skype for business broadcast meeting
TRANSCRIPT
Skype for BusinessSkype for Business GEO-EDGE
Thomas Poett - Skype4b MVP
Business Unit Leader Skype for Business ndash Westcon UCC Germany
Introduction
Topicsbull Simple URL deployment
bull MEET and DIALIN principals
bull Understanding SIP Access Edge Flow
bull Understanding Web Conferencing Flow
bull Principals on STUN and TURN(thanks to Jeff Schertz Polycom for his support)
bull Understanding AV Edge Flow
bull Advice for Geo Edge Deployments
bull Principals for CCE Deployments
GEO DNS and Geo native deployment
GEO DNS
bull would answer DNS queries based on the client source IP address
bull Allows flex deployment for all DNS name NOT for AV Edge
bull Requires external GEO DNS provide
Native DNS planningrsquosbull Native GEO deployment
required DNS location based plannings
bull Static location oriented DNS resolution
bull No additional service needed
Simple URL deployment
bull DIALIN URL ndash unique global URL(very suitable for ext GEO DNS)
bull LYNCDISCOVER ndash unique global URL(very suitable for ext GEO DNS)
bull MEET URL ndash global or localized URL
bull EXWEB URL ndash Pool Regional URL
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
dialinsipdomcom
meet-emeasipdomcom
web-emeasipdomcom
lyncdiscoversipdomcomRemote User
Federated User
meet-aseansipdomcom
web-aseansipdomcom
dialinsipdomcom
meet-emeasipdomcommeet-aseansipdomcom
dialinsipdomcom
lyncdiscoversipdomcom
dialinsipdomcom
meet-emeasipdomcom
meet-aseansipdomcom
Remote User
Federated User
MEET and DIALIN principals
Meeting URL can be customized based on Skype Site
$urlEntry = New-CsSimpleUrlEntry -Url httpsmeet-desipdomcom
$simpleUrl = New-CsSimpleUrl -Component meet -Domain
sipdomcom -SimpleUrlEntry $urlEntry -ActiveUrl httpsmeet-
desipdomcom
Set-CsSimpleUrlConfiguration -Identity siteGermany -SimpleUrl
Add=$simpleUrl
DIALIN URL must be part of the GLOBAL Skype Topology
bull Multiple DIALIN URLs are not supported
SIP Access Edge FlowThis GeoDNS would apply for internal and external services in the form of
GeoDNS record (example) Pool records (example) CNAME records (example) DNS settings (select one option)
Meet-intgeolbsipdomcom Pool1InternalWebFQDNsipdomcom
Pool2InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2InternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
Meet-extgeolbsipdomcom Pool1ExternalWebFQDNsipdomcom
Pool2ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2ExternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
SIPsipdomcom is targeted as DNS A record therefore is can only deliver a SINGLE IP Address (or multiple IP Addresses for single DNS LB Edge Pool)This donrsquot let differentiate and point to regional Edge Pools Single entry point to eg Federation
For a client logon failover scenario we MUST make use of weighted SRV records since we are not using GeoDNS
_SIP_TLSSIPDOMCOM 0 100 5061 EDGE-POOL-DESIPDOMCOM
_SIP_TLSSIPDOMCOM 0 200 5061 EDGE-POOL-SGSIPDOMCOM
_SIP_TLSSIPDOMCOM 0 300 5061 EDGE-POOL-CASIPDOMCOM
Web Conferencing FlowActivate eg White Board
What we identify if we run the ipconfig displaydns command is
webconfparticipantcom
----------------------------------------
Record Name webconfparticipantcom
Record Type 1
Time To Live 86003
Data Length 4
Section Answer
A (Host) Record 19514514090
The INVITE introducing the CCCP web Conferencing Protocol and the SPECIALSIP message INFO with the proxy[0]FQDNwhere the associated Web Conferencing Edge FQDN is submitted
Web Conferencing FlowINFO sip178251995455599transport=tlsms-opaque=0183d7bf32ms-received-cid=10D0400grid SIP20ms-user-logon-data RemoteUserVia SIP20TLS 109002443branch=z9hG4bKEAF3233D2FBACEB2D1BA9781branched=FALSEms-internal-info=dwS6aw8wD4GPdqiyfT1hDcuDW1DxwTOP-YWvnObIFnMKSyzrovJ1B9VwAAVia SIP20TLS 103532751966branch=z9hG4bK4E70787E486944BED6A5D784branched=FALSEms-received-port=51966ms-received-cid=10CCF00Via SIP20TLS 103533064925branch=z9hG4bK17E73F627E008B7DD1BA9781branched=FALSEms-received-port=64925ms-received-cid=17E1900Via SIP20TLS 62751835452979branch=z9hG4bKCA90E804556B330F34BC5780branched=FALSEms-internal-info=afkix_jPgf9eKrv0dAeAfD9eWAbW2h2KPdnLFSAh056rkPM2tVTHia7AAAms-received-port=52979ms-received-cid=10E8400Via SIP20TLS 19216845552367branch=z9hG4bK15A5C8633E1ECDE0E4F3E784branched=FALSEms-received-port=52367ms-received-cid=1ACB00Max-Forwards 66Authentication-Info TLS-DSK qop=auth opaque=E0AD425F srand=B9CB62F8 snum=2907 rspauth=a5cc59202fce52f13ec1ab1679e6c6e669ebdea2 targetname=xsrvlync7participantlocal realm=SIP Communications Service version=4Content-Length 6245From ltsiporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgttag=74340080To ltsipthomaspoettparticipantcomgttag=0cc9ad836aepid=545cc1d9caCall-ID 2a414ec63e1542f193450dcb7751606aCSeq 11 INFOSupported ms-dialog-route-set-updateContent-Type applicationcccp+xmlms-edge-proxy-message-trust ms-source-type=DirectPartnerms-ep-fqdn=lyncedgepoolparticipantlocalms-source-network=federationms-source-verified-user=verified
- ltresponse xmlns=urnietfparamsxmlnscccpmscp=httpschemasmicrosoftcomrtc200508cccpextensionsmsci=httpschemasmicrosoftcomrtc200508confinfoextensionsci=urnietfparamsxmlnsconference-inforequestId=29C3PVersion=1from=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRto=sipthomaspoettparticipantcomresponder=siporganizersipdomcomgruuopaque=appconfdata-confidN9SPWGZRcode=successgt
- ltaddUsergtltconferenceKeys confEntity=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgt
+ ltuser xmlns=urnietfparamsxmlnsconference-infoentity=sipthomaspoettparticipantcomstate=fullgt
+ ltinfo xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt- ltconnection-info xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt
+ ltentrygt- ltentrygt
ltkeygtproxy[0]FQDNltkeygtltvaluegtwebconf-desipdomcomltvaluegt
- ltentrygt
Web Conferencing Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP INVITE to CONFERENCE
1 SIP INVITE to CONFERENCE
1 SIP
INV
ITE to
C
ON
FERE
NC
E2 SIP messages returnINFO with proxy[x]FQDN for WebConferencing
3 C
CC
P w
ith P
SOM
P
roto
col co
mm
un
icatio
n
to targe
t FQ
DN
CCCP is Microsoft proprietary
protocol supporting all relevant
features in Web Conferencing which
are
bull White Board
bull Polls
bull Q amp A
Note
Desktop Sharing is not part of CCCP
Principals on STUN and TURNbull Session Traversal Utilities for NAT (STUN) ndash This protocol basically
allows an ICE client which is located behind a firewall providing Network Address Translation to discover the public IP address as well as identify the type of NAT in use and then provide that IP to the other party as a potential candidate to send media to This IP would be assigned to the Internet-facing side of the NAT device which the client is located behind
bull Traversal Using Relays around NAT (TURN) ndash This protocol allows a dedicated ICE server to provide its own public IP address as a media candidate to one or both parties in a call and will act is a relay or proxy for the media session This IP would always be the Internet-facing public IP address (either assigned directly to the server interface or assigned to an external NAT-device)
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Introduction
Topicsbull Simple URL deployment
bull MEET and DIALIN principals
bull Understanding SIP Access Edge Flow
bull Understanding Web Conferencing Flow
bull Principals on STUN and TURN(thanks to Jeff Schertz Polycom for his support)
bull Understanding AV Edge Flow
bull Advice for Geo Edge Deployments
bull Principals for CCE Deployments
GEO DNS and Geo native deployment
GEO DNS
bull would answer DNS queries based on the client source IP address
bull Allows flex deployment for all DNS name NOT for AV Edge
bull Requires external GEO DNS provide
Native DNS planningrsquosbull Native GEO deployment
