Presentation is loading. Please wait.

Presentation is loading. Please wait.

Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING.

Published byBrenda Bond Modified over 8 years ago

Similar presentations

Presentation on theme: "Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING."— Presentation transcript:

1 Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING

2 Johan Delimon idelimon BVBA / johan@delimon.be / @jdelimon / Skype for Business MVP / MCSM Communications / Skype4B Architect

3 (SIP) Session Initiation Protocol & (SDP) Session Description Protocol Microsoft Ignite 2015 (Chicago, US) http://bit.ly/1cq6jXX http://bit.ly/1cq6jXX

4 SIP Primer Configuration & Settings SDP Primer Internal Only Calls External Calls / Cloud Connector Agenda

5

6 INVITE (+SDP) linda@contoso.com 180 Ringing 200 (+SDP) OK ACK INVITE (+SDP) linda@contoso.com 180 Ringing 200 (+SDP) OK ACK

7 Session Initiation Protocol SIP has no secrets (Everything is visible) Client or Server Logging (Office 365) Snooper is your friend

8

9 PrecedenceLocation or Method of Setting 1Skype for Business in-band provisioning 2HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\15.0\Lync 3HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\15.0\Lync 4Skype for Business - Options dialog box in Skype for Business Client Configuration Settings, Skype for Business

10 SUBSCRIBE sip:johan@delimon.be SIP/2.0 Content-Type: application/vnd-microsoft-roaming-provisioning-v2+xml Provisioning SFB Client Policies & Settings In-Band Provisio ning

11 Provisioning SFB Client In-Band Provisio ning

12 Office 365 Port Configuration for SFB Clients Service Default Port Range Default Ports Customized Port Range Custom Ports Minimum Custom Ports Type Audio1024-6553564K50000-5001920 Custom Video1024-6553564K50020-5003920 Custom Application Sharing1024-6553564K50040-5005920 Custom File Transfer1024-6553564K50040-5005920 Custom

13 SERVICE sip:edge.delimon.be@delimon.be;gruu;opaque=srvr:MRAS:Hh KrFykWklySMEr01LKV9wAA SIP/2.0 Content-Type: application/msrtc-media-relay-auth+xml Provisioning SFB Client MRAS = Media Relay Authentication Service MRAS

14 (MRAS) Media Relay Authentication Service MRAS

15 Client does not connect to EDGE FE connects to EDGE TCP Port 5062 If FE no TCP 5062 to EDGE then Client shows Limited External Calling (MRAS) Media Relay Authentication Service

16

17 INVITE ( +SDP ) linda@contoso.com 180 Ringing 200 ( +SDP ) OK ACK INVITE ( +SDP ) linda@contoso.com 180 Ringing 200 ( +SDP ) OK ACK

18 SDP Offer (INVITE) SIP Message Body = SDP SIP Message Body = SDP Content Type Application/sdp

19 SDP Offer (INVITE) SIP Message Body = SDP SIP Message Body = SDP Content Type Application/sdp

20 SDP Response (200) SDP

21 SDP Details (filtered) Audio Call, Encryption & Codec Priority Candidates

22 IP Address & Port combination to send Media Stream 3 Candidate Types Host = End Point IP STUN/Reflexive = Public IP of Firewall TURN/Relay = Edge Server IP Candidates DMZ Router Edge ICE Client ICE Server ❶ Host Candidate – Likely to fail ❷ STUN / Reflexive Candidate ❸ TURN / Relay Candidate – Edge Relay ❶ ❷ ❸

23 Candidates Host Candidates TURN / Relay EDGE Server Candidates STUN / Reflexive Candidates

24 RE-INVITE & Final Information

25 RE-INVITE & Final Information (Continued)

26

27 Inside Only

28 Default Media Port Ranges Skype for Business Client Enterprise Pool Port : 65535 Port : 0 Port : 1024 Default Audio Port Range 1024-65535 Default Video Port Range 1024-65535 Default App Sharing Port Range 1024-65535 Default File Sharing Port Range 1024-65535 Default Audio Port Range 49152-57500 Default Video Port Range 57501-65535 Default App Sharing Port Range 49152-65535 Port : 65535 Port : 57500 Port : 49152 Port : 0

29 Custom Media Port Ranges Port : 65535 Port : 0 Port : 1024 Default Audio Port Range 49152-57500 Default Video Port Range 57501-65535 Default App Sharing Port Range 49152-65535 Port : 0 Port : 65535 Port : 57500 Port : 49152 Port : 40801 Custom Audio Port Range 50000-50020 Custom Video Port Range 60000-60020 Custom App Sharing Port Range 45000-45020 Custom File Sharing Port Range 30000-30020 Skype for Business Client Enterprise Pool

30 Custom Configuration on the SFB Servers Service Default Port Range Default Ports Customized Port Range Customized Ports Type Application Sharing49152-655351638340803-491518348Custom Audio49152-57500834849152-575008348Default Video57501-65535803457501-655358034Default

31 Custom Media Port Ranges Port : 65535 Port : 0 Port : 1024 Custom Audio Port Range 4000-4020 Custom Video Port Range 8000-8020 Custom App Sharing Port Range 5000-5020 Custom File Sharing Port Range 6000-6020 Default Audio Port Range 49152-57500 Default Video Port Range 57501-65535 Custom App Sharing Port Range 40803-49151 Port : 65535 Port : 57500 Port : 49152 Port : 40803 Port : 0 Skype for Business Client Enterprise Pool

32 Custom Configuration of the SFB Clients Service Default Port Range Default Ports Customized Port Range Custom Ports Minimum Custom Ports Type Audio1024-6553564K5350-53894020Custom Video1024-6553564K5390-54294020Custom Application Sharing1024-6553564K5430-54694020Custom File Transfer1024-6553564K5470-55094020Custom

33 Office 365 Media Port Ranges Port : 65535 Port : 0 Port : 1024 Custom Audio Port Range 50000-50019 Custom Video Port Range 50020-50039 Custom App Sharing Port Range 50040-50059 Custom File Sharing Port Range 50040-50059 Default Audio Port Range 49152-57500 Default Video Port Range 57501-65535 Custom App Sharing Port Range 40803-49151 Port : 65535 Port : 57500 Port : 49152 Port : 40803 Port : 0 Skype for Business Client Enterprise Pool

34 Office 365 Configuration of the SFB Clients Service Default Port Range Default Ports Customized Port Range Custom Ports Minimum Custom Ports Type Audio1024-6553564K50000-5001920 Custom Video1024-6553564K50020-5003920 Custom Application Sharing1024-6553564K50040-5005920 Custom File Transfer1024-6553564K50040-5005920 Custom

35

36 Client does not connect to EDGE for MRAS FE connects to EDGE to get MRAS Credentials and passes to Client TCP Port 5062 (FE to EDGE) STUN/TURN/ICE EDGE = TURN (Relay Packets only No Termination of Media) EDGE Candidates and Routing/Tunneling MRAS Credentials used to Authenticate to EDGE in SRTP packets MRAS / EDGE

37 MRAS Credentials (Sign-In) Candidate Discovery (STUN/TURN) Candidate Exchange (SDP) Candidate Connectivity Checks (ICE) Candidate Promotion (RE-INVITE) Direct over Relay UDP over TCP STUN/TURN/ICE Process

38 Inside Only with Edge Configured

39 Inside Only with Servers

40

41 Full Cone NAT Source IP Source Port Public IP Public Port Destination IP Destination Port User A IPUser A PortFW IPFW Port User A User B User C

42 Address Restricted NAT Source IP Source Port Public IP Public Port Destination IP Destination Port User A IPUser A PortFW IPFW PortUser B IP User A User B User C

43 Address & Port Restricted NAT Source IP Source Port Public IP Public Port Destination IP Destination Port User A IPUser A PortFW IPFW PortUser B IPUser B Port User A User B User C

44 NAT Types https://en.wikipedia.org/wiki/Network_address_translation#Full-cone_NAT

45

46 External User on Public Internet

47 External User behind Firewall

48 All External behind Firewall

49 External VPN User

50 SFB through VPN Tunnel http://blogs.technet.com/b/nexthop/archive/2011/11/15/enabling-lync-media-to-bypass-a-vpn-tunnel.aspx

51 VPN Split Tunnel & Block Ports http://blogs.technet.com/b/nexthop/archive/2011/11/15/enabling-lync-media-to-bypass-a-vpn-tunnel.aspx

52 Internal Clients (One Way Blocked by FW) Internal External Clients (FW allows to Internet) Tunneling Mode Optimized Federated Call Path DNS Load Balanced EDGE Pool Special Media Flow Scenario’s

53 EDGE High Port Range TCP 443 UDP 3478 50000 59999

54 Special Scenario’s

55 Edge High Port Ranges in Federated Scenario

56 Cloud Connector 66.198.181.71 100.64.64.141 100.64.64.145 100.64.64.140 84.192.185.170 192.168.0.228 134.170.115.x Office 365 Cloud Connector

57 ICE - Edge Media Connectivity in Lync 2013 https://channel9.msdn.com/events/Lync-Conference/Lync-Conference-2014/NETW401

58 Microsoft Office Protocol Documents Microsoft Lync Server 2010 Resource Kit Microsoft Lync Server 2013 Resource Kit Tools Microsoft Lync Server 2013 Debugging Tools Microsoft Network Monitor Microsoft Message Analyzer Network Planning, Monitoring, and Troubleshooting with Lync ServerNetwork Planning, Monitoring, and Troubleshooting with Lync Server TechED US Recording : Meetings and Media: The Detailed ViewTechED US Recording : Meetings and Media: The Detailed View Download RTP.opn to display correct codecs in Message AnalyzerDownload RTP.opn to display correct codecs in Message Analyzer Learn more & Tools

59 Q&A THANKS TO OUR SPONSERS

Download ppt "Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING."

Similar presentations

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Lync 2014 4/11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Lync /11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
UC403: Lync & Network Interaction

UC403: Lync & Network Interaction
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.

Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.
NAT/Firewall Traversal April 2009. NAT revisited – “port-translating NAT”

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
externalinternal SIP Proxy a w.

externalinternal SIP Proxy a w.
STUN Tutorial Jonathan Rosenberg Chief Technology Officer.

STUN Tutorial Jonathan Rosenberg Chief Technology Officer.
Lync Deep Dive: Edge Media Connectivity with ICE Bryan Nyce UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.

Lync Deep Dive: Edge Media Connectivity with ICE Bryan Nyce UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Chapter 9: Troubleshooting and Repairing Networking.

Chapter 9: Troubleshooting and Repairing Networking.

Similar presentations

Ads by Google