Microsoft Teams classifies two types of traffic:
- Signaling traffic between Microsoft Team client and Microsoft 365. Most signaling traffic uses the HTTPS-based REST interfaces, though in the telephony scenario it uses SIP protocol between the SBCs and Microsoft 365
- Peer to peer and conferencing real time traffic for audio/video calls and desktop sharing. In general, media traffic is highly latency sensitive, so you would want this traffic to take the shortest and best path possible.
To ensure optimal traffic path, the packets must be allowed to flow in both direction between the internal network segments for the peer-to-peer call as well as between the network sites and Microsoft 365 for eternal calls and conferences. If the optimal path can’t be used because of a network issue will lead to a degraded experience pr a dropped call.
1. Bandwidth allocation
For the bandwidth calculations and assessing your network requirements across your organization’s physical locations, check out the Network Planner tool, you can find this helpful tool in the Teams admin center. The Network Planner will calculate your network requirements for deploying Teams and cloud voice across your organization’s physical locations.
2. External DNS resolution
Make sure that at all computers running the Teams client and the session border controllers (SBCs) can resolve external DNS queries using a DNS server in the same country.
3. Shortest way from Teams client to Microsoft
Implement the most efficient routing to Microsoft data centers by configuring your network devices to:
- Identify Microsoft 365 network traffic (using the destination IP addresses and FQDNs).
- If possible, allow local branch egress of Microsoft 365 network traffic to the internet from each location where users connect to Microsoft 365.
- Allow Microsoft 365 traffic to bypass proxies and packet inspection devices.
4. Check your firewall configuration
Make sure your firewall is configured to allow the traffic from the internal clients to Microsoft Teams IP addresses and FQDN through the listed protocols and ports, the most important rule is the firewall rule with the ID number 11.
Microsoft 365 URLs and IP address ranges – Microsoft 365 Enterprise | Microsoft Docs
| If your environment has an Intrusion Detection or Prevention System (IDS/IPS) deployed for an extra layer of security for outbound connections, be sure to allow all Microsoft 365 or Microsoft 365 URLs. |
5. Using VPN? Configure Split-Tunnel
VPNs are typically not designed or configured to support real-time media, and some VPNs might not support UDP (which is required for Real Time traffic). With VPN split tunneling you can route all Teams traffic through internet directly to Microsoft 365 and not through the VPN tunnel, it will also reduce load from the VPN devices and the organization’s network.
6. Implement QoS
VoIP is susceptible to packet loss, delay, jitter, resulting in echoes, lag, and dropped calls. By default, routers handle data packets following a First In First Out (FIFO) order, use Quality of Service (QoS) to prioritize the voice traffic in all segments of a managed network
7. Use LAN not Wi-Fi
I know most users will not do it, but the congestion and error correction problem can be solved by plugging in a cable, your packets travel uninterrupted to your switch\router, and then to the other site or out over the internet. Try to use LAN whenever you can in your organization or in home office.
8. Optimize Wi-Fi
I know I have said try to avoid Wi-Fi, but you can’t use LAN in all scenarios, so if you are using Wi-Fi try to
- Use 5 GHz range instead of 2.4 GHz.
- Implement QoS or Wi-Fi Multimedia (WMM).
- Consult your Wi-Fi vendor for specific guidance regarding real time traffic.
9. Use Teams certified devices.
End points have a great impact on the overall audio and video quality of a Teams call, make sure you are using a certified headset, webcams, and IP phones.
Wael Schakaki
Architect