Next up on my summary list following CCE V2 is Media bypass session by Carolyn Blanding link here to the full video here
If you want to plan and deploy CCE check out the links in this post as well.
For Media Bypass with CCE you need CCE v2 and Supported clients!
With the first release of media bypass, the only supported client is the Skype for Business 2016 Windows Client that is part of Office 365 ProPlus, version 16.0.7870.2020 or greater.
Lets go!
Training disclaimer, this session recorded July 2017 and features described are current as of this date. Office 365 is on going innovation.
About Carolyn, she’s been with Microsoft for 5 years, senior supportability program manager. Member of extended hybrid voice team and working with developers on CCE.
Key Learning’s
Scope
Also check this https://technet.microsoft.com/en-us/library/mt808733.aspx
Without Media Bypass
In order to plan your network for media bypass we need to understand both signalling and media flows
- Media and Signalling without media bypass
- All signalling and mediation go via Mediation server
SfB client connected on internal network and making outbound call the signalling flows out the client and out the external network to office 365 and back from Office 365 to corporate Edge server to mediation server to the SBC. Media traffic goes from client though internal corporate firewall to mediation server and then transcoded as G711 to SBC.
With Media Bypass
Signalling continue to flow via Mediation but media will flow from SfB client directly to SBC / Gateway.
Removed connection points (Hops) for Media going through firewalls and server
Benefits of Media Bypass
As we saw before we can improve quality by reducing latency, packet loss and single points of failure by allowing media to flow directly to pstn gateway from the SfB client and also reduce number of CCEs as Mediation server is removed so no transcoding from one codec to another is required so then allow larger number of voice streams on the same hardware. Win Win !
Network Considerations
First important to understand with Media bypass enabled on the client media will ALWAYS bypass this is different to on premises SfB Server / Lync Server deployments. where is is possible to configure when media will bypass per network location. CCE media bypass is always bypass mode.
External clients and unsupported clients will never use bypass so important to know how users will connect, numbers of external and also client versions (I believe from what ive read only click to run SfB client supports CCE Media bypass)
Requires direct connectivity to the PSTN gateway!
Media over VPN is not supported this doesn’t differ from SfB server, if you block media over VPN you need to block all traffic ! recommendation block all SfB from VPN connections.
Client to PSTN gateway traffic typically uses G711 codec, inbound calls mediation server will negotiates G711, outbound gateway negotiates.
Centralised CCE Deployment
More great on the TechNet link for planning media bypass https://technet.microsoft.com/en-us/library/mt808733.aspx
Need to consider G711 will transverse the WAN twice, CCE in central DC with local SBCs in local offices, centralised SBC with cloud connector routes calls to local gateways.
This type G711 media traffic for media bypass clients will transvers the wan twice
1. client media flow associated with CCE deployment
2. outbound from sbc through same wan in office to sbc / gateway out to the PSTN
Centralised Deployment – External Caller
User from Zurich on the Internet, places outbound, both signalling and media flow to office 365 through external firewall in Amsterdam to CCE through internal network to SBC Gateway in Amsterdam over the corporate WAN to Zurich to SBC and pstn in local branch office.
Configure Media Bypass
Also check this deploy guide on TechNet https://technet.microsoft.com/en-us/library/mt808734.aspx
Each CCE Mediation server has a web service to provide media bypass information that is configured as part of V2
Summary of steps
- Detailed in the following slides
- Administrator defines web service url for web service
- Admin creates DNS A Record in internal dns for this url resolving to the ip address of each mediation server
- Administrator enabled media bypass using SfBO PowerShell
- Media Bypass settings replication to cloud connector mediation servers
- Internal supported clients sign out and back in to pick up media bypass settings
Web Service URL
Admin defines web service url for media bypass
Pick a name that could be anything hybridvoice,mediabypass as examples, name can be in any domain namespace can be any internal domain name that resolvable in internal dns.
Does not need to be in a namespace that matches CCE deployment
Only one name is defined per deployment. we don’t need separate for separate PSTN sites.
Above they have used hybridvoice.contoso.com and there is an example of the URL, your webservice would be the same after .com
http is used to avoid admin overheard, as only returning information to internal client. DOES NOT RESOLVE TO EXTERNAL CLIENTS
DNS
Client are required to resolve internal DNS, so it can resolve the host name to mediation server ips.
One host A record for IP of mediation servers
Each mediation requires a host record
with 3 mediation servers you need three a records resolve to web service url.
recommendation to use Geo DNS to resolve local mediation servers ips based on client location. recommendation not requirement.
Single Web service url resolving to ips of all mediation server.
Windows 2016 Geo DNS
Windows Server 2016 can provide GEO DNS for the web service url
A sample config is above
- First creates dns client subnet for each locations
- DNS zone scope for each location
- DNS records in each zone scope for each mediation server
- DNS policies that connection client subnets to matching zone scopes, please reference url for further info
Enable Media Bypass in O365 Tenant
admin manual enables on Office 365 tenant by using remote PowerShell with SfB admin creds and sets the internal web service url as defined previously.
