Configure the Session Border Controller

Configure a Audiocodes VE Mediant SBC to be used with Direct Routing.


Important :
The following process assumes that any value not defined will be the default value.



Download the Session Border Controller


This Direct Routing guide has been built/test with the following SBC, and should work with Minimal Modification

Vendor Download Link
AudioCodes v7.2 - Mediant VE Hyper-V VM Image



Set the Management IP Address from Command Line


Refer to AudioCodes document on installing SBC on Hyper-V/VM Ware/Azure/Amazon

Defaults Value
Username Admin
Password Admin
IP address 192.168.0.1

To Change the IP Address from the VM Console Conenction (Internal Interface) with minimal changes to enable configuration from Web GUI

enable
configure network
interface network-if 0
ip-address 192.168.10.66
prefix-length 24
gateway 192.168.10.254
activate
exit
exit
write



Set the default Password


enable
configure system
user Admin
password MyNewPasswordisSuperSecure
exit
exit
write
exit



Configure the Physical Ports


The physical ports are automatically detected by the SBC.

  • goto Setup > IP Network > Core Entities > Physical Ports
  • Configure Management Port
  • Configure Direct Routing Port
  • Configure ITSP Port

    Ensure that you have at least two physical ports detected by the SBC. In this example the management interface has been put on its own network adapter, this is optional.

Configure Physical Port 0 - Management
Parameter Value
Index 0
Name GE_1
Description Management
Configure Physical Port 1 - ITSP
Parameter Value
Index 1
Name GE_2
Description ITSP
Configure Physical Port 2 - Direct Routing
Parameter Value
Index 2
Name GE_3
Description DirectRouting



Configure the Ethernet Groups.


The ethernet groups are automatically detected and automatically assigned to a Physical Port.

  • goto Setup > IP Network > Core Entities > Ethernet Groups
  • configure Management Ethernet Group
  • configure Direct Routing Ethernet Group
  • configure Teams Ethernet Group

    Ensure that the Ethernet Groups are detected by the SBC similar to below

Ethernet Group 0 - Management
Parameter Value
Index 0
Mode Single
Member # [GE_1]
Ethernet Group - ITSP
Parameter Value
Index 1
Mode Single
Member # [GE_2]
Ethernet Group - DirectRouting
Parameter Value
Index 2
Mode Single
Member # [GE_3]



Configure Ethernet Devices


  • goto Setup > IP Network > Core Entities > Ethernet Devices
  • configure Management Ethernet Device
  • configure Direct Routing Ethernet Device
  • configure Teams Ethernet Ethernet Device

    Note : even if you don’t tag traffic you are required to add a vlan ID

Configure Ethernet Device 0 - Management
Parameter Value
Index 0
Name Management
VLAN ID 1
Underlying Interface #0 [Group_1]
Tagging Untagged
Add Ethernet Device 1 - ITSP
Parameter Value
Index 1
Name ITSP
VLAN ID 2
Underlying Interface #1 [Group_1]
Tagging Untagged
Add Ethernet Device 2 - DirectRouting
Parameter Value
Index 2
Name DirectRouting
VLAN ID 3
Underlying Interface #2 [Group_2]
Tagging Untagged



Configure the IP Interface


  • goto Setup > IP Network > Core Entities > IP Interfaces
  • Configure Management Interface (O+M+C Interface)
  • Configure Teams Interface (M+C Interface)
  • Configure ITSP Interface (M+C Interface)
Configure Network Interface 0 - Management
Parameter Value
Index 0
Name Management
Application Type OAMP
Ethernet Device #0 [Management]
Interface Mode IPv4 Manual
IP address 192.168.10.66
Prefix length 24
Default Gateway 192.168.10.254
Primary DNS 1.1.1.1
Add Network Interface 2- ITSP
Parameter Value
Index 1
Name ITSP
Application Type Media + Control
Ethernet Device #1 [ITSP]
Interface Mode IPv4 Manual
IP address 192.168.10.66
Prefix length 24
Default Gateway 192.168.10.254
Primary DNS 1.1.1.1
Add Network Interface 1 - DirectRouting
Parameter Value
Index 2
Name DirectRouting
Application Type Media + Control
Ethernet Device #2 [DirectRouting]
Interface Mode IPv4 Manual
IP address 192.168.10.66
Prefix length 24
Default Gateway 192.168.10.254
Primary DNS 1.1.1.1



Configure the Certificates


  • goto Setup > IP Network > Security > TLS Contexts
  • create a new TLS Context specifically for DirectRouting, this allows you to assign a differant cert specifically for teams
  • Request/issue a Public Certificate
  • Add Baltimore Root Certificate
  • Add Public CA Root & Intermediate Certificates
Add Security TLS Contexts 1 - DirectRouting
Parameter Value Comments
Index 1  
Name DirectRouting  
TLS Version TLSv1.0 TLSv1.1 and TLSv1.2 Dependant on Public CA
DH Key Size 2048 (Minimum Recommended)
Generate a CSR

