Selecting a Switch for Security
Networked solutions are increasingly becoming the first choice of end users because of the flexibility and advanced functionality on offer. Whilst installers and integrators working in this market are competent in specifying edge devices such as cameras and codecs, and core software and hardware elements such as VMS and NVRs, is enough consideration given to the deployed switches? Benchmark looks at how to ensure optimum performance from your infrastructure.
The benefits of networked video surveillance – and, for that matter, any advanced security system – are manifold, and have been well documented. Whilst technology is moving rapidly, the security market is doing a good job of developing products and systems for the future. End user requirements currently change quickly and are influenced by other technologies outside of the security sector.
For those seeking surveillance-based solutions, there is something of a constantly evolving landscape. Resolutions are increasing, and in many industries HD video is already giving way to 4K alternatives. Both of these standards demand real-time video, so frame rates must be maintained. The ease with which video analytics and business intelligence can be integrated adds to the capabilities of the solutions. However, it also adds load to the network, and this requires the creation of a robust and resilient infrastructure. One pivotal element of this is the switch.
Many in the security sector tend to rely on an element of ‘blind faith’ when it comes to selecting switches. They may have a ‘go-to’ choice which stems from a previous project where an IT manager or specifier insisted on a specific model, they might rely upon a model offered by a distributor or they might have just got lucky with a random choice.
It would be fair to say that while such an approach might seem to risky, the issue of switches has always been a thorny one. In the past, most switch manufacturers didn’t see the surveillance sector as a lucrative market, so didn’t engage with those active in surveillance. Manufacturers of VMS, NVRs, cameras and codecs were also wary of offering any guidance on switch selection for fear that they might then be burdened with support for the recommended options. Both views were somewhat blinkered, and are thankfully changing. However, the attitude has created a potential problem for many involved in designing and implementing networked systems.
Selection of an inappropriate switch can create a variety of problems for a networked surveillance solution. These can vary from dropped connections, frozen streams and poor performance though to missed recordings, undiscoverable devices and even system failure. Problems caused by inappropriate switches may also be sporadic in nature, which can be a real headache when troubleshooting.
Installers and integrators must ensure that selected switches are capable of delivering the functionality and reliability demanded from a surveillance solution. However, it should also be remembered that not all surveillance systems will be the same, so standardisation on one switch could in itself be an issue.
Before even considering the specification of a switch, it is important to understand the base requirements of the surveillance system. How many cameras will be deployed? It is also vital to understand how the cameras will be used. Is the system continuously monitoring or is it event-triggered? Will certain cameras be inactive during specified periods or will all be streaming constantly? You should also allow for inevitable system expansions and upgrades.
The bit-rate allocation must be calculated to ensure the correct resolution and frame rate is delivered, and allownaces should be made if this will change on alarm or during events. Each device should be benchmarked to ascertain if the required quality can be ensured at the specified bit-rate. If variable bit rate is deployed, the impact of environmental conditions or high activity on video streams must be considered.
There are also system-based considerations which can impact on switch selection. Does the user intend to multicast the video? Will PoE be required, and if so, how will it be deployed? What type of edge devices are being deployed?
The stages of designing an IP-based solution start with surveillance requirements, and from this device requirements for the video system are established. Then, by using both the surveillance requirements and device requirements, transmission details can be established. These will include transmission type and required bandwidth. Only once this is done can switch selection be considered.
One of the first questions many ask is whether they require a Layer 2 or a Layer 3 switch. It is not uncommon for Layer 3 switches to be specified because of an assumption that they must be superior to Layer 2 devices! In fact, the reference is to the OSI seven layers of networking, in which Layer 2 is the distribution layer and Layer 3 is the networking layer. This in itself describes the fundamental difference between the two.
A Layer 2 switch works in a single subnet and learns the MAC addresses of devices connected to it. For example, when an NVR or VMS requests video from a specified camera, the switch knows where that camera is on the network by its MAC address. Because all the devices reside on the same network segment, the switch simply distributes the data packets.
A Layer 3 switch can route data packets between different subnets, as it uses the IP address. Some will ask why you would want a security system on different subnets, and in many applications you wouldn’t. However, while both types of switch allow the creation of VLANs, a Level 2 switch will not allow connection between two VLANs but a Layer 3 switch will.
A VLAN (Virtual Local Area Network) is a way of dividing and segmenting network traffic within a switch. Some switches are available with a simple VLAN implementation feature, allowing the network to partition different types of traffic. This ensures that bandwidth is maintained and manages potential problems with video streams consuming all available network throughput.
A VLAN enables the surveillance network to remain independent of other networks without affecting their performance, even though data is passing through the same switches.
Another choice is whether to deploy unmanaged or managed switches. Unmanaged devices are typically ‘plug-and-play’ and treat all data equally. As such, all data streams are ‘fighting’ for bandwidth, and if an alarm event occurs the required stream could be impacted by other data traffic. A managed switch can allow Quality of Service (QoS) protocols to be respected. Some unmanaged switches claim to honour priority tags, but it is best to ensure the switch supports QoS.
