A question that comes up extremely frequently in my travels is whether or not IP video equipment should travel on the same network as other business systems such as E-mail, Internet, etc.
It's funny that after the amount of time security video has been IP-based, people are still asking this question. There is still a large perception out there that plugging an IP camera into a network will cause all kinds of chaos, and prevent the CEO from getting his E-mail.
So what is the answer? Well, the real answer is there isn't one. Not a clear one anyway. I will say that technology is improving to the point where it almost doesn't make a difference anymore. Let's take a look at some of the things to consider when making this crucial decision.
Coexisting on the Same Network
VLANs are created to separate different ports on a switch into different networks. In this illustration, video traffic from cameras on VLAN 2 will flow to the recorders on VLAN 2, and cameras on VLAN 5 will record directly to the array on VLAN 5. The viewing client is a member of both of those VLANs so it can see traffic from either one. The other two computers on VLAN 3 are never bothered by any of the other traffic, provided the switch is fast enough to process it all.
One major point in all this is to clearly define what people mean by sharing the network. Do they mean sharing a physical cable plant? Or do they mean sharing network switches and infrastructure? The lines can get pretty blurry.
As we'll see as we walk through this, it is possible to share a single network switch without the networks interfering with each other, provided the switch has the right capabilities, of course.
Many people out there will strongly recommend completely isolated networks (different switches, cable infrastructure, etc.). While this may be appropriate for some applications where access to the video network must to be tightly controlled, most of the time sharing network infrastructure is perfectly acceptable.
Beating the Bandwidth
Obviously, the most important part of the equation is how much bandwidth a camera will consume. Now, we all know there is a big difference between a standard resolution IP camera and a megapixel camera. The increase in resolution of the megapixel camera generates increased throughput. But that difference is shrinking due to improved encoding formats.
Traditionally, a CIF (640 X 480) IP camera at 30 images per second (ips) using MPEG4 would produce between 2 and 5 megabits per second (Mbps), depending on the manufacturer. With H.264, however, we are now seeing 2-megapixel cameras, at 30ips, producing only 6Mbps! One-megapixel cameras at 30ips are producing data rates of between 2 and 3Mbps. Not much more at all than standard resolution cameras.
An important piece of information to take away from this is that for smaller systems (16 cameras or less), bandwidth utilization isn't really a huge factor. Using the 1-megapixel camera example, you could put a 16-camera system on a switch with only 100MB ports, and not have an issue bandwidth wise.
At the very least, you may want to have a 1,000Mbps (1GB) connection available for your recording server/NVR. And I say this only to be extra cautious and to allow for future growth.
Larger Systems Call for More Care
Systems with 30 or more cameras require some special handling. It's all about the math; but no matter how large the system, each camera only takes up one network port. The problem for large systems occurs when you need to transmit video from a large number of cameras over a backbone port to another switch for viewing or recording. This is where chokepoints usually occur.
Another problem point happens with inexpensive, consumer-grade switches. The backplane, or switching fabric, is the part of the switch that connects all the ports together. This path needs to be able to carry all the packets from all the ports at the fastest speed possible. Sometimes those less expensive switches can't handle all ports at full speed all the time. Look for specifications that talk about "wire speed" or "wire rate." These terms mean that the switch fabric passes packets through as fast as they come in.
Bandwidth utilization and throughput need to be accurately calculated at several points on the network, and as we see with the backplane, even inside the switch itself.
Keeping the Traffic Separated
The most thorough way to separate traffic on a network is with a virtual local area network (VLAN). This essentially groups ports together to form a separate network within the switch itself. Traffic on one VLAN doesn't go near any ports not selected to be on that same VLAN.
An example would be having ports 1-16 of a 24-port switch dedicated to the video system VLAN, and ports 17-24 being computers, E-mail servers, Internet, etc. on the business VLAN. Traffic from either VLAN wouldn't cross into the other, unless it was programmed to do so.
Traffic can also be passed back and forth between the VLANs through routing. In this case, the switch is smart enough to act internally the same way an external router separates physical networks.
The VLAN itself is a Layer 2 (Data Link) layer protocol, so a good number of managed switches can be programmed for VLANs. However, the ability to route traffic between VLANs requires Layer 3 (Network layer) functionality, so a Multilayer switch or external router is needed to pass traffic back and forth between the VLANs (called router-on-a-stick).
Ultimately, keeping video on designated ports and the boss' E-mail on its own makes for a pleasant network sharing experience.