  • goto Setup > IP Network > Security > TLS Contexts change Certificate
Parameter Value
Subject Name[CN] sbc.shoey.example
Signatature Algorithm SHA1
Private Key Size 2048 Minimum recommended
Install the Certificate
  • goto Setup > IP Network > Security > TLS Contexts > Direct Connect > Change Certificate
  • goto Upload Certificate Files from your Computers
  • Load Private Key (if Applicable)
  • Load Device Certificate (PEM Format)
Install Root and Intermediate Certifiates
  • goto Setup > IP Network > Security > TLS Contexts > _ Select DirectRouting_ > Trusted Root Certificates
  • Select and Import the certificates
Import Baltimore Trusted Root Certificates
Certificate link comments
Baltimore Certificates Baltimore Certificates  
Root CA letsencrypt.org IMPORTANT This will be based on certificate purchased for your SBC, in lab environments I use free 90 day certs from letsencrypt.org and if I need longer than that I generally use digicert.com
Intermediant CA letsencrypt.org IMPORTANT This will be based on certificate purchased for your SBC, in lab environments I use free 90 day certs from letsencrypt.org and if I need longer than that I generally use digicert.com



Configure NTP Settings


  • goto Setup > Administration > Time & Date
  • Enable NTP
  • Configure Primary NTP Server
Parameter Value
Enable NTP Enable
Primary NTP 192.168.10.254
Debug Level Detailed





Configure Syslog Settings


  • goto TroubleShoot > Logging > Syslog Settings
  • Enable Syslog
  • Configure SyslogServer IP

Syslog software can be downloaded from AudioCodes

Configure the Syslog Settings
Parameter Value
Enable Syslog Enable
Syslog Server 192.168.10.245
Debug Level Detailed



Configure Default DNS Settings (Optional)


  • goto Setup > IP Network > DNS > _DNS Settings
  • Configure Primary DNS Server
  • Configure Secondate DNS Server
Configure the NTP Settings
Parameter Value
Primary DNS 1.1.1.1
Secondary DNS 1.0.0.1



Configure Internal SRV Table


  • goto Setup > IP Network > DNS > Internal SRV
Parameter Value
Domain Name directrouting.local
Transport Type TLS
1st Entry  
DNS Name sip.pstnhub.microsoft.com
Priority 1
Weight 1
Port 5061
2nd Entry  
DNS Name sip2.pstnhub.microsoft.com
Priority 2
Weight 1
Port 5061
3rd Entry  
DNS Name sip3.pstnhub.microsoft.com
Priority 3
Weight 1
Port 5061



Configure the Media Realm


  • goto Setup > Signaling and Media > Core Entities > Media Realms
Add Media Realm - ITSP
Parameter Value
Index 1
Name ITSP
Topology Location Up
IPv4 Interface Name #1 [ITSP]
Port Range Start 6000
Number of media session legs 10
Default Media Realm No
Configure Media Realm - Direct Routing
Parameter Value
Index 1
Name DirectRouting
Topology Location Down
IPv4 Interface Name #2 [DirectRouting]
Port Range Start 7000
Number of media session legs 10
Default Media Realm No



Configure the SIP Interfaces


  • goto Setup > Signaling and Media > Core Entities > SIP Interfaces
Configure SIP Interface 0 - Management

OPTIONAL: set the ports to 0

Add SIP Interface - ITSP
Parameter Value Comments
Name ITSP  
Network Interface #1 [ITSP]  
Topology Location UP  
UDP port 5060  
TCP Port 0  
TLS Port 0  
Enable TCP Keepalive Enable  
Media Realm #0 [ITSP]  
TLS Context Name # [Default]  
Add SIP Interface - Direct Routing
Parameter Value Comments
Name DirectRouting  
Network Interface #2 [DirectRouting]  
Topology Location Down  
UDP port 0  
TCP Port 0  
TLS Port 5067  
Enable TCP Keepalive Enable  
Media Realm #2 [DirectRouting]  
TLS Context Name #1 [DirectRouting]  
TLS Mutual Authentication Enable Recommended to prevent DoS attacks
Classification Failure Response Type 0  



Create the Proxy Sets & Proxy Address


  • goto Setup > Signaling and Media > Core Entities > Proxy Sets
  • Configure proxy set itsp
  • Configure proxy address itsp
  • Configure proxy set direct routing
  • Configure proxy address direct routing
Add Proxy Set 1 - ITSP
  • goto Setup > Signaling and Media > Core Entities > Proxy Sets
Parameter Value Value
Index 0
Name ITSP
SBC IPv4 SIP Interface #1 [ITSP]
Proxy Keep Alive Using OPTIONS
Add Proxy Address 1 - ITSP
  • goto Setup > Signaling and Media > Core Entities > Proxy Sets > Add Proxy Address
Parameter Value
Proxy Address 203.0.113.233:5060
Transport Type UDP
Configure Proxy Sets 2 - Direct Routing
  • goto Setup > Signaling and Media > Core Entities > Proxy Sets
Parameter Value Value
Index 1
Name DirectRouting
SBC IPv4 SIP Interface #2 [DirectRouting]
TLS Context Name #1 [DirectRouting]
Proxy Keep Alive Using OPTIONS
Proxy Hot Swap Enable
Proxy Load Balancing Method Random Weights
DNS Resolve Method SRV
Configure Proxy Address - Direct Routing
  • goto Setup > Signaling and Media > Core Entities > Proxy Sets > Add Proxy Address
Parameter Value
Proxy Address directrouting.local
Transport Type TLS



Configure a Coder Group


  • goto Setup > Signaling and Media > Coders and Profiles > Coder Groups
  • Create a new Coder Group 1

Recommend you create a new coder specifically for Direct Routing !

