Connect your Session Border Controller (SBC) to Direct Routing - Microsoft Teams (2023)

  • Article
  • 7 minutes to read
  • Applies to:
    Microsoft Teams

This article describes how to configure a Session Border Controller (SBC) and connect it to Direct Routing. This is step 1 of the following steps to configure Direct Routing:

  • Step 1. Connect your SBC with Phone System and validate the connection (This article)
  • Step 2. Enable users for Direct Routing
  • Step 3. Configure call routing
  • Step 4. Translate numbers to an alternate format

For information on all the steps required to set up Direct Routing, see Configure Direct Routing.

You can use the Microsoft Teams admin center or PowerShell to configure and connect an SBC to Direct Routing.

Using the Microsoft Teams admin center

  1. In the left navigation, go to Voice > Direct Routing, and then click the SBCs tab.

  2. Click Add.

  3. Enter an FQDN for the SBC.

    Make sure the domain name portion of the FQDN matches a domain that's registered in your tenant and keep in mind that the *.onmicrosoft.com domain name isn't supported for the SBC FQDN domain name. For example, if you have two domain names, contoso.com and contoso.onmicrosoft.com, use sbc.contoso.com as the SBC name. If using a subdomain, make sure this subdomain is also registered in your tenant. For example, if you want to use sbc.service.contoso.com, then service.contoso.com needs to be registered.

  4. Configure the following settings for the SBC, based on your organization's needs. For details on each of these settings, see SBC settings.

    Connect your Session Border Controller (SBC) to Direct Routing - Microsoft Teams (1)

  5. When you're done, click Save.

Using PowerShell

To connect your SBC to Direct Routing, you'll need to:

  1. Connect to Skype for Business Online by using PowerShell.

  2. Connect the SBC to the tenant.

  3. Verify the SBC connection.

Connect to Skype for Business Online by using PowerShell

To pair the SBC to the Direct Routing interface, use a PowerShell session connected to the tenant. To open a PowerShell session, follow the steps outlined in Set up your computer for Windows PowerShell.

After you establish a remote PowerShell session, verify that you can see the commands to manage the SBC. To verify the commands, type or copy and paste the following command in the PowerShell session, and then press Enter:

Get-Command *onlinePSTNGateway*

The command returns the four functions shown here that will let you manage the SBC.

CommandType Name Version Source ----------- ---- ------- ------ Function Get-CsOnlinePSTNGateway 1.0 tmp_v5fiu1no.wxt Function New-CsOnlinePSTNGateway 1.0 tmp_v5fiu1no.wxt Function Remove-CsOnlinePSTNGateway 1.0 tmp_v5fiu1no.wxt Function Set-CsOnlinePSTNGateway 1.0 tmp_v5fiu1no.wxt

Connect the SBC to the tenant

To connect the SBC to the tenant, use the New-CsOnlinePSTNGateway cmdlet. In a PowerShell session, type the following, and then press Enter:

New-CsOnlinePSTNGateway -Fqdn <SBC FQDN> -SipSignalingPort <SBC SIP Port> -MaxConcurrentSessions <Max Concurrent Sessions the SBC can handle> -Enabled $true

Note

  1. We recommend that you set a maximum call limit in the SBC using information that can be found in the SBC documentation. The limit will trigger a notification if the SBC is at the capacity level.
  2. You can only connect the SBC if the domain portion of its FQDN matches one of the domains registered in your tenant, except *.onmicrosoft.com. Using *.onmicrosoft.com domain names is not supported for the SBC FQDN name. For example, if you have two domain names, contoso.com and contoso.onmicrosoft.com, you can use sbc.contoso.com for the SBC name. If you try to connect the SBC with a name such as sbc.contoso.abc, the system won't let you, as the domain is not owned by this tenant.
    In addition to the domain registered in your tenant, it's important that there's a user with that domain and an assigned E3 or E5 license. If not, you'll receive the following error:
    Can not use the "sbc.contoso.com" domain as it was not configured for this tenant.
  3. ⁠Multiple IPs mapped with the same FQDN on the SBC side are not supported.
  4. To provide the best-in-class encryption to our customers, Microsoft will force TLS1.2 usage for the Direct Routing SIP interface.To avoid any service impact, ensure that your SBCs are configured to support TLS1.2 and can connect using one of the following cipher suites:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 i.e. ECDHE-RSA-AES256-GCM-SHA384TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 i.e. ECDHE-RSA-AES128-GCM-SHA256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 i.e. ECDHE-RSA-AES256-SHA384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 i.e. ECDHE-RSA-AES128-SHA256
  5. SIP OPTIONS pings MUST NOT exceed a frequency of one transaction every 60 seconds and MUST NOT be more or less frequent than one transaction every 180 seconds for each configured trunk for each endpoint.

Here's an example:

New-CsOnlinePSTNGateway -Identity sbc.contoso.com -Enabled $true -SipSignalingPort 5067 -MaxConcurrentSessions 100

Which returns:

Identity : sbc.contoso.com Fqdn : sbc.contoso.com SipSignalingPort : 5067 FailoverTimeSeconds : 10 ForwardCallHistory : False ForwardPai : False SendSipOptions : True MaxConcurrentSessions : 100 Enabled : True

Note

This example shows only the minimum required parameters. There are additional parameters that you can set with the New-CsOnlinePSTNGateway cmdlet during the connection process. To learn more, see SBC settings.

