Justin Morris runs through a deep-dive session on internal and external Lync Call Flows.

1. Microsoft Lync 2010 Call Flows Explained
Justin Morris
Consultant, Modality Systems
@justimorris
http://www.justin-morris.net
justin.morris@modalitysystems.com

2. Agenda
• The foundations:
– What is SIP, SDP, RTP, RTCP?
– What is ICE and MRAS?
• How is a call established?
• Looking at real Call Flow SIP traces:
– Lync P2P Internal Call
– Escalating from P2P to a Conference
– Internal to PSTN Call
– Internal to Remote User Call
– Internal to Federated User Call
• Troubleshooting Calls
• Questions
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 2

3. What is SIP and SDP?
• The signalling component of the call – sets up the session.
• SIP – Session Initiation Protocol. The backbone of Lync.
– INVITE
– REGISTER
– INFO
• Presence and IMs are sent and received in these messages – SIMPLE.
– BYE
– 200 OK
• SDP - Session Description Protocol
– Sent in SIP INVITE and 200 OK messages.
– Allows endpoints to negotiate how their media session will take place.
– Works out IP address to connect on, what media codec to use, etc.
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 3

4. What is RTP and RTCP?
• The actual media (voice or video) component of
the call.
• RTP – Realtime Transport Protocol
– Carries the audio and/or video stream in IP packets.
– Can be RTP (unencrypted) or SRTP (encrypted).
– Almost always UDP.
• RTCP – Realtime Transport Control Protocol
– Monitors RTP. RTAudio uses this to negotiate
narrowband or wideband based on network
conditions.
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 4

5. What is ICE and MRAS?
• ICE – Interactive Connectivity Establishment
– STUN - Session Traversal Utilities for NAT (used to
be called Simple Traversal of UDP through NAT).
– TURN – Traversal of UDP via Relay NAT.
– The secret sauce of the Edge Server.
• MRAS – Media Relay Authentication Service
– Runs on internal interface of Edge Servers.
– Users request MRAS creds on sign-in.
– MCUs also request credentials on service start.
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 5

6. How is a call established?
• Address Discovery
• Address Exchange (SIP INVITE 183, 200 OK)
• Connectivity Checks
• Candidate Promotion
• Media Flow
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 6

7. Address Discovery
• Combinations of available IPv4 addresses and randomly allocated
TCP/UDP ports within the configured port ranges for the Lync client.
• There are three types of candidates:
– Internal IP address - IP of the NIC of the client computer.
– Reflexive IP address - the public IP address of the internet router/NAT device.
– Media relay IP address - public IP address of the A/V Edge service that is
associated with the user's internal Lync pool.
• Before address exchange occurs, client must hit the A/V Edge and be
allocated an IP address and port. Client sends username that was used
when MRAS creds were received.
• Although the edge server has just allocated those port to the user, it is
ACL'd and means that it is only accessible by that client IP and only with
valid authentication info.
• All of this is done before the SIP INVITE is sent.
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 7

8. Address Exchange
• SIP INVITE is sent with SDP and candidate list.
• Both endpoints send candidate list to each
other.
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 8

9. Connectivity Checks
• STUN binding requests - pings on media ports.
Won't see these in Snooper, only in Wireshark.
• Priority for media connectivity:
– UDP direct
– UDP NAT
– UDP Relay (via an Edge Server)
– TCP Relay (via an Edge Server - last resort)
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 9

10. Candidate Promotion
• Once path is validated, another SIP INVITE is
sent containing the validated remote
candidate in the SDP.
• Callee responds with 200 OK and a remote
candidate similar to the candidate the caller
presented.
• For each pair, one is for RTP and the other is
for RTCP.
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 10

11. Media Flow
 Connectivity has been checked.
 Candidate has been determined (IP address, port and
transport type).
 Codec has been agreed.
 SIP messages stops and media then begins to flow
between the two endpoints. 
• Once the call is complete, ports are closed and SIP BYE
is sent.
• If Monitoring Server is deployed, a SIP SERVICE
message is sent to the FE and onto the Monitoring
Server to log call data.
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 11

12. SIP traces - Lync P2P internal call
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 12

13. SIP traces - Escalating from P2P to
a Conference
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 13

14. SIP traces - Lync internal user to
PSTN call
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 14

15. SIP traces - Internal user to
Remote User call
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 15

16. SIP traces - Internal user to
Federated User call
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 16

17. Troubleshooting
• Logging Tool
– Comes with Lync Server 2010.
– Trace S4 and SIPStack.
• Snooper
– Displays all UCCP logs and Logging Tool generated traces.
– Separate install - Snooper comes with the Lync Server 2010
Resource Kit.
• Wireshark
– Can show everything that isn’t TLS encrypted:
• Problems before TLS encryption occurs.
• Inspect the RTP stream to determine audio codec being used.
• SIP TCP signalling (e.g. with CSTA gateways, PSTN gateways, etc).
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 17

18. Questions?
19/04/2012 Microsoft Unified Communications User Group London (MUCUGL) 18