Enable Direct
Routing with Microsoft Teams from an on-premises SIP Trunk, via a SBC.
Configure a SIP Trunk directly from supported
on-premises Session Border Controller (SBC) to Microsoft Teams via the
internet.
What Do I Need?
The
following diagram gives a good overview of all the requirements needed to
enable Direct Routing:
For more
details on planning and configuring direct routing, check out the following
Microsoft Docs:
Network Requirements
In order
to support direct routing, a single public IP address is required that must be
presented to the SBC. In my example configuration below, I created a new
dedicated one-to-one NAT on the perimeter firewall: 121.50.209.233 <>
192.168.1.187. The private address was then bound as an additional IP address
to Ethernet 1:
FQDNs and Firewall Port Requirements
The
connection point for Direct Routing are the following three FQDNs:
·
sip.pstnhub.microsoft.com –
Global FQDN – must be tried first. When the SBC sends a request to resolve this
name, the Microsoft Azure DNS servers return an IP address pointing to the
primary Azure datacenter assigned to the SBC. The assignment is based on
performance metrics of the datacenters and geographical proximity to the SBC.
The IP address returned corresponds to the primary FQDN
·
sip2.pstnhub.microsoft.com –
Secondary FQDN – geographically maps to the second priority region
·
sip3.pstnhub.microsoft.com –
Tertiary FQDN – geographically maps to the third priority region
Placing
these three FQDNs in order is required to:
·
Provide optimal experience (less loaded and closest to the SBC
datacentre assigned by querying the first FQDN)
·
Provide failover when connection from an SBC is established to a
datacentre that is experiencing a temporary issue
The FQDNs sip.pstnhub.microsoft.com, sip2.pstnhub.microsoft.com and sip3.pstnhub.microsoft.com will
be resolved to one of the following IP addresses:
·
52.114.148.0
·
52.114.132.46
·
52.114.75.24
·
52.114.76.76
·
52.114.7.24
·
52.114.14.70
Note: If your firewall supports DNS name
resolution, the FQDN sip-all.pstnhub.microsoft.com resolves
to all IP addresses listed above.
The
following firewall ports are required to be open for all the above IP
addresses:
Traffic
|
From
|
To
|
Source Port
|
Destination Port
|
Description
|
SIP/TLS
|
Teams SIP Proxy
(IP addresses above)
|
Ribbon SBC
|
1024-65535 TCP
|
Defined on SBC
|
SIP signalling from Teams to SBC. In
example below, destination port selected for SIP signalling is 5061.
|
SIP/TLS
|
SBC
|
Teams SIP Proxy
(IP addresses above)
|
1024-65535 TCP
|
5061 TCP
|
SIP signalling from SBC to Teams.
|
UDP/SRTP
|
Teams Media Processor (ANY)
|
Ribbon SBC
|
49152-53247 UDP
|
Defined on SBC
|
Media from Teams to SBC. The
destination port is configurable on the SBC.
|
UDP/SRTP
|
SBC
|
Teams Media Processor (ANY)
|
Defined on SBC
|
49152-53247 UDP
|
Media from Ribbon SBC to Teams. The source
port is configurable on the SBC.
|
DNS Requirements
Before
moving onto the configuration steps below, make sure you have created a public
DNS A record for your Direct Routing trunk FQDNs. In this example, I created an
A record for teamstrunk.insynctechnology.com.au pointing
at 121.50.209.233.
Step 1: Office 365 Tenant Direct Routing Configuration
·
Connect to Office 365 Remote PowerShell
·
$acctName="admin@domain.onmicrosoft.com"
·
$sfboSession =
New-CsOnlineSession -UserName $acctName
·
Import-PSSession
$sfboSession
New-CsOnlinePSTNGateway -Fqdn teamstrunk.insynctechnology.com.au -SipSignallingPort 5061 -MaxConcurrentSessions 10 -ForwardCallHistory $true -Enabled $true
· create an empty PSTN
Usage
Set-CsOnlinePstnUsage -Identity Global -Usage @{Add="Australia"}
