Skype for Business Online Calling – Designing a Local Call Backup Route
Moving Private Branch Exchange (PBX) calling services to the cloud is now a common part of a digital transformation to Microsoft Office 365. Moving all calling services to the Microsoft Cloud often results in the partial or full removal of on-premises PBX equipment, a reduction in operational costs and far easier administration. Even with a desire to move completely to the cloud, there are organizations who require a local outbound call route in an unlikely event the Internet is unreachable. This blog contains information about a design option that may help meet this requirement.
At this point, you may wonder why not just use a cellular phone or take a Skype for Business softphone on a laptop down the street to a Wi-Fi hotspot where users can continue making calls? Why would an organization require a backup call route like this? The answer is that some organizations want desk phones for anyone to use at any time to contact emergency services - regardless of the widespread availability of cellular services. To move forward with cloud calling services, a local backup route for outbound calling is needed for some organizations.
Before I move on with a design option to consider, I need to be clear that this is an option provided by a Microsoft Partner - not by Microsoft directly. Microsoft has not tested this design, does not support it and is not committing to future supportability.
To provide this type of local call resiliency, some AudioCodes Session Border Controllers (SBC) include a feature called One Voice Resiliency (OVR). When OVR is combined with AudioCodes VoIP desk phones, Skype for Business Online users will use the Microsoft Office 365 cloud as the primary call route for inbound/outbound calling. For the secondary, optional outbound failover call route, a local telephone analog line(s) or T1/E1 can be provisioned and connected to the SBC ports. Additionally, a SIP trunk may also be used as the backup outbound calling route (this would require Internet access to remain available). Also note that when using the OVR configuration all calls will be routed through the SBC - to Skype for Business Online under normal operations and then, as a secondary route, to the local PSTN provider during an Internet outage or a SIP Trunk provider (if the Internet is still available).
Configuration
The intent of this blog is to demonstrate the functionality of a secondary call route using the optional SIP trunk in the event communication is lost with cloud calling services. It is more likely you will want to include the use of an analog line as a backup call route in your design – I just happened to have a SIP Trunk in my lab and could make use of it for this example. Configuration of these services is available in the AudioCodes OVR with SIP Trunk guide as well as by engaging with AudioCodes and other Microsoft Certified Partners. To configure Audiocodes OVR to use local PSTN analog services, review the Audiocodes OVR with PSTN guide and/or contact a Microsoft Certified Partner.
Lab Design
Let's begin with a simple lab design.
Desk phone:
- In this lab, we will be using a single 450HD AudioCodes desk phone with firmware version UC_3.0.4.120.3 (Nov 2017).
- LAN IP Address: 192.168.1.170
Session Border Controller:
- In this lab, we will be using an M800 AudioCodes Session Border Controller with firmware version 7.20A.156.023 (Oct 2017).
- LAN IP: 192.168.1.201
- WAN IP: 71.166.43.xxx
- The M800 model used in the lab has a Cloud Connector Edition (CCE) unit installed, but it is not needed to provide OVR and not configured in this lab.
SIP Trunk Provider:
- The SIP Trunk used in this lab environment is provided by Intelepeer
- SIP Trunk Target IP Address is 68.68.xxx.x on TCP port 5060
Demonstration
With everything connected and configured, lets first review the phone and logs of an outbound call placed normally using the AudioCodes 450HD logged in as a Skype for Business Online user.
Example One: Normal Call Routing
The AudioCodes M800 SBC and 450HD phone are both configured to use the OVR feature. Both components have access to the Office 365 Skype for Business Online services. The phone display below is normal.
Below are the logs associated with an outbound call using Skype for Business Online services.
Log Section One:
Explanation: We can see below the outbound call being dialed to the +141062795xx number. The call is placed from the AudioCodes 450HD phone on IP address 192.168.1.170.
