← cd ~/blog
~/blog/teams-direct-routing-without-sbc-hardware.md

Microsoft Teams Direct Routing Without the Hardware SBC

Microsoft Teams Direct Routing Without the Hardware SBC

tsbc is a containerised Teams Direct Routing SBC using Kamailio and RTPEngine — SIP/UDP PBX to Microsoft Teams via Docker, without hardware appliances.

If your company runs Microsoft Teams and you want to use your own SIP trunk instead of paying for Microsoft Calling Plans, you need Direct Routing — and Direct Routing requires a Session Border Controller.

The problem? Hardware SBCs from vendors like AudioCodes, Ribbon, or Oracle are expensive, need dedicated rack space, and introduce yet another appliance to patch and manage. For small-to-medium deployments, the cost-to-complexity ratio is hard to justify.

Enter tsbc — a fully containerised Session Border Controller that bridges any SIP/UDP-based PBX or SIP trunk directly into Microsoft Teams Direct Routing. No hardware. No appliance licence. Just Docker.

What tsbc Does

tsbc orchestrates three battle-tested open-source components into a single deployable stack:

Together they cover the full SBC function: signalling normalisation, codec negotiation, NAT traversal, and TLS termination — without a single line of proprietary firmware.

Why Bother With a Software SBC?

Traditional SBC hardware solves real problems: media relay, SIP normalisation between carrier and Microsoft, TLS enforcement. Software solutions like tsbc solve exactly the same problems at a fraction of the cost:

Quick Deployment

The simplest deployment needs just a public-facing Linux host with ports 5060/5061 (SIP) and the RTP media port range open.

Clone the repository and copy the example config:

git clone https://github.com/ZeljkoBenovic/tsbc
cd tsbc
cp .env.example .env

Edit .env with your domain, SIP trunk credentials, and Teams tenant details:

DOMAIN=sbc.yourdomain.com
SIP_TRUNK_HOST=sip.yourprovider.com
SIP_TRUNK_PORT=5060
TEAMS_TENANT=yourtenant.onmicrosoft.com
[email protected]

Bring the stack up:

docker compose up -d

Certbot handles the initial TLS certificate request automatically. Once DNS propagates and the certificate is issued, Kamailio starts accepting connections from the Teams infrastructure.

Configuring Teams Direct Routing

On the Microsoft 365 side, register your SBC domain in the Teams admin centre and add a voice route pointing at it:

# Register the SBC
New-CsOnlinePSTNGateway -Fqdn sbc.yourdomain.com -SipSignalingPort 5061 -Enabled $true

# Create a voice route
New-CsOnlineVoiceRoute -Name "PSTN-Route" -NumberPattern "^\+[1-9]\d{6,14}$" `
  -OnlinePstnGatewayList sbc.yourdomain.com

Assign the routing policy to a user and make a test call. The first ring confirms the full SIP-to-Teams path is working.

Production Considerations

For production deployments, a few additional steps are worth taking:

Media port range: Configure RTPEngine to use a predictable UDP range (e.g. 20000–30000) and open that range in your firewall. Teams sends media directly to RTPEngine, bypassing Kamailio entirely once the call is established.

High availability: Place two tsbc instances behind a load balancer or DNS failover. Since RTPEngine carries media state, active-active HA requires shared state — for most SME deployments, active-passive is sufficient.

Monitoring: Kamailio exposes XMLRPC metrics; RTPEngine has a JSON control socket. Both integrate cleanly with Prometheus via community exporters.

Conclusion

tsbc makes Teams Direct Routing accessible without the appliance tax. If you already manage Linux hosts and have Docker available, you have everything you need to run a compliant, production-grade SBC.

Deploy tsbc from GitHub and run Teams Direct Routing without the hardware.

← prev
Kubernetes Storage Operations Made Easy with kmon
next →
Monitoring Veeam B&R with Govein
$ esc
cd ~/ home get blog all posts get projects open-source workloads describe engineer resource spec crash pod CrashLoopBackOff demo get post/easy-mikrotik-backup Mikrotik Backups Made Easy get post/ec2-fleet-commands-without-ssh EC2 Fleet Command Execution Without Opening SSH get post/evm-chain-performance-testing-with-tpser EVM Chain Performance Testing with tpser get post/kubernetes-pvc-snapshot-management-with-kmon Kubernetes Storage Operations Made Easy with kmon get post/teams-direct-routing-without-sbc-hardware Microsoft Teams Direct Routing Without the Hardware SBC get post/veeam-backup-grafana-dashboard Monitoring Veeam B&R with Govein get post/vmware-vcenter-vm-inventory-export-to-excel Exporting VMware vCenter VM Inventory to Excel open job/gombak Go-based automation service for MikroTik router backup management — supports single-device and fleet-wide discovery via L2TP, SSH-based access, configurable retention policies, and system service integration for scheduled unattended backups. open deploy/tsbc Containerised Session Border Controller that bridges SIP/UDP-based PBX systems with Microsoft Teams Direct Routing — orchestrates Kamailio, RTPEngine, and LetsEncrypt TLS to handle signalling and media translation without dedicated SBC hardware. open cronjob/aws-commander CLI tool for fleet-wide remote execution on EC2 instances via AWS SSM Run Command — supports ad-hoc shell commands, script files, and Ansible playbooks, targeting instances by ID or tag without requiring inbound SSH access or open security group rules. open exporter/govein Metrics exporter that queries Veeam Backup & Replication 12+ via its REST API and ships structured job telemetry to InfluxDB 2.0 — ships with a Grafana dashboard template and supports standalone binary, Docker Compose, and Kubernetes Helm deployment. open tool/tpser EVM chain performance testing toolkit with two operating modes — a block-range analyser for historical TPS and gas utilisation reporting, and a sustained load generator for stress-testing nodes at configurable transaction rates over extended durations. open cli/vmex CLI utility that queries VMware vCenter via the vSphere API and exports filtered VM inventory data to formatted Excel workbooks — addressing the limitations of vCenter's native CSV-only export for operational reporting and auditing workflows. open cli/kmon Kubernetes administrative CLI and k9s plugin that automates common storage operations — spins up debug pods from live PVCs, restores volumes from VolumeSnapshots, and generates on-demand or CronJob-scheduled snapshots with configurable snapshot class support.