Forum Discussion
Direct Routing SBC failover planning in carrier hosted setup (derived trunk model)
- Jul 07, 2020
For hosting provider failover routing, the hosting provider will need to configure multiple PSTN gateways in their tenant. For example:
- sbc1.contoso.com
- sbc2.contoso.com
This will require multiple wildcard san names to support each namespace. For example:
- *.sbc1.contoso.com
- *.sbc2.contoso.com
Each customer will be provide two FQDN's to be added to Tenant domain and a single user licensed for SfB Online in the namespace to create the domain in the service forest. For example:
- cust1.sbc1.contoso.com
- cust2.sbc1.contoso.com
Then a route will be created for each of these gateways.
Thanks!
These were all just examples. Let me try to make this simpler without specific names.
Carrier Tenant Online PSTN Gateway(s), can be one or greater if failover is being handled by multiple FQDNs.
- sbcBaseName1.carrier.com
- sbcBaseName2.carrier.com
Carrier certificate SAN names
- *.sbcBaseName1.carrier.com
- *.sbcBaseName2.carrier.com
Customer Tenant Domain Name and SBC named used in Route configuration
- cust1.sbcBaseName1.carrier.com
- cust2.sbcBaseName2.carrier.com
The pattern here is that the carrier PSTN Gateway is the base name for which customer names are derived. The customer names will be a single level child of the base domain.
Hope that helps.
- chuckster_caMar 02, 2023Copper ContributorWe are getting ready to offer direct routing for our customers but first, we would like to deploy it on a couple of accounts in our organization. We have followed the steps as outlined in the above mentioned post by adding 2 additional base domains (sbc1.ourdomain.com and sbc2.ourdomain.com) along with 2 wildcard certs to match. We will then activate these 2 new base domains by creating 2 new test accounts: email address removed for privacy reasons and email address removed for privacy reasons. In order to get this to work on my account, I will need to add a Teams Calling Plan license (or equivalent) but will I need to change my UPN to match the FQDN of one of our SBCs? Or would it be better to simply use one of these 2 accounts with the proper UPNs and assign the appropriate licensing?
This brings up another question regarding licensing: I currently have Business Standard. What is the cheapest and easiest add-on license to make and receive calls from the PSTN - no need to call outside of Canada. - DazzaAJul 06, 2021Copper Contributor
The use of wildcards is really not the best solution in my experience as it really doesn't provide any advantage over and above using a normal fqdn cert, and adds to the cost if purchasing them.
We've chosen now to create a standard cert for each SBC, this keeps it simple.
Also I'm sure we tried
SBC1.customer1.ourdomain.comSBC2.customer1.ourdomain.com
With the wildcard as *.customer1.ourdomain.com and Microsoft would not accept this for some reason so reverted to getting a cert for each SBC.
- IdtenteeAug 13, 2020Copper ContributorThankyou for the reply.
Mine started working around 36 hours after configuration. So I guess even more patience is needed. Strange thing was I did another 2 setups within 20 minutes and they were OK to go after an hour. I have also completed another 3 and they took between 1 and a few hours. - Łukasz StępniewskiAug 13, 2020Copper Contributor
Hello
The wildcard certificate to be applied on DR-SBC is *.sbcBaseName1.carrier.com in your example. What about sbcBaseName1.carrier.com name? Does it need to be included in certificate too? - Carolyn Blanding (MS TEAMS)Aug 11, 2020Microsoft
The above was resolved. Issue was that the FQDN on inbound invites to customer tenant had carrier SBC FQDN defined. Therefore, the lookup for matching user phone numbers was to the carrier tenant and returned a 404.
- IdtenteeJul 30, 2020Copper ContributorHi, Was there ever a solution to this issue?
Like others I have followed the steps and cannot get the derived trunks working and accepting calls.
I also had a support call with Microsoft yesterday and it was suggested to wait another 24 hours after creating the subdomain in the customers domain. - Carolyn Blanding (MS TEAMS)Jul 09, 2020Microsoft
Apologies about the snags you are hitting. Are you ok with sharing the case # that you have open so I can take a peek at the real details and potentially get you past your speed bump?
Regards,
CB
- VoipGuyUKJul 09, 2020Copper ContributorYes that does clarify thanks. This is how I set mine up. But unfortunately it doesn't work and I get 404 not found.
The other unfortunate thing is MS support team seem to have no idea how this should work. Also their SIP knowledge seems none existent at 1st line stages anyway. They are trying, but this makes me want to cry.
What I have done:
Carrier Tenant has these domains:
mydomainltd.onmicrosoft.com (Default)
mydomain.com
sbc1.mydomain.com
sbc2.mydomain.com
DNS entires exist for theses sbc's, I have an old test sbc on mydomain.com which is still working for inbound calls on carrier tenant for carrier users.
Powershell commands ran on carrier tenant:
New-CSOnlinePSTNGateway -FQDN sbc1.mydomain.com -SIPSignalingport 5061 -MaxConcurrentSessions 50000 -ForwardCallHistory $true -Enabled $true
New-CSOnlinePSTNGateway -FQDN sbc2.mydomain.com -SIPSignalingport 5061 -MaxConcurrentSessions 50000 -ForwardCallHistory $true -Enabled $true
In MS Team portal sbc's show and are active for TLS and Options
Customer tenant has these domains:
customer1000.sbc1.mydomain.com
customer1000.sbc2.mydomain.com
DNS entries exist for the domains point to my SBC’s.
Powershell commands ran on customer tenant:
Set-CsOnlinePstnUsage -Identity Global -Usage @{Add="UK"}
New-CSOnlineVoiceRoute -Identity "All" -NumberPattern "^\+44(\d{9,10})$" -OnlinePstnGatewayList customer1000.sbc1.mydomain.com, customer1000.sbc2.mydomain.com,-Priority 1 -OnlinePstnUsages "UK"
New-CSOnlineVoiceRoutingPolicy "UK" -OnlinePstnUsages "UK"
Grant-CsOnlineVoiceRoutingPolicy -Identity “james.smith@mydomain.onmicrosoft.com” -PolicyName UK
Set-CsUser -Identity "james.smith@mydomain.onmicrosoft.com" -OnPremLineURI tel:+441713325555 -EnterpriseVoiceEnabled $true -HostedVoiceMail $true
Below is an example of my invite obfuscating my ips. To this invite I get a 404 not found. In my carrier tenant for this sbc in direct routing I can see the call inbound attempts although no details of the calls they just show in the graph.
INVITE sip:441713325555@customer1000.sbc1.mydomain.com;user=phone SIP/2.0
Record-Route: <sip:sbc1.mydomain.com:5061;transport=tls;r2=on;lr>
Record-Route: <sip:x.x.x.x:5060;r2=on;lr>
Via: SIP/2.0/TLS sbc1.mydomain.com:5061;branch=z9hG4bKf311.85766bf10fd192be4a966f1d2f5db163.0
Via: SIP/2.0/UDP x.x.x.x:5080;received=x.x.x.x;rport=5080;branch=z9hG4bKp5S81QXcvSaKa
Max-Forwards: 63
From: "+447842111700" <sip:+447842111700@x.x.x.x.x>;tag=DvrB7p3B4g4jK
To: <sip:441713325555@customer1000.sbc1.mydomain.com>
Call-ID: a85bb1c9-3ca0-1239-45ad-90b11c4c90db
CSeq: 22601531 INVITE
User-Agent: SIP Agent
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY
Supported: timer, path, replaces
Allow-Events: talk, hold, conference, refer
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 1495
Contact: <sip:customer1000.sbc1.mydomain.com:5061;transport=tls>