Implementing BT SIP Trunk with Asterisk open-source PBX
Part III – The technical solution
This third article describes my technical design and solution to implementing BT SIP Trunk with Asterisk open-source PBX and provides a complete end-to-end solution with configuration details.
Using a Session Border Controller (SBC) between BT SIP Trunk and Asterisk PBX
For a variety of reasons I decided it would be a good idea to implement a Session Border Controller (SBC) between the BT SIP Trunk and Asterisk open-source PBX as this:
- provides a demarcation point between us and BT
- uses a BT-accepted SIP implementation between us
- provides features like application-layer call screening (toll-fraud prevention)
- CODEC translation
- signalling translation – if needed
System architecture
Below is a diagram of a typical system architecture and is almost exactly what I implemented only the IP addresses have been changed to protect the innocent:
We have our internal network on a private LAN, in this case 10.64.0.0/16 including the Asterisk PBX and the phones.
A firewall (Cisco, Linux, Nokia, Netgear, SonicWall, etc.) connects the internal private LAN to the public internet, i.e. on to your BTnet Internet leased-line service connection.
A Cisco router running AdvancedIPServices or similar runs the Session Border Controller (SBC) – remember Cisco now call this the Cisco Unified Border Element (CUBE).
Implementing Session Border Controller (SBC)
The Session Border Controller is a Cisco ISR G1 (eg. 2811, 3825, 3845) running IPADVANCEDENTERPRISE feature set or ISR G2 (2901, 2951, 3925E, 3945E) running the UNIVERSAL-K9 image with AdvEnterprise software license activated.
Cisco’s Session Border Controller is also known as Cisco Unified Border Element (CUBE) – two names for the same thing.
Our implementation was based on a second-user Cisco 2811 with AdvancedEnterprise feature set and a PVDM2-64 DSP unit (required if we are performing Codec translations).
Configuring the Session Border Controller (SBC)
The SBC needs to be configured for basic IP connectivity including:
- Interface with IP address, netmask, etc.
- Default gateway (pointing at your BTnet router)
- Hostname and domain name
- Name servers
- User and admin usernames and secrets
Some more assumptions about your system for this example:
- BT have assigned you the Trunk Pilot number 0560 123 4567 as part of your SIP system
- You have a main/switchboard number 01632 700700
- You have 10 x DDI numbers 01632 700890-700899
- You have a legacy fax number 01632 700777
- The public IP address of your SBC is 193.82.116.60 (as per the diagram)
- The public IP address of your Asterisk server is 193.82.116.2
Your Asterisk server may have an interfaces that ‘steps over’ the firewall or may go via the firewall – that’s a networking issue for you to sort out.
Configuration elements for basic IP-to-SIP handling, ie. Session Border Controller
! voice rtp send-recv ! voice service voip ip address trusted list ipv4 85.119.63.4 // IP address of BTnet SIP server ipv4 193.82.116.2 // IP address of your Asterisk box (see below) allow-connections sip to sip fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711alaw sip registrar server expires max 65535 min 3600 early-offer forced midcall-signaling passthru ! voice class codec 1 codec preference 1 g711alaw codec preference 2 g711ulaw codec preference 3 g729br8 !
Configuration of the SIP User Agent element of the SBC facing BTnet/Hipcom
This configuration is for the SIP user agent (UA) in the SBC so it registers on the BT SIP trunk platform:
! sip-ua credentials username 445601234567 password 7 <encrypted password> realm sipconnect.hipcom.co.uk authentication username 05601234567 password 7 <encrypted password> no remote-party-id retry invite 3 retry bye 3 retry cancel 5 retry prack 6 retry register 3 timers options 1000 registrar dns:sipconnect.hipcom.co.uk expires 300 sip-server dns:sipconnect.hipcom.co.uk host-registrar ! gateway timer receive-rtp 1200 !
You can enter the passwords using “password 0 <plain text>” and it will be replaced by the “password 7 <encrypted password>” by your router assuming that you have “service password encryption” enabled.
Configuration of call routing
You need to configure a block of “dial peers” to route incoming calls that BT send to your SBC onward to your Asterisk box:
! dial-peer voice 1000 voip description *** Incoming for 05601234567 (Trunk Pilot) -> Asterisk *** destination-pattern 445601234567 session protocol sipv2 session target ipv4:193.82.116.2 session transport udp dtmf-relay rtp-nte codec transparent no vad ! dial-peer voice 1100 voip description *** Incoming for 01632700700 (Switchboard) -> Asterisk *** destination-pattern 441632700700 session protocol sipv2 session target ipv4:193.82.116.2 session transport udp dtmf-relay rtp-nte codec transparent no vad ! dial-peer voice 1200 voip description *** Incoming for 0163270089x (10 x DDI block) --> to Asterisk *** destination-pattern 44163270089. session protocol sipv2 session target ipv4:193.82.116.2 session transport udp dtmf-relay rtp-nte codec transparent no vad ! dial-peer voice 1300 voip description *** Incoming for 01632700777 (Fax) -> Asterisk *** destination-pattern 441632700777 session protocol sipv2 session target ipv4:193.82.116.2 session transport udp dtmf-relay rtp-nte codec transparent no vad !
Note that incoming calls use an explicit session target – they are pointed at the IP address of your Asterisk server.
You need another block of dial peers to handle the calls that your Asterisk box sends to your Session Border Controller that need to be passed on to the BT SIP trunk:
! dial-peer voice 2000 voip description *** Numbers beginning with a zero -> BT SIP trunk *** destination-pattern 0.T session protocol sipv2 session target sip-server session transport udp dtmf-relay rtp-nte codec transparent no vad ! dial-peer voice 2100 voip description *** Directory service numbers 118xxx -> BT SIP trunk *** destination-pattern 118... session protocol sipv2 session target sip-server session transport udp dtmf-relay rtp-nte codec transparent no vad ! dial-peer voice 2200 voip description *** 118xx numbers -> BT SIP trunk *** destination-pattern 18... session protocol sipv2 session target sip-server session transport udp dtmf-relay rtp-nte codec transparent no vad ! dial-peer voice 2300 voip description *** Operator, NHS, local police, information numbers -> BT SIP trunk *** destination-pattern 1.. session protocol sipv2 session target sip-server session transport udp dtmf-relay rtp-nte codec transparent no vad ! dial-peer voice 2400 voip description *** Emergency numbers 999,911 etc. -> BT SIP trunk *** destination-pattern 9.. session protocol sipv2 session target sip-server session transport udp dtmf-relay rtp-nte codec transparent no vad !
Note that outgoing calls use the session target ‘sip-server’ – this is a pseudonym for the SIP server that the SBC is registered with – this is a bit like an IP default gateway or an SMTP smarthost – it is the default route for the majority of calls – out via the SIP provider.
Testing
Build your system with the 0560 pilot number first and get this number fully working for in-bound and out-bound calls before migrating your legacy PSTN or ISDN connections across to your new SIP trunk.
Do not make test calls to the Emergency Services via 999, 112 or 911 under any circumstances!
Summary
BT appear to make it very hard to use the well known and well loved Asterisk open-source PBX with their SIP trunk service.
BT’s approach to selling and delivering SIP trunking appears to be from the “dark old days” when everything had to have a round green BABT approval sticker on it and was controlled and regulated by them or someone.
Disclaimer
What I have documented here is based on my original research and testing and what worked for me… your mileage may vary…
BT may change the SIP trunking service at any time. BT disconnect you for ‘non compliance’ with their silly rules and regulations and quite frankly what appears to, in my opinion, be an unnecessary restriction on the use of services and potentially a restriction of trade as everything is effectively being run as a “closed shop”.
Its your telephony system – if you break it then you get to keep all pieces!
Consultancy
The author is available for consultancy and SIP telephony design, specification, implementation, configuration and testing.
Email me on mike@tubby.org