Network architecture optimisation for CCTV

Mike1983

Mike1983

Mike1983

Associate
Joined
16 Nov 2007
Posts
811
Hello al

I was just hoping to seek some advice regarding an optimum solution for deploying an IP CCTV installation on a network. Basically, I don't want constant IP CCTV recording and streaming traffic affecting other parts of my network.

General criteria below,

* The property has the main house plus 2x separate outbuildings, each with the ability to house additional network switches
* It's no problem for me to introduce additional cables / links between the three buildings so a solution involving a dedicated network is feasible.
* There will be up to 10x 4MP IP cams requiring the ability to constantly record 24/7 to an NVR.
* I intend to use a single NVR mounted in one of the outbuildings as opposed to the main house.
* I need to be able to log on / manage / view the NVR via the main computer and via the internet.

I've been reading about VLANs but the general consensus I gathered was that this wouldn't achieve a great deal in comparison to the below...

I gathered the best option would be to introduce additional switches and dedicated links to completely segragate the traffic from the general network... but if I were to do this, how would I then be able to access the NVR from the main network and internet?

Your help would be greatly appreciated!

Thanks

Mike
 
Hi all

Been doing a little research and I *think* that use of VLANs with a dual NIC CCTV NVR would be an efficient solution.

Please could I ask for informed opinions as to whether or not the below sketch would work as depicted, and if further changes would bring about efficiencies. As you can see, I've tried to articulate some questions in my notes.

Thank you for your time

Mike

 
Have you done the sums on what this extra bandwidth is going to be?

VLANs don't increase the maximum throughput on a link - 1Gbps is 1Gbps across all VLANs. Putting CCTV on a separate VLAN is good for security reasons, but it won't affect your network performance unless for some reason it relies on sending around a lot of broadcast packets.
 
Hello and thank you for the reply

Just to confirm, I intend to provide each VLAN with it's own dedicated 1Gb link to the other switches throughout. In my mind (and please bear in mind I'm still learning all of this) that means VLAN 1 will have 1Gb bandwidth between switches, and VLAN 2 will have it's own dedicated 1Gb bandwidth between switches. I may have misunderstood how VLANs ultimately work but I'd effectively like them to be two individual switches but in a single 1U chassis if that makes sense?

I wish to do the above to keep the heavy constant CCTV traffic away from my general usage network. Where I seem to feel I have an issue though is where I need to access the NVR either using a remote WAN connection (such as my smartphone) or a PC connected to VLAN 1. In my head, in initiating these connections, I've triggered an instance where the CCTV traffic stream will be presented to VLAN 1. Is my reasoning correct? If so, would this mean positioning the NVR at switch 1 be more beneficial so as not to bottleneck connections downstream of Switch 1?

To answer your question, if I've done my sums correctly, I'd be expecting somewhere in the region of a constant 150Mb total bandwidth between my cameras and my NVR for local traffic / recording (recording 24/7 in high def)
Not sure how to model external / remote access as I know you can have a lower quality stream and it would only be infrequent (as opposed to constant) usage.

Another question, you suggested use of VLANs would be more beneficial for security purposes. Could I ask what the architecture for this would look like in my example please and would it be possible for the CCTV VLAN to be accessible from the internet and PCs on the other VLAN?

Thank you for your time
 
Last edited:
So are all your ports configured as access ports on each vlan?

Usually you use trunk/lagg ports to connect switches.

The main difference between an access port and a trunk port is trunk ports can pass more than one vlan access ports are only one vlan (in the most part)

you want to connect your switches with trunk ports, if you are worried about bandwith combine 2 ports into a lagg. Configure the trunk to pass both vlan 1 and 2.

Rather than connecting access ports together like you have drawn let the switches do the vlan sorting.

VLAN_zpshvilzvxz.jpg
 
For the VLAN's you normally have a layer 3 device that routes between the VLAN's. If this is the router you'll need an extra connection for VLAN2 so you can router between the VLAN's.
 
Thanks again for the replies

CraigN - I think on my switches, the trunk / lagg function you mention seems to be referred to as "tagging"? Will research further.

Faxfan - My router is just a domestic off the shelf item (not commercial grade). Could I do what you are suggesting with this? In my head, the spare outputs on the router would be dishing out DHCP addresses that are the same as on VLAN 1 and would effectively be acting as another switch on VLAN 1?

