Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Secrets of Media Flows in Skype for Business

Published byPatience Horton Modified over 7 years ago

Similar presentations

Presentation on theme: "The Secrets of Media Flows in Skype for Business"— Presentation transcript:

1 The Secrets of Media Flows in Skype for Business
Johan Delimon

2 To speakers: please leave this slide in
To speakers: please leave this slide in. We would appreciate if you could give a shout out to our sponsors for helping us making this event possible.

3

4 Johan Delimon idelimon BVBA / / Skype for Business MVP / MCSM Communications / Skype4B Architect

5 (SIP) Session Initiation Protocol & (SDP) Session Description Protocol
Microsoft Ignite 2015 (Chicago, US)

6 Agenda SIP Primer Configuration & Settings SDP Primer
Internal Only Calls External Calls / Cloud Connector

7 (SIP) Session Initiation Protocol Primer

8 This is the CALL This is just the Media SIP DIALOG MEDIA
180 Ringing INVITE (+SDP) ACK 200 (+SDP) OK INVITE (+SDP) SIP DIALOG 180 Ringing 200 (+SDP) OK ACK MEDIA

9 Session Initiation Protocol
SIP has no secrets (Everything is visible) Client or Server Logging (Office 365) Session Initiation Protocol Snooper is your friend

10 Provisioning SFB Client
In-Band Provisioning

11 Office 365 Port Configuration for SFB Clients
Service Default Port Range Default Ports Customized Port Range Custom Ports Minimum Custom Ports Type Audio 64K 20 Custom Video Application Sharing File Transfer

12 (MRAS) Media Relay Authentication Service

13 (MRAS) Media Relay Authentication Service
Client does not connect to EDGE FE connects to EDGE TCP Port 5062 If FE no TCP 5062 to EDGE then Client shows Limited External Calling

14 Session Description Protocol (SDP)

15 Description of the Media Description of the Media
SIP DIALOG This is the CALL INVITE (+SDP) 180 Ringing 200 (+SDP) OK ACK INVITE (+SDP) 180 Ringing 200 (+SDP) OK Description of the Media Description of the Media ACK This is just the Media MEDIA (RTP)

16 Content Type Application/sdp
SDP Offer (INVITE) Content Type Application/sdp SIP Message Body = SDP

17 SDP Response (200) SDP

18 SDP Details (filtered)
Audio Call, Encryption & Codec Priority Candidates Codecs

19 Candidates 3 Candidate Types Host = End Point IP
IP Address & Port combination to send Media Stream 3 Candidate Types Host = End Point IP STUN/Reflexive = Public IP of Firewall TURN/Relay = Edge Server IP Internet Internet Router DMZ Edge ICE Client ICE Server ❶ Host Candidate – Likely to fail ❷ STUN / Reflexive Candidate ❸ TURN / Relay Candidate – Edge Relay

20 Candidates Host Candidates TURN / Relay EDGE Server Candidates
STUN / Reflexive Candidates

21 RE-INVITE & Final Information

22 Media Flow Scenario’s Internal

23 Inside Only (No EDGE Server)

24 Default Media Port Ranges
Skype for Business Client Port : 1024 Enterprise Pool Default Audio Port Range Default Video Port Range Default App Sharing Port Range Default Audio Port Range Default Video Port Range Default App Sharing Port Range Default File Sharing Port Range Port : 0 Port : 0

25 Custom Media Port Ranges
Skype for Business Client Port : 40801 Port : 1024 Enterprise Pool Default Audio Port Range Default Video Port Range Default App Sharing Port Range Custom Audio Port Range Custom Video Port Range Custom App Sharing Port Range Custom File Sharing Port Range Port : 0 Port : 0

26 Custom Configuration on the SFB Servers
Service Default Port Range Default Ports Customized Port Range Customized Ports Type Application Sharing 16383 8348 Custom Audio Default Video 8034

27 Custom Media Port Ranges
Skype for Business Client Port : 40803 Port : 1024 Enterprise Pool Default Audio Port Range Default Video Port Range Custom App Sharing Port Range Custom App Sharing Port Range Custom File Sharing Port Range Custom Audio Port Range Custom Video Port Range Port : 0 Port : 0