INVITE sip:+141062795xx@cloudtenantid.onmicrosoft.com;user=phone SIP/2.0
From: "pattif"<sip:pattif@cloudtenantid.onmicrosoft.com>;tag=0d6800e811;epid=00908f98058c
To: <sip:+141062795xx@cloudtenantid.onmicrosoft.com;user=phone>
Call-ID: 0010f92f0aa01a8c013c455013009570
CSeq: 1 INVITE
Via: SIP/2.0/TLS 192.168.1.170:5071;branch=z9hG4bK-e1-37153-1531eaea
Max-Forwards: 70
Supported: replaces,100rel,eventlist,timer,ms-bypass,ms-early-media,ms-dialog-route-set-update
Allow: REGISTER, INVITE, ACK, BYE, REFER, NOTIFY, CANCEL, INFO, OPTIONS, PRACK, SUBSCRIBE, UPDATE,PUBLISH
User-Agent: AUDC/3.0.4.120 AUDC-IPPhone-450HD_UC_3.0.4.120/3
Ms-Conversation-Id: 21e209757e1ccd51
Accept-Language: en-US
ms-endpoint-location-data: NetworkScope;ms-media-location-type=internet
ms-subnet: 192.168.1.0
Contact: <sip:pattif@cloudtenantID.onmicrosoft.com;opaque=user:epid:8ZjnRr4oEVatUo4lmcgAFAAA;gruu>
P-Preferred-Identity: "Patti Fernandez" <sip:pattif@cloudtenantID.onmicrosoft.com>,<tel:+144329062xx>
ms-keep-alive: UAC;hop-hop=yes
Session-Expires: 1800
Min-SE: 90
Authorization: TLS-DSK opaque="BA6F0958", qop="auth", realm="SIP Communications Service", targetname="BLU2A05FES07.infra.lync.com",crand="63920c06",cnum="21", response="B8B6C [Time:22-12@16:38:02]
Log Section Two:
Explanation: Below we see the same outbound call routing to Skype for Business Online at 52.112.67.16 on port 443. This IP address has a hostname of sippoolblu2a05.infra.lync.com and is just one of the many addresses that Skype for Business Online may use. This demonstrates that under normal connections, the phone is placing the call through the Skype for Business Online services.
For a complete list of service IP addresses and hostnames that Office 365 uses periodically review addresses in this link (Expand to see the Skype for Business Online IP Addresses).
( sip_stack)( 43996) ---- Outgoing SIP Message to 52.112.67.16:443 from SIPInterface #1 (FE) TLS TO(#23) SocketID(481) ---- [Time:22-12@16:38:02]
INVITE sip:+141062795xx@cloudtenantID.onmicrosoft.com;user=phone SIP/2.0
Via: SIP/2.0/TLS 71.166.43.xxx:5061;alias;branch=z9hG4bKac1539607808
Max-Forwards: 69
From: "pattif" <sip:pattif@cloudtenantID.onmicrosoft.com>;tag=0d6800e811;epid=00908f98058c
To: <sip:+141062795xx@cloudtenantID.onmicrosoft.com;user=phone>
Call-ID: 0010f92f0aa01a8c013c455013009570
CSeq: 1 INVITE
Contact: <sip:pattif@cloudtenantID.onmicrosoft.com;opaque=user:epid:8ZjnRr4oEVatUo4lmcgAFAAA;gruu>
Supported: eventlist,ms-bypass,ms-early-media,ms-dialog-route-set-update,100rel,timer,replaces,sdp-anat
Allow: REGISTER, INVITE, ACK, BYE, REFER, NOTIFY, CANCEL, INFO, OPTIONS, PRACK, SUBSCRIBE, UPDATE,PUBLISH
P-Preferred-Identity: "Patti Fernandez" <sip:pattif@cloudtenantID.onmicrosoft.com>,<tel:+144329062xx>
Accept-Language: en-US
Authorization: TLS-DSK opaque="BA6F0958", qop="auth", realm="SIP Communications Service", targetname="BLU2A05FES07.infra.lync.com",crand="63920c06",cnum="21", response="B8B6CACA32B6E352480BF51DF1130157E9294F21",version=4
Session-Expires: 1800
Min-SE: 90
User-Agent: AUDC/3.0.4.120 AUDC-IPPhone-450HD_UC_3.0.4.120/3
Content-Type: application/sdp
Content-Length: 1537
Ms-Conversation-Id: 21e209757e1ccd51
ms-endpoint-locati [Time:22-12@16:38:02]
Example Two: Call Routing Using AudioCodes OVR and a SIP Trunk
- To simulate a loss of communication with Office 365 Skype for Business services, I created two firewall rules.
- The first rule blocks the 450HD phone from reaching any Internet services.
- The second rule blocks the SBC from communicating externally on port 443 effectively preventing it from reaching Skype for Business Online services to establish a call. The SBC can still communicate to the Internet on all other ports.
Within a minute of the firewall rules above being enabled, the phone will detect that is has lost communication with Skype for Business Online and enter into a Limited Service mode. The screen of the AudioCodes 450HD phone below now displays the warning of "Limited Service."
With the phone now operating in a limited service mode, I will make an outbound call to 410-627-95xx to demonstrate the new call flow.
