Anda di halaman 1dari 14

Allied Telesis Advanced Solutions for

IP Video Surveillance
Solutions | Video Surveillance
8600
8000S
8000S
x900
8600/POE
8000S/POE
PC2002/POE
6102G
Non PoE
Camera
Servers
Clients
Core
Access
C
A
M
E
R
A
C
A
M
E
R
A
C
A
M
E
R
A
C
A
M
E
R
A
C
A
M
E
R
A
C
A
M
E
R
A
C
A
M
E
R
A
2 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
Solutions | Video Surveillance
Introduction
This document provides some reference designs for Allied Telesis
based network solutions that support IP video surveillance. A
variety of scenarios are considered encompassing smaller single
switch installations, through to large distributed systems. The smaller
installations are based on Layer 2 switching technology, while the
larger scenarios include options for a Layer 3 routed environment.
The pure Layer 2 approach is preferable in small to medium
installations, due to simplified network configuration and
maintenance. It does not require a complex multicast architecture
involving multicast routing protocols. However in larger systems, it
is likely that the video data will be transported in an environment
divided into separate IP subnets, in order to enable scalability and
provide a network that is both robust and easily managed.
IPTV surveillance systems generally involve a number of devices - IP
cameras, servers, and clients - and involve multicast technology to
deliver video streams to every intended recipient. In this document
we assume the following:
IP cameras are devices capable of recording video and sending Q
it across the IP network using unicast or multicast packets, to a
destination host or multicast group.
Servers are devices capable of implementing different value Q
added services to the security surveillance solution including
recording, live view, camera control, and provisioning.
Clients are devices (in general, desktop computers) capable of Q
accessing services made available from the servers. For instance,
specific camera feeds or a section of archived video footage.
Generally the live video feed is transmitted via unicast between Q
cameras and servers, and multicast between servers and clients.
IP Multicast
IP multicast is a technology that provides one host with the ability
to send a data stream to a group of hosts (recipients) in the same
way it would send a packet to an individual host. This saves network
bandwidth and computing resources on the multicast source. An
IP multicast network makes use of different protocols depending
on the complexity and on the services required, but a fundamental
component of any multicast architecture is the IGMP protocol
(Internet Group Management Protocol). IGMP manages the
membership of multicast groups, and is used in conjunction with a
multicast routing protocol in larger distributed Layer 3 networks.
The following terms will be used as we examine several surveillance
solutions:
Multicast or Multicast Stream: a flow of information (usually Q
video or audio) that is sent from one source to many
destination clients.
Group: Q a multicast stream that clients can join. Groups have IP
addresses in the 224.0.0.0 - 239.255.255.255 range, which is
reserved specifically for multicast traffic.
Group Member: Q a client that belongs to a particular multicast
group.
IGMP Querier or Designated Router: Q a device in a
subnetwork that is the coordinator for all multicast streams
and IGMP membership information. Each subnetwork has only
one active Querier. The Querier generates membership query
messages to check which clients are group members, and
processes membership reports and leave messages.
IGMP Snooper: Q a device that listens to IGMP messages to
create flow efficiencies by ensuring that multicast data streams
are only sent to interested ports. The device can decide on the
best path to send multicast packets at Layer 2, but it cannot
significantly alter those packets or generate its own IGMP
messages.
Multicast Router: Q a device that is able to transfer a multicast
stream from one VLAN into one or more other VLANs, and
participate in a Layer 3 multicast tree.
Video Surveillance is an integral part of modern security
systems, found in premises ranging from airports to shopping
malls, corporate buildings to train stations. It proves a
great deterrent to malicious behavior and an excellent
tool in solving the mystery of past misdemeanors.
In this digital world, security has also embraced the advantages
of instant access to images stored and retrieved on computers.
Allied Telesis has an excellent portfolio of products, and a
suite of features, that can enhance the ability to securely and
reliably transport security video footage across an IP network.
