Saturday, February 16, 2019

Skype For Business Online - Signal and Media Traffic Flow - Office LAN - WAN Users



Skype For Business Online - Signal and Media Traffic Flow


Hope you have already gone through my blog about types of traffic and protocols used in Skype for business.

If not, here is the link to have a look https://sjohnonline.blogspot.com/2018/12/skype-for-business-online-types-of.html.

In this article we will see the signal and media traffic flow when users communicate from office LAN and internet.

Traffic flow is very similar to the communication happens between 2 internet users but just thought of explain the same scenario with respect to the office LAN network instead of the home network.

Skype signalling and media traffic flow between Office LAN and WAN users



Skype uses ICE protocol to establish the communication between peers, let me take you through the  process happening in the background.

Step 1 SIP Registration and Candidate discovery


SIP Signalling initiate user authentication and registration with MRAS server in O365 cloud and identify the IP addresses, ports and protocols used by caller, in our case caller is user01

Step 2 invitation with SDP Candidates of caller.


User01 invites user02 by sharing the details of IP addresses, ports and protocols used by user01.

Step 3 Invitation acceptance with SDP Candidates of callee


User02 accept the invitation and share the details of IP addresses, ports and protocols used by user02 with user01.

During this time caller can hear the ring tone which indicates that the connection establishment is in progress.

Step 4 Candidate exchange and connectivity check (Candidate validation)


Caller and callee exchange their IP addresses and ports details with each other and try to check connectivity between the users via all possible routes available.

In our case the details of Candidate is as follows (Candidate - IP addresses, and ports).

 User01 

Local IP address - 192.168.10.44

NAT IP address/Public IP - 106.203.110.116 (Also called as reflex IP address)

Relay server IP address - 131.253.138.142 (Also called as relay IP address)


User02

Local IP address - 172.16.18.254

NAT IP address/Public IP - 185.55.61.182 Also called as reflex IP address)

Relay server IP address - 52.112.132.189 (Also called as relay IP address)


Here the reflex IP addresses (NAT IP's) are not same for both users and cannot communicate with each other using LAN IP address.

Connectivity checks are performed to find out the most direct media path possible between endpoints using STUN protocol.

As UDP is preferred for audio/video communication, the connectivity checks start with UDP 

a) First try to check connectivity between local IP's 192.168.10.44 & 172.16.18.254 over UDP

b) Then try to check connectivity between reflex IP's 106.203.110.116 & 185.55.61.182  over UDP

c) Finally try to check connectivity between relay IP's  131.253.138.142 & 52.112.132.189 over UDP

d) If all the above checks failed then start the connectivity check using TCP.

Step 5 Connection establishment 


After the connectivity checks, STUN protocol will evaluate the routes identified and find out most direct route to establish connection between the users.

In this scenario connection establishment between users are not possible be via local IP's 192.168.10.44 & 172.16.18.254  as both users are under a NAT device

Since the clients are behind a NAT device direct communication may fails and connection established using Reflex IP addresses 106.203.110.116 & 185.55.61.182 (NAT IP or Public IP).

As mentioned if none of the above connectivity method is possible, connection will be established using the relay server in O365 cloud and which may effect quality of communication.

In this scenario the Quality of service cannot be guaranteed 100% as the traffic flows through internet and it is not a network managed by us but we could try apply the QoS as per the standards in-order to get better results.

Always follow and implement Skype network requirement best practices in your network and open necessary ports and protocols in the firewalls to get the good quality communication.


Hope this is informative for you.

Cheers 😊





Wednesday, February 6, 2019

Skype For Business Online - Signal and Media Traffic Flow - WAN Users (Internet)



Skype For Business Online - Signal and Media Traffic Flow


Hope you have already gone through my blog about types of traffic and protocols used in Skype for business.

If not, here is the link to have a look https://sjohnonline.blogspot.com/2018/12/skype-for-business-online-types-of.html.

The previous article was about the Skype for business traffic flow between LAN Users

https://sjohnonline.blogspot.com/2018/12/skype-for-business-online-signal-and.html

In this session we will see the signal and media traffic flow when users communicate from different internet networks.

Skype signalling and media traffic flow between WAN users



Skype uses ICE protocol to establish the communication between peers, let me take you through the  process happening in the background.

Step 1 SIP Registration and Candidate discovery


SIP Signalling initiate user authentication and registration with MRAS server in O365 cloud and identify the IP addresses, ports and protocols used by caller, in our case caller is user01

Step 2 invitation with SDP Candidates of caller.


User01 invites user02 by sharing the details of IP addresses, ports and protocols used by user01.

Step 3 Invitation acceptance with SDP Candidates of callee


User02 accept the invitation and share the details of IP addresses, ports and protocols used by user02 with user01.

During this time caller can hear the ring tone which indicates that the connection establishment is in progress.

Step 4 Candidate exchange and connectivity check (Candidate validation)


Caller and callee exchange their IP addresses and ports details with each other and try to check connectivity between the users via all possible routes available.

In our case the details of Candidate is as follows (Candidate - IP addresses, and ports).

 User01 

Local IP address - 192.168.1.10

NAT IP address/Public IP - 43.71.140.7  (Also called as reflex IP address)

Relay server IP address - 52.112.89.78 (Also called as relay IP address)


User02

Local IP address - 192.168.0.2

NAT IP address/Public IP - 108.7.56.72 Also called as reflex IP address)

Relay server IP address - 52.112.74.66 (Also called as relay IP address)


Here the reflex IP addresses (NAT IP's) are not same for both users and cannot communicate with each other using LAN IP address.

Connectivity checks are performed to find out the most direct media path possible between endpoints using STUN protocol.

As UDP is preferred for audio/video communication, the connectivity checks start with UDP 

a) First try to check connectivity between local IP's 192.168.1.10 & 192.168.0.2 over UDP

b) Then try to check connectivity between reflex IP's 43.71.140.7 & 108.7.56.72  over UDP

c) Finally try to check connectivity between relay IP's  52.112.89.78 & 52.112.74.66 over UDP

d) If all the above checks failed then start the connectivity check using TCP.

Step 5 Connection establishment 


After the connectivity checks, STUN protocol will evaluate the routes identified and find out most direct route to establish connection between the users.

In this scenario connection establishment between users are not possible be via local IP's 192.168.1.10 & 192.168.0.2  as both users are under a NAT device

Since the clients are behind a NAT device direct communication may fails and connection established using Reflex IP addresses 43.71.140.7 & 108.7.56.72(NAT IP or Public IP).

As mentioned if none of the above connectivity method is possible, connection will be established using the relay server in O365 cloud and which may effect quality of communication.

In this scenario the Quality of service cannot be guaranteed 100% as the traffic flows through internet and it is not a network managed by us but we could try apply the QoS as per the standards in-order to get better results.

Always follow and implement Skype network requirement best practices in your network and open necessary ports and protocols in the firewalls to get the good quality communication.


Hope this is informative for you.

Cheers 😊