Jump to content

Networking now proofing


Recommended Posts

I have a router with 4 gigabit ports. Its a buffalo running DDwrt. If i use that as a basis for the cctv network connected to the gigaclear fibre unit then i should get the network separation and a firewall as well as some control through DDWRT.

 

Link to comment
Share on other sites

9 minutes ago, dogman said:

I have a router with 4 gigabit ports. Its a buffalo running DDwrt. If i use that as a basis for the cctv network connected to the gigaclear fibre unit then i should get the network separation and a firewall as well as some control through DDWRT.

 

 

The key thing is to make sure that whatever is consuming the camera traffic (an NVR or pc usually) is receiving it via the seperate network. If it all goes into a single central point then that will be the bottleneck.

 

If you have 16 IP cameras they will probably cruise at 30-50 mbps with peaks of 100mbps (depending on the setup). This isn't a problem for a gigabit network - but if there is a bottleneck point then anytime something else high bandwidth is happening (a file transfer say) then the network can be swamped and performance will be bad.

Edited by reddal
Link to comment
Share on other sites

My hybrid dvr can manage an ip input of 80 mbps from ip cameras and 16 analogue channels at  WD1. It has a gigabit network card. I will need to lower the resolution of some of the cameras on the ip side.  it can run 32 if needed, 

 

Will look at all the advice given tomorrow and draw up a plan for everyone to see

Link to comment
Share on other sites

I decided to have a network point for every device e.g. mvhr, washer, dishwasher, TV, hifi, security camera etc plus a couple in each room and door bells etc. Soon breached 24. 

 

Anyone recommend a patch panel as I can't find a low power consumption switch that supports more than 24 ports. The TP-Link switches 24 and below are sub 4watts so ideal for me.

IMG_20170613_070529.jpg

Link to comment
Share on other sites

Late to the discussion so to summarise:

PoE (concerns), there are a many proprietary standards but 2 international ones:

802.3af (standard POE) good for about 13W
802.3at (POE+) good for 25W

.at is backwards compatible with .af so if you have an POE+ (.at) switch it will power both types of devices.  25W is more than enough for most devices you want to power.

Another issue will be the power the switch itself can push out, as 24 port PoE+ switch with 250W power and only push out full power on 10 ports (or less across more), so depending on what you are powering, you may have to buy the 500w version.  This will be bigger and run hotter with noisier fans, so there some work to be done.  You need to know how many of what devices you intend to run of which switches and work out your power consumption, ip cameras, AP’s, etc.

Providing the equipment is up to standard you can run 100m of catx cable, that is end to end, so you usually work on 90m of structured cable (solid core socket to patch panel) the 10m worth of patch cables divided across the two ends (these can be stranded).

 

As for network setup, if you have Gigabit switches you shouldn’t have issues but it may be worth physically separating the 16 cameras from the rest of the network.  I would provide a 24 port switch for the cameras, you will need at least 18, (16 cameras, NVR and connection to the other switch, 6 spare) and locate this in the optimal position for the cameras.  If the cameras need 15w each that is 240w just for cameras so possibly a 500w POE+ switch just for this.

 

As for the house, don’t underestimate the number of ports you will need, (I am putting in 72).  Put them in in pairs for redundancy, and you entertainment centre will require 4 minimum, (TV, SAT/Cable box, Blu-Ray player, Game console), internal AP (Access Points (Wi-Fi stations)), internal cctv?, home automation (MVHR, Heating, blinds,…….)  You can also use it for the phone points so no internal BT cable, everything goes over the structured cabling (you just use adaptors at the phone end, and patch together all the sockets used for phone).

If you have switches with fibre trunk ports, this is the best way to connect them together, but you can use copper, just make sure it is good quality.

Link to comment
Share on other sites

As aside about IP cameras, the bit rate seems to vary a lot between different types.  I have a humble 25 fps 720p IP camera that streams at about 4 Mb/s, which is silly, as that's as much bandwidth as a 1080P camera at 50 fps should use, with decent compression.  It's hard to tell from the specification of a lot of these cameras just how good the compression is, and what the real bit rate is.  It doesn't take many cameras streaming at 4 Mb/s to start eating up LAN bandwidth, and it's one reason why I'm looking to run IP cameras on a separate LAN from the rest of the stuff in the house.

Edited by JSHarris
Link to comment
Share on other sites

Guest Alphonsox
1 hour ago, readiescards said:

I decided to have a network point for every device e.g. mvhr, washer, dishwasher, TV, hifi, security camera etc plus a couple in each room and door bells etc. Soon breached 24. 

 

Anyone recommend a patch panel as I can't find a low power consumption switch that supports more than 24 ports. The TP-Link switches 24 and below are sub 4watts so ideal for me.