Log Section One:
( sip_stack)( 50249) ---- Incoming SIP Message from 192.168.1.170:45574 to SIPInterface #2 (UserPhones) TLS TO(#26) SocketID(478)
INVITE sip:+141062795xx@cloudtenantid.onmicrosoft.com;user=phone SIP/2.0
From: "pattif"<sip:pattif@cloudtenantid.onmicrosoft.com>;tag=005c006e2f;epid=00908f98058c
To: <sip:+141062795xx@cloudtenantid.onmicrosoft.com;user=phone>
Call-ID: 0010f94f0aa01a8c013c455013007eec
CSeq: 1 INVITE
Via: SIP/2.0/TLS 192.168.1.170:5071;branch=z9hG4bK-7b5-1e1d46-1923efa1
Max-Forwards: 70
Supported: replaces,100rel,eventlist,timer,ms-bypass,ms-early-media,ms-dialog-route-set-update
Allow: REGISTER, INVITE, ACK, BYE, REFER, NOTIFY, CANCEL, INFO, OPTIONS, PRACK, SUBSCRIBE, UPDATE,PUBLISH
User-Agent: AUDC/3.0.4.120 AUDC-IPPhone-450HD_UC_3.0.4.120/3
Ms-Conversation-Id: de1851a2c41bd575
Accept-Language: en-US
ms-endpoint-location-data: NetworkScope;ms-media-location-type=intranet
ms-subnet: 192.168.1.0
Contact: <sip:pattif@cloudtenantid.onmicrosoft.com;opaque=user:epid:8ZjnRr4oEVatUo4lmcgAFAAA;gruu>
P-Preferred-Identity: "Patti Fernandez" <sip:pattif@cloudtenantid.onmicrosoft.com>,<tel:+144329062xx>
ms-keep-alive: UAC;hop-hop=yes
Session-Expires: 1800
Min-SE: 90
Authorization: TLS-DSK opaque="BA6F0958", qop="auth", realm="SIP Communications Service", targetname="BLU2A05FES07.infra.lync.com",crand="d11ea4d4",cnum="46", response="E90 [Time:22-12@17:07:13]
Log Section Two:
Explanation: In the log below we can see the outbound call in the limited service mode now being routed to the IntelePeer SIP Trunk configured at 68.68.xxx.x on TCP port 5060.
( sip_stack)( 50498) ---- Outgoing SIP Message to 68.68.xxx.x:5060 from SIPInterface #3 (IntelepeerSIPTrunk) TCP TO(#289) SocketID(215) ---- [Time:22-12@17:07:13]
INVITE sip:+141062795xx@68.68.xxx.x;user=phone SIP/2.0
Via: SIP/2.0/TCP 71.166.43.xxx:5060;alias;branch=z9hG4bKac259820836
Max-Forwards: 68
From: "pattif" <sip:pattif@cloudtenantid.onmicrosoft.com>;tag=1c1771619637;epid=00908f98058c
To: <sip:+141062795xx@68.68.1xx.x;user=phone>
Call-ID: 1600361692212201717713@71.166.43.xxx
CSeq: 1 INVITE
Contact: <sip:FEU396-2-xxx-1@71.166.43.xxx:5060;transport=tcp;opaque=user:epid:8ZjnRr4oEVatUo4lmcgAFAAA;gruu>
Supported: eventlist,ms-bypass,ms-early-media,ms-dialog-route-set-update,100rel,timer,replaces,sdp-anat
Allow: REGISTER, INVITE, ACK, BYE, REFER, NOTIFY, CANCEL, INFO, OPTIONS, PRACK, SUBSCRIBE, UPDATE,PUBLISH
Accept-Language: en-US
Authorization: TLS-DSK opaque="BA6F0958", qop="auth", realm="SIP Communications Service", targetname="BLU2A05FES07.infra.lync.com",crand="d11ea4d4",cnum="46", response="E903DD69EC2000ED575DA61668C1D6B5BDE272D1",version=4
Session-Expires: 1800
Min-SE: 90
User-Agent: M800B/v.7.20A.156.023
P-Asserted-Identity: <tel:+144329062xx>
Content-Type: application/sdp
Content-Length: 312
Ms-Conversation-Id: de1851a2c41bd575
ms-endpoint-location-data: NetworkScope;ms-media-location-type=intranet
ms-subnet: 192.168.1.0
ms-keep-ali [Time:22-12@17:07:13]
Returning to Normal Operations
To demonstrate the failback capabilities of the configuration, I removed the two firewall rules above to enable all outbound connections from the SBC and phone. Within a minute, the phone display returned to normal. The user has not needed to take any action to failover to the limited service mode or back to normal operations.
Summary
My goal in writing this blog is to provide a design option for organizations with requirements for local call resiliency when planning a transition to Skype for Business Online. Proper planning, sizing, number of concurrent sessions, licenses, etc. need to be taken into consideration for this design. For more information about this design and equipment or for assistance with your design and implementation, please contact AudioCodes or another Microsoft Certified Partner.
For Microsoft Partners who would like additional information on this configuration or other architectural areas of Skype for Business Online, please also contact the Microsoft One Commercial Partner (OCP) organization.