28 Custom Configuration of the SFB Clients
Service Default Port Range Default Ports Customized Port Range Custom Ports Minimum Custom Ports Type Audio 64K 40 20 Custom Video Application Sharing File Transfer

29 Office 365 Media Port Ranges
Skype for Business Client Port : 40803 Port : 1024 Enterprise Pool Default Audio Port Range Default Video Port Range Custom App Sharing Port Range Custom Audio Port Range Custom Video Port Range Custom App Sharing Port Range Custom File Sharing Port Range Port : 0 Port : 0

30 Office 365 Configuration of the SFB Clients
Service Default Port Range Default Ports Customized Port Range Custom Ports Minimum Custom Ports Type Audio 64K 20 Custom Video Application Sharing File Transfer

31 Media Flow Scenario’s Internal w EDGE Server

32 MRAS / EDGE Client does not connect to EDGE for MRAS FE connects to EDGE to get MRAS Credentials and passes to Client TCP Port 5062 (FE to EDGE) STUN/TURN/ICE EDGE = TURN (Relay Packets only No Termination of Media) EDGE Candidates and Routing/Tunneling MRAS Credentials used to Authenticate to EDGE in SRTP packets

33 STUN/TURN/ICE Process
MRAS Credentials (Sign-In) Candidate Discovery (STUN/TURN) Candidate Exchange (SDP) Candidate Connectivity Checks (ICE) Candidate Promotion (RE-INVITE) IPv4 before IPv6 Direct over Relay UDP over TCP

34 Inside Only with Edge Configured

35 Inside Only with Servers

36 NAT Traversal

37 Full Cone NAT User B User A User C Source IP Port Public
Destination IP Destination Port User A IP User A Port FW IP FW Port

38 Address Restricted NAT
User B User A User C Source IP Port Public Destination IP Destination Port User A IP User A Port FW IP FW Port User B IP

39 Address & Port Restricted NAT
User B User A User C Source IP Port Public Destination IP Destination Port User A IP User A Port FW IP FW Port User B IP User B Port

40 NAT Types

41 Media Flow Scenario’s External

42 External User on Public Internet

43 External User behind Firewall

44 All External behind Firewall

45 External VPN User

46 SFB through VPN Tunnel

47 VPN Split Tunnel & Block Ports

48 CQM Tagged Traffic Elementri Target Criteria Actions Media Path - VPN
100 VPN Stream Count IF VPN Streams > 1% of external streams: GREEN: VPN streams <= Target YELLOW: VPN streams > Target RED: VPN streams > 2X Target Verify VPN users report poor call quality Implemement alternative options to media over VPN like split tunneling Look at Endpoint_2_VPN to gauge impact Repeat until GREEN and then Maintain Media Path - Relay N/A Internal Relay Stream Count and NetworkMOS GREEN: <= 1% of wired P2P streams YELLOW: > 1% wired P2P streams RED: YELLOW and Avg OverallAvgNetworkMOS < 3.5 Identify problematic subnets - look at TopIssues tab or Endpoint_2_Relay Remediate firewall configurations preventing P2P media streams Implement processes to maintain optimal network configurations Repeat until GREEN and then Maintain Media Transport TCP Stream Count and NetworkMOS GREEN: <= 1% of wired P2P streams YELLOW: > 1% wired P2P streams RED: YELLOW and Avg OverallAvgNetworkMOS < 3.5 Identify problematic subnets - look at TopIssues tab or Endpoint_3_Transport Remediate firewall or other network element configurations preventing UDP streams Implement processes to maintain optimal network configurations Repeat until GREEN and then Maintain

49 CQM Problem Sessions TCP 443 UDP 3478 50000 59999

50 Special Media Flow Scenario’s
Internal Clients (One Way Blocked by FW) Internal External Clients (FW allows to Internet) Tunneling Mode Optimized Federated Call Path DNS Load Balanced EDGE Pool with NAT

