Microsoft Teams – Direct Routing Deloyment – Part 1

Background

The deployment configuration below has been done in Australia and will cover all the requirements and configuration to be able to get Direct Routing up and running without any issues.

Voice gateway used for Enterprise Voice – Sonus Session Border Controller (SBC) 2000.

Note: The same configuration holds good for Sonus SBC 1000.

Pre-requisites

If media bypass is required for the deployment, the gateway will require a public IP address. Also note that in order for media bypass to successfully work, the Teams users in the corporate network will need to route to the public interface of the SBC, as such firewall rules need to be amended to allow this.

The diagram below shows an overview of how media bypass works with Sonus SBC

Figure 1: Media bypass with Sonus SBC 2000

If media bypass is not required or cannot be provided for the deployment, the gateway will require public-facing DMZ address which is NAT’d to a public IP address. In this instance, the Teams users’ media will be proxied via Microsoft relay to the Sonus SBC public IP Address

The diagram below shows an overview of how media works without media bypass with Sonus SBC

Figure 2: Without media bypass with Sonus SBC 2000

Infrastructure Requirements

The infrastructure requirements for the supported SBCs, domains, and other network connectivity requirements to deploy Direct Routing are listed in the following table

Media traffic requirements (Media Bypass scenario)

Below is the firewall requirements between the Teams client and SBC for direct media flow.
Note: To achieve Media bypass NAT’ing need to be disabled.

If the client is on an internal network, the media flows to the public IP address of the SBC. You can configure hair-pinning on the Firewall so that the traffic never leaves the enterprise network.

Media traffic requirements (No Media Bypass)

Even if Media Bypass is enabled for Teams Client, Teams web client does not support this at this stage.

Without Media Bypass the client will utilise Microsoft Teams transport relays as well as media processors to connect to media.

If within the corporate environment Windows firewall is turned on as default the following ports on the local Laptop/Desktop will need to be allowed

Client Windows Firewall requirements

Part 2 will cover off all the configuration setup on both Sonus SBC and O365 Tenant.