NETWORK RESILIENCY SOLUTIONS


|
VCStack + Link aggregation
3 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
Scenario A Small solution with a single
switch
Introduction
In a security camera installation with a limited number of cameras, a
single switch solution can be ideal. In such a case, it is important that
the chosen switch supports the following features:
Power over Ethernet (PoE) Q
IGMP snooping Q
IGMP querying Q
IGMP filtering (optional) Q
Reference solution
Depending on the number of ports and bandwidth required, a
switch from the AT-8000S/AT-8000GS family is the ideal candidate
for an inexpensive and well featured solution, as shown in figure 1.
Benefits and limitations
The AT-8000 switch in this scenario connects all devices in the
system:

IP Cameras: the AT-8000 switch provides Power over Ethernet Q
(PoE) if required and can implement access security (IEEE
802.1x or MAC-based authentication).
Servers: the AT-8000 switch connects directly to the servers, Q
optionally with Gigabit ports. The servers are sources of
multicast traffic as well as destinations of unicast feeds from
the cameras. The AT-8000 implements IGMP querying to
intelligently forward multicast packets only to hosts that have
requested it.
Clients: the AT-8000 switch sends IGMP queries to maintain Q
client membership of IGMP groups and consequently deliver
traffic efficiently. Clients are interested in receiving a number of
multicast streams.
8000S
Cameras
Clients
Servers
8000S/POE
1 Gigabit link
10/100 link
C
A
M
ER
A
C
A
M
ER
A
Figure 1: Single switch solution - Scenario A
4 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
Solutions | Video Surveillance
This is a complete solution for a small installation. The only
drawback being that there is a single point of failure and the switch
lacks power-supply redundancy.
Alternative products and accessories
Other Allied Telesis switches available to build a network with similar
features include the AT-9400/POE and AT-8600POE series.
In some installation when few PoE ports are needed or when the
IP cameras are connected over a longer distance using fiber, PoE
injectors and, PoE media converters, can be used to design a cost
effective solution. Examples of these products are: AT-6101G (PoE
Injector), AT-PC2002/POE and, AT-PC232/POE. (Fiber to PoE Media
Converters.).
Furthermore, Allied Telesis PoE product line helps even if the
selected video cameras do not support PoE. A small, attractive and
convenient AT-6102G PoE splitter directly connected to the camera
will take power from the standard PoE line and supply the camera
with a user selectable voltage between 5 and 12 V.
Solution summary
Item Value
Solution requirements Single box solution, no failover,
inexpensive, easy to manage
Solution proposed AT-8000S/POE
Key features IGMP snooping, IGMP querying, PoE
Alternative products AT-9400/POE series, AT-8600POE series
NETWORK RESILIENCY SOLUTIONS


|
VCStack + Link aggregation
5 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
Scenario B Small solution with a single
switch requiring high availability
Introduction
This example is similar to Scenario A, but with the additional
requirement of redundancy to ensure network and services reliability.
Therefore this solution uses a switch with a redundant power supply.
Reference solution
Figure 2 shows a possible solution using an AT-9900 series switch.
Benefits and limitations
The AT-9900 series are fully-featured Layer 3+ Gigabit switches
with extensive Quality of Service (QoS) support and a complete
multicast implementation. As the AT-9900 series does not include a
PoE option, cameras requiring power through the Ethernet cabling
could be powered by the inexpensive AT-6100 series PoE injectors.
Since this is a single switch installation it is possible that IP cameras
are located to a great distance from the switch room. ATI media
converters with PoE support (like AT-PC232/POE) can be used to
connect and power IP cameras at the far end of a fiber run.
A possible variation would be to use a pair of stacked x900
switches using Allied Telesis VCStack technology. This will ensure a
high-availability system and remove the single point of failure.
Servers can use two NICs bonded together into a Link Aggregation
Group (LAG), with one link connected to each of the x900 switches
in the stack. Typically, peripheral equipment like IP cameras and client
PCs lack resilient link capability so will not be able to capitalize on
the resilience offered by the virtual switch core. This solution will,
however, ensure maximum uptime of the core network services.
Moreover, the failure of one stack member will affect only half of the
video recording and viewing equipment.
Solution summary
Item Value
Solution requirements Single box solution, PSU failover, easy
manageable, advanced security and QoS
feature, few PoE ports
Solution proposed AT-9900
Key features IGMP snooping, IGMP querying, dual PSU,
advanced security and QoS, Layer 3+
Alternative products SwitchBlade x908, x900 series, x600
series
Accessory products AT-PC232/POE, AT-6101G, AT-FS202
Alternative products
SwitchBlade x908, x900 and x600 series.
8000S
1 Gigabit Copper link
10/100 Copper link
100 mbps Fibre link
Servers
9900
Clients
Cameras
Cameras
FS202
6101G
PC232/POE
C
A
M
ER
A
C
A
M
ER
A
Figure 2: Single switch solution with power redundancy - Scenario B
6 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
Solutions | Video Surveillance
Scenario C Medium-sized solution
Introduction
This scenario considers a medium-sized solution, with cameras
installed in different buildings. From the network point of view
we have a distributed installation, with one or more switches
per location connected together. Important considerations in the
network design are resiliency and failover capabilities.
In this scenario we assume that:
The network has to offer link redundancy Q
Failover recovery time is not critical and up to few 10s of Q
seconds network recovery time is considered acceptable
Reference solution
Figure 3 shows a medium-sized solution.
In a distributed environment like this, we can divide the network
into core and access layers. The overall network topology between
the core and access switches is a ring with link failover capability
using Rapid Spanning-Tree Protocol (RSTP).
The access switches connect to the IP cameras, and need to provide
PoE power as required. Other requirements of these switches
include IGMP snooping for intelligent forwarding of multicast
traffic, IGMP filtering in case additional control of IGMP signaling
is required, and RSTP to add link/node failure tolerance to the
network. The access switches are connected to each other and the
two core switches using a ring topology.
The core switches provide connectivity to servers and client PCs.
They receive the IP camera video feeds from the access switches
and forward this traffic to the servers. In turn, they receive multicast
traffic from the servers and deliver it to interested clients.
Link aggregation
1 Gigabit link
10/100 link
RSTP
9900
Servers
Core
Access
Clients
Clients
8000S/POE
8000S/POE
8000S/POE
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
Figure 3 Medium size multi-site solution using RSTP - Scenario C
NETWORK RESILIENCY SOLUTIONS


|
VCStack + Link aggregation
7 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
The core switches must provide enough bandwidth for this high
traffic volume, IGMP snooping and querying capability, and support
RSTP.
Recommended switches for this solution are:
Access: AT-8000S/POE series Q
Core: AT-9900 or x900 series Q
Benefits and limitations
This solution offers a good level of reliability, as the core switches
can be equipped with a secondary power supply. Link redundancy
is provided by means RSTP. A link or node failure can result in the
following:
Link failure: Q RSTP will recalculate the network topology to
re-establish connectivity with all the nodes in the network.
Depending on the location of the break, traffic flow could be
restored in under a second, using the RSTP rapid-transition
mechanism. At most, RSTP will restore connectivity in 5-15
seconds, as all the links are point-to-point.
In this solution, it is not only necessary to restore connectivity,
but also to re-establish correct multicast forwarding through the
switches. This requires the IGMP querier to induce a refreshing
of the switches IGMP forwarding entries. Using Allied Telesis
IGMP query solicitation (SwitchBlade x908, x900 and AT-9900
series) the multicast path can be re-established within a second
or two after RSTP re-convergence. This feature allows the
switch to force an immediate general query when an RSTP
topology change is detected.
Node Failure: Q Access node failure will result in all the cameras
connected to that node being unavailable. As described above,
connectivity of the rest of the cameras to the servers is quickly
restored.
