Mitel Forums - The Unofficial Source
Mitel Forums => Mitel MiVoice Business/MCD/3300 => Topic started by: ralph on November 02, 2017, 03:41:54 PM
-
I was snooping around on some other forums and stumbled on something I'd like to bounce off the group.
Here's the scenario:
1 Mitel SIP Proxy (MBG)
1 3300
2 ATT SBS. - (2) unique IP addresses ATT load balances for calls to the customer site.
Since ATT does not use authentication, the way to identify the SIP trunk in the Mitel is with the DID they are sending.
We can set up two network elements for the ATT SBCs but because ATT will always send up the same DID numbers we can only use the numbers to identify one trunk.
What that means is we can only have one SIP peer with ATT. Since ATT is load balancing to us between two, every other call will fail.
So I stumbled on a post where someone else identified the problem and was asking if there was a way around this problem and connect to both of ATTs SBCs.
Someone came back with an answer that I don't fully understand so I'd like to bounce it off you to see if the answer is good or just plain wrong.
Here's the suggested solutions in its entirety:
Set your MBG to use DNS records and then set up 2 A records for your sip dns name with the 2 proxies.
i.e. set up sip.mitel.com as the DNS name.
Create 2 x A records in the DNS entry 85.199.244.244 & 85.199.234.234 (examples).
Is this something that would work? I don't understand how but that could easily be that i don't understand DNS A records.
Ralph
-
Are you saying that the incoming DID fails when arriving from the second address?
-
Are you saying that the incoming DID fails when arriving from the second address?
Yes, since I can only connect to one of the ATT SBCs so we give a 401 not authorized.
Ralph
-
Most carriers who do this use DNS SRV records, I know we do for load balancing and resiliency, doesn't AT&T... the MBG supports that. You just build one SIP PEER to the DNS name (not the IP address) and one entry in the MBG.
Are they making you use IP's specifically? If not, this is exactly what DNS SRV is intended for (including port assignments), the MBG understand both (or more) IPs because they are associated with the same DNS SRV record.
This method that they are asking you to use seems quite... archaic.
-
They're not really asking me to do anything. They just said "These are the IP addresses to connect to."
These is the first time I've seen this solution (DNS records) and I'm still not sure I understand it fully.
In one case I'm using a MiVB Express. Can the DNS record be set up there?
Ralph
-
Ralph,
The MBG, as far as I know, doesn't have an Alternate IP/FQDN List to accept requests from multiple sources. It also doesn't have Route Sets for sending calls VIA other sources. So the person who answered the question took that out of the hands of the equipment by creating an FQDN that is resolvable to multiple IP Addresses. That way if one is available it will go that route and if it isn't it will try the other one. For inbound it should accept requests from any IP Address associated with that FQDN.
Thanks,
TE
-
So how is the DNS set up on our end?
Is it something we can do in the MSL?
Ralplh
-
This is all setup in the MiVB and MBG GUI’s, depending on the release. In the network elements you enter the domain main in the FQDN sections and DNS SRV URL in the external FQDN.
On the MBG (mine is the lasted release) in the SIP trunks, you tick the DNS SRV box and then enter the DNS SRV url in the box next to it. Once the DNS SRV box is ticked the IP Address box should grey out, so you can only use one method.
All the other settings should match the ISP requirements for the service to work. Hope this helps [emoji3][emoji3]
Sent from my iPhone using Tapatalk
-
I've included a screenshot of what I get from the carrier. This is not ATT but someone else.
They're giving me IP addresses rather than FQDN.
Ralph
-
I've included a screenshot of what I get from the carrier. This is not ATT but someone else.
They're giving me IP addresses rather than FQDN.
Ralph
To my knowledge the Mitel 3300 + MBG does not support this... it must signal to a single IP address or FQDN, although the FQDN CAN resolve to multiple IP's though via A or SRV record. Although if all signalling is anchored at one IP, the RTP can come from a second IP address (nothing you need to do).
Otherwise, I think you would need an Adtran or Ingate SBC to handle this, build 2 trunk accounts on the public side and group them, and one account on the PBX side. This still wouldn't do outbound load balancing, but would allow it to work.
-
That's what I thought but when I saw the original posting I thought I should check it out.
The problem is, in this configuration, the Mitel recognizes the SIP trunk based on the DID it's being sent.
I can only identify one SIP peer with the same DID. If the call comes from the carriers other peer, it gets a 401 not authorized.
I'm just trying to be sure that it's not doable via a host entry in the MSL server.
Ralph
-
I've pondered this and think from what I've read that it may be possible using the host entry and adding another entry in tinydns.
A quick test to see if it half way works would be to add an host name such as "mytest" set it's ip address as the primary AT&T server. You need to make sure that the MCD uses the MSL as it's dns server, set up network element and peer with proxy to mbg to use mytest.myfqdn(as on msl). Set the incoming did to new peer and make test call. If this works, half the battle is done and then determining the best method to add the second value to tiny dns should be all that is needed.
-
I don't know if you did anything on this, I did set up tinydns to hand out 2 addresses for a hostname. I need to try a couple more things to see the best way to add this. I'm thinking a custom template with just the settings might work best.
-
No. I haven't done anything with it yet.
Every thing I have is now in production so I can't mess with it.
I'm wondering if it would work to simply add two separate host entries with the same FQDN.