required DNS location based plannings
bull Static location oriented DNS resolution
bull No additional service needed
Simple URL deployment
bull DIALIN URL ndash unique global URL(very suitable for ext GEO DNS)
bull LYNCDISCOVER ndash unique global URL(very suitable for ext GEO DNS)
bull MEET URL ndash global or localized URL
bull EXWEB URL ndash Pool Regional URL
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
dialinsipdomcom
meet-emeasipdomcom
web-emeasipdomcom
lyncdiscoversipdomcomRemote User
Federated User
meet-aseansipdomcom
web-aseansipdomcom
dialinsipdomcom
meet-emeasipdomcommeet-aseansipdomcom
dialinsipdomcom
lyncdiscoversipdomcom
dialinsipdomcom
meet-emeasipdomcom
meet-aseansipdomcom
Remote User
Federated User
MEET and DIALIN principals
Meeting URL can be customized based on Skype Site
$urlEntry = New-CsSimpleUrlEntry -Url httpsmeet-desipdomcom
$simpleUrl = New-CsSimpleUrl -Component meet -Domain
sipdomcom -SimpleUrlEntry $urlEntry -ActiveUrl httpsmeet-
desipdomcom
Set-CsSimpleUrlConfiguration -Identity siteGermany -SimpleUrl
Add=$simpleUrl
DIALIN URL must be part of the GLOBAL Skype Topology
bull Multiple DIALIN URLs are not supported
SIP Access Edge FlowThis GeoDNS would apply for internal and external services in the form of
GeoDNS record (example) Pool records (example) CNAME records (example) DNS settings (select one option)
Meet-intgeolbsipdomcom Pool1InternalWebFQDNsipdomcom
Pool2InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2InternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
Meet-extgeolbsipdomcom Pool1ExternalWebFQDNsipdomcom
Pool2ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2ExternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
SIPsipdomcom is targeted as DNS A record therefore is can only deliver a SINGLE IP Address (or multiple IP Addresses for single DNS LB Edge Pool)This donrsquot let differentiate and point to regional Edge Pools Single entry point to eg Federation
For a client logon failover scenario we MUST make use of weighted SRV records since we are not using GeoDNS
_SIP_TLSSIPDOMCOM 0 100 5061 EDGE-POOL-DESIPDOMCOM
_SIP_TLSSIPDOMCOM 0 200 5061 EDGE-POOL-SGSIPDOMCOM
_SIP_TLSSIPDOMCOM 0 300 5061 EDGE-POOL-CASIPDOMCOM
Web Conferencing FlowActivate eg White Board
What we identify if we run the ipconfig displaydns command is
webconfparticipantcom
----------------------------------------
Record Name webconfparticipantcom
Record Type 1
Time To Live 86003
Data Length 4
Section Answer
A (Host) Record 19514514090
The INVITE introducing the CCCP web Conferencing Protocol and the SPECIALSIP message INFO with the proxy[0]FQDNwhere the associated Web Conferencing Edge FQDN is submitted
Web Conferencing FlowINFO sip178251995455599transport=tlsms-opaque=0183d7bf32ms-received-cid=10D0400grid SIP20ms-user-logon-data RemoteUserVia SIP20TLS 109002443branch=z9hG4bKEAF3233D2FBACEB2D1BA9781branched=FALSEms-internal-info=dwS6aw8wD4GPdqiyfT1hDcuDW1DxwTOP-YWvnObIFnMKSyzrovJ1B9VwAAVia SIP20TLS 103532751966branch=z9hG4bK4E70787E486944BED6A5D784branched=FALSEms-received-port=51966ms-received-cid=10CCF00Via SIP20TLS 103533064925branch=z9hG4bK17E73F627E008B7DD1BA9781branched=FALSEms-received-port=64925ms-received-cid=17E1900Via SIP20TLS 62751835452979branch=z9hG4bKCA90E804556B330F34BC5780branched=FALSEms-internal-info=afkix_jPgf9eKrv0dAeAfD9eWAbW2h2KPdnLFSAh056rkPM2tVTHia7AAAms-received-port=52979ms-received-cid=10E8400Via SIP20TLS 19216845552367branch=z9hG4bK15A5C8633E1ECDE0E4F3E784branched=FALSEms-received-port=52367ms-received-cid=1ACB00Max-Forwards 66Authentication-Info TLS-DSK qop=auth opaque=E0AD425F srand=B9CB62F8 snum=2907 rspauth=a5cc59202fce52f13ec1ab1679e6c6e669ebdea2 targetname=xsrvlync7participantlocal realm=SIP Communications Service version=4Content-Length 6245From ltsiporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgttag=74340080To ltsipthomaspoettparticipantcomgttag=0cc9ad836aepid=545cc1d9caCall-ID 2a414ec63e1542f193450dcb7751606aCSeq 11 INFOSupported ms-dialog-route-set-updateContent-Type applicationcccp+xmlms-edge-proxy-message-trust ms-source-type=DirectPartnerms-ep-fqdn=lyncedgepoolparticipantlocalms-source-network=federationms-source-verified-user=verified
- ltresponse xmlns=urnietfparamsxmlnscccpmscp=httpschemasmicrosoftcomrtc200508cccpextensionsmsci=httpschemasmicrosoftcomrtc200508confinfoextensionsci=urnietfparamsxmlnsconference-inforequestId=29C3PVersion=1from=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRto=sipthomaspoettparticipantcomresponder=siporganizersipdomcomgruuopaque=appconfdata-confidN9SPWGZRcode=successgt
- ltaddUsergtltconferenceKeys confEntity=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgt
+ ltuser xmlns=urnietfparamsxmlnsconference-infoentity=sipthomaspoettparticipantcomstate=fullgt
+ ltinfo xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt- ltconnection-info xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt
+ ltentrygt- ltentrygt
ltkeygtproxy[0]FQDNltkeygtltvaluegtwebconf-desipdomcomltvaluegt
- ltentrygt
Web Conferencing Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP INVITE to CONFERENCE
1 SIP INVITE to CONFERENCE
1 SIP
INV
ITE to
C
ON
FERE
NC
E2 SIP messages returnINFO with proxy[x]FQDN for WebConferencing
3 C
CC
P w
ith P
SOM
P
roto
col co
mm
un
icatio
n
to targe
t FQ
DN
CCCP is Microsoft proprietary
protocol supporting all relevant
features in Web Conferencing which
are
bull White Board
bull Polls
bull Q amp A
Note
Desktop Sharing is not part of CCCP
Principals on STUN and TURNbull Session Traversal Utilities for NAT (STUN) ndash This protocol basically
allows an ICE client which is located behind a firewall providing Network Address Translation to discover the public IP address as well as identify the type of NAT in use and then provide that IP to the other party as a potential candidate to send media to This IP would be assigned to the Internet-facing side of the NAT device which the client is located behind
bull Traversal Using Relays around NAT (TURN) ndash This protocol allows a dedicated ICE server to provide its own public IP address as a media candidate to one or both parties in a call and will act is a relay or proxy for the media session This IP would always be the Internet-facing public IP address (either assigned directly to the server interface or assigned to an external NAT-device)
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Topicsbull Simple URL deployment
bull MEET and DIALIN principals
bull Understanding SIP Access Edge Flow
bull Understanding Web Conferencing Flow
bull Principals on STUN and TURN(thanks to Jeff Schertz Polycom for his support)
bull Understanding AV Edge Flow
bull Advice for Geo Edge Deployments
bull Principals for CCE Deployments
GEO DNS and Geo native deployment
GEO DNS
bull would answer DNS queries based on the client source IP address
bull Allows flex deployment for all DNS name NOT for AV Edge
bull Requires external GEO DNS provide
Native DNS planningrsquosbull Native GEO deployment
required DNS location based plannings
bull Static location oriented DNS resolution
bull No additional service needed
Simple URL deployment
bull DIALIN URL ndash unique global URL(very suitable for ext GEO DNS)
bull LYNCDISCOVER ndash unique global URL(very suitable for ext GEO DNS)
bull MEET URL ndash global or localized URL
bull EXWEB URL ndash Pool Regional URL
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
dialinsipdomcom
meet-emeasipdomcom
web-emeasipdomcom
lyncdiscoversipdomcomRemote User
Federated User
meet-aseansipdomcom
web-aseansipdomcom
dialinsipdomcom
meet-emeasipdomcommeet-aseansipdomcom
dialinsipdomcom
lyncdiscoversipdomcom
dialinsipdomcom
meet-emeasipdomcom
meet-aseansipdomcom
Remote User
Federated User
MEET and DIALIN principals
Meeting URL can be customized based on Skype Site
