How to find all Lync/SfB Subnets which doesn’t match to a relevant site

Background

In Lync and Skype for Business, there is an option to configure sites/subnets under the Network Configuration tab:

image

The reason for creating those setting is based on 3 major components:

  1. Call Admission Control
  2. Media By Pass
  3. Location Report and Sites Association

As mentioned in Microsoft TechNet Network settings for the advanced Enterprise Voice features in Skype for Business Server, it is very important to configure all the IP subnets properly in order for those 3 features to work as expected:

The IP subnets specified during network configuration on the server must match the format provided by client computers in order to be properly used for media bypass. A Skype for Business client takes its local IP address and masks the IP address with the associated subnet mask. When determining the bypass ID associated with each client, the Registrar will compare the list of IP subnets associated with each network site against the subnet provided by the client for an exact match. For this reason, it is important that subnets entered during network configuration on the server are actual subnets instead of virtual subnets. (If you deploy call admission control, but not media bypass, call admission control will function properly even if you configure virtual subnets.)
For example, if a client signs in on a computer with an IP address of 172.29.81.57 with an IP subnet mask of 255.255.255.0, Skype for Business will request the bypass ID associated with subnet 172.29.81.0. If the subnet is defined as 172.29.0.0/16, although the client belongs to the virtual subnet, the Registrar will not consider this a match because the Registrar is specifically looking for subnet 172.29.81.0. Therefore, it is important that the administrator enters subnets exactly as provided by Skype for Business clients (which are provisioned with subnets during network configuration either statically or by DHCP.)

What does it actually means?

The result of misconfigured subnets can result in CAC rules which does not applies as expected, Media Bypass which does not work for specific sites Per Site Media Bypass was enabled and missing entries from the Location Report which can result in incorrect information or usage stats.

How to find those subnets?

In order to find the subnets which are not related to any sites but do report active calls, I’ve created the following SQL query which uses the QoEMetric database and an existing view which display all relevant data.

The Query pulls all the the calls within the last week (which can be configured) and uses the following assumptions:

  • The Caller Site is reported as NULL (Empty) and there is no association to existing sites/regions
  • The User Agent is a number between 4 and 255 which means it filter out any irrelevant servers or services
  • The Caller is within the Internal network and not using External subnets such as 192.168.x.x or not using EDGE services
  • The Call is an Audio Call (Video and Conferencing is not taking under consideration)

Query

The query needs to run against a specific view which is the AudioStreamDetailView under the QoeMetrics database:

image

The result will be a list of all calls matching the assumptions above and their details:

image

Once you have the list of all IP/Subnets which calls are being reported from, you can add those specific subnets to the Lync/SfB control panel and see it changes it the location report.

Based on my experience, most of those subnets are usually VPN or Wireless relayed and those can be added once the specific mask is known.

Please note that you can also run the AudioStreamDetailView and get a list of a lot of relevant information that can be used for troubleshooting other scenarios as well.

Source and Links:

4 Comments

  1. Amanda Debler

    Works like a champ! We relied on AD for our initial subnets load, and this has helped find the gaps between AD subnets and reality 🙂

    Reply
    1. Guy Bachar (Post author)

      Great to hear that, thanks for the feedback 🙂
      I also find DHCP information to be very useful as well, that way you have the exact configuration and also description to create a powershell batch and import all subnets.

      Reply
  2. Martin S.

    Hi Guy,

    thanks for nice explanation how Lync(S4B) actually matching those subnets. I am very curious why Lync doesnt save in QoE metrics also information about the subnet mask. We have a worldwide Lync infrastructure and having subnets (with different ranges) deployed and configured in the Lync. Some of the calls are not matched correctly indeed for example if our subnet is 192.168.32.0/24 and client might be 192.168.32.200 with mask /25 which will create subnet in the report 192.168.32.128. We were about to create a script to remark those which are not matched correctly but we are stucked with issue that you never know which subnet mask you should put into the lync for new discovered subnet. For example in this case, new discovered subnet would be 192.138.32.128, which subnet to put there? you can put /25 to /32 theoretically.

    Have anyone dealt with the similar trouble?

    Thanks,

    Martin

    Reply
    1. Guy Bachar (Post author)

      Based on my understanding and also by the way i understand Lync uses the subnets for CAC and reporting, it seems that the best setting you can configure are the ones the client actually have.
      so it means you can either use DHCP that are configured for client or use the actual network information you see on the computer to satisfy your requirements.
      unfortunately, it doesn’t work like active directory sites and services where you can use a catch all subnet, it has to be specific in order for the client to match the setting of the computer it is on.

      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *