Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Media Flows in Microsoft Teams and Skype for Business

Published byHilary Lambert Modified over 6 years ago

Similar presentations

Presentation on theme: "Understanding Media Flows in Microsoft Teams and Skype for Business"— Presentation transcript:

1 Understanding Media Flows in Microsoft Teams and Skype for Business
Microsoft Ignite 2016 4/16/2018 9:47 PM Understanding Media Flows in Microsoft Teams and Skype for Business Thomas Binder Senior Program Manager © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda The challenge The solution In action Call flows
Tools & Troubleshooting

3 Session Objectives And Takeaways
Tech Ready 15 4/16/2018 Session Objectives And Takeaways What are the challenges for media connectivity? How can endpoints find the optimal media path? How do I identify connectivity issues? Traffic can be peer-to-peer between clients Leverage local internet breakout Open UDP on your firewall © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 About Thomas tbinder @microsoft.com Me Since 2007 IT Pro Readiness
Vienna, Austria IT Pro Readiness My daughter Product Group

5 About this session Scope Media scenarios Connectivity, not quality
Skype for Business Online and Microsoft Teams For logs we will be looking (mostly) at Skype for Business logs

6 Terms & Acronyms Candidate ICE STUN TURN Relay
Possible combination of IP address and port for media channel ICE Interactive Connectivity Establishment STUN Simple Traversal of UDP through NAT Session Traversal Utilities for NAT TURN Traversal Using Relay NAT Relay Media relay or Transport relay

7 4/16/2018 9:47 PM The challenge © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 The Challenge Signaling Media NAT NAT Alice Bob Corporate firewall
TechReady 18 4/16/2018 The Challenge Signaling Media NAT NAT Alice Bob Corporate firewall Charlie Dan © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Challenge 1: NAT Network Address Translation Function Tradeoff
Translates one or more internal addresses to one external address Allows connections from private network Blocks connection from public networks Tradeoff Security vs. usability Blocks unwanted traffic Might also block wanted traffic NAT Alice

10 Challenge 2: Corporate Firewalls
Though more scrutinized, goals are similar Sharing of IP addresses Controlling data traffic from the internet Might apply additional features like Deep Packet Inspection external internal Firewall

11 Challenge 3: HTTP Proxy Servers
Proxies traffic from corporate network to internet Based on HTTP application level Will always use TCP Can apply additional security Filter HTTP requests Filter HTTP traffic Scan downloads Challenges for Skype for Business HTTP scanning might corrupt traffic Customer might block all non-proxy traffic – including UDP

12 4/16/2018 9:47 PM The solution © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Solution: ICE, STUN, TURN
4/16/2018 9:47 PM Solution: ICE, STUN, TURN Skype for Business uses SIP; Teams uses REST API via https and WebSocket Signaling goes directly against cloud Media leverages a separate channel Add a Relay STUN reflects NAT addresses (b) and (e) TURN relays media packets (c) (d) ICE exchanges candidates and determines optimal media path Signaling client a b c STUN/ TURN server e d © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Which components use ICE?
ICE endpoints Clients, service components Modalities Audio Video Desktop Sharing Skype for Business only: 1:1 File Transfer Relay Provides STUN and TURN Does not terminate any media Is not an ICE endpoint

15 Media Relay Transport Relay Two types of relay
4/16/2018 9:47 PM Two types of relay Media Relay Transport Relay Customers can only benefit of this, if local internet breakouts are used. Build for on-premises Cloud born service Static in one datacenter Dynamic discovery via Anycast IP View sessions BKR1005 and BKR3029 Same UDP ports for all workloads Different UDP ports per workload Used by Skype for Business In progress for Skype for Business Used by Teams © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Transport Relay Anycast IP address
Same IP assigned to geographical dispersed servers IP routing ensures to always use the “closes” instance “Closest” available Transport Relay will receive traffic Based on actual endpoint location And based on privacy boundaries Sovereign tenants users use local infrastructure EU tenants use Transport Relay in EU and US Other tenants use Transport Relays world wide Customers can only benefit of this, if local internet breakouts are used.