$urlEntry = New-CsSimpleUrlEntry -Url httpsmeet-desipdomcom
$simpleUrl = New-CsSimpleUrl -Component meet -Domain
sipdomcom -SimpleUrlEntry $urlEntry -ActiveUrl httpsmeet-
desipdomcom
Set-CsSimpleUrlConfiguration -Identity siteGermany -SimpleUrl
Add=$simpleUrl
DIALIN URL must be part of the GLOBAL Skype Topology
bull Multiple DIALIN URLs are not supported
SIP Access Edge FlowThis GeoDNS would apply for internal and external services in the form of
GeoDNS record (example) Pool records (example) CNAME records (example) DNS settings (select one option)
Meet-intgeolbsipdomcom Pool1InternalWebFQDNsipdomcom
Pool2InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2InternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
Meet-extgeolbsipdomcom Pool1ExternalWebFQDNsipdomcom
Pool2ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2ExternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
SIPsipdomcom is targeted as DNS A record therefore is can only deliver a SINGLE IP Address (or multiple IP Addresses for single DNS LB Edge Pool)This donrsquot let differentiate and point to regional Edge Pools Single entry point to eg Federation
For a client logon failover scenario we MUST make use of weighted SRV records since we are not using GeoDNS
_SIP_TLSSIPDOMCOM 0 100 5061 EDGE-POOL-DESIPDOMCOM
_SIP_TLSSIPDOMCOM 0 200 5061 EDGE-POOL-SGSIPDOMCOM
_SIP_TLSSIPDOMCOM 0 300 5061 EDGE-POOL-CASIPDOMCOM
Web Conferencing FlowActivate eg White Board
What we identify if we run the ipconfig displaydns command is
webconfparticipantcom
----------------------------------------
Record Name webconfparticipantcom
Record Type 1
Time To Live 86003
Data Length 4
Section Answer
A (Host) Record 19514514090
The INVITE introducing the CCCP web Conferencing Protocol and the SPECIALSIP message INFO with the proxy[0]FQDNwhere the associated Web Conferencing Edge FQDN is submitted
Web Conferencing FlowINFO sip178251995455599transport=tlsms-opaque=0183d7bf32ms-received-cid=10D0400grid SIP20ms-user-logon-data RemoteUserVia SIP20TLS 109002443branch=z9hG4bKEAF3233D2FBACEB2D1BA9781branched=FALSEms-internal-info=dwS6aw8wD4GPdqiyfT1hDcuDW1DxwTOP-YWvnObIFnMKSyzrovJ1B9VwAAVia SIP20TLS 103532751966branch=z9hG4bK4E70787E486944BED6A5D784branched=FALSEms-received-port=51966ms-received-cid=10CCF00Via SIP20TLS 103533064925branch=z9hG4bK17E73F627E008B7DD1BA9781branched=FALSEms-received-port=64925ms-received-cid=17E1900Via SIP20TLS 62751835452979branch=z9hG4bKCA90E804556B330F34BC5780branched=FALSEms-internal-info=afkix_jPgf9eKrv0dAeAfD9eWAbW2h2KPdnLFSAh056rkPM2tVTHia7AAAms-received-port=52979ms-received-cid=10E8400Via SIP20TLS 19216845552367branch=z9hG4bK15A5C8633E1ECDE0E4F3E784branched=FALSEms-received-port=52367ms-received-cid=1ACB00Max-Forwards 66Authentication-Info TLS-DSK qop=auth opaque=E0AD425F srand=B9CB62F8 snum=2907 rspauth=a5cc59202fce52f13ec1ab1679e6c6e669ebdea2 targetname=xsrvlync7participantlocal realm=SIP Communications Service version=4Content-Length 6245From ltsiporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgttag=74340080To ltsipthomaspoettparticipantcomgttag=0cc9ad836aepid=545cc1d9caCall-ID 2a414ec63e1542f193450dcb7751606aCSeq 11 INFOSupported ms-dialog-route-set-updateContent-Type applicationcccp+xmlms-edge-proxy-message-trust ms-source-type=DirectPartnerms-ep-fqdn=lyncedgepoolparticipantlocalms-source-network=federationms-source-verified-user=verified
- ltresponse xmlns=urnietfparamsxmlnscccpmscp=httpschemasmicrosoftcomrtc200508cccpextensionsmsci=httpschemasmicrosoftcomrtc200508confinfoextensionsci=urnietfparamsxmlnsconference-inforequestId=29C3PVersion=1from=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRto=sipthomaspoettparticipantcomresponder=siporganizersipdomcomgruuopaque=appconfdata-confidN9SPWGZRcode=successgt
- ltaddUsergtltconferenceKeys confEntity=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgt
+ ltuser xmlns=urnietfparamsxmlnsconference-infoentity=sipthomaspoettparticipantcomstate=fullgt
+ ltinfo xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt- ltconnection-info xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt
+ ltentrygt- ltentrygt
ltkeygtproxy[0]FQDNltkeygtltvaluegtwebconf-desipdomcomltvaluegt
- ltentrygt
Web Conferencing Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP INVITE to CONFERENCE
1 SIP INVITE to CONFERENCE
1 SIP
INV
ITE to
C
ON
FERE
NC
E2 SIP messages returnINFO with proxy[x]FQDN for WebConferencing
3 C
CC
P w
ith P
SOM
P
roto
col co
mm
un
icatio
n
to targe
t FQ
DN
CCCP is Microsoft proprietary
protocol supporting all relevant
features in Web Conferencing which
are
bull White Board
bull Polls
bull Q amp A
Note
Desktop Sharing is not part of CCCP
Principals on STUN and TURNbull Session Traversal Utilities for NAT (STUN) ndash This protocol basically
allows an ICE client which is located behind a firewall providing Network Address Translation to discover the public IP address as well as identify the type of NAT in use and then provide that IP to the other party as a potential candidate to send media to This IP would be assigned to the Internet-facing side of the NAT device which the client is located behind
bull Traversal Using Relays around NAT (TURN) ndash This protocol allows a dedicated ICE server to provide its own public IP address as a media candidate to one or both parties in a call and will act is a relay or proxy for the media session This IP would always be the Internet-facing public IP address (either assigned directly to the server interface or assigned to an external NAT-device)
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
GEO DNS and Geo native deployment
GEO DNS
bull would answer DNS queries based on the client source IP address
bull Allows flex deployment for all DNS name NOT for AV Edge
bull Requires external GEO DNS provide
Native DNS planningrsquosbull Native GEO deployment
required DNS location based plannings
bull Static location oriented DNS resolution
bull No additional service needed
Simple URL deployment
bull DIALIN URL ndash unique global URL(very suitable for ext GEO DNS)
bull LYNCDISCOVER ndash unique global URL(very suitable for ext GEO DNS)
bull MEET URL ndash global or localized URL
bull EXWEB URL ndash Pool Regional URL
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
dialinsipdomcom
meet-emeasipdomcom
web-emeasipdomcom
lyncdiscoversipdomcomRemote User
Federated User
meet-aseansipdomcom
web-aseansipdomcom
dialinsipdomcom
meet-emeasipdomcommeet-aseansipdomcom
dialinsipdomcom
lyncdiscoversipdomcom
dialinsipdomcom
meet-emeasipdomcom
meet-aseansipdomcom
Remote User
Federated User
MEET and DIALIN principals
Meeting URL can be customized based on Skype Site
$urlEntry = New-CsSimpleUrlEntry -Url httpsmeet-desipdomcom
$simpleUrl = New-CsSimpleUrl -Component meet -Domain
sipdomcom -SimpleUrlEntry $urlEntry -ActiveUrl httpsmeet-
desipdomcom
Set-CsSimpleUrlConfiguration -Identity siteGermany -SimpleUrl
Add=$simpleUrl
DIALIN URL must be part of the GLOBAL Skype Topology
bull Multiple DIALIN URLs are not supported
SIP Access Edge FlowThis GeoDNS would apply for internal and external services in the form of
GeoDNS record (example) Pool records (example) CNAME records (example) DNS settings (select one option)
Meet-intgeolbsipdomcom Pool1InternalWebFQDNsipdomcom
Pool2InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2InternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
Meet-extgeolbsipdomcom Pool1ExternalWebFQDNsipdomcom
Pool2ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2ExternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
SIPsipdomcom is targeted as DNS A record therefore is can only deliver a SINGLE IP Address (or multiple IP Addresses for single DNS LB Edge Pool)This donrsquot let differentiate and point to regional Edge Pools Single entry point to eg Federation
