×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Avaya sbce portwell where do i need FQDN's?
2

Avaya sbce portwell where do i need FQDN's?

Avaya sbce portwell where do i need FQDN's?

(OP)
[indent]Hello - we are setting up our first avaya SBCE (portwell) for J179 phone/ SIP remote workers. The SBCE will be used solely for these J179 SIP phones/extensions. Currently, we have 7 Avaya IPO's on our local LAN all connected using the LAN ports with 192.168.x.x addresses. We are using some J179 phones / SIP extensions currently on our local LAN, but these are registering the the IP500 using the LAN IP address of the IP500. My question is when I configure the avaya SBCE do i need to configure a FQDN for the Avaya IP500 and/or also for the SBCE that resolves to the Public IP of the SBCE?

Secondly, the SBCE admiration manual says the 3 IP's (Internal for communicating with IP500's; External; and MGMT) all should be on different subnets. With our Local LAN, and Avaya IP offices all being on the same local lan (192.168.x.x) - our Internal IP for communicating with the IP500s would be on the same subnet as the MGMT M1 port / both using 192.168.x.x addresses. Is this going to be an issue?

Thanks for the input.

RE: Avaya sbce portwell where do i need FQDN's?

The 3 networks thing isn't a big deal. I set them up in my lab with all interfaces on the same subnet to test things.

Presuming you were using 7 standalone IPOs, here's what I might do:

Get it working for the first IPO.

Then have 7 FQDNs - ipo001.yourcompany.com, ipo002.yourcompany.com, etc.

On the internet, they'd all point to a single IP on the SBC. On the internal LAN they'd point to each IPO.
You'd get a public certificate for that outside interface with 7 subject alternative names - one for each IPO

I'd use TLS port 5061 for IPO101, 5062 for IPO102, etc

Maybe have 7 IPs on the A1 interface just to know which IP coming in represents users from which site - but that's not necessary - it could all work fine with 1 IP

I'd make the IPO FQDN and SIP FQDN ipo101.yourcompany.com for the 1st IPO and so on and so forth. Remember the IPO needs to be able to resolve its FQDN via DNS to serve files it requested at http://ipo101.com/46xxsettings.txt. I'd also use different ports on each for serving up settings files - 411,412,413, etc

I'd have a cert on the A1 signaling interface that all the IPOs trust. I'm not much of an IPO guy, but if you have 7 standalones, I think you might be able to generate a certificate for the SBC from each IPO. So, having 7 signaling interfaces, each with a cert from each IPO might be the best way to go.

Once you've got all that done, you can use the config for the domain on Spaces have multiple pointers. So, when someone punches in me@yourcompany.com in the Workplace softphone setup, Spaces will return a drop down with IPO 101, 102, 103, 104, etc.

As far as setting up J179s outside the network, i'd check out using the DES and having a numeric code for each IPO so upon enting that code to the DES the phone would get http://publicIP:411 or 412/413/414/46xxsettings.txt to get pointed to the right IPO.

But I do IPO once every few years, so I'm not the best guy to answer you, but it should give you a few things to think about.

RE: Avaya sbce portwell where do i need FQDN's?

(OP)
Kyle - thank you so much for that! That helps tremendously.

I do have a couple questions though if you dont mind -

So i do like the idea of setting up TLS port 5061 for IPO101, 5062 for IP102, etc... But how does the J179 phone know which TLS port to use? If I just point the J179 phone to the external IP of the SBC, how does it know what TLS port to use and/or which IP500 to go to? Would the end user have to manually specify that on the J179 settings?

I guess if we have 1 external IP, how does the SBC know which of the 7 internal IPs to send the request to?


Sounds like we dont necessarily need a FQDN for the external/public IP of the SBC; rather just internal FQDNs to resolve to the 7 IP500s?

With our current J179's internally we have never used an FQDN- we just register them directly using the IP of the IP Office. While we are using Workplace, we do not use Spaces.

RE: Avaya sbce portwell where do i need FQDN's?

If you ever want to do softphones, and you have 7 IPOs behind the SBC, they need FQDNs to properly validate the certificate. It doesn't cost anything to have DNS point 7 FQDNs to the same IP and it doesn't cost anything extra for that 1 cert to have 7 subject alternative names of IPO101... IPO102... etc.

If you have 1 external IP, you can still have 7 signaling interfaces on it. You can have a signaling interface on B1 with port 5061 and another signaling interface on B1:5062

And then in your endpoint flows you can say
"if the received interface is B1:5061, then send out A1:5061 to server IPO101" and
"if the received interface is B1:5062, then send out A1:5062 to server IPO102"

You don't need to pay for or use Spaces to benefit from the autoprovisioning for soft clients. If you go in Spaces for the domain yourcompany.com and add an app called Equinox Cloud Client and add this string in the public JSON field, then when a Workplace starts up for the first time on iOS or Windows or whatever and they use "anybody@yourcompany.com" they'll get this JSON body which will return a 2 item drop down menu - IPO101 and IPO102 and that will direct them to a settings file on their own IPO. If you use HTTPS ports 411 for IPO101, 412 for 102, etc, then you can have a relay service on the SBC for each port to each IPO to get each softphone their configuration.

CODE -->

{"Client_Settings_File_Address":[{"Profile_Name":"IPO101","Client_Settings_File_Url":"https://IPO101.yourcompany.com:411/46xxsettings.txt"},
{"Profile_Name":"IPO102","Client_Settings_File_Url":"https://IPO102.yourcompany.com:412/46xxsettings.txt"}]

} 

Now for J phones - it's a little more complicated. If you setup SIP FQDN in IPO and you have split DNS setup - to say, inside IPO101.yourcompany.com points to 192.168.42.1 and on the internet it points to a public IP - and if each IPO has an internal/external registration port of 5061 for 101, 5062 for 102, etc,

Then for IPO101 the autogenerated 46xxsettings file will point the phone to SET SIP_CONTROLLER_LIST IPO101.yourcomany.com:5061;transport=tls
And for IPO102 the autogenerated 46xxsettings file will point the phone to SET SIP_CONTROLLER_LIST IPO102.yourcomany.com:5062;transport=tls

That way once you provision the phones internally you can use them externally at someone's house.

If you wanted the J phones to autoprovision, then the DES server works like a URL shortner like bit.ly but with a numeric string pointing to a URL. So you'd get a string for IPO101 so the phone from scratch allows for DES provisioning and you'd enter some numeric string for IPO101 that points to https://IPO101.yourcompany.com:411/46xxsettings.tx...

RE: Avaya sbce portwell where do i need FQDN's?

(OP)
Once again big thanks Kyle this helps a ton. I do plan on having a split DNS setup all pointing to the same external IP / different internal IP's to the IP500's. We currently do use IX Workplace for our remote softphone workers, but this is thru a vpn; so they will not go thru the SBC. The SBCE will be for J179 phones only. This is a big help and will get me going in the right direction. Thanks again sir!

RE: Avaya sbce portwell where do i need FQDN's?

Well, even if you're VPN for the softphones, the Spaces setup can be used so they only have to enter their email to get autoconfigured and it'll work inside or outside the network.

And if you have some sort of setup like I outlined, you can still rely on the pre-built 46xxsetings of each IPO to properly configure J's and softphones and work within the provisioning framework provided.

Glad to help! Again, I do IPO once every year or two, there are far more knowledgeable people than me around here. I did have to do a setup like you were asking about when COVID broke out, so I kinda had it off the top of my head.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close