Use set-cstenanthybridconfiguration cmdlet as defined above
Second you need to enable mediabypass settings in two steps
- create bypass settings in memory $mediabypass = New-csNetworkMediaBypassConfiguration –Enabled $true
- modify network configuration with the new settings. Set-CsNetworkConfiguration – MediaBypassSettings $mediabypass
Confirm Media Bypass
After enabling you should confirm is configured correctly.
Confirm Media Bypass – On SfB Online
First confirm SfB Online Media bypass settings in remote PowerShell
Confirm the web service url is replicated to the local server store using get-cstenanthybridconfiguration –localstore | select hybridconfigserviceinternalurl hybridconfigserviceinternalurl
here you can view the webservice url
Then confirm media bypass settings replicated to local server store
get-csnetworkconfiguration –local | select-expandproperty Mediabypasssettings
Two settings to check
1. Enabled is true
2. Bypass ID – this is the bypass id clients should be received. this is different to online bypass id. All tenants and all users in V2 will use the same ID.
Confirm Media Bypass – On CCE
On admin PowerShell on each CCE Mediation server and run
Get-CsNetworkConfiguration – localstore | select –ExpandProperty MediaBypassSettings
Check three things here
- Enabled is True
- AlwaysBypass is True (Always True. this is static setting)
- BypassID – Same bypass ID as before
Confirm Media Bypass in Calls
Option 1 – Performance Monitor
Configure and use PerfMon on CCE Mediation Servers to monitor the following
- LS:MediationServer – Inbound Calls – Total inbound media bypass calls
- LS:MediationServer – Outbound Calls – Total outbound media bypass calls
Sample above has active calls, works well for basic but does not captures transfers, its good to get an idea of how calls are bypassing media.
Option 2 – Network Tracing
You can use a network trace to confirm network activity for calls, apply a filter to view traffic between client ip and PSTN gateway
- When you traffic between client and PSTN gateway then bypass is enabled
- If disable client would connect to mediation server and the mediation server connecting to the PSTN Gateway.
Option 3 – Tracing Logs
You can check for bypass if trace logs and search for a=x-bypassid
three items per call
- invite: SDP
- 183 session progress: SDP
- 200: OK
Open traces with snooper.
Media Bypass in Clients
Detailed look into clients
Supported Clients and obtaining media bypass settings
Clients retrieves web server url during in band provisioning
- client resolves hostname
- then client connects to web service url
- if connection successful and client supported version then bypass will be enabled and bypass id set
- if not successful media bypass will be disabled
note if client connected in external network (Internet) then the client MUST NOT resolve the web service URL. if resolvable there would be issues.
Troubleshooting supported clients
If client are not making media bypass clients
first checked hybrid voice url is being picked up by client – check this is log with snooper
Sample trace log for user
Zoom in on important bit
Here you can see the url from the trace tab in snooper. Here the client has received the web service url.
Next check DNS resolution for the web service name.
Use command prompt and ping the url and the mediation server ip is resolvable and reachable
Perform web traffic trace to make sure the web service url is successful.
Demo web capture using Charles you can also use fiddler to trace
First check build number on client
Greater than supported 7870.2020 so were good
Check IP config of the client and confirm on internal network
Next sign in with web tracing enabled
Check web service url is contacted and also bypass enabled is true
you can also see the bypass id of the mediation server
Next confirm the media is bypassing
Check Client IP again – 10.10.10.123
Check SBC IP – 10.10.10.8 and is pingable
Lets make a call
From network trace it show media flowing directly from client .123 to SBC .8
Media is going directly between client and SBC.
Client Bypass Log Details
Open log file from tracing file with snooper
Look at bottom of SDP for bypass id
180 ringing we will use gateway SDP of 10.10.10.8
Service out record for VQ report for local user agent, client agent , mediation bypass flag is true.
What about unsupported clients ?
Windows desktop 2013 and SfB unsupported version will attempt the URL and CCE will check version and disable media bypass.
Also other client 2010, mobile and mac there is no logic and will not attempt to connect to the web service url and media bypass disabled.
Unsupported client walkthrough
Check Client version and this the Lync 2013 client upgraded to SfB using Office Pro Plus 2013 (this is an unsupported client)
Clients signs in
Check and we see successfully connection to web service url BUT bypass is false and OFF
Client Media Connectivity Failures
If you have implemented media bypass and you are having call failures
Call rings but client says connecting, signalling via mediation is working but media is failing to connect to PSTN gateway
Confirm is client and PSTN gateway can connect (ping)
Collect logs on CCE hosts admin PowerShell and reproduce scenario
Invite and SDP logs
Network trace to define network failure
Review gateway logs could be failure on gateway and not on your network
Summary
https://www.skypeoperationsframework.com/
https://www.skypeoperationsframework.com/Academy
https://www.skypefeedback.com/
More great material !
TechNet Plan for Media Bypass with CCE v2
https://technet.microsoft.com/en-us/library/mt808733.aspx
Deploy Media Bypass with CCE v2
Martin Boam's Microsoft Blog 