Skip to main content
CallTower Solutions Center

Skype for Business Private Line

Quick Summary

Skype for Business Private Line provides MPLS connectivity to the hosted Skype for Business platform instead of using the internet. An MPLS local loop to the customer site(s) is used and implements a dedicated VRF/CUG for the traffic for one customer. The private line terminates into a DMZ which exposes all customers to the outside of our hosted platform (vs a more traditional on premise installation where customers would connect to the inside of the network). While the Skype4B traffic is routed over the MPLS connection, the customer must maintain a reliable internet connection as well to support SSL certificate checks and DNS queries.

When is Private Line a good solution for a customer?

  • The customer wishes to benefit from us managing the circuit and their bandwidth
  • The customer wants QOS so audio (and possibly video) traffic is prioritized over other traffic
  • The customer wants their voice traffic to traverse a more reliable path than the internet offers
  • The customer’s existing internet connection is already saturated and provisioning additional bandwidth is undesirable (too difficult, unavailable, or too expensive)
  • The customer has strong technical resources to integrate Private Line into their network

If a customer has Skype4B Private Line, why do they also need an internet connection?

There are two redundancy scenarios:

  • First, what if Skype4B Private LIne itself fails but the customer’s separate internet connection remains up?  In this scenario the customer can configure their routing to prefer the private circuit for connectivity to our IP address range for hosted Skype4B and to use the internet when that connection is unavailable.
  • Second, what if Skype4B Private Line remains up but the customer’s internet connection goes down? This scenario is unsupported. While traffic to our hosted platform will use the private circuit, the telephones need access to the internet to do DNS lookups of external resources and to perform SSL certificate checks. When the internet connection at a customer site goes down, devices already logged into Skype4B will continue to function for a period of time that can’t be guaranteed but new connections will fail.

Should a customer implement a separate VLAN for Skype for Business?

Traditional deployments of phone systems sometimes place telephones on a separate voice-only VLAN for segmentation and Quality of Service. Skype for Business works very differently by combining audio, video, instant messaging, presence, conferencing and screen sharing and spreading these modalities between a computer running the Skype for Business client and sometimes also IP phones. Given this, our recommendation is that customers do not implement a separate VLAN for Skype4B traffic and instead use the existing data VLAN used for existing computers.

When a separate VLAN is used, it must meet the following requirements:

  • Polycom VVX phones are the most common handsets used with Skype4B. These phones work best for users when paired with the Skype4B client running on the associated PC. The pairing is accomplished through the Polycom BTOE (Better Together over Ethernet) software running on the PC and connectivity must exist between the phone and the PC. This requires that full routing is enabled between the voice and data VLANs and that ports are opened between them for BTOE communication (UDP port 2081 and TCP port 2480).
  • The voice VLAN requires connectivity to the internet to support DNS lookups, SSL lookups, and calendar integration with Microsoft Exchange.
  • Though some customers initially intend to deploy only handsets for Skype4B, the product is best when integrated with the client on PCs and we see this happening at customer sites as users see the advantages. As traffic shifts from handsets to PCs, the voice VLAN becomes less useful.

If a customer already has an MPLS network, can we add a CUG/VRF on both sides and use it for Skype for Business Private LIne?

No, this configuration is not supported. Skype for Business Private Line must run over a separate MPLS local loop to our environment that is ordered explicitly for this purpose. Customers who prefer to use hosted Skype4B without significant changes to their existing network are encouraged to use the internet.

What are the primary steps to implement Skype for Business Private Line at a customer site?

  • We order a local loop to the site through one of our existing carriers with enough bandwidth to support an average of 500k per user. Skype4B requires significantly more bandwidth than more traditional VOIP platforms that only include voice traffic.
  • We ship a preconfigured router to the customer site that typically sits outside their existing firewall; this requires an available interface on the firewall.
  • The customer configures their firewall to route traffic to our IP range over the private circuit with failover to the internet. For instance, on a Cisco ASA firewall, the customer would implement SLA.
  • The customer NATs all traffic to Skype4B PL (similar to how you would NAT traffic to the internet)
  • If the customer wishes to implement full QoS:
    • Polycom phones are automatically configured by the Skype4B platform to tag their packets with the appropriate DSCP markings.
    • The tagging of traffic from the Skype4B client on Windows computers is implemented by creating and applying a Group Policy Object. For more information, see
    • All network devices at the customer site between the end points and Skype4B PL must be configured to honor/pass the DSCP markings.
  • The customer and our network engineers meet for a turn-up call to bring the circuit online and to confirm that local Skype4B traffic is traversing the private line. At the same time, testing is performed to confirm that failover to the internet is working as expected.