Or are you suggesting I'd need another router with the LAN side on VLAN 2 and WAN side on VLAN 1?

Lude1962 - Online calculator link below. Calcs based on H.264, 80kB frame, 10x cams @ 5 Meg Pixel (will actually be 4 Meg) and 25fps

http://www.stardot.com/bandwidth-and-storage-calculator
 
Last edited:
I think you are massively over complications things, just a normal network with everything plugged into a cheap GB switch will be fine... Switch only sends data out of the ports it needs to not all of them..
 
edscdk said:
I think you are massively over complications things, just a normal network with everything plugged into a cheap GB switch will be fine... Switch only sends data out of the ports it needs to not all of them..
Click to expand...

I know that a simple setup like that will work, and that is how I currently have my 2x old cameras (1MP) cams running. The question I have though is how to set up a load more heavier bandwidth cams in the most efficient manner possible. Each switch area will have heavy bandwidth general devices connected so my goal is to offload the CCTV onto a separate network but still have the ability to manage the NVR from the main network / remotely from the WAN (hence the dual NIC NVR)
 
I think you're overthinking this, 10x 4MP cameras aren't going to tax your network. Your biggest issue is by far going to be storing 150Mbps of 24x7 streaming video - you're at over 1.5TB a day.

Set your cameras to only record when motion is detected, it's hugely wasteful to do anything else.
 
wesley said:
way over complicated for a house CCTV system

just get a simple 24port gigabit and plug everything in. dont bother with VLAN.
Click to expand...

Often fun to over do things and learn though. Maybe he wants the extra challenge. As said above, I think storage is going to be a problem if you plan on recording 24/7.
 
Depending on the NVR (e.g. Samsung SRN-873S which I have in front of me at work now), some have dedicated PoE ports to plug cameras straight in - avoids the bandwidth issue, whilst still allowing you to run some of your cameras over a main network (e.g. in areas that can't be recabled)
 
If there's no issue running additional ethernet, couldn't you have two entirely separate physical networks with the (dual NIC) NVR sitting between them?
That way neither network affects the other and you'll have access to the CCTV via the 'home'/other network and internet.
 
edscdk said:
I think you are massively over complications things, just a normal network with everything plugged into a cheap GB switch will be fine... Switch only sends data out of the ports it needs to not all of them..
Click to expand...

Caged said:
I think you're overthinking this, 10x 4MP cameras aren't going to tax your network. Your biggest issue is by far going to be storing 150Mbps of 24x7 streaming video - you're at over 1.5TB a day.

Set your cameras to only record when motion is detected, it's hugely wasteful to do anything else.
Click to expand...

wesley said:
way over complicated for a house CCTV system

just get a simple 24port gigabit and plug everything in. dont bother with VLAN.
Click to expand...


Got to agree with the above. Looks nice on paper, with pretty colours etc and well drawn. But for a home use CCTV setup I'm not sure why it needs to be so convoluted...?

I would not use motion detection only to record - far too many false positives. When it rains, snows or have flying insects you'll be recording all the time anyway and if you do have any scrotes visiting your property it is good to have time before and then after the event to provide "context" for the police / court etc.
I have two WD purple drives (6TB and 4TB) to loop between them both when recording my 6 IP cameras 24/7. I record just under 40 Mbps for all my 6 cameras - the NVR has a max of 40Mbs capacity.
I do have motion detection tagging done though - then you can search the NVR for VCA events and just play those as needed.

If you use a bitrate calculator it will give you an idea of the storage you will need. Resolution, bit rate - including whether constant or VBR and FPS will all determine on the Mb/s needed. Also remember the NVR will have a maximum number of cameras it will work with, power over Ethernet and record.

I use Netgear GS 100TP to provide POE to each camera - there are other ways of doing that. They in turn connect to my separate home network as well as directly to the NVR via that switch. The NVR also connects to my home network - to give access to monitoring the cams and getting email alerts etc when out.
 
Hang on, this doesn't add up. You've spec'd a 52 port managed gigabit switch for a home environment along with two 100mbit managed switched and a 10 port? First question has to be what aren't you telling us? Your VLAN suggestion makes no sense, if you drop in unmanaged gigabit switches you'd have gigabit speeds between each switch and not 100mbit and why would any home user get in the least bit excited over 15% port utilisation even if that full 150mbit was over a single port?
 
You must log in or register to reply here.
Back
Top Bottom