Core switch failure does not result in lost server connectivity,
as link aggregation via teamed NICs provides connection to
both core switches. If client devices are not employing NIC
teaming, then clients connected to the failed core switch will
be unavailable. After RSTP re-convergence and IGMP signaling
update, all the camera feeds will be available.
In a LAN segment only one IGMP querier can be active at any
given time. To ensure recovery of IGMP querying on the LAN
in the case of the active querier core switch failing, the second
core switch must also be configured as an IGMP querier. When
the active querier goes down, the other core switch will take
over, although not until it is realized that the active querier is no
longer available.
Alternative products and accessories
Other Allied Telesis switches available to build a network with similar
features are:
Core switches: SwitchBlade x908, x900 and x600 series. Q
Access switches: AT-9400/POE and AT-8600POE Q
In a medium size network legacy switches can be reused even if
they do not have PoE support with the option of an inexpensive
Allied Telesis PoE injector (AT-6101G).
Media Converters with PoE support can also be used for
connecting IP cameras over a long reach fiber strand.
Solution summary
Item Value
Solution requirements Distributed multi-site solution, link failover
(but no high service availability), easy to
manage, PoE
Solution proposed Core: AT-9900
Access: AT-8000S/PoE
Key features ICore: IGMP query, IGMP snooping, RSTP,
query solicitation, QoS, security, dual PSU.
Access: IGMP snooping, RSTP, PoE
Alternative products Core: SwitchBlade x908, x900, x600
series
Access: AT-9400/POE, AT-8600POE
8 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
Solutions | Video Surveillance
Scenario D Medium-sized solution with high
availability
Introduction
This solution is similar to the previous one, with the exception
being that no service downtime is allowed. As we have seen in the
previous case, once a link or a node failure happens, the network
could be unavailable for some 10s of seconds due to RSTP
re-convergence, and multicast path re-establishment. If this is not
acceptable a different approach is needed. The Allied Telesis virtual
chassis stacking solution (VCStack) together with link aggregation
(LAG) can be used when high availability is required.
Reference solution
Figure 4 shows a medium sized VCStack solution offering high
availability.
VCStack is a technology that enables two or more switches to
operate as a single virtual chassis. The benefit of this approach is
that we can have a simpler network topology and configuration as
well as being able to use network bandwidth more efficiently, and
achieve high availability.
Two x900 switches form the virtual network core. Each access
switch is connected to the core switches with two aggregated links,
one to each member of the stack. Using LAGs is made possible
because the two core switches are a single virtual chassis. With such
a topology we have a loop-free network with link and core switch
redundancy. Application servers (and optionally clients) can be
equipped with two or more NICs and use NIC bonding to provide
resilient connections to the core.
Benefits and limitations
A clear benefit of this configuration is that we have no single point
of failure in the critical part of the network and we have no service
downtime in case of link failure.
8600
8000S
8000S
x900
8600/POE
8000S/POE
PC2002/POE
6102G
Non PoE
Camera
Servers
Clients
Core
Access
1 Gigabit Copper link
10/100 Copper link
Gigabit Fibre link
DC Power
Link aggregation
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
Figure 4 High availability solution using VCStack and Link Aggregation - Scenario D
NETWORK RESILIENCY SOLUTIONS


|
VCStack + Link aggregation
9 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
Lets consider the possible failure events:
Link failure: There is no service downtime, as all links are Q
members of a LAG group. The switches will use the remaining
link in the LAG group and continue forwarding traffic. The only
exception is a link failure on an IP camera link which will, of
course, cause the camera to be unreachable.
Access switch failure: All cameras connected to that switch Q
will be unreachable. But the failure will have no impact on
other switches in the access network. In this case no network
topology recalculation is needed and the rest of the network
will continue to work completely uninterrupted.