IMG_20170613_070529.jpg

 

Try Comms Express for the patch panels and pretty much any other networking stuff. We use them at work for most of the non- specialist kit and I have bought all the rack and patch stuff from them for the new build.

https://www.comms-express.com/

Link to comment
Share on other sites

Thanks for all the information everyone.

 

looks like best option for me is two separate Lans

 

Use whatever kit  i get from Gigaclear as route to the internet. This will be in the Cloaks Cupboard. 

Take two links from the Gigaclear kit.

one for home network and one for cctv

below is not exactly what i will do but near enough.

two_private_lans.gif.74355b097956c35ac4e4bb95056f46e2.gif

(Ignore all the addresses and keys as diagram is copied from internet)

 

The Gigaclear kit has wireless and gigabit ports

https://www.gigaclear.com/wp-content/uploads/DRG700-version-2-Quick-Installation-Guide-.pdf

 

This is the standard kit, there is an upgrade. We were offered a business connection and you can choose the equipment to match your needs. 

 

From the Gigaclear kit i will take two links. (in both copper and fibre SPF compliant) 

One pair stays in the cupboard and is fed into a decent wireless router to provide wireless around the house.

From the wireless router i would connect a port to a switch for the wired household Lan 

Switch does not need POE although if i can get one cheap to run phones etc ( if i use Voip) i will. 16 ports should be okay to start.

Wire house with as many cables as i can fed back to cupboard into patch panel. 

 

Second pair to the plant room for cctv

Use an old gigabit router as connection, fed to a 16 port POE+switch.

CCTV dvr will connect to one of the router ports 

CCTV cameras will be fed into switch. It will only have 15 spare ports but can always add a second switch or bigger one if needed.

DVR supports network storage so the router could also be used to link a NAS to the DVR.

 

If i have understood this correctly.

 

i should have two LANS totally isolated from each other.

 

Both with internet access.

 

Both with hardware firewalls provided by the Routers.

 

Catx cables would be halved in each location making an easier install

 

 

 

 

Link to comment
Share on other sites

So unless there is some complex firewall / layering going off on that router, both of your LANs will be bridged and use the same DHCP range etc as the 4 ports on the router are connected. 

 

With most broadband suppliers the first two components in that stack are combined as a modem/router. 

 

Also look at VOIP PoE phones as they are so much easier to reposition and you don't need the horrid base stations with 12v wall warts everywhere ..!

Link to comment
Share on other sites

@PeterW sorry to be thick, but does this mean the Lan's will not be separate.

I do not really understand netwoking. I tend to search for a way of doing something try it and be pleased with myself when it works. 

I did this initially with DDWRT where i set up VLAN detached networks on a buffalo router. this fed two routers for two wifi hotspots one for us and one in the rental cottage.

I followed instructions but did not really understand how i got it working.

  • Like 1
Link to comment
Share on other sites

Correct - DDRWT has been used for a long time in the Linux community to support layering in the likes of the older D-Link routers by flashing the firmware but it wouldn't be useable in this instance. 

 

You would have two physically segregated LAN segments as they would be on different physical infrastructure however at a logical level they would share DHCP, gateway and firewalls at the internet router unless there is something buried in the Genexys setup that allows you to stop traffic spanning across the router. 

 

What is neat is that it has USB port where you can put a USB storage drive - neat addition for a SoHo based unit. 

 

 

Link to comment
Share on other sites

You dont need the two LANs to be completely seperate - you don't even need different subnets - you just need to make sure that the camera traffic doesn't contend with the rest of the house - ie there is no bottleneck that all traffic has to go through.

 

e.g. I'd imagine something like this :

 

network.thumb.jpg.1681108b75a173a8d01761d8d2293099.jpg

 

Here the main camera traffic will go from the cams to the NVR/DVR without ever bothering the rest of the network - however the PoE switch can still be connected to the rest of the network - but that will only be used if accessing the cameras setup page or accessing NVR over network etc - ie occational and lower bandwidth usage.

 

- reddal

Link to comment
Share on other sites

@reddal because the PoE switch will unlikely have a set of routing tables you will have to use the modem as a DHCP server so all traffic has the potential to go via that first switch. 

 

If you had the two switches off the two gig ports on the router then it would work fine. It would still be a shared DHCP and gateway. 

Link to comment
Share on other sites

2 minutes ago, PeterW said:

@reddal because the PoE switch will unlikely have a set of routing tables you will have to use the modem as a DHCP server so all traffic has the potential to go via that first switch.

 

Why would it be a problem to use the modem as a DHCP server? The DHCP server would only be used when each device starts up - it doesn't affect ongoing traffic?

 

The PoE switch won't have routing tables - but it will maintain an internal list of which MAC addresses are accessible via which ports - and push traffic to the correct port accordingly. If that didn't work then the traffic would never get to its target at all.

 

Connecting the 2 switches via the router would work - but I don't see what it adds unless you want to do something extra like setup firewall rules about what traffic can go from one switch to another.