For a client logon failover scenario we MUST make use of weighted SRV records since we are not using GeoDNS
_SIP_TLSSIPDOMCOM 0 100 5061 EDGE-POOL-DESIPDOMCOM
_SIP_TLSSIPDOMCOM 0 200 5061 EDGE-POOL-SGSIPDOMCOM
_SIP_TLSSIPDOMCOM 0 300 5061 EDGE-POOL-CASIPDOMCOM
Web Conferencing FlowActivate eg White Board
What we identify if we run the ipconfig displaydns command is
webconfparticipantcom
----------------------------------------
Record Name webconfparticipantcom
Record Type 1
Time To Live 86003
Data Length 4
Section Answer
A (Host) Record 19514514090
The INVITE introducing the CCCP web Conferencing Protocol and the SPECIALSIP message INFO with the proxy[0]FQDNwhere the associated Web Conferencing Edge FQDN is submitted
Web Conferencing FlowINFO sip178251995455599transport=tlsms-opaque=0183d7bf32ms-received-cid=10D0400grid SIP20ms-user-logon-data RemoteUserVia SIP20TLS 109002443branch=z9hG4bKEAF3233D2FBACEB2D1BA9781branched=FALSEms-internal-info=dwS6aw8wD4GPdqiyfT1hDcuDW1DxwTOP-YWvnObIFnMKSyzrovJ1B9VwAAVia SIP20TLS 103532751966branch=z9hG4bK4E70787E486944BED6A5D784branched=FALSEms-received-port=51966ms-received-cid=10CCF00Via SIP20TLS 103533064925branch=z9hG4bK17E73F627E008B7DD1BA9781branched=FALSEms-received-port=64925ms-received-cid=17E1900Via SIP20TLS 62751835452979branch=z9hG4bKCA90E804556B330F34BC5780branched=FALSEms-internal-info=afkix_jPgf9eKrv0dAeAfD9eWAbW2h2KPdnLFSAh056rkPM2tVTHia7AAAms-received-port=52979ms-received-cid=10E8400Via SIP20TLS 19216845552367branch=z9hG4bK15A5C8633E1ECDE0E4F3E784branched=FALSEms-received-port=52367ms-received-cid=1ACB00Max-Forwards 66Authentication-Info TLS-DSK qop=auth opaque=E0AD425F srand=B9CB62F8 snum=2907 rspauth=a5cc59202fce52f13ec1ab1679e6c6e669ebdea2 targetname=xsrvlync7participantlocal realm=SIP Communications Service version=4Content-Length 6245From ltsiporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgttag=74340080To ltsipthomaspoettparticipantcomgttag=0cc9ad836aepid=545cc1d9caCall-ID 2a414ec63e1542f193450dcb7751606aCSeq 11 INFOSupported ms-dialog-route-set-updateContent-Type applicationcccp+xmlms-edge-proxy-message-trust ms-source-type=DirectPartnerms-ep-fqdn=lyncedgepoolparticipantlocalms-source-network=federationms-source-verified-user=verified
- ltresponse xmlns=urnietfparamsxmlnscccpmscp=httpschemasmicrosoftcomrtc200508cccpextensionsmsci=httpschemasmicrosoftcomrtc200508confinfoextensionsci=urnietfparamsxmlnsconference-inforequestId=29C3PVersion=1from=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRto=sipthomaspoettparticipantcomresponder=siporganizersipdomcomgruuopaque=appconfdata-confidN9SPWGZRcode=successgt
- ltaddUsergtltconferenceKeys confEntity=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgt
+ ltuser xmlns=urnietfparamsxmlnsconference-infoentity=sipthomaspoettparticipantcomstate=fullgt
+ ltinfo xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt- ltconnection-info xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt
+ ltentrygt- ltentrygt
ltkeygtproxy[0]FQDNltkeygtltvaluegtwebconf-desipdomcomltvaluegt
- ltentrygt
Web Conferencing Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP INVITE to CONFERENCE
1 SIP INVITE to CONFERENCE
1 SIP
INV
ITE to
C
ON
FERE
NC
E2 SIP messages returnINFO with proxy[x]FQDN for WebConferencing
3 C
CC
P w
ith P
SOM
P
roto
col co
mm
un
icatio
n
to targe
t FQ
DN
CCCP is Microsoft proprietary
protocol supporting all relevant
features in Web Conferencing which
are
bull White Board
bull Polls
bull Q amp A
Note
Desktop Sharing is not part of CCCP
Principals on STUN and TURNbull Session Traversal Utilities for NAT (STUN) ndash This protocol basically
allows an ICE client which is located behind a firewall providing Network Address Translation to discover the public IP address as well as identify the type of NAT in use and then provide that IP to the other party as a potential candidate to send media to This IP would be assigned to the Internet-facing side of the NAT device which the client is located behind
bull Traversal Using Relays around NAT (TURN) ndash This protocol allows a dedicated ICE server to provide its own public IP address as a media candidate to one or both parties in a call and will act is a relay or proxy for the media session This IP would always be the Internet-facing public IP address (either assigned directly to the server interface or assigned to an external NAT-device)
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Simple URL deployment
bull DIALIN URL ndash unique global URL(very suitable for ext GEO DNS)
bull LYNCDISCOVER ndash unique global URL(very suitable for ext GEO DNS)
bull MEET URL ndash global or localized URL
bull EXWEB URL ndash Pool Regional URL
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
dialinsipdomcom
meet-emeasipdomcom
web-emeasipdomcom
lyncdiscoversipdomcomRemote User
Federated User
meet-aseansipdomcom
web-aseansipdomcom
dialinsipdomcom
meet-emeasipdomcommeet-aseansipdomcom
dialinsipdomcom
lyncdiscoversipdomcom
dialinsipdomcom
meet-emeasipdomcom
meet-aseansipdomcom
Remote User
Federated User
MEET and DIALIN principals
Meeting URL can be customized based on Skype Site
$urlEntry = New-CsSimpleUrlEntry -Url httpsmeet-desipdomcom
$simpleUrl = New-CsSimpleUrl -Component meet -Domain
sipdomcom -SimpleUrlEntry $urlEntry -ActiveUrl httpsmeet-
desipdomcom
Set-CsSimpleUrlConfiguration -Identity siteGermany -SimpleUrl
Add=$simpleUrl
DIALIN URL must be part of the GLOBAL Skype Topology
bull Multiple DIALIN URLs are not supported
SIP Access Edge FlowThis GeoDNS would apply for internal and external services in the form of
GeoDNS record (example) Pool records (example) CNAME records (example) DNS settings (select one option)
Meet-intgeolbsipdomcom Pool1InternalWebFQDNsipdomcom
Pool2InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2InternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
Meet-extgeolbsipdomcom Pool1ExternalWebFQDNsipdomcom
Pool2ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2ExternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
SIPsipdomcom is targeted as DNS A record therefore is can only deliver a SINGLE IP Address (or multiple IP Addresses for single DNS LB Edge Pool)This donrsquot let differentiate and point to regional Edge Pools Single entry point to eg Federation
For a client logon failover scenario we MUST make use of weighted SRV records since we are not using GeoDNS
_SIP_TLSSIPDOMCOM 0 100 5061 EDGE-POOL-DESIPDOMCOM
_SIP_TLSSIPDOMCOM 0 200 5061 EDGE-POOL-SGSIPDOMCOM
_SIP_TLSSIPDOMCOM 0 300 5061 EDGE-POOL-CASIPDOMCOM
Web Conferencing FlowActivate eg White Board
What we identify if we run the ipconfig displaydns command is
webconfparticipantcom
----------------------------------------
Record Name webconfparticipantcom
Record Type 1
Time To Live 86003
Data Length 4
Section Answer
A (Host) Record 19514514090
The INVITE introducing the CCCP web Conferencing Protocol and the SPECIALSIP message INFO with the proxy[0]FQDNwhere the associated Web Conferencing Edge FQDN is submitted
Web Conferencing FlowINFO sip178251995455599transport=tlsms-opaque=0183d7bf32ms-received-cid=10D0400grid SIP20ms-user-logon-data RemoteUserVia SIP20TLS 109002443branch=z9hG4bKEAF3233D2FBACEB2D1BA9781branched=FALSEms-internal-info=dwS6aw8wD4GPdqiyfT1hDcuDW1DxwTOP-YWvnObIFnMKSyzrovJ1B9VwAAVia SIP20TLS 103532751966branch=z9hG4bK4E70787E486944BED6A5D784branched=FALSEms-received-port=51966ms-received-cid=10CCF00Via SIP20TLS 103533064925branch=z9hG4bK17E73F627E008B7DD1BA9781branched=FALSEms-received-port=64925ms-received-cid=17E1900Via SIP20TLS 62751835452979branch=z9hG4bKCA90E804556B330F34BC5780branched=FALSEms-internal-info=afkix_jPgf9eKrv0dAeAfD9eWAbW2h2KPdnLFSAh056rkPM2tVTHia7AAAms-received-port=52979ms-received-cid=10E8400Via SIP20TLS 19216845552367branch=z9hG4bK15A5C8633E1ECDE0E4F3E784branched=FALSEms-received-port=52367ms-received-cid=1ACB00Max-Forwards 66Authentication-Info TLS-DSK qop=auth opaque=E0AD425F srand=B9CB62F8 snum=2907 rspauth=a5cc59202fce52f13ec1ab1679e6c6e669ebdea2 targetname=xsrvlync7participantlocal realm=SIP Communications Service version=4Content-Length 6245From ltsiporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgttag=74340080To ltsipthomaspoettparticipantcomgttag=0cc9ad836aepid=545cc1d9caCall-ID 2a414ec63e1542f193450dcb7751606aCSeq 11 INFOSupported ms-dialog-route-set-updateContent-Type applicationcccp+xmlms-edge-proxy-message-trust ms-source-type=DirectPartnerms-ep-fqdn=lyncedgepoolparticipantlocalms-source-network=federationms-source-verified-user=verified