Core switch failure: This is more critical, but also more unlikely Q
to happen, as the most likely hardware failure in a switch is the
PSU (and the core switches contain redundant load-sharing
PSUs). If the VCStack master switch fails, the second member
node needs to transition to the master state. This requires
the backup member switch to initiate a number of processes
that only run on the master, taking around 30 seconds. If
the secondary VCStack switch fails there is no impact in the
network. The master switch is connected to every other device
and will continue to forward all the traffic with no service
interruption.
Future VCStack software updates will require significantly
less processing to transition the backup member to
master, resulting in nearly no service interruption in the
unlikely event of a master switch failure.
Alternative products and accessories
The alternative products that support VCStack are the SwitchBlade
x908 and the x600 series.In a medium size network legacy switches
can be reused even if they do not have PoE support with the
option of an inexpensive Allied Telesis PoE injector (AT-6101G).
Media Converters with PoE support can also be used to connect ip
cameras over a long reach fiber strand.
Solution summary
Item Value
Solution requirements Distributed multi-site solution, link
failover (with high service availability),
easy manageable, PoE
Solution proposed Core: x900 series
Access: AT-8000S/POE, AT-8600/POE
Key features Core: IGMP query, IGMP snooping,
VCStack+LAG, QoS, security, dual PSU.
Access: IGMP snooping, LAG, PoE
Alternative products Core: SwitchBlade x908, x600 series
Access: AT-9400/POE
Accessory products AT-PC2002/POE, AT-6102G
10 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
Solutions | Video Surveillance
Scenario E Large scale distributed network
Introduction
In a large campus network, or metro-area network, the video
surveillance system is typically overlaid on an infrastructure that has
been designed to carry multiple applications and services. Such a
network, supporting a significant number of end-users, needs to be
very reliable, manageable, and scalable.
These requirements are best met by a network design in which
different services are partitioned into separate VLANs, and
transported over resilient rings that are protected by an extremely
fast failover mechanism.
The Allied Telesis fast-failover ring protection solution is EPSR
(Ethernet Protected Switching Ring). This is an extremely reliable,
high-performance ring protection protocol, which can restore
connectivity within 50ms of a link failure being detected.
Services, like video surveillance, can each be provisioned with one
or more VLANs running over the EPSR rings, with data on Layer 2
or Layer-3 switched between the rings and the central-site server
facility.
A reliable, scalable design is achieved by subtending multiple rings
off a SwitchBlade x908 VCStack that provides the gateway between
the rings and the central site. For ease of management, control and
troubleshooting, a different video-surveillance VLAN runs in each
ring, and the x908 VCStack Layer 3 switches the video streams from
the rings to the server and client devices at the central site.
Reference solution
Figure 5 shows a large scale distributed solution based on EPSR.
Benefits
This network design is very scalable, potentially providing extremely
reliable network services to thousands of end users, and hundreds
of surveillance cameras.
When multiple services share the same network infrastructure, it is
necessary to ensure that each experiences the Quality of Service
that is expected, ensuring timely delivery of traffic and access to
applications when required. Bandwidth usage must be controlled, so
that no one service can starve the others of bandwidth. Moreover,
for loss and jitter-sensitive applications like video, it is extremely
important to be able to deliver the data streams in a smooth,
lossless fashion.
The Allied Telesis SwitchBlade x908 and x900 series switches
have an extremely feature-rich Quality of Service offering that can
manage the characteristics of over 1000 separate data streams
simultaneously, thereby making them ideal for the provisioning of
shared-service networks involving real-time applications.
A link failure in any ring will result in EPSR recovering in as little as
50 milli-seconds, usually quite undetected, even by users of real-
time services like video or voice. Also, a failure of a unit within the
SwitchBlade x908 VCStack will be automatically recovered with very
little disruption.
