Home

Guidance on Network Access to Microsoft Teams PSTN Calling and Direct Routing Topologies

%3CLINGO-SUB%20id%3D%22lingo-sub-279114%22%20slang%3D%22en-US%22%3EGuidance%20on%20Network%20Access%20to%20Microsoft%20Teams%20PSTN%20Calling%20and%20Direct%20Routing%20Topologies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-279114%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%0A%3CP%3EI%20am%20after%20some%20guidance%20on%20how%20to%26nbsp%3Bimplement%20combined%20PSTN%20calling%20with%20plans%20and%20direct%20routing%20with%20specific%20regard%20to%20customer%20network%20configuration.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20a%20customer%20has%20a%20single%20egress%20service%20for%20their%20client%20and%20server%20network%20to%20connect%20to%20the%20internet%20i.e.%20all%20traffic%20goes%20through%20one%20firewall%20device%20which%20also%20protects%20inbound%20services%20and%20NAT%20then%20all%20is%20fine.%20I%20don't%20have%20an%20issue%20with%20that.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%2C%20I%20have%20a%20customer%20with%20two%20egress%20services.%20One%20for%20client%20browsing%20and%20one%20for%20server%20hosting.%20Both%20egress%20services%20are%20available%20across%20VLANs%20and%20the%20way%20in%20which%20the%20service%20is%20chosen%20is%20based%20on%20a%20static%20route%20at%20the%20core%20switch.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%20they%20have%20a%20route%20for%2052.112.0.0%2F14%20which%20is%20the%20PSTN%20IP%20destination%20for%20PSTN%20Calling%20and%20Direct%20Routing%20and%20have%20configured%20it%20to%20egress%20out%20of%20their%20hosting%20firewall%20service.%20The%20problem%20is%20that%20clients%20also%20want%20to%20use%20this%20route%20as%20well%20as%20its%20advertised%20on%20the%20core%20switch.%20The%20problem%20is%20the%20hosting%20side%20does%20not%20have%20enough%20bandwidth%20and%20the%20route%20from%20all%20client%20subnets%20to%20this%20device%20is%20not%20optimal%20to%20be%20used%20as%20fit%20for%20purpose.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20can%20switch%20the%20core%20switch%20route%20to%20route%20to%20the%20browsing%20service%20which%20is%20optimized%20for%20client%20subnets%20and%20has%20the%20appropriate%20bandwidth%20but%20that%20then%20means%20the%20SBCs%20must%20also%20take%20that%20route.%20The%20problem%20with%20this%20is%20that%20the%20browsing%20firewall%20we%20don't%20support%20inbound%20connections%2C%20and%20have%20a%20public%20IP%20shortage%20due%20to%20network%20design%20to%20support%20this.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOur%20challenge%20is%20to%20fit%20this%20into%20the%20current%20network%20design%20without%20the%20customer%20having%20to%20spend%20more%20money%20or%20make%20significant%20changes%20to%20business%20critical%20systems.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EStatic%20routes%20on%20the%20SBC%20aren't%20going%20to%20work%20because%20I%20need%20to%20route%20through%204%20hops%20to%20get%20to%20the%20required%20firewall.%20I%20just%20haven't%20found%20a%20way%20to%20solve%20this%20problem%20without%20bending%20their%20network%20design.%20Any%20help%20appreciated.%20thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-279114%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-279457%22%20slang%3D%22en-US%22%3ERe%3A%20Guidance%20on%20Network%20Access%20to%20Microsoft%20Teams%20PSTN%20Calling%20and%20Direct%20Routing%20Topologies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-279457%22%20slang%3D%22en-US%22%3E%3CP%3EWhich%20route%20is%20preferred%20then%20%3F%20one%20seems%20to%20be%20too%20small%20and%20the%20other%20has%20unacceptable%20limitations.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAre%20the%20number%20of%20clients%20enough%20to%20start%20troubling%20the%20number%20of%20ports%20available%20on%20the%20browsing%20firewall%20anyway%2C%20as%20you%20imply%20this%20is%20an%20area%20of%20issue.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHow%20often%20would%20calls%20go%20out%20to%20the%20cloud%2C%20wouldn't%20media%20bypass%20keep%20it%20away%20from%20the%20perimeter%20mosy%20of%20the%20time%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Mark Vale
Contributor

Hi

I am after some guidance on how to implement combined PSTN calling with plans and direct routing with specific regard to customer network configuration.

 

If a customer has a single egress service for their client and server network to connect to the internet i.e. all traffic goes through one firewall device which also protects inbound services and NAT then all is fine. I don't have an issue with that.

 

However, I have a customer with two egress services. One for client browsing and one for server hosting. Both egress services are available across VLANs and the way in which the service is chosen is based on a static route at the core switch.

 

So they have a route for 52.112.0.0/14 which is the PSTN IP destination for PSTN Calling and Direct Routing and have configured it to egress out of their hosting firewall service. The problem is that clients also want to use this route as well as its advertised on the core switch. The problem is the hosting side does not have enough bandwidth and the route from all client subnets to this device is not optimal to be used as fit for purpose.

 

We can switch the core switch route to route to the browsing service which is optimized for client subnets and has the appropriate bandwidth but that then means the SBCs must also take that route. The problem with this is that the browsing firewall we don't support inbound connections, and have a public IP shortage due to network design to support this.

 

Our challenge is to fit this into the current network design without the customer having to spend more money or make significant changes to business critical systems.

 

Static routes on the SBC aren't going to work because I need to route through 4 hops to get to the required firewall. I just haven't found a way to solve this problem without bending their network design. Any help appreciated. thanks

1 Reply

Which route is preferred then ? one seems to be too small and the other has unacceptable limitations.

 

Are the number of clients enough to start troubling the number of ports available on the browsing firewall anyway, as you imply this is an area of issue.

 

How often would calls go out to the cloud, wouldn't media bypass keep it away from the perimeter mosy of the time?