17 Discovery and Load Distribution
Anycast IP address Wikipedia: Anycast addressing uses a one-to-nearest association; datagrams are routed to a single member of a group of potential receivers that are all identified by the same destination address. Each Transport Relay will use the same IP address (for candidate allocation) The Anycast IP allows to find the most local Transport Relays Equal-cost multi-path routing (ECMP) Distributes load based on hash: Source IP, Destination IP, Layer 4 protocol, Source Port, Destination Port Transport Relay can add/remove itself from traffic distribution by starting/stopping to announce its IP ECMP distribute the load within one location

18 4/16/2018 9:47 PM In action © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Five phases of ICE During sign-in When establishing a call
Requesting credentials via Media Relay Authentication Service (MRAS) or Transport Relay Authentication Provider (TRAP) When establishing a call Candidate Discovery Candidate Exchange Connectivity Checks Candidate Promotion

20 Relay Credentials Client signs-in
Client learns about relay via signaling Client requests credentials via signaling Credentials creation Client receives credentials via signaling

21 Same but different Option 1 Option 2 Option 3
Skype for Business Online with Media relay or Lync 2010 MRAS on assigned relay will create credentials Option 2 Skype for Business Online with Transport Relay Lync 2013 or newer MRAS will request credentials from TRAP Option 3 Teams TRAP will create credentials MRAS http TRAP request MRAS TRAP credentials TRAP

22 Demo Log Analysis: acquiring MRAS credentials

23 MRAS: Same but different
Skype for Business with Media Relay Client learns FQDN of specific Media Relay pool Skype for Business with Transport Relay Client leans FQDN that points to Transport Relay Anycast IP Teams Client learns Anycast IP

24 Address Discovery UDP TCP a NAT/Firewall b c d e d e Endpoint Relay c
NIC 1 NAT/Firewall c default a b c candidates allocate UDP b c d e allocate TCP d e local remote Endpoint Relay

25 Allocations: same but different
Skype for Business with Media Relay Connects to specific media relay via port 3478 UDP and 443 TCP Will keep connection Skype for Business with Transport Relay Connects to relay via Anycast via port 3478 UDP and 443 TCP Will be redirected to IP of specific relay UDP will be redirected to workload specific port Teams UDP will keep connection via port 3478 UDP

26 Candidates: Same but different
4/16/2018 9:47 PM Candidates: Same but different Skype for Business Some scenarios are TCP only 1:1 file transfer Desktop Sharing via Remote Desktop Protocol Allocated relay port will be in 50,000-59,999 range Teams Will include only UDP candidates in candidate list Allocate workload specific port on relay © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Address Exchange a b NAT/Firewall w v NAT/Firewall d x Relay Relay c y
NIC NIC d x INVITE c :: a, b, c, d, e c default y c default y Session progress y :: v, w, x, y, z a v a v OK y :: v, w, x, y, z b w b w Relay Relay c candidates x c candidates x c y d y d y e z e z e z local remote local remote Endpoint Endpoint Signaling

28 Demo Log Analysis: Candidates

29 Media encryption MRAS/TRAP credentials Real Time Protocol
Allow endpoint to allocate candidates from relay Nothing to do with Media encryption Real Time Protocol Secure Real Time Protocol (SRTP) Encryption negotiated during call setup Encryption cypher and keys exchanged in Session Description Protocol

30 Connectivity Checks Determine all possible UDP and TCP port pairings
Relay can bridge between IPv4 and IPv6 For Teams, Relay can bridge TCP to UDP STUN packets sent between port pairs in order STUN packet response indicates connectivity Stop checks when candidate pair has bi-directional connectivity

31 Candidate Promotion Select highest order candidate with validated connectivity IPv4 before IPv6 UDP before TCP Direct before relay Re-invite with only one candidate in SDP Confirmation also contains only one candidate in SDP Media is on optimal, validated path

32 TCP vs UDP TCP UDP Real time communication
Requires each packet to be acknowledged by the receiver Lost packets are resent, causing subsequent packets to be delayed UDP “Fire and forget”, what is lost is lost Real time communication We want packets quickly If we lose (some) packets, we do not really care: audio and video might experience glitches, but session continues

33 Demo Log Analysis: Final Candidates

34 4/16/2018 9:47 PM Call flows © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 1:1 calls 50,000 port range 50,000 port range
443 TCP UDP 50,000 port range 443 TCP 3478 UDP* UDP 443 TCP UDP 50,000 port range * Teams will speak to it‘s own relay on port 3478.

36 Skype for Business: Client to service
443 TCP UDP 50,000 port range 443 TCP UDP 50,000 port range

37 Teams: Client to service
443 TCP 3478 UDP* UDP

38 Ports overview *Teams will speak currently to it‘s own relay on port 3478. Workload Skype for Business Client Port Teams Client port Service Port (Media Relay) (Transport Relay)* Allocate candidates Audio: 50,000-50,019 Video: 50,020-50,039 Desktop Sharing: 50,040-50,059 High ports 443 TCP, 3478 UDP Audio 50,000-50,019 443 TCP, 3479 UDP Video 50,020-50,039 443 TCP, 3480 UDP Desktop sharing 50,040-50,059 443 TCP, 3481 UDP

39 Do’s and Don’ts Direct connectivity required
4/16/2018 9:47 PM Do’s and Don’ts Direct connectivity required Clients need to directly connect to O365 Configure your firewalls, proxies, packet shapers etc. accordingly Use local internet breakouts Don’t make the traffic travel around the world UDP and TCP Media will prefer UDP TCP required for some scenarios and workflows Documented IPs and FQDNs “Office 365 URLs and IP address ranges” Subscribe to the RSS feed! Open UDP ports Verify that UDP are open © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40 Skype for Business: Hybrid
Edge Server on-premises Requirements unchanged Server to service will not leverage new UDP ports Endpoints Deployment location determines relay service Endpoints homed in service use Online Relay Endpoints homed on-premises use on-premises Edge Server Combination of all requirements Users homed online need direct connectivity with Online services AV Edge Server on-premises needs required ports open

41 Tools & Troubleshooting
4/16/2018 9:47 PM Tools & Troubleshooting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Capturing logs Skype for Business Teams Collect UccApilog.log
Open in Snooper Snooper is part of Skype for Business Server 2015, Debugging Tools Teams Capture traffic with local proxy tool Will require you to trust certificate to perform man-in-the-middle Examples: Fiddler, Charles Web Debugging Proxy

43 Skype for Business: Where are the logs?
Turn on logging first! Skype for Business 2016 %localappdata%\Microsoft\Office\16.0\Lync\Tracing Lync 2013/Skype for Business 2013 %localappdata%\Microsoft\Office\15.0\Lync\Tracing Lync 2010 (and earlier) %userprofile%\tracing Skype for Business for Mac Click “Collect Logs” in preferences

44 Snooper UccApilog.log search tips
MRAS Finds inband provisioning MRAS request MRAS provisioning a=candidate Finds candidate exchange a=remote-candidate Finds promoted candidates that were used for call

45 Teams: How to configure Charles
Install Charles Root Certificate “Help” > “SSL Proxying” > “Install Charles Root Certificate” Choose certificate store “Trusted Root Certification Authorities” Enable SSL Proxy “Proxy” > “SSL Proxy Settings” Add * for host and port Enable SOCKS proxy “Proxy” > “Proxy Settings” > “SOCKS Proxy” > “Enable HTTP proxying over SOCKS” Start Charles before Teams If you restart Teams, wait couple minutes after closing Teams before starting again Your mileage will very

