SIP calls between ProCall mobile app in the cellular data network and an internal or external phone
| Update status | September 2023 |
|---|---|
| Product relevance | ProCall 8 Enterprise ProCall 7 Enterprise |
Scenario
- In the estos ProCall mobile app, a call is initiated on their SIP subscriber line; the remote station here is any internal or external telephone.
- Both parties communicate via this connection.
- The estos ProCall mobile app is located in the mobile data network.
- The external estos ProCall subscribers are connected via estos UCConnect.
Explanations
Diagram/topology: PBX – UCServer service – UCConnect services – ProCall mobile app – SRTP audio/video via STUN
The topology diagram shows a typical ProCall Enterprise installation including estos UCConnect connection, assuming unrestricted communication between estos ProCall Mobile App and estos UCConnect.
Likewise, an operating standard is assumed with regard to the push notification services of Google or Apple, the actual signaling path for push notifications between estos UCConnect and an Android or Apple smartphone is only shown very abbreviated in the diagrams here.
Both the ProCall mobile app and estos UCServer establish a connection to estos UCConnect port 443 via a dynamically assigned TCP port and establish a WebSocket communication on this connection.
Via this connection, the mobile app and the UCServer exchange requests and events via UCConnect in order to process telephony events or execute telephony activities.
For the exchange of RTP media packets during a SIP call, the estos UC media server and the estos ProCall mobile app negotiate a connection via UDP (WebRTC standard) via ICE handshake as shown in the diagram above. Communication takes place on the Internet link between two srflx or prflx candidates. Ports from the range 1024 to 65535 are used (all ports except well-known ports).
The exchange of RTP media packets between estos UC media server and PBX – i.e. the audio stream from and to the remote terminal – is agreed in the SDP exchanged between UC media server and PBX.
The ICE protocol (ICE Interactive Connectivity Establishment according to RFC 8445) integrated in WebRTC attempts to determine the best route between estos UC media server and estos ProCall mobile app when establishing a connection. Even during an existing connection, ICE verifies the best route in the background. If, due to a change in the situation on the internet or mobile data network, a route turns out to be better than the one currently being used, there may also be one or more route changes between these two end points during the course of a call.
If it is identified via ICE protocol that an exchange of audio packets between LAN and the internet is not possible via the firewall or NAT router, this scenario described here can also lead to a media connection between UC Media Server and ProCall mobile app via TURN server. The extent to which this is a relay-srflx/prflx connection or also a relay-relay connection in detail is not considered further here. The following topology diagram shows how the media streams are routed via the TURN server integrated in estos UCConnect:
Diagram/topology: PBX – UCServer service – UCConnect services – ProCall mobile app – SRTP audio/video via TURN
Firewall rules
The firewall rules listed here represent the minimum requirements that can be assumed without specific knowledge of the environment in question.
| Rule # | Task | Direction | Source IP:Port | Destination IP:Port | Protocol | Comments |
|---|---|---|---|---|---|---|
| 1 | Push Notifications | OUT | UCServer:any | *.ucconnect.de:443 | TLS / TCP | |
| 2 | Media flow between UC media server and clients | OUT | UCServer:any | *.ucconnect.de:3478 | UDP |
This rule set without further releases may only allow a connection via TURN server for the routing of the media stream. Optimization of the media routing based on the individual topology is recommended.