- ltresponse xmlns=urnietfparamsxmlnscccpmscp=httpschemasmicrosoftcomrtc200508cccpextensionsmsci=httpschemasmicrosoftcomrtc200508confinfoextensionsci=urnietfparamsxmlnsconference-inforequestId=29C3PVersion=1from=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRto=sipthomaspoettparticipantcomresponder=siporganizersipdomcomgruuopaque=appconfdata-confidN9SPWGZRcode=successgt
- ltaddUsergtltconferenceKeys confEntity=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgt
+ ltuser xmlns=urnietfparamsxmlnsconference-infoentity=sipthomaspoettparticipantcomstate=fullgt
+ ltinfo xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt- ltconnection-info xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt
+ ltentrygt- ltentrygt
ltkeygtproxy[0]FQDNltkeygtltvaluegtwebconf-desipdomcomltvaluegt
- ltentrygt
Web Conferencing Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP INVITE to CONFERENCE
1 SIP INVITE to CONFERENCE
1 SIP
INV
ITE to
C
ON
FERE
NC
E2 SIP messages returnINFO with proxy[x]FQDN for WebConferencing
3 C
CC
P w
ith P
SOM
P
roto
col co
mm
un
icatio
n
to targe
t FQ
DN
CCCP is Microsoft proprietary
protocol supporting all relevant
features in Web Conferencing which
are
bull White Board
bull Polls
bull Q amp A
Note
Desktop Sharing is not part of CCCP
Principals on STUN and TURNbull Session Traversal Utilities for NAT (STUN) ndash This protocol basically
allows an ICE client which is located behind a firewall providing Network Address Translation to discover the public IP address as well as identify the type of NAT in use and then provide that IP to the other party as a potential candidate to send media to This IP would be assigned to the Internet-facing side of the NAT device which the client is located behind
bull Traversal Using Relays around NAT (TURN) ndash This protocol allows a dedicated ICE server to provide its own public IP address as a media candidate to one or both parties in a call and will act is a relay or proxy for the media session This IP would always be the Internet-facing public IP address (either assigned directly to the server interface or assigned to an external NAT-device)
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
MEET and DIALIN principals
Meeting URL can be customized based on Skype Site
$urlEntry = New-CsSimpleUrlEntry -Url httpsmeet-desipdomcom
$simpleUrl = New-CsSimpleUrl -Component meet -Domain
sipdomcom -SimpleUrlEntry $urlEntry -ActiveUrl httpsmeet-
desipdomcom
Set-CsSimpleUrlConfiguration -Identity siteGermany -SimpleUrl
Add=$simpleUrl
DIALIN URL must be part of the GLOBAL Skype Topology
bull Multiple DIALIN URLs are not supported
SIP Access Edge FlowThis GeoDNS would apply for internal and external services in the form of
GeoDNS record (example) Pool records (example) CNAME records (example) DNS settings (select one option)
Meet-intgeolbsipdomcom Pool1InternalWebFQDNsipdomcom
Pool2InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2InternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
Meet-extgeolbsipdomcom Pool1ExternalWebFQDNsipdomcom
Pool2ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2ExternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
SIPsipdomcom is targeted as DNS A record therefore is can only deliver a SINGLE IP Address (or multiple IP Addresses for single DNS LB Edge Pool)This donrsquot let differentiate and point to regional Edge Pools Single entry point to eg Federation
For a client logon failover scenario we MUST make use of weighted SRV records since we are not using GeoDNS
_SIP_TLSSIPDOMCOM 0 100 5061 EDGE-POOL-DESIPDOMCOM
_SIP_TLSSIPDOMCOM 0 200 5061 EDGE-POOL-SGSIPDOMCOM
_SIP_TLSSIPDOMCOM 0 300 5061 EDGE-POOL-CASIPDOMCOM
Web Conferencing FlowActivate eg White Board
What we identify if we run the ipconfig displaydns command is
webconfparticipantcom
----------------------------------------
Record Name webconfparticipantcom
Record Type 1
Time To Live 86003
Data Length 4
Section Answer
A (Host) Record 19514514090
The INVITE introducing the CCCP web Conferencing Protocol and the SPECIALSIP message INFO with the proxy[0]FQDNwhere the associated Web Conferencing Edge FQDN is submitted
Web Conferencing FlowINFO sip178251995455599transport=tlsms-opaque=0183d7bf32ms-received-cid=10D0400grid SIP20ms-user-logon-data RemoteUserVia SIP20TLS 109002443branch=z9hG4bKEAF3233D2FBACEB2D1BA9781branched=FALSEms-internal-info=dwS6aw8wD4GPdqiyfT1hDcuDW1DxwTOP-YWvnObIFnMKSyzrovJ1B9VwAAVia SIP20TLS 103532751966branch=z9hG4bK4E70787E486944BED6A5D784branched=FALSEms-received-port=51966ms-received-cid=10CCF00Via SIP20TLS 103533064925branch=z9hG4bK17E73F627E008B7DD1BA9781branched=FALSEms-received-port=64925ms-received-cid=17E1900Via SIP20TLS 62751835452979branch=z9hG4bKCA90E804556B330F34BC5780branched=FALSEms-internal-info=afkix_jPgf9eKrv0dAeAfD9eWAbW2h2KPdnLFSAh056rkPM2tVTHia7AAAms-received-port=52979ms-received-cid=10E8400Via SIP20TLS 19216845552367branch=z9hG4bK15A5C8633E1ECDE0E4F3E784branched=FALSEms-received-port=52367ms-received-cid=1ACB00Max-Forwards 66Authentication-Info TLS-DSK qop=auth opaque=E0AD425F srand=B9CB62F8 snum=2907 rspauth=a5cc59202fce52f13ec1ab1679e6c6e669ebdea2 targetname=xsrvlync7participantlocal realm=SIP Communications Service version=4Content-Length 6245From ltsiporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgttag=74340080To ltsipthomaspoettparticipantcomgttag=0cc9ad836aepid=545cc1d9caCall-ID 2a414ec63e1542f193450dcb7751606aCSeq 11 INFOSupported ms-dialog-route-set-updateContent-Type applicationcccp+xmlms-edge-proxy-message-trust ms-source-type=DirectPartnerms-ep-fqdn=lyncedgepoolparticipantlocalms-source-network=federationms-source-verified-user=verified
- ltresponse xmlns=urnietfparamsxmlnscccpmscp=httpschemasmicrosoftcomrtc200508cccpextensionsmsci=httpschemasmicrosoftcomrtc200508confinfoextensionsci=urnietfparamsxmlnsconference-inforequestId=29C3PVersion=1from=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRto=sipthomaspoettparticipantcomresponder=siporganizersipdomcomgruuopaque=appconfdata-confidN9SPWGZRcode=successgt
- ltaddUsergtltconferenceKeys confEntity=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgt
+ ltuser xmlns=urnietfparamsxmlnsconference-infoentity=sipthomaspoettparticipantcomstate=fullgt
+ ltinfo xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt- ltconnection-info xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt
+ ltentrygt- ltentrygt
ltkeygtproxy[0]FQDNltkeygtltvaluegtwebconf-desipdomcomltvaluegt
- ltentrygt
Web Conferencing Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP INVITE to CONFERENCE
1 SIP INVITE to CONFERENCE
1 SIP
INV
ITE to
C
ON
FERE
NC
E2 SIP messages returnINFO with proxy[x]FQDN for WebConferencing
3 C
CC
P w
ith P
SOM
P
roto
col co
mm
un
icatio
n
to targe
t FQ
DN
CCCP is Microsoft proprietary
protocol supporting all relevant
features in Web Conferencing which
are
bull White Board
bull Polls
bull Q amp A
Note
Desktop Sharing is not part of CCCP
Principals on STUN and TURNbull Session Traversal Utilities for NAT (STUN) ndash This protocol basically