Coder Name Packetization Time Rate Payload Type Silense Suppression Coder Specific
SILK-NB 20 8 103 N/A  
SILK-WB 20 16 104 N/A  
G.711A-law 20 64 8 Disabled  
G.711U-law 20 64 0 Disabled  
G.729 20 8 18 Disabled  



Configure the IP Profile


  • goto Setup > Signaling and Media > Coders and Profiles > IP Profiles
  • create the ITSP IP Profile
  • create the Direct Routing IP Profile
Create IP Profile - ITSP
Parameter Value comments
Index 1  
Name ITSP  
SBC Media Security Mode RTP Only required is your Sip Trunk only supports RTP
Remote Multiple 18x Not Supported ONLY Required if you get Ringback then silence
Name ITSP  
Create IP Profile - Teams
Parameter Value comments
Index 2  
Name DirectRouting  
SBC Media Security Mode SRTP  
SBC Media Security Method SDES DTLS will be supported in future
Extension Coders Group #1 [Audio_Coders_Groups_1]  
ICE Mode Disabled/Lite Only Enable Lite if you enable Media Bypass, otherwise keep disabled
Remote Re-Invite Supported only with SDP  
Remote Delayed Offer Support Not supported  
Remote REFER Mode Handle locally  



Configure an IP Group


  • goto Setup > Signaling and Media > Core Entities >_ IP Group_
  • create the ITSP IP Profile
  • create the Direct Routing IP Profile
Add IP Group 1 - ITSP
Parameter Value
Index 1
Name ITSP
Topology Location Up
Proxy Set #1 [ITSP]
IP Profile #1 [ITSP]
Media Realm #1 [ITSP]
SBC Operation Mode B2BUA
Add IP Group 2 - DirectRouting
Parameter Value
Index 2
Name DirectRouting
Topology Location Up
Proxy Set #2 [DirectRouting]
IP Profile #2 [DirectRouting]
Media Realm #2 [DirectRouting]
Classify By Proxy Set Disable
SBC Operation Mode B2BUA
Local Host Name sbc.shoey.example
Always Use Src Address Yes
DTLS Context #1 [DirectRouting]



Configure SRTP


  • goto Setup > Signaling and Media > Media > Media Security
Parameter Value
Media Security Enable
Media Security Behavior Perferable - Single Media



Configure Message Manipulations


  • goto Setup > Signaling and Media > Message Manipulation > Message Manipulations
  • Activate the SIP Options via https://ipaddress of sbc/AdminPage
Create the Message Manipulation
Parameter Value  
Index 0  
Name DirectRouting  
Manipulation Set ID 2  
Message Type Options  
Condition param.message.address.dst.sipinterface==’2’ The ID assigned to the Direct Routing InterfaceSIP Interface
Action Subject header.contact.url.host  
Action Type Modify  
Action Value ‘sbc.shoey.example’  

Important: when adding the Action Value take note of the single quotes is ‘sbc.fqdn’

Activate the SIP Option
Parameter Value Comments
GWOutboundManipulationSet 2 Manipulation Set ID from previous step



Configure Message Condition Rule


  • goto Setup > Signaling and Media > Message Manipulation > Message Condition
Parameter Value
Index 0
Name DirectRouting-Contact
Condition header.contact.url.host contains ‘pstnhub.microsoft.com’



Configure Classification Rules


  • goto Setup > Signalling and Media > SBC > Classification Table
Parameter Value
Index 0
Name DirectRouting
Source SIP Interface #2 [DirectRouting]
Message Condition #0 [DirectRouting-Contact]
Destination Host sbc.shoey.example
Action Type Allow
Source IP Group #2 [Direct Routing]



Configure IP to IP Routing


  • goto Setup > Signalling and Media > SBC > Routing > IP-to-IP Routing
  • create options terminate
  • create refer terminate
  • create ITSP to Direct Routing
  • create Direct Routing to ITSP
Option Terminate
Parameter Value
Index 0
Name Options
Request Type Options
Destination Type Dest Address
Destination Address Internal
Refer Terminate
Parameter Value
Index 1
Name Refer
Call Trigger Refer
Destination Type Request URI
Destination IP Group #2 [Direct Routing]
Sip Trunk to Direct Routing
Parameter Value
Index 2
Name ITSP
Source IP Group #1 [ITSP]
Destination Type IP Group
Destination IP Group #2 [DirectRouting]
Direct Routing to Sip Trunk
Parameter Value
Name DirectRouting
Source IP Group #2 [DirectRouting]
Destination Type IP Group
Destination IP Group #1 [ITSP]



Restart SBC


  • goto Reset