Link to comment
Share on other sites

3 hours ago, PeterW said:

Correct - DDRWT has been used for a long time in the Linux community to support layering in the likes of the older D-Link routers by flashing the firmware but it wouldn't be useable in this instance. 

 

You would have two physically segregated LAN segments as they would be on different physical infrastructure however at a logical level they would share DHCP, gateway and firewalls at the internet router unless there is something buried in the Genexys setup that allows you to stop traffic spanning across the router. 

 

So the issue is the Genexis modem router. If i understand correctly.

 

The point where the traffic tries to access the internet is where the traffic mixes with the other LAN 

 

I had a quick look at the Platinum product from Genexis and it has a lot more management capability 

 

However as @reddal has suggested if his method allows the CCTV traffic to do its own thing up and to the point it access the internet and the Home Lan to do the same, do i really need to worry that if someone on the home lan wants to see the cctv by running client software other than at that point in time there maybe a bottleneck at the Genexis unit as it routes traffic between LANs 

 

 

Link to comment
Share on other sites

It depends on the CCTV viewing requirements.  If it's just viewing a single camera, then that's only around 4mB/s over the connection to that client software; if it's viewing more than one camera then it depends which video stream is selected - usually there is a hi res and lo res stream available from each IP camera, with different URLs, and for multiple cameras being viewed on a single screen there's little merit in using the high res stream, as it will be cropped on the display anyway.  The lo res stream from an IP camera (often 640 x 480) doesn't use a lot of network bandwidth.  As long as the hi res streams can get to the NVR OK, then that's all that really matters, I think.

 

There also seems to be a difference in bandwidth not only depending on the encoding used, but also whether the streams are viewed using UDP or TCP.  I found that UDP was a bit unreliable, so forced TCP, but that slows things down a little bit.  Admittedly, part of my problem is that that I'm playing with WiFi IP cameras, ones that are pretty sluggish at that.  I have one in bits in front of me right now, to try and see how I might improve it.  Interestingly it has an on-board µSD slot, that doesn't have a card in it, so I'm going to do a bit of playing around.

Edited by JSHarris
Link to comment
Share on other sites

29 minutes ago, dogman said:

So the issue is the Genexis modem router. If i understand correctly.

 

The point where the traffic tries to access the internet is where the traffic mixes with the other LAN

 

 

Yes - the router provides access to the internet and can do this for all parts of your LAN. I would just use it as this - ie the router provides ip addresses via DHCP to the whole network and therefore becomes the default gateway for all devices and any traffic with an address outside your local subnet will go to the router and then to the outside world. You can just have a single connection to the router to provide this - connected to your main LAN switch.
 

Quote

 

However as @reddal has suggested if his method allows the CCTV traffic to do its own thing up and to the point it access the internet and the Home Lan to do the same, do i really need to worry that if someone on the home lan wants to see the cctv by running client software other than at that point in time there maybe a bottleneck at the Genexis unit as it routes traffic between LANs


 

 

Accessing the CCTV from the main network should be fine - its only a fraction of the raw camera traffic and only occational. I wouldn't use the Genexis unit to route traffic between LANs - in fact I wouldn't have different LANs at all - just a single LAN with a single subnet - but a direct route from cameras to DVR.

 

Or maybe you want a seperate LAN so you can control security between them? ie prevent anything from the camera side of the LAN from accessing the rest of the house? If not I wouldn't bother doing anything complicated - and keep the router doing the basic task only.

Link to comment
Share on other sites

By the way - I would probably setup the IP cameras with static IP addresses - so your security system isn't at the mercy of the router having a problem or some other DHCP issue. Your DVR might even require static IP addresses. If so set the default gateway to be the address of your router if you want the cameras to be able to access the outside world.

Edited by reddal
Link to comment
Share on other sites

7 hours ago, reddal said:

 

Why would it be a problem to use the modem as a DHCP server? The DHCP server would only be used when each device starts up - it doesn't affect ongoing traffic?

 

The PoE switch won't have routing tables - but it will maintain an internal list of which MAC addresses are accessible via which ports - and push traffic to the correct port accordingly. If that didn't work then the traffic would never get to its target at all.

 

Connecting the 2 switches via the router would work - but I don't see what it adds unless you want to do something extra like setup firewall rules about what traffic can go from one switch to another.

 

I think that was the whole point - my query was probably why go through switch A to get to the PoE Switch B when the router has 4 ports so I probably wasn't clear ..!

 

I can't see any fancy firewalls in that supplied unit spec so unless you're into managed switches etc then there doesn't seem any benefit to creating multiple vLans. 

Link to comment
Share on other sites

20 hours ago, reddal said:

 

network.thumb.jpg.1681108b75a173a8d01761d8d2293099.jpg

 

 

Again thanks for looking at this for me.

 

I'll wire the house to set the system up as above.

 

it addresses my issue of using two locations and keeping the cctv traffic away from the house network

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...