Microsoft Teams Direct Routing explained

Microsoft Teams Direct Routing is, by the time I write this article which is May 2018, in preview. This is the means for you to bring your own SIP trunk to Microsoft Teams. To be clear, this will only give your Teams users PSTN connectivity, your Skype for Business Online users still needs to use CCE or Skype for Business Server hybrid to get PSTN connectivity.

The goal of this article is to explain the basic around Direct Routing from an infrastructure point of view.

Licenses

  • You need a Phone System License  per user, which is part of Office 365/Microsoft 365 E5 or add-on for Office 365/Microsoft 365 E3
    • Phone System is not available as add-on for Office 365 Business Premium or Microsoft 365 Business
  • To get a phone number in Teams meetings, you need the Audioconferencing license per user, which is part of E5 and can added as add-on for E3 and Business SKU’s

Firewall ports and protocols

  • To connect a sip trunk to Microsoft Teams, a SIP proxy is used.
    • From your SBC to the SIP proxy you need always to use port 5061
      • From SIP proxy to your SBC you can choose any port between 1024 – 65 6536
      • I prefer to use 5061 since it is the same port as SIP proxy and it may be simpler in the long run
      • Traffic needs to be open both ways
    • You can limit the connectivity to the pstnhub.microsoft.com addresses specified below and the IP addresses they resolve to
      • you should always use sip.pstnhub.microsoft.com as primary as it is a Global FQDN
      • sip-all.pstnhub.microsoft.com is mentioned in the documentation and can be a possible source DNS name
  • Media range is UDP between the ports 49 152 – 53 247

DirectRouting2

SBC requirements

DirectRouting3

Media Bypass internally

  • The advantage of media bypass in a Direct Routing scenario where server is in the cloud is that media stays local and the media path is more optimal
  • Media bypass is supported by AudioCodes and Ribbon
    • needs to be configured specifically on SBC and enabled in Office 365
    • both vendors support ICE light which is used for connectivity checks when finding optimal media path
  • The clients need to be able to resolve and connect the public IP of the SBC
    • traffic needs to be open both ways, same media ports are used
    • requires hair pinning on NAT device

DirectRoutingMB1.PNG

Media Bypass externally

  • Media bypass is possible from clients logged on outside the corporate network
  • The client needs to resolve the SBC FQDN and connect to the IP
    • This results in allowing any IP as source ip on the media port range on the SBC
    • Since only TLS connections are allowed, I think this is something that can be considered
  • If the client cannot connect to the IP it will relay media via the SIP Proxy

DirectRoutingMBext1

Migrating to Direct Routing

Since CCE or Skype for Business Server cannot provide voice for Microsoft Teams, the only viable migration path is to introduce a SBC or configure the current SBC to connect to Microsoft Teams. From there you can start moving users by routing specific numbers and number series over to the new SIP trunk.

If you use direct SIP trunk with your Skype for Business Server today, then you can test Direct Routing by implementing a SBC and connect it to Microsoft Teams. Then provide a SIP trunk from Skype for Business using the inter trunk routing feature in Skype for Business Server, which allows you to move some test numbers to the SBC and Microsoft Teams. When you are ready to move to Microsoft Teams, you can switch the PSTN SIP trunk to go directly to the SBC.

pathtothecloud

Summary

When you have the correct approach from an infrastructure point of view, then you are ready to create PSTN usages and voice policies in Office 365. After that, users needs to be enabled for enterprise voice and get assigned a number. Then you are ready to succeed with Microsoft Teams Direct Routing

References

 

2 thoughts on “Microsoft Teams Direct Routing explained

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.