Forum Discussion
Split Tunnel Implemented. But, some of the traffic still going via VPN
Hi, I am new to Microsoft Teams and I am wondering why some of Microsoft Teams traffic and going straight to the internet and some are going via VPN. We use Cisco AnyConnect and has configured dynam...
Hi Andres and Ed,
Yes, we did try blocking the traffic in ASA and it forces Teams Media to go straight to Microsoft. But, in this scenario we are asking Teams to select the route instead of your network. Also, will this cause an issue as there is an unnecessary delay during the setup time. Is Teams designed to do this (routing decision) as well?
Another question: Not sure if this is relevant. Looking at the browser network activity (by pressing f12 in Edge Browser). I noticed these lines.
https://statics.teams.cdn.office.net/hashed/lazy-ng1-mod-calling-bot-service.min-409f922.js
https://statics.teams.cdn.office.net/hashed/Audio/Teams_Call_Ringing
https://statics.teams.cdn.office.net/hashed/Audio/Teams_Call_Ended
"statics.teams.cdn.office.net" is not included on our dynamic exclusion test as this is not on the MS Teams list. Also
pinging "statics.teams.microsoft.com" resolves to "s-0005.s-msedge.net [52.113.194.132]"
pinging "statics.teams.cdn.office.net" resolves to "s-0005.s-dc-msedge.net [52.113.195.132]"
Yes, we did try blocking the traffic in ASA and it forces Teams Media to go straight to Microsoft. But, in this scenario we are asking Teams to select the route instead of your network. Also, will this cause an issue as there is an unnecessary delay during the setup time. Is Teams designed to do this (routing decision) as well?
Another question: Not sure if this is relevant. Looking at the browser network activity (by pressing f12 in Edge Browser). I noticed these lines.
https://statics.teams.cdn.office.net/hashed/lazy-ng1-mod-calling-bot-service.min-409f922.js
https://statics.teams.cdn.office.net/hashed/Audio/Teams_Call_Ringing
https://statics.teams.cdn.office.net/hashed/Audio/Teams_Call_Ended
"statics.teams.cdn.office.net" is not included on our dynamic exclusion test as this is not on the MS Teams list. Also
pinging "statics.teams.microsoft.com" resolves to "s-0005.s-msedge.net [52.113.194.132]"
pinging "statics.teams.cdn.office.net" resolves to "s-0005.s-dc-msedge.net [52.113.195.132]"
Hello Vicente
*.cdn.office.net is treated as "Default"
"Default endpoints represent Office 365 services and dependencies that do not require any optimization, and can be treated by customer networks as normal Internet bound traffic."
I do not know about the internals of Teams making this routing decision but I can guess, that was probably included in the design
*.cdn.office.net is treated as "Default"
"Default endpoints represent Office 365 services and dependencies that do not require any optimization, and can be treated by customer networks as normal Internet bound traffic."
I do not know about the internals of Teams making this routing decision but I can guess, that was probably included in the design
- The CDN links are a good example of why everything doesn't have to be optimized. The CDN (Content Delivery Network) is responsible for things such as updating Teams. This is not time critical traffic and as such, nothing special needs to be done about it. It's okay if it is even a little slower than web browser traffic as it is an asynchronous download in the background.
Compare this against the media traffic which has to be optimized to provide suitable path during a call.