Solution summary
Item Value
Solution requirements Large, distributed multi-service network,
requiring extremely high availability and
performance
Solution proposed EPSR ring: SwitchBlade x908, x900 series
Access: AT-8000S/POE
Key features Core: EPSR, VCStack, QoS, IGMP query,
IGMP snooping, Multicast routing,
security, dual PSU
Access: IGMP snooping, PoE
Alternative products Access: AT-9400/POE, AT-8600POE
NETWORK RESILIENCY SOLUTIONS


|
VCStack + Link aggregation
11 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
10 Gigabit link
1 Gigabit link
10/100 link
C
A
M
ER
A
C
A
M
ER
A
8000S/POE
x900-24XT
SwitchBlade x908
x900-24XT
8000S/POE
8000S/POE
SwitchBlade x908
Servers
x900-24XT
8000S/POE
8000S/POE
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
C
A
M
ER
A
Figure 5 Large scale distributed solution using EPSR - Scenario E
12 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
Solutions | Video Surveillance
Products
The following Allied Telesis advanced switching products are
highlighted in this IP Video Surveillance solution.
SwitchBlade

x908
Advanced Layer 3 modular switch
x900-12X and 24X Series
Advanced Gigabit Layer 3+ expandable switches
x600 Series
Intelligent Gigabit Layer 3+ switches
AT-9900 Series
Multilayer IPv4 and IPv6 Gigabit switches
9400 Series
Gigabit Ethernet Layer 3 switches
AT-8000GS Series
Managed stackable Gigabit Ethernet edge switches
AT-8600 Series
Layer 3 Fast Ethernet switches
AT-8000S Series
Managed Fast Ethernet switches
AT-6101G
IEEE 802.3af single port Gigabit Ethernet PoE injector
AT-6102G
Universal multi-voltage Gigabit Ethernet PoE splitter
AT-PC232/PoE
2 port Fast Ethernet speed/media converting switch with Power
over Ethernet
AT-PC2002/PoE
2 Port Gigabit Speed/Media Converting Switch with PoE
AT-FS202
2 port Fast Ethernet speed/media converter
More information on these products is available from our web site.
Summary
Weve examined a number of solutions that can meet the video surveillance needs of businesses of all sizes. The multiple benefits of
using an IP network provide easily managed, highly reliable access to security data at any time.
Many businesses requiring security - many choices with Allied Telesis.
NETWORK RESILIENCY SOLUTIONS


|
VCStack + Link aggregation
13 | Allied Telesis Solutions: Video Surveillance www.alliedtelesis.com
About Allied Telesis Inc.
Allied Telesis is a world class leader in delivering IP/Ethernet
network solutions to the global market place.We create innovative,
standards-based IP networks that seamlessly connect you with voice,
video and data services.
Enterprise customers can build complete end-to-end networking
solutions through a single vendor, with core to edge technologies
ranging from powerful 10 Gigabit Layer 3 switches right through to
media converters.
Allied Telesis also offer a wide range of access, aggregation and
backbone solutions for Service Providers. Our products range from
industry leading media gateways which allow voice, video and data
services to be delivered to the home and business, right through
to high-end chassis-based platforms providing significant network
infrastructure.
Allied Telesis' flexible service and support programs are tailored to
meet a wide range of needs, and are designed to protect your Allied
Telesis investment well into the future.
Visit us online at www.alliedtelesis.com
Other documents you may be interested in:
Solutions: Find out how Allied Telesis products and industry-leading
features create solutions to meet business needs:
www.alliedtelesis.com / Resources / Library / Solutions-Market
www.alliedtelesis.com / Resources / Library / Solutions-Technology
How To notes: Find out how to setup and configure key features on
Allied Telesis advanced switches and routers:
www.alliedtelesis.com / Resources / Library / How to Notes
Case Studies: Find out about other customers using Allied Telesis
superior products and features:
www.alliedtelesis.com / Resources / Library / Case Studies
USA Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895
European Headquarters | Via Motta 24 | 6830 Chiasso | Switzerland | T: +41 91 69769.00 | F: +41 91 69769.11
Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830
www.alliedtelesis.com
2009 Allied Telesis Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners. C618-31013-00 Rev. C_Cam