> ipAddress <SBC_MEDIP> prefix <SBC_IPPRFX> set addressContext <ADDRCONTXT> ipInterfaceGroup <LYNC_INFG> ipInterface <LYNC_INF> mode inService state enabled Parameter Description <ADDRCONTXT> Address context name for Lync & Service Provider domain <LYNC_INFG> Media interface group name on Lync side <LYNC_INF> Media interface name on Lync side <SBC_NAME> Node/System name of SBC <SBC_PORT> Gigabit Ethernet port used for signaling and media traffic towards Lync side Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 17 of 30 e.g. pkt0, pkt1 <SBC_MEDIP> Media IP address of SBC towards Lync side <SBC_IPPRFX> IP subnet prefix of media interface 6. Configuring Zone Create zone with Unique Zone name and Zone ID. set addressContext <ADDRCONTXT> zone <LYNC_ZONE> id <ZONE_ID> set addressContext <ADDRCONTXT> zone <LYNC_ZONE> domainName <SBC_DOMAIN> Parameter Description <LYNC_ZONE> Lync zone name. <ZONE_ID> Lync zone ID number <SBC_DOMAIN> SBC domain name domainName Set SBC domain to respond to OPTIONS ping from Lync side 7. Configuring SIP Signaling Port Create Sip Signaling Port with signaling IP/prefix of SBC and assign it to IP interface group. set addressContext <ADDRCONTXT> zone <LYNC_ZONE> id <ZONE_ID> sipSigPort <SIGPORT_ID> ipInterfaceGroupName <LYNC_INFG> ipAddressV4 <SBC_SIGIP> portNumber <SBC_SIGPORT> transportProtocolsAllowed sip-tcp state enabled mode inService Parameter Description <SIGPORT_ID> SIP signaling port index number on Lync side <SBC_SIGIP> SIP signaling IP Address of SBC towards Lync side <SBC_SIGPORT> SIP signaling Port of SBC towards Lync side e.g. 5060 transportProtocolsAllowed Set transport protocols allowed in this signaling port to TCP 8. Configuring DNS Create DNS group and configure with external DNS server set addressContext <ADDRCONTXT> dnsGroup <EXT_DNS> set addressContext <ADDRCONTXT> dnsGroup <EXT_DNS> type mgmt server <DNSNAME> ipAddress <DNSIP> state enabled set addressContext <ADDRCONTXT> zone <LYNC_ZONE> dnsGroup <EXT_DNS> 18 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. Parameter Description <EXT_DNS> DNS group name <DNSNAME> DNS server name <DNSIP> DNS IP address type Set IP interface to management for this DNS query Else, configure local DNS records set addressContext <ADDRCONTXT> dnsGroup <LOCAL_DNS> set addressContext <ADDRCONTXT> dnsGroup <LOCAL_DNS> localRecord <LYNCLR> hostName <LYNC_DOMAIN> data <LRINDEX> ipAddress <MED_IP> state enabled # Specify order for pool of Mediation Servers NOTE: Customer needs to configure centralized-roundrobin if they want strict roundrobin on per request basis. We typically won't recommend this since it is not an optimized for high call rates. If customer wants round robin distribution over the large volume of traffic then they should configure as follows: set addressContext <ADDRCONTXT> dnsGroup <LOCAL_DNS> localRecord < LYNCLR> hostName <LYNC_DOMAIN> order roundrobin state enabled set addressContext <ADDRCONTXT> dnsGroup <LOCAL_DNS> localRecord <LYNCLR> state enabled set addressContext <ADDRCONTXT> dnsGroup <LOCAL_DNS> localRecord <MEDLR> state enabled hostName <MED_DOMAIN> data <LRINDEX> ipAddress <MED_IP> state enabled Parameter Description <LOCAL_DNS> DNS group name <LYNCLR> Local Record name for Lync domain <LRINDEX> Local Record index. E.g. 1,2,..n. Mediation Server IP. Multiple entries required to be added in cases of pool of mediation servers by incrementing <LRINDEX> Local Record name for Mediation Server domain. Multiple entries required to be added in cases of pool