allows an ICE client which is located behind a firewall providing Network Address Translation to discover the public IP address as well as identify the type of NAT in use and then provide that IP to the other party as a potential candidate to send media to This IP would be assigned to the Internet-facing side of the NAT device which the client is located behind
bull Traversal Using Relays around NAT (TURN) ndash This protocol allows a dedicated ICE server to provide its own public IP address as a media candidate to one or both parties in a call and will act is a relay or proxy for the media session This IP would always be the Internet-facing public IP address (either assigned directly to the server interface or assigned to an external NAT-device)
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
SIP Access Edge FlowThis GeoDNS would apply for internal and external services in the form of
GeoDNS record (example) Pool records (example) CNAME records (example) DNS settings (select one option)
Meet-intgeolbsipdomcom Pool1InternalWebFQDNsipdomcom
Pool2InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1InternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2InternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
Meet-extgeolbsipdomcom Pool1ExternalWebFQDNsipdomcom
Pool2ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool1ExternalWebFQDNsipdomcom
Meetsipdomcom alias to
Pool2ExternalWebFQDNsipdomcom
Round Robin between pools
Use primary connect to secondary if
failure
SIPsipdomcom is targeted as DNS A record therefore is can only deliver a SINGLE IP Address (or multiple IP Addresses for single DNS LB Edge Pool)This donrsquot let differentiate and point to regional Edge Pools Single entry point to eg Federation
For a client logon failover scenario we MUST make use of weighted SRV records since we are not using GeoDNS
_SIP_TLSSIPDOMCOM 0 100 5061 EDGE-POOL-DESIPDOMCOM
_SIP_TLSSIPDOMCOM 0 200 5061 EDGE-POOL-SGSIPDOMCOM
_SIP_TLSSIPDOMCOM 0 300 5061 EDGE-POOL-CASIPDOMCOM
Web Conferencing FlowActivate eg White Board
What we identify if we run the ipconfig displaydns command is
webconfparticipantcom
----------------------------------------
Record Name webconfparticipantcom
Record Type 1
Time To Live 86003
Data Length 4
Section Answer
A (Host) Record 19514514090
The INVITE introducing the CCCP web Conferencing Protocol and the SPECIALSIP message INFO with the proxy[0]FQDNwhere the associated Web Conferencing Edge FQDN is submitted
Web Conferencing FlowINFO sip178251995455599transport=tlsms-opaque=0183d7bf32ms-received-cid=10D0400grid SIP20ms-user-logon-data RemoteUserVia SIP20TLS 109002443branch=z9hG4bKEAF3233D2FBACEB2D1BA9781branched=FALSEms-internal-info=dwS6aw8wD4GPdqiyfT1hDcuDW1DxwTOP-YWvnObIFnMKSyzrovJ1B9VwAAVia SIP20TLS 103532751966branch=z9hG4bK4E70787E486944BED6A5D784branched=FALSEms-received-port=51966ms-received-cid=10CCF00Via SIP20TLS 103533064925branch=z9hG4bK17E73F627E008B7DD1BA9781branched=FALSEms-received-port=64925ms-received-cid=17E1900Via SIP20TLS 62751835452979branch=z9hG4bKCA90E804556B330F34BC5780branched=FALSEms-internal-info=afkix_jPgf9eKrv0dAeAfD9eWAbW2h2KPdnLFSAh056rkPM2tVTHia7AAAms-received-port=52979ms-received-cid=10E8400Via SIP20TLS 19216845552367branch=z9hG4bK15A5C8633E1ECDE0E4F3E784branched=FALSEms-received-port=52367ms-received-cid=1ACB00Max-Forwards 66Authentication-Info TLS-DSK qop=auth opaque=E0AD425F srand=B9CB62F8 snum=2907 rspauth=a5cc59202fce52f13ec1ab1679e6c6e669ebdea2 targetname=xsrvlync7participantlocal realm=SIP Communications Service version=4Content-Length 6245From ltsiporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgttag=74340080To ltsipthomaspoettparticipantcomgttag=0cc9ad836aepid=545cc1d9caCall-ID 2a414ec63e1542f193450dcb7751606aCSeq 11 INFOSupported ms-dialog-route-set-updateContent-Type applicationcccp+xmlms-edge-proxy-message-trust ms-source-type=DirectPartnerms-ep-fqdn=lyncedgepoolparticipantlocalms-source-network=federationms-source-verified-user=verified
- ltresponse xmlns=urnietfparamsxmlnscccpmscp=httpschemasmicrosoftcomrtc200508cccpextensionsmsci=httpschemasmicrosoftcomrtc200508confinfoextensionsci=urnietfparamsxmlnsconference-inforequestId=29C3PVersion=1from=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRto=sipthomaspoettparticipantcomresponder=siporganizersipdomcomgruuopaque=appconfdata-confidN9SPWGZRcode=successgt
- ltaddUsergtltconferenceKeys confEntity=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgt
+ ltuser xmlns=urnietfparamsxmlnsconference-infoentity=sipthomaspoettparticipantcomstate=fullgt
+ ltinfo xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt- ltconnection-info xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt
+ ltentrygt- ltentrygt
ltkeygtproxy[0]FQDNltkeygtltvaluegtwebconf-desipdomcomltvaluegt
- ltentrygt
Web Conferencing Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP INVITE to CONFERENCE
1 SIP INVITE to CONFERENCE
1 SIP
INV
ITE to
C
ON
FERE
NC
E2 SIP messages returnINFO with proxy[x]FQDN for WebConferencing
3 C
CC
P w
ith P
SOM
P
roto
col co
mm
un
icatio
n
to targe
t FQ
DN
CCCP is Microsoft proprietary
protocol supporting all relevant
features in Web Conferencing which
are
bull White Board
bull Polls
bull Q amp A
Note
Desktop Sharing is not part of CCCP
Principals on STUN and TURNbull Session Traversal Utilities for NAT (STUN) ndash This protocol basically
allows an ICE client which is located behind a firewall providing Network Address Translation to discover the public IP address as well as identify the type of NAT in use and then provide that IP to the other party as a potential candidate to send media to This IP would be assigned to the Internet-facing side of the NAT device which the client is located behind
bull Traversal Using Relays around NAT (TURN) ndash This protocol allows a dedicated ICE server to provide its own public IP address as a media candidate to one or both parties in a call and will act is a relay or proxy for the media session This IP would always be the Internet-facing public IP address (either assigned directly to the server interface or assigned to an external NAT-device)
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Web Conferencing FlowActivate eg White Board
What we identify if we run the ipconfig displaydns command is
webconfparticipantcom
----------------------------------------
Record Name webconfparticipantcom
Record Type 1
Time To Live 86003
Data Length 4
Section Answer
A (Host) Record 19514514090
The INVITE introducing the CCCP web Conferencing Protocol and the SPECIALSIP message INFO with the proxy[0]FQDNwhere the associated Web Conferencing Edge FQDN is submitted
Web Conferencing FlowINFO sip178251995455599transport=tlsms-opaque=0183d7bf32ms-received-cid=10D0400grid SIP20ms-user-logon-data RemoteUserVia SIP20TLS 109002443branch=z9hG4bKEAF3233D2FBACEB2D1BA9781branched=FALSEms-internal-info=dwS6aw8wD4GPdqiyfT1hDcuDW1DxwTOP-YWvnObIFnMKSyzrovJ1B9VwAAVia SIP20TLS 103532751966branch=z9hG4bK4E70787E486944BED6A5D784branched=FALSEms-received-port=51966ms-received-cid=10CCF00Via SIP20TLS 103533064925branch=z9hG4bK17E73F627E008B7DD1BA9781branched=FALSEms-received-port=64925ms-received-cid=17E1900Via SIP20TLS 62751835452979branch=z9hG4bKCA90E804556B330F34BC5780branched=FALSEms-internal-info=afkix_jPgf9eKrv0dAeAfD9eWAbW2h2KPdnLFSAh056rkPM2tVTHia7AAAms-received-port=52979ms-received-cid=10E8400Via SIP20TLS 19216845552367branch=z9hG4bK15A5C8633E1ECDE0E4F3E784branched=FALSEms-received-port=52367ms-received-cid=1ACB00Max-Forwards 66Authentication-Info TLS-DSK qop=auth opaque=E0AD425F srand=B9CB62F8 snum=2907 rspauth=a5cc59202fce52f13ec1ab1679e6c6e669ebdea2 targetname=xsrvlync7participantlocal realm=SIP Communications Service version=4Content-Length 6245From ltsiporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgttag=74340080To ltsipthomaspoettparticipantcomgttag=0cc9ad836aepid=545cc1d9caCall-ID 2a414ec63e1542f193450dcb7751606aCSeq 11 INFOSupported ms-dialog-route-set-updateContent-Type applicationcccp+xmlms-edge-proxy-message-trust ms-source-type=DirectPartnerms-ep-fqdn=lyncedgepoolparticipantlocalms-source-network=federationms-source-verified-user=verified