Ralph
-
I don't think it will allow 2 entries for the same host. You could try my previous using just one of the did numbers as it shouldn't cause any impact
-
I also created a custom template that added values to tinydns. I will need to test a bit more since my test machine doesn't have internet access., and the entries I added were private values and only one was active and routable. From what I've seen, just adding the custom info is all that is needed, my last test was without adding any host value. FWIW adding the custom template fragment isn't hard and if done this way it will remain after a normal upgrade.
-
Did more this evening and from what I see, custom-template is the way to go.
mkdir -p /etc/e-smith/templates-custom/var/service/tinydns/root/data (Creates structure for custom fragment)
You can then copy my example to this location or touch /etc/e-smith/templates-custom/var/service/tinydns/root/data/61mycustomHostARecords and edit it. It looks like this:
{
$OUT .= "# Custom A Records :60 is TTL value\n";
$OUT .= "+yourhost.yourdomain.yourtld:255.255.255.255:60\n";
$OUT .= "+yourhost.yourdomain.yourtld:254.254.254.254:60\n";
}
When installed and set, issue expand-template /var/service/tinydns/root/data (This recreates the structure within the tinydns data file adding your addition)
You then need to cd /var/service/tinydns/root/
you can then issue a tinydns-data command (this puts all into the tinydns database)
signal-event dns-update (flushes the dns cache)
If uploading the attached has a ,txt so I could provide the example and it needs to be deleted
-
I have to admit that this is way over my head.
Did you say that this survives an upgrade?
Any chance I can talk you into writing up a How-To Doc with screenshots? I'll create a page specifically for it.
Ralph
-
I can do that. As I have not tested sip trunk operation, this is just still somewhat theoretical although I believe it will operate.
-
This may help
-
Thanks John,
I put a copy on my dropbox because forum maintenance will delete the original after a couple of weeks.
The doc file can be downloaded here (https://www.dropbox.com/s/m2rac3xqqf5jjm6/Fakw%20name%20in%20MSL%20dns.doc?dl=0).
Ralph
-
Where are you unable to add DDI authentication, what forms?
-
I think his issue is incoming did for sip peer
-
The problem is that the carrier has two SIP peers and I can only identify them via their DIDs.
I can't identify two peers with the same DIDs.
Ralph
-
If you can confirm Ralph which form you are using to recognise the DDI may have an answer for you.
-
If you can confirm Ralph which form you are using to recognise the DDI may have an answer for you.
The form is SIP Peer Profile Assignment by Incoming DID
Ralph
-
Ok, So when a call comes in to the system with a specific DDI, the system looks this up in the SIP Peer Profile Assignment by Incoming DID and assigns the features from your specified SIP peer profile to the inbound call. Its kinda like a COS for the incoming call, Therefore you do not need 2 different entries in this form and you can have two SIP Peer profiles.
The only time you have issues is if you are using username/password authentication but from your previous description you have IP auth so all will be ok.
-
It doesn't work that way in my experience.
(Just a note: We have an MBG as as SIP proxy.)
If the PBX sees a call coming Peer IP (B) when it's identified by it's DID as Peer IP (A) the caller gets a 401 Unauthorized.
I have a work around for this particular customer. ATT emailed me yesterday to find out what my solution was because all the other Mitel dealers have the same problem. Even their config guide points out the problem.
My solution was to route their other SBC to a different controller.
Ralph
-
I can assure you this is how it works and I have it implemented on many sites . The clue is in the name of the form, it uses the settings of the SIP peer profile set against the DDI programmed in this form. Its a very powerful form as you can use it to manipulate many things based on incomming DDI.
The reason for a 401 are that the settings applied are not correct for the other Sip trunks, Maybe you are using username/password authentication if thats the case then your inbound call will use the wrong username/password hence the error, We use IP Authentication here so do not have the that issue.
-
I don't think we're talking about the same thing.
This is straight from Mitel ATT SIP Configuration guide May 2015, 08-4940-00014_7.
Failover: The current Mitel architecture is designed where only one (1) network element is
configured as the Mitel SIP peer to AT&T’s BVOIP services. Since it is standard practice for
AT&T to deploy at least two (2) IPBE pairs in the form of IPv4 host addresses, AT&T has created
an internal process specific to all Mitel products and releases. AT&T will advise the Network
Operations Center that this is a Mitel deployment which will trigger configuration of the standard
N+1 IPBE arrangement to Primary/Backup. This will alleviate the immediate issue where calls
might fail in the standard round-robin deployment. However if the primary AT&T IPBE fails, the
customer must manually intervene to configure the IPv4 address of the secondary IPBE as the
active network element in the Mitel system. When the primary IPBE is restored, the customer
must then revert back to the initial configuration in the Mitel system.
-
I have to look at this. I have 2 SIP peers from the telco, two 3300 IPBX for redundancy, but only one MBG.
Calls come on the first SIP peer, if I shutter the first IPBX, calls get to the resilient phones. If I shutter the first SIP peer, it works too. However, I can't emit calls from the second IPBX to either SIP peers, only incoming works.
If only the client wasn't so cheap and had forked for another MBG !
-
If I understand you correctly, all incoming calls work OK, probably load balanced between your two 3300 controllers.
But you're having trouble load balancing outbound? Is that correct?
You won't be able to load balance outbound. Best you'll be able to do is route all your outbound traffic out one SBC until it's maxed out and then overflow to the second one.
Ralph