of mediation servers <MED_IP> <MEDLR> 9. Configuring SIP Trunk Create sip trunk group and attach appropriate profiles to the same set addressContext <ADDRCONTXT> zone <LYNC_ZONE> sipTrunkGroup <LYNC_TG> media mediaIpInterfaceGroupName <LYNC_INFG> set addressContext <ADDRCONTXT> zone <LYNC_ZONE> sipTrunkGroup <LYNC_TG> policy media packetServiceProfile <LYNC_PSP> Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 19 of 30 set addressContext <ADDRCONTXT> zone <LYNC_ZONE> sipTrunkGroup <LYNC_TG> policy signaling ipSignalingProfile <LYNC_IPSP> set addressContext <ADDRCONTXT> zone <LYNC_ZONE> sipTrunkGroup <LYNC_TG> downstreamForkingSupport enabled set addressContext <ADDRCONTXT> zone <LYNC_ZONE> sipTrunkGroup <LYNC_TG> signaling acceptHistoryInfo enabled set addressContext <ADDRCONTXT> zone <LYNC_ZONE> sipTrunkGroup <LYNC_TG> signaling rel100Support enabled set addressContext <ADDRCONTXT> zone <LYNC_ZONE> sipTrunkGroup <LYNC_TG> services dnsSupportType a-only set addressContext <ADDRCONTXT> zone <LYNC_ZONE> sipTrunkGroup <LYNC_TG> ingressIpPrefix <LYNC_SUBNET> <LYNC_SUBNETPRFX> set addressContext <ADDRCONTXT> zone <LYNC_ZONE> sipTrunkGroup <LYNC_TG> policy featureControlProfile <LYNC_FCP> set addressContext <ADDRCONTXT> zone <LYNC_ZONE> sipTrunkGroup <LYNC_TG> mode inService state enabled Parameter Description <LYNC_TG> SIP Trunkgroup on Lync side. It is recommended to configure Trunk Group name in Capital letters. <LYNC_SUBNET> Lync subnet IP address <LYNC_SUBNETPRFX> Lync subnet IP prefix downstreamForkingSupport Enable downstream forking support to handle forking scenario rel100Support Enable reliability of provisional messages dnsSupportType Set DNS lookup type to ‘A’ record only acceptHistoryInfo Enables decoding and handling of the History-Info header and converts into Diversion Header 10. Configuring IP Peer Create an IP peer and specify the Lync domain and port set addressContext <ADDRCONTXT> zone <LYNC_ZONE> ipPeer <LYNC_IPP> set addressContext <ADDRCONTXT> zone <LYNC_ZONE> ipPeer <LYNC_IPP> policy sip fqdn <LYNC_DOMAIN> fqdnPort <LYNC_SIGPORT> set addressContext <ADDRCONTXT> zone <LYNC_ZONE> ipPeer <LYNC_IPP> pathCheck profile <LYNC_PATHCHECK> hostName <LYNC_DOMAIN> hostPort <LYNC_SIGPORT> state enabled Parameter Description <LYNC_IPP> IP Peer name on Lync side <LYNC_DOMAIN> Lync domain name <LYNC_SIGPORT> SIP signaling Port (TCP) of Lync e.g. 5068 11. Configuring Static Route 20 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. Create Static Route for the Lync network. A static route indicates the nextHop gateway and IP interface that is used for a particular peer network. set addressContext <ADDRCONTXT> staticRoute <LYNC_SUBNET> <LYNC_SUBNETPRFX> <LYNC_GW> <LYNC_INFG> <LYNC_INF> preference 100 Parameter Description <LYNC_GW> Gateway IP for Lync side network 2.3.1.3. Service Provider Side Configuration Note1: There is no specific parameters to be set on Service Provider side hence standard trunkgroup creation procedure needs to be followed. Note2: Apply the below configuration on the Trunk group on which the RBT has to be heard, when the call transfer in-progress as shown below if required. set addressContext a1 zone SP_ZONE sipTrunkGroup SP_TG policy media toneAndAnnouncementProfile LRBT_PROF 2.3.1.4. Global Call Routing Configuration 1. Configuring Routing Labels Create Routing Label to bind trunk group with its IP peer set global callRouting routingLabel <LYNC_RL> routingLabelRoute 1 trunkGroup <LYNC_TG> ipPeer <LYNC_IPP> inService