- ltresponse xmlns=urnietfparamsxmlnscccpmscp=httpschemasmicrosoftcomrtc200508cccpextensionsmsci=httpschemasmicrosoftcomrtc200508confinfoextensionsci=urnietfparamsxmlnsconference-inforequestId=29C3PVersion=1from=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRto=sipthomaspoettparticipantcomresponder=siporganizersipdomcomgruuopaque=appconfdata-confidN9SPWGZRcode=successgt
- ltaddUsergtltconferenceKeys confEntity=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgt
+ ltuser xmlns=urnietfparamsxmlnsconference-infoentity=sipthomaspoettparticipantcomstate=fullgt
+ ltinfo xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt- ltconnection-info xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt
+ ltentrygt- ltentrygt
ltkeygtproxy[0]FQDNltkeygtltvaluegtwebconf-desipdomcomltvaluegt
- ltentrygt
Web Conferencing Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP INVITE to CONFERENCE
1 SIP INVITE to CONFERENCE
1 SIP
INV
ITE to
C
ON
FERE
NC
E2 SIP messages returnINFO with proxy[x]FQDN for WebConferencing
3 C
CC
P w
ith P
SOM
P
roto
col co
mm
un
icatio
n
to targe
t FQ
DN
CCCP is Microsoft proprietary
protocol supporting all relevant
features in Web Conferencing which
are
bull White Board
bull Polls
bull Q amp A
Note
Desktop Sharing is not part of CCCP
Principals on STUN and TURNbull Session Traversal Utilities for NAT (STUN) ndash This protocol basically
allows an ICE client which is located behind a firewall providing Network Address Translation to discover the public IP address as well as identify the type of NAT in use and then provide that IP to the other party as a potential candidate to send media to This IP would be assigned to the Internet-facing side of the NAT device which the client is located behind
bull Traversal Using Relays around NAT (TURN) ndash This protocol allows a dedicated ICE server to provide its own public IP address as a media candidate to one or both parties in a call and will act is a relay or proxy for the media session This IP would always be the Internet-facing public IP address (either assigned directly to the server interface or assigned to an external NAT-device)
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Web Conferencing FlowINFO sip178251995455599transport=tlsms-opaque=0183d7bf32ms-received-cid=10D0400grid SIP20ms-user-logon-data RemoteUserVia SIP20TLS 109002443branch=z9hG4bKEAF3233D2FBACEB2D1BA9781branched=FALSEms-internal-info=dwS6aw8wD4GPdqiyfT1hDcuDW1DxwTOP-YWvnObIFnMKSyzrovJ1B9VwAAVia SIP20TLS 103532751966branch=z9hG4bK4E70787E486944BED6A5D784branched=FALSEms-received-port=51966ms-received-cid=10CCF00Via SIP20TLS 103533064925branch=z9hG4bK17E73F627E008B7DD1BA9781branched=FALSEms-received-port=64925ms-received-cid=17E1900Via SIP20TLS 62751835452979branch=z9hG4bKCA90E804556B330F34BC5780branched=FALSEms-internal-info=afkix_jPgf9eKrv0dAeAfD9eWAbW2h2KPdnLFSAh056rkPM2tVTHia7AAAms-received-port=52979ms-received-cid=10E8400Via SIP20TLS 19216845552367branch=z9hG4bK15A5C8633E1ECDE0E4F3E784branched=FALSEms-received-port=52367ms-received-cid=1ACB00Max-Forwards 66Authentication-Info TLS-DSK qop=auth opaque=E0AD425F srand=B9CB62F8 snum=2907 rspauth=a5cc59202fce52f13ec1ab1679e6c6e669ebdea2 targetname=xsrvlync7participantlocal realm=SIP Communications Service version=4Content-Length 6245From ltsiporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgttag=74340080To ltsipthomaspoettparticipantcomgttag=0cc9ad836aepid=545cc1d9caCall-ID 2a414ec63e1542f193450dcb7751606aCSeq 11 INFOSupported ms-dialog-route-set-updateContent-Type applicationcccp+xmlms-edge-proxy-message-trust ms-source-type=DirectPartnerms-ep-fqdn=lyncedgepoolparticipantlocalms-source-network=federationms-source-verified-user=verified
- ltresponse xmlns=urnietfparamsxmlnscccpmscp=httpschemasmicrosoftcomrtc200508cccpextensionsmsci=httpschemasmicrosoftcomrtc200508confinfoextensionsci=urnietfparamsxmlnsconference-inforequestId=29C3PVersion=1from=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRto=sipthomaspoettparticipantcomresponder=siporganizersipdomcomgruuopaque=appconfdata-confidN9SPWGZRcode=successgt
- ltaddUsergtltconferenceKeys confEntity=siporganizersipdomcomgruuopaque=appconffocusidN9SPWGZRgt
+ ltuser xmlns=urnietfparamsxmlnsconference-infoentity=sipthomaspoettparticipantcomstate=fullgt
+ ltinfo xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt- ltconnection-info xmlns=httpschemasmicrosoftcomrtc200508cccpextensionsgt
+ ltentrygt- ltentrygt
ltkeygtproxy[0]FQDNltkeygtltvaluegtwebconf-desipdomcomltvaluegt
- ltentrygt
Web Conferencing Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP INVITE to CONFERENCE
1 SIP INVITE to CONFERENCE
1 SIP
INV
ITE to
C
ON
FERE
NC
E2 SIP messages returnINFO with proxy[x]FQDN for WebConferencing
3 C
CC
P w
ith P
SOM
P
roto
col co
mm
un
icatio
n
to targe
t FQ
DN
CCCP is Microsoft proprietary
protocol supporting all relevant
features in Web Conferencing which
are
bull White Board
bull Polls
bull Q amp A
Note
Desktop Sharing is not part of CCCP
Principals on STUN and TURNbull Session Traversal Utilities for NAT (STUN) ndash This protocol basically
allows an ICE client which is located behind a firewall providing Network Address Translation to discover the public IP address as well as identify the type of NAT in use and then provide that IP to the other party as a potential candidate to send media to This IP would be assigned to the Internet-facing side of the NAT device which the client is located behind
bull Traversal Using Relays around NAT (TURN) ndash This protocol allows a dedicated ICE server to provide its own public IP address as a media candidate to one or both parties in a call and will act is a relay or proxy for the media session This IP would always be the Internet-facing public IP address (either assigned directly to the server interface or assigned to an external NAT-device)
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Web Conferencing Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP INVITE to CONFERENCE
1 SIP INVITE to CONFERENCE
1 SIP
INV
ITE to
C
ON
FERE
NC
E2 SIP messages returnINFO with proxy[x]FQDN for WebConferencing
3 C
CC
P w
ith P
SOM
P
roto
col co
mm
un
icatio
n
to targe
t FQ
DN
CCCP is Microsoft proprietary
protocol supporting all relevant
features in Web Conferencing which
are
bull White Board
bull Polls
bull Q amp A
Note
Desktop Sharing is not part of CCCP
Principals on STUN and TURNbull Session Traversal Utilities for NAT (STUN) ndash This protocol basically
allows an ICE client which is located behind a firewall providing Network Address Translation to discover the public IP address as well as identify the type of NAT in use and then provide that IP to the other party as a potential candidate to send media to This IP would be assigned to the Internet-facing side of the NAT device which the client is located behind
bull Traversal Using Relays around NAT (TURN) ndash This protocol allows a dedicated ICE server to provide its own public IP address as a media candidate to one or both parties in a call and will act is a relay or proxy for the media session This IP would always be the Internet-facing public IP address (either assigned directly to the server interface or assigned to an external NAT-device)
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Principals on STUN and TURNbull Session Traversal Utilities for NAT (STUN) ndash This protocol basically
allows an ICE client which is located behind a firewall providing Network Address Translation to discover the public IP address as well as identify the type of NAT in use and then provide that IP to the other party as a potential candidate to send media to This IP would be assigned to the Internet-facing side of the NAT device which the client is located behind
bull Traversal Using Relays around NAT (TURN) ndash This protocol allows a dedicated ICE server to provide its own public IP address as a media candidate to one or both parties in a call and will act is a relay or proxy for the media session This IP would always be the Internet-facing public IP address (either assigned directly to the server interface or assigned to an external NAT-device)
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Principals on STUN and TURNbull Host or Local Candidate ndash Local client IP is used for direct-2-direct
communication
bull Reflexive or STUN Candidate ndash The public IP address assigned to the clientrsquos local firewall perform network address translation
bull Relay or TURN Candidate ndash The publically accessible IP address assigned to the media relay server which is allocated to the client In Skype Server this is the public IP address assigned either directly to the external AV Edge interface or the public IP address allocated to a NAT device (eg firewall)
Note TRUN makes it explainable why the Public IP address assigned to Edge AV must be provided in Topology (ICE)
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Candidate Exchange (SDP) ndashremote client
Local host UDP IPv4 addressa=candidate1 1 UDP 2130706431 192168016 10668 typ host a=candidate1 2 UDP 2130705918 192168016 10669 typ host
Local host UDP IPv6 addressa=x-candidate-ipv62 1 UDP 2130705919 fd00265bcbfb92d8122961203dafd3 15206 typ host a=x-candidate-ipv62 2 UDP 2130705406 fd00265bcbfb92d8122961203dafd3 15207 typ host a=x-candidate-ipv63 1 UDP 33553407 200105ef579fd34ae19fd4de58658 23084 typ host a=x-candidate-ipv63 2 UDP 33552894 200105ef579fd34ae19fd4de58658 23085 typ host
Local host TCP-PASS IPv4 addressEdge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate4 1 TCP-PASS 174455295 19514514092 54427 typ relay raddr 17826121167 rport 11603a=candidate4 2 TCP-PASS 174454782 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host UDP IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate5 1 UDP 184547327 19514514092 57962 typ relay raddr 17826121167 rport 6098 a=candidate5 2 UDP 184546814 19514514092 51825 typ relay raddr 17826121167 rport 6099
Local host UDP IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate6 1 UDP 1694234111 17826121167 6098 typ srflx raddr 192168016 rport 6098 a=candidate6 2 UDP 1694233598 17826121167 6099 typ srflx raddr 192168016 rport 6099
Local host TCP-ACT IPv4 address (relay raddr)Edge AV ext IP=19514514092 ndash local NAT device ext IP=17826121167a=candidate7 1 TCP-ACT 174846975 19514514092 54427 typ relay raddr 17826121167 rport 11603 a=candidate7 2 TCP-ACT 174846462 19514514092 54427 typ relay raddr 17826121167 rport 11603
Local host TCP-ACT IPv4 address (srflx raddr)NAT device ext IP=17826121167 ndash local client IP=192168016a=candidate8 1 TCP-ACT 1684795903 17826121167 11603 typ srflx raddr 192168016 rport 11603
a=candidate8 2 TCP-ACT 1684795390 17826121167 11603 typ srflx raddr 192168016 rport 11603
STUN
TRUN
HOST
HOST
STUN
TRUN
TRUN
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Remote CLIENTS
Use Edge for TRUN candidate exchange (SDP)
Use Internet for traversal STUN
Direct Host communication not possible
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
REMOTE and INTERNAL CLIENTUse Edge for TRUN candidate exchange (SDP)
Use Internet for traversal TRUN via EDGE
Direct Host communication not possible
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
AV Edge FlowSDP is the ldquoSelf Description Protocolrdquo defined in RFC 4566 and responsible for testing and addressing the possible IP path (IP Address and Ports) for Audio Video communication flow
As we can identify the MRAS is taking place first based the associated Frontend Edge Pool for the user (either internal or remote) We have the CANDIDATE exchange in the 183 SESSION PROGRESS message
Access Edge
AV Edge
Director FrontEnd
Authentication
AV Edge authentication receives internal media port(Within the CANDIDATES)Call external user inform remote user of internal media port
Call Setup COMPLETE
AV Edge authentication
Obtain media session ports on AV Edge Server
Call internal user
Internet DMZ Internal LAN
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
4 MRAS RESPONSE
2 MRAS REQUEST
3 MRAS RESPONSE
5 AV Establishment
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
1 SIP REGISTER
4 MRAS RESPONSE
1 SIP REGISTER
2 MRAS REQUEST
3 MRAS RESPONSE
1 SIP REG
ISTER
4 MR
AS R
ESPO
NSE
5 AV Establishment
NOTE Keep in mind for AV external IP address ndashgt CMS (Topology information) are used
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
AV Edge Flow
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Access Edge
WebConf Edge
AV Edge
Internal Edge(MRAS)
Internal Edge(MRAS)
Outer Firewall Inner Firewall
Munich (EMEA)
Singapore (ASEAN)
Federated Partner
1 SIP INVITE with CANDIDATES
2 SIP SESSION PROGRESS with CANDIDATES
3 ST
UN
TUR
N m
essages
4 A
V U
PD
TCP ca
ll flow
1 SIP INVITE with CANDIDATES
1 SIP
INV
ITE w
ith
CA
ND
IDA
TES
2 SIP
SESSIO
N P
RO
GR
ESS w
ith C
AN
DID
ATE
S
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Geo Edge Deployments AdviceThe external DNS is globally valid and shall be understood as a single configuration but tight with associated geographical sites
Example for one Skype for Business site
FQDN IP Comment
SIPSIPDOMCOM CNAME to
SIP-DESIPDOMCOM
EDGE
SIP-DESIPDOMCOM 1234 EDGE
WC-DESIPDOMCOM 1235 EDGE
AV-DESIPDOMCOM 1236 EDGE
WEB-EXT-DE01SIPDOMCOM 1238 RevProxy multi local pool
WEB-EXT-DE02SIPDOMCOM 12310 RevProxy multi local pool
LYNCDISCOVERSIPDOMCOM 1238 RevProxy CENTRAL DISCOVERY
URL
MEET-DESIPDOMCOM 1238 RevProxy
DIALINSIPDOMCOM 1238 RevProxy CENTRAL DIALIN
WebPage
SCHEDULERSIPDOMCOM 1238 RevProxy Schedule Web Access
for Meeting planning
_SIP_TLSSIPDOMCOM 0 100 443
SIPSIPDOMCOM
SIP-DESIPDOMCOM MSIC2R SfB Client Login
_SIPEXTERNAL_TLSSIPDOMCOM
0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
_SIPFEDERATIONTLS_TCPSIPDOMECO
M 0 100 5061 SIPSIPDOMCOM
SIP-DESIPDOMCOM
NoteAV Edge could never be GeoDNS Load Balanced due to AV communication must be able directly addressing the AV IP addressThis is associated with Edge lt-gt FE Pool
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Principals CCE Deployments
External DNS entries (also used for certificates)
bull Access Edgeeg ACCESSSIPDOMAINCOM
bull Media Relayeg MEDIASIPDOMAINCOM(not necessary in certificates)
bull Data Proxyeg DPSIPDOMAINCOM We can identify the identical principals for global CCE deployments using eg ACCESS-LOC01 ACCESS-LOCxx
SIPtenantcom points to Office 365
On Premise
PSTN
User
SIP PBX orProvider Gateway
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
MEDIA
SIP Signaling
On Premise (SITE LONDON)
User
Cloud Connector Edition VMs
Office 365 including Skype for Business Online (E5 Plan)
Cloud PBX
Users
All users must be on Exchange Online incl UM
PSTN
Sonus gateway
AD
Azure AD Sync(DirSync)
Azure AD ConnectOn-Premise User Sync
to Office 365
Phone Number Migration to Cloud PBX with CCE
Call Routing destination
based routing
PSTN
Audio Conferencing Provider
Microsoft Brigde
) CCE ndash Cloud Connector Edition
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Upcoming Guide soon
Watch our for new in
Twitter thomaspoett
Blog httplyncucblogspotcom
Technethttpsgallerytechnetmicrosoftcomsitesearchf5B05DType=SearchTextampf5B05DValue=thomas20poettampf5B15DType=Userampf5B15DValue=Thomas20Poett20(Skype20MVP)ampf5B15DText=Thomas20Poett20(Skype20MVP)
Thank you
Thank you