This page walks you through the process of configuring and validating the SBC.
Supported vendors and firmware
Before you begin the configuration, review the table of supported SBC vendors or models and firmware versions.
Supported SBC signaling and media protocols
The supported signaling and media protocols are specified in the
SBC signaling and media protocols documentation.
Note that AES_CM_128_HMAC_SHA1_80 is the only SRTP cipher suite supported.
SBC's TLS configuration
Request a TLS certificate for the SBC from an approved certificate authority vendor. Wildcard certificates are not supported.
Within the TLS certificate, you must present the SBC's fully qualified domain name (FQDN) either in the common name (CN) attribute or in the subject alternative name (SAN) attribute. If you request one TLS certificate for multiple SBCs, the certificate's SAN should include all SBC FQDNs.
Approved certificate authority vendors
- DigiCert
- Entrust DataCard
- GlobalSign
- GoDaddy
- Sectigo (Formerly known as Comodo)
Configure SBC TLS
- Install the requested TLS certificate along with the associated root CA certificate to the SBC's trust chain.
Install Google's trusted root CA into SBC's trust chain. To get the Google Root certificate:
- Download Google's trusted root CAs.
- Extract GTS Root R1 (GTSR1).
- If required, extract the GlobalSign Root CA certificate.
- Upload the root certificates to your SBC keystore.
- Enable mutual authentication for the SBC.
Configure supported TLS versions and cipher suites. TLS versions 1.2 or later are supported. Supported cipher suites:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256HTLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384TLS_AES_256_GCM_SHA384TLS_CHACHA20_POLY1305_SHA256TLS_AES_128_GCM_SHA256
Create a SIP trunk on GTP
- Navigate to the Unified Console and select your project.
- Navigate to the SIP Trunks tab, then click Add a SIP Trunk.
- Fill in all required fields.
- Click Create.
Review telephony connectivity network requirements
See the concepts and troubleshooting page for a table of network and connectivity requirements.
Configure SBC for SIP connection to GTP
If your SBC is deployed with one of the supported and certified SBC vendors, see the SBC signaling and media protocols documentation for detailed instructions specific to that vendor.
Ensure that the SIP profile is configured to use TLS over TCP port 5672
targeting specific regionalized GTP's SIP servers (for example,
us.telephony.goog). SIP and SIPREC integration configuration:
- For the use case of connecting to Dialogflow virtual agents, configure SIP integration on the SBC.
- For the use case of Conversational AI Agent Assist or Insights, configure SIPREC integration on the SBC so copies of the media stream are forked to GTP. Note that using SIPREC with certain SBC vendors might be a separate licensed feature that you must purchase and activate.
SIP connectivity test with SIP OPTIONS ping
Perform a SIP OPTIONS ping test from customer SBC to GTP to ensure that your
SBC receives a SIP 200 OK from GTP. If SIP 200 OK is not received, refer to
the SIP troubleshooting section
for more details.
SIP header configuration for Conversational AI conversations
- Set Conversational AI's Conversation ID by configuring the SIP header (
Call-Infoor UUI) during SIP INVITE. - Use the
Call-InfoSIP header. If that is not supported, you can use the User-to-User-Info (UUI) SIP header. Refer to SIP headers for more details. - (Optional) Configure participant roles (
END_USERandHUMAN_AGENT) and media stream order. Refer to the participant roles section for details. - (Optional) To set additional parameters for a given conversation, call the
MatchIntentRequestAPI. Refer to the additional parameters section for details.
Perform test calls
Conduct a test call and check to ensure SIP and media are traversing to GTP SIP
servers (74.125.88.128/25) and RTP media servers (74.125.39.0/24). You
should get a SIP 200 OK response message.
If you receive a SIP 400's error response code it likely indicates that GTP
rejected either the SIP header or SIP media SDP configuration. Refer to the
troubleshooting section
for details. If you receive a SIP 600's error response code, it likely
indicates a quota-related issue.
Review Dialogflow conversation history
This section applies only if you deploy a Dialogflow virtual agent.
If the previous test call resulted in a SIP 200 OK response, check the
Conversational AI Google Cloud project's Dialogflow
conversation history
to make sure new conversations are being logged and include the conversation ID
specified in the call info header.
(Optional) Review Google Cloud Logs Explorer
Check Dialogflow activity in the Conversational AI Google Cloud project's Logs Explorer "incoming_call" log.
Use the following query to review Dialogflow's incoming call activities, then click "Run query":
logName="projects/$PROJECT_ID/logs/dialogflow.googleapis.com%2Fincoming_call$PROJECT_ID= The Google Cloud project ID that you used to configure the telephony integration.Alternatively, you can navigate to the Logs Explorer's All log names drop down box and search for log name
incoming_call. Select it and click Apply.Verify that Dialogflow created a conversation successfully in the Google Cloud project's Logs Explorer (this step only applies if audit logging is enabled for the Dialogflow API). Use the following query to review Dialogflow's conversation creation events from a specific Google Cloud project and conversation profile, then click Run query.
protoPayload.serviceName=~"dialogflow" protoPayload.methodName=~"google.cloud.dialogflow.*.Conversations.CreateConversation" protoPayload.request.conversation.conversationProfile="projects/$PROJECT_ID/locations/global/conversationProfiles/$CONVERSATION_PROFILE_ID"$PROJECT_ID= The Google Cloud project ID defined when you configured the integration.$CONVERSATION_PROFILE_ID= The conversation profile ID you created when you configured the integration.