46 Charles search tips Your mileage may vary! MDN_TRAP a=candidate
Relay information a=candidate Finds candidate exchange a=remote-candidate Finds promoted candidates that were used for call

47 Call Quality Dashboard
Every endpoint sends quality data after each call “Quality of Experience” data Call Quality Dashboard allows to view data Not individual calls, but based on different filtering Subnet reports and building reports allow to identify problematic sites For media connectivity Look for subnets with high TCP traffic Practical guidance Session: BRK2010 “Call quality management for Skype for Business and Microsoft Teams”

48

49

50

51

52 Session: RK2031 “Real Time Communications with Network Planner”
4/16/2018 9:47 PM Networking tool Skype for Business Network Assessment Tool Test network quality Conducts actual call with sending media Collects latency, jitter and packet loss Test connectivity* Test UDP and TCP ports Run from client computer to test connectivity Session: RK2031 “Real Time Communications with Network Planner” * Connectivity test coming “soon” © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

53 Testing ports

54 Resources and Summary 4/16/2018 9:47 PM
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

55 Resources Troubleshoot media flows in Skype for Business across online, server and hybrid Office 365 URLs and IP address ranges Skype for Business Server 2015, Debugging Tools Skype for Business Network Assessment Tool Call Quality Dashboard Guidance

56 Related sessions “Real Time Communications with Network Planner”
BRK2031, Friday 12:45 PM “Learn about the Microsoft global network and best practices for optimizing Office 365 connectivity” BRK1005 “Call quality management for Skype for Business and Microsoft Teams” BRK2010 “Demystifying internet connectivity to Skype for Business Online and Microsoft Teams” BRK3029

57 Session Objectives And Takeaways
Tech Ready 15 4/16/2018 Session Objectives And Takeaways What are the challenges for media connectivity? How can endpoints find the optimal media path? How do I identify connectivity issues? Traffic can be peer-to-peer between clients Leverage local internet breakout Open UDP on your firewall © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

58 Please evaluate this session
Tech Ready 15 4/16/2018 Please evaluate this session From your PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

59 4/16/2018 9:47 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Understanding Media Flows in Microsoft Teams and Skype for Business"

Similar presentations

UC403: Lync & Network Interaction

UC403: Lync & Network Interaction
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING.

Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING.
The Secrets of Media Flows in Skype for Business

The Secrets of Media Flows in Skype for Business
Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
Microsoft 2016 2/25/2018 11:33 AM BRK4007 Troubleshoot media flows in Skype for Business across online, server and hybrid Thomas Binder Senior Program.

Microsoft /25/ :33 AM BRK4007 Troubleshoot media flows in Skype for Business across online, server and hybrid Thomas Binder Senior Program.
ExpressRoute for Office 365 Training

ExpressRoute for Office 365 Training
Training disclaimer This is a point of time view

Training disclaimer This is a point of time view
Office 365 SaaS Networking

Office 365 SaaS Networking
Optimize your network for the cloud

Optimize your network for the cloud
Make your app a native part of Office with Add-ins

Make your app a native part of Office with Add-ins
Introduction to Windows Azure AppFabric

Introduction to Windows Azure AppFabric
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Enterprise Security in Practice

Enterprise Security in Practice
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
5/22/2018 1:39 AM BRK2156 Power BI Report Server: Self-service BI and enterprise reporting on-premises Christopher Finlan Senior Program Manager © Microsoft.

5/22/2018 1:39 AM BRK2156 Power BI Report Server: Self-service BI and enterprise reporting on-premises Christopher Finlan Senior Program Manager © Microsoft.
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
Plan performance and bandwidth for Microsoft Office 365

Plan performance and bandwidth for Microsoft Office 365
Developing Hybrid Apps on Microsoft Azure Stack

Developing Hybrid Apps on Microsoft Azure Stack

Similar presentations

Ads by Google