Verify the SBC connection

To verify the connection:

  • Check whether the SBC is on the list of paired SBCs.
  • Validate SIP options.

Check whether the SBC is on the list of paired SBCs

After you connect the SBC, use the Get-CsOnlinePSTNGateway cmdlet to verify that the SBC is present in the list of paired SBCs. Type the following in a remote PowerShell session, and then press Enter:

Get-CsOnlinePSTNGateway -Identity sbc.contoso.com

The paired gateway should appear in the list as shown in the example below, and the Enabled parameter should display a value of True.

Which returns:

Identity : sbc.contoso.com Fqdn : sbc.contoso.comSipSignalingPort : 5067CodecPriority : SILKWB,SILKNB,PCMU,PCMAExcludedCodecs : FailoverTimeSeconds : 10ForwardCallHistory : FalseForwardPai : FalseSendSipOptions : TrueMaxConcurrentSessions : 100Enabled : True

Validate SIP options

To validate the pairing using outgoing SIP options, use the SBC management interface and confirm that the SBC receives 200 OK responses to its outgoing OPTIONS messages.

When Direct Routing sees incoming OPTIONS, it will start sending outgoing SIP Options messages to the SBC FQDN configured in the Contact header field in the incoming OPTIONS message.

To validate the pairing using incoming SIP options, use the SBC management interface and see that the SBC sends a reply to the OPTIONS messages coming in from Direct Routing and that the response code it sends is 200 OK.

SBC settings

This table lists the options that you can set for the SBC in the Microsoft Teams admin center and by using the New-CsOnlinePSTNGateway cmdlet.

Required?Teams admin center settingPowerShell parameterDescriptionDefaultPossible valuesType and restrictions
YesAdd an FQDN for the SBCFQDNNoneFQDN name, limit 63 charactersString, see the list of allowed and disallowed characters on Naming conventions in Active Directory for computers, domains, sites, and OUs
NoEnabledEnabledUse to turn on the SBC for outbound calls. You can use this to temporarily remove the SBC from service while it's being updated or during maintenance.FalseTrue
False		Boolean
YesSIP signaling portSipSignalingPortThis is the listening port that's used to communicate with Direct Routing by using the Transport Layer (TLS) protocol.NoneAny port0 to 65535
NoSend SIP optionsSendSIPOptionsDefines whether the SBC will send SIP options messages. We highly recommend that you turn on this setting. When this setting is off, the SBC is excluded from the Monitoring and Alert system.TrueTrue
False		Boolean
NoForward call historyForwardCallHistoryIndicates whether call history information is forwarded through the trunk. When you turn this on, the Microsoft 365 proxy sends a History-info and Referred-by header.FalseTrue
False		Boolean
NoForward P-Asserted-identity (PAI) headerForwardPAIIndicates whether the PAI header is forwarded along with the call. The PAI header provides a way to verify the identity of the caller. If this setting is on, the Privacy:ID header is also sent.FalseTrue
False		Boolean
NoConcurrent call capacityMaxConcurrentSessionsWhen you set a value, the alerting system will notify you when the number of concurrent sessions is 90 percent or higher than this value. If you don't set a value, alerts aren't generated. However, the monitoring system will report the number of concurrent sessions every 24 hours.NullNull
1 to 100,000
NoFailover response codesFailoverResponseCodes
If Direct Routing receives any 4xx or 6xx SIP error code in response to an outgoing Invite, the call is considered completed by default. Outgoing means a call from a Teams client to the PSTN with traffic flow: Teams client -> Direct Routing -> SBC -> telephony network). When you specify a failover response code, this forces Direct Routing to try another SBC (if another SBC exists in the voice routing policy of the user) when it receives the specified codes if the SBC can't make a call because of network or other issues. To learn more, see Failover of specific SIP codes received from the Session Border Controller (SBC).408, 503, 504Int
NoFailover times (seconds)FailoverTimeSecondsWhen you set a value, outbound calls that aren't answered by the gateway within the time that you set are routed to the next available trunk. If there are no additional trunks, the call is automatically dropped. The default value is 10 seconds. In an organization with slow networks and gateway responses, this could potentially result in calls being dropped unnecessarily.10NumberInt
NoPreferred country or region for media trafficMediaRelayRoutingLocationOverrideNot applicable to Direct Routing. This parameter is reserved for use with managed carriers in Calling PlansNone
NoSBC supports PIDF/LO for emergency callsPidfloSupportedSpecify whether the SBC supports Presence Information Data Format Location Object (PIDF/LO) for emergency calls.
No-MediaBypassThis setting indicates whether the SBC supports media bypass and whether you want to use it for this SBC.NoneTrue
False		Boolean

See also

Plan Direct Routing

Configure Direct Routing

Teams PowerShell overview

References

Top Articles
Latest Posts
Article information

Author: Carmelo Roob

Last Updated: 12/23/2023

Views: 6351

Rating: 4.4 / 5 (65 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Carmelo Roob

Birthday: 1995-01-09

Address: Apt. 915 481 Sipes Cliff, New Gonzalobury, CO 80176

Phone: +6773780339780

Job: Sales Executive

Hobby: Gaming, Jogging, Rugby, Video gaming, Handball, Ice skating, Web surfing

Introduction: My name is Carmelo Roob, I am a modern, handsome, delightful, comfortable, attractive, vast, good person who loves writing and wants to share my knowledge and understanding with you.