inService set global callRouting routingLabel <SP_RL> routingLabelRoute 1 trunkGroup <SP_TG> ipPeer <SP_IPP> inService inService Parameter Description <LYNC_RL> Routing Label name on Lync side <SP_RL> Routing Label name on Service Provider side <SP_TG> Trunkgroup name on Service Provider side <SP_IPP> IP Peer Name on Service Provider side 2. Configuring Routes Create Route to point to routing label set global callRouting route none Sonus_NULL Sonus_NULL standard <LYNC_NUM> 1 all all ALL none Sonus_NULL routingLabel <LYNC_RL> Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 21 of 30 set global callRouting route none Sonus_NULL Sonus_NULL standard <SP_NUM> 1 all all ALL none Sonus_NULL routingLabel <SP_RL> set global callRouting route none Sonus_NULL Sonus_NULL username Sonus_NULL Sonus_NULL all all ALL none <MED_DOMAIN> routingLabel <LYNC_RL> Parameter Description <MED_DOMAIN> Mediation Server domain name. Multiple entries required to be added in cases of pool of mediation servers. <LYNC_NUM> Lync side numbering pattern to match <SP_NUM> Service Provider side numbering pattern to match 22 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 2.3.2. Using TLS/SRTP Note: Only difference from Section 2.3.1 is shown below. 2.3.2.1. Global Configuration [ 1 ] Create a configuration object to hold a locally generated RSA key pair set system security pki certificate <SBC_CERT> type local-internal [ 2 ] Generate Key pair and CSR (certificate signing request) for submission to a Certificate Authority (CA) request system security pki certificate <SBC_CERT> generateCSR csrSub /C=US/ST=MA/L=Westford/O=Sonus/CN=sbc.domain.com keySize keySize1K [ 3 ] Generate required certificates Note: Follow certification generation procedure given in Appendix and then copy the Lync Server Root Certificate (rootcert.cer) and Microsoft signed SBC Certificate (servercert.pem) into /opt/sonus/external/ folder of SBC [ 4 ] Create Crypto Suite Profile set profiles security cryptoSuiteProfile <CRYPT_PROF> entry 1 cryptoSuite AES-CM-128-HMAC-SHA1-80 [ 5 ] Import Lync Root Certificate into database set system security pki certificate <LYNC_CERT> type remote fileName <rootcert.cer> state enabled [ 6 ] Import Microsoft Certified SBC Server Certificate into database set system security pki certificate <SBC_CERT> fileName <servercert.pem> state enabled [ 7 ] Create TLS Profile set profiles security tlsProfile <TLS_PROF> clientCertName <SBC_CERT> serverCertName <SBC_CERT> cipherSuite1 rsawith-3des-ede-cbc-sha cipherSuite2 rsa-with-aes-128-cbc-sha authClient true allowedRoles clientandserver acceptableCertValidationErrors invalidPurpose Parameter Description <CRYPT_PROF> Crypto Suite Profile name on Lync side <LYNC_CERT> Lync CA Certificate name <SBC_CERT> Microsoft Signed SBC Certificate name <TLS_PROF> TLS Profile name <rootcert.cer> Lync CA Certificate <servercert.pem> Microsoft Signed SBC Certificate Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 23 of 30 2.3.2.2. Lync Side Configuration [ 1 ] Configure Packet Service Profile with Crypto Suite set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp cryptoSuiteProfile <CRYPT_PROF> set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags enableSrtp enable set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags allowFallback disable NOTE: If media Bypass is disabled on LYNC set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags resetEncDecROCOnDecKeyChange disable set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags resetROCOnSRTPRekey enable NOTE: If media Bypass is enabled on LYNC set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags resetROCOnSRTPRekey disable set profiles media packetServiceProfile <LYNC_PSP> secureRtpRtcp flags resetEncDecROCOnDecKeyChange enable [ 2 ] Configure IP Signaling Profile set profiles signaling ipSignalingProfile <LYNC_IPSP> egressIpAttributes transport type1 tlsOverTcp [ 3 ] Configure SIP Signailng Port set addressContext <ADDRCONTXT> zone <LYNC_ZONE> sipSigPort <SIGPORT_ID> tlsProfileName <TLS_PROF> transportProtocolsAllowed sip-tls-tcp [ 4 ] Configure IP Peer set addressContext <ADDRCONTXT> zone <LYNC_ZONE> ipPeer <LYNC_IPP> policy sip fqdn <LYNC_DOMAIN> fqdnPort <LYNC_SIGPORT> set addressContext <ADDRCONTXT> zone <LYNC_ZONE> ipPeer <LYNC_IPP> pathCheck profile <LYNC_PATHCHECK> hostName <LYNC_DOMAIN> hostPort <LYNC_SIGPORT> state enabled Parameter <LYNC_SIGPORT> Description SIP signaling Port (TLS) of Lync e.g. 5067 transportProtocolsAllowed Set transport protocols allowed in this signaling port to TLS enableSrtp Enable Secure RTP/RTCP allowFallback Disable fallback to standard RTP/RTCP when crypto attribute negotiation fails transport Set transport preference to TLS while sending the request out towards Lync 24 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 2.3.3. Using IPv6 Note: Only difference from Section 2.3.1 is shown below. The staticRoute, ipPeer, ingressIpPrefix needs to be configured as per IPv6 addressing scheme. 2.3.3.1. Lync Side Configuration [ 1 ] Create IP Interface Group set addressContext <ADDRCONTXT> ipInterfaceGroup <LYNC_INFG> ipInterface <LYNC_INF> altIpAddress <SBC_MEDIPv6> altPrefix <SBC_IPv6PRFX> [ 2 ] Create SIP Signaling Port set addressContext <ADDRCONTXT> zone <LYNC_ZONE> id <ZONE_ID> sipSigPort <SIGPORT_ID> ipAddressV6 <SBC_SIGIPv6> Parameter Description <SBC_MEDIPv6> Media IPv6 address of SBC towards Lync side <SBC_IPv6PRFX> IPv6 subnet prefix of media interface <SBC_SIGIPv6> SIP signaling IPv6 Address of SBC towards Lync side Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 25 of 30 3. Appendix A: TLS Certificates This section provides information on certificate generation using Microsoft Active Directory Certificate Services. 1. Sign SBC CSR with Microsoft CA Step-1: Click  Request a certificate Step-2: Click  advanced certificate request 26 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. Step-3: Click  Submit a certificate request by using a base-64-encoded….. Step-4: Click  Copy SBC CSR into request box and set ‘Certification Template’ to ‘Web Server’ Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 27 of 30 Step-5: Click  Download certificate Step-6: Save certificate into SBC Step-7: Convert CER to PEM using openssl on SBC # openssl x509 -inform der -in certnew.cer -out servercert.pem Note: This certificate is identified as a ‘servercert.pem’ in rest of the document. 28 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 2. Download Microsoft CA Certificate Step-1: Click  Download a CA certificate, certificate chain or CRL Step-2: Click  Download CA certificate Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved. 29 of 30 Step-3: Save CA certificate into SBC Note: This certificate is identified as a ‘rootcert.cer’ in rest of the document. 30 of 30 Sonus Networks, Inc. Interoperability Test Lab Copyright © 2013, Sonus Networks, Inc. All rights reserved.

Configuring Sonus SBC 5000 Series with Microsoft Lync 2013

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib