Recently I have been involved in works for my client, where all IP addressing scheme was change for particular country. Skype for Business infrastructure involved in this change was: SBA (Survivable Branch Appliance) and two SBC (Session Border Controllers).
Changes on Sonus SBCs + SBA went smooth as per procedure, but during tests after change I have discovered that telephony stop working. All the infrastructure was configured using FQDNs and DNS entries were configured properly so what a h….?
After initial investigation we have realized that provider side was working fine, which seems logical as it was left unaffected. Calls were delivered from provider and dropped at SBC with SIP 400 – Bad Request.
Double checked SBC configuration – all seems fine. OK, let’s see another leg – between SBC and SBA. I have started a capture on inside of network and repeated a call again. Quick check in capture, and I think we have a guilty one, actually call is dropped by SBA!
OK, so as next turn, lets check SBA logs for the call. It did say a little bit more about reason of rejecting call:
The host portion of the from header, 10.100.21.51, arriving at MS listening port (5068) did not match any next hop peers' FQDN or IP Address
Basically what it means – I don’t like your new updated IP address because I don’t know it – SBA says. OK, but all configuration is based on FQDN so why SBA doesn’t like new IPs? I have checked that DNS is resolving SBC properly.
After some more digging and reading (and even thinking) we have come to conclusion that despite underlying correct infrastructure change rtcsrv ignores these changes and caches IP addresses with corresponding DNS entries for SBC.
Fix: quite easy actually:
On the SBA did the trick. Ideally we will do the same on Mediation Servers during maintenance window to ensure redundancy works properly, but it is task to be done in (close) future.
That’s all folks!