51 EDGE High Port Range TCP 443 UDP 3478 50000 59999

52 Different EDGE Pool Associations
TCP 443 UDP 3478 50000 59999 TCP 443 UDP 3478 50000 59999

53 DNS Load Balanced EDGE Pool with NAT
TCP 443 UDP 3478 50000 59999 TCP 443 UDP 3478 50000 59999 Firewall MUST allow hairpin: public IP to public IP

54 Edge High Port Ranges in Federated Scenario

55 OPCH – Split Domain Hybrid

56 Cloud Connector Cloud Connector 192.168.0.228 Office 365
x

57 Office 365 w Proxies Skype for Business Online Microsoft Network

58 Office 365 Network Skype for Business Online Global Microsoft Network
NOAM EMEA APAC

59

60 Network performance requirements to connect to Skype for Business Online
The following diagram illustrates one-way audio flow in a conference from one Skype for Business participant to another.

61 Network performance requirements to connect to Skype for Business Online
The following diagram shows breakdown of components and network segments of a Skype for Business Online PSTN call:

62 Network performance requirements from your network Edge to Microsoft network Edge
Metric Target Latency (one way) < 30ms Latency (RTT) < 60ms Burst packet loss <1% during any 200 ms interval Packet loss <0.1% during any 15s interval Packet inter-arrival Jitter <15ms during any 15s interval Packet reorder <0.01% out-of-order packets

63 Network EDGE to O365 Skype for Business Online Microsoft Network

64 Network Performance requirements from a Skype for Business client to Microsoft network Edge
Metric Target Latency (one way) < 50ms Latency (RTT or Round-trip Time) < 100ms Burst packet loss <10% during any 200ms interval Packet loss <1% during any 15s interval Packet inter-arrival Jitter <30ms during any 15s interval Packet reorder <0.05% out-of-order packets

65 SFB Client to O365 Skype for Business Online Microsoft Network

66 Updated IP & Port Ranges
Purpose Source | Credentials Source Port Destination Destination IP Destination Port Required: Audio, Video, & Desktop sharing Client Computer | Logged on user TCP/UDP 50, , TCP/UDP 50, , & TCP/UDP 50, *.lync.com Skype for Business IP ranges. TCP 443, UDP 3478, 3479, 3480, & 3481, TCP/UDP 50,000-59,999 Updated IP ranges and ports for Skype for Business Online Skype for Business Online has a significant infrastructure, so while we have started with these changes, it will take some time to be completed. We strongly recommend to open the IP subnets and ports today, to avoid any negative impact to connectivity. New ports: While this might take a little bit more time than the new IP ranges, we will leverage the following ports for media traffic in addition to the existing ports: UDP 3479 UDP 3480 UDP 3481

67 Media Flows in SFB & ICE - Edge Media Connectivity in Lync 2013

68 Learn more & Tools Microsoft Office Protocol Documents
Microsoft Lync Server 2010 Resource Kit Microsoft Lync Server 2013 Resource Kit Tools Microsoft Lync Server 2013 Debugging Tools Microsoft Network Monitor Microsoft Message Analyzer Network Planning, Monitoring, and Troubleshooting with Lync Server TechED US Recording : Meetings and Media: The Detailed View Download RTP.opn to display correct codecs in Message Analyzer

69

70 We would like to extend a big thank you to our sponsors, without whom this event would not be possible.

Download ppt "The Secrets of Media Flows in Skype for Business"

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Lync 2014 4/11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Lync /11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
UC403: Lync & Network Interaction

UC403: Lync & Network Interaction
©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
NETW-250 Troubleshooting Last Update 2014.02.19 1.0.1 Copyright 2012-2014 Kenneth M. Chipps Ph.D. www.chipps.com 1.

NETW-250 Troubleshooting Last Update Copyright Kenneth M. Chipps Ph.D. 1.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.

Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
Lync Deep Dive: Edge Media Connectivity with ICE Bryan Nyce UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.

Lync Deep Dive: Edge Media Connectivity with ICE Bryan Nyce UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Similar presentations

Ads by Google