QoS allows management of data traffic across a network. If the selected switch has QoS capability, it allows the installer or integrator to set configurations for specific ports. This ensures that data streams from critical cameras are prioritised as more important that those from other devices. For example, a QoS-enabled switch can ensure that cameras covering cash-handling areas and entry/exit points get priority over cameras covering internal staff-only areas of a lower risk.
When specifying a switch it is important to consider what transmission type you intend to use. Will the system utilise Unicast or Multicast transmission? Unicast traffic creates a one-to-one transmission. If multiple clients require the video, then the data stream is sent multiple times which can impact on bandwidth usage.
Multicast traffic effectively ‘publishes’ a video stream, creating a one-to-many transmission. Switches that are used for multicasting must support IGMP (Internet Group Management Protocol) which manages groups of clients to receive the video.
IGMP support includes an IGMP Querier that determines which clients belong to which groups, and an IGMP Snooper which monitors the many ports on the hardware to determine which require the data. This allows the switch to only send data to those ports. This reduces network load. In IPv6 networks IGMP will be replaced by Multicast Listener Discovery (MLD).
By this point certain parameters will have been established about the system and its appropriate switch. It will be known whether a Layer 2 or 3 switch is most suitable, and whether VLAN and QoS support is required. The transmission type should also be specified. The final considerations address the capacity of the switch.
Determination of the switch capacity includes a number of elements: number of ports, speed of ports, uplink requirements, throughput and backplane capacity. If any of these are ignored the switch performance may not be suitable for the system.
The number of ports is fairly self-explanatory. Each connection (camera, codec, etc.) requires an individual port. Ports will also be required for uplinks to a server, NVR or NAS device.
The transmission speed of the ports needs to be carefully considered. The main choice is between Fast Ethernet (10/100Mbps) and Gigabit Ethernet (GigE or 1000Mbps). This choice will depend upon the NICs (network interface cards) that are embedded in the cameras, codecs and other devices on a solution. However, the need to ‘uplink’ to a server or NAS must also be considered.
When specifying a switch, you must consider both the speed of the data traffic generated from the video streams coming into the switch, and the speed of the data coming out of it to the server or NAS device. This latter element is known as the uplink. To reduce the chances of data bottlenecks within the switch, these uplink ports should support 10X the speed of the incoming video traffic. In simple terms, if a switch is deployed with 100Mbps links from the cameras, a 1000Mbps uplink would be required for transmissions to the server.
Fast Ethernet switches are available with Gigabit Ethernet ports for uplinks. If these are not sufficient then a Gigabit Ethernet switch will be required.
It is vital that the backplane capacity of a switch is considered alongside throughput. Network ports will only achieve speeds relative to how fast the switch itself can process the data. With low cost switches, it is not unusual to find devices which simply do not have the backplane speed to support all ports at full load.
Because video in a surveillance solution is constantly streaming, the backplane of the switch should always be specified for non-blocking switch fabric. In other words, the switch needs to have a backplane that allows all the ports to simultaneously operate at full load. Because of full communication between switch blades, the common approach is that the switch backplane should be equivalent to the number of ports multiplied by the port full speed, multiplied by two.
Therefore, a four-port switch with port capacities of 1Gbps would require a backplane of 8Gbps to be non-blocking.
Ethernet has certain transmission constraints, in that cable runs between switches are typically limited to 100 metres. This, coupled with the nature of surveillance systems, means that often a switch may be located in a hostile or harsh environment. If this is the case, always ensure that the switch is hardened and can cope with extreme environmental conditions.
One part of switch selection that has so far been notable by its absence in this article is PoE. Power over Ethernet is a significant benefit for installers and integrators, and is one of the genuine cost-savings that can be realised by moving to a networked platform.
There are two schools of thought with regard to PoE. Some state that PoE-enabled switches are the best approach, while others insist that PoE Midspans are better suited to security applications. Often the advice will hinge upon which type of PoE-enabled device they are trying to sell you!
The differences between PoE-enabled switches and Midspans will be addressed in a separate article. However, if selecting a PoE switch you must consider its PoE budget.
Most IP cameras accept PoE. There are two variants in common usage for surveillance devices.
PoE (802.3af) provides up to 15.4W per port, with up to 12.9W being assured as available to the device. PoE+ (802.3at) provides up to 30W, with up to 25W being assured as available to the device. While many cameras use PoE, higher end cameras, PTZ units, devices with heaters or other peripheral additions, etc., generally require PoE+. To determine the specification of a PoE-enabled switch, you will need to know the wattage required by each camera. This information will be specified by the manufacturer.
The total wattage requirement can then be calculated across all devices connected to the switch. Its PoE budget must exceed the total power requirement. Even if the overall budget is covered, you also need to check that the ports can provide the individual connected devices with the power they need.
PoE issues can be difficult to trouble-shoot, as the power might be drawn at random, thus making fault replication a hit-and-miss affair.
The selection of a switch is dependent upon accurately establishing the needs of each individual solution. The process requires planning and an assessment of the full specifications. It is not as simple as looking at the number of ports and data speeds!
Selecting the wrong switch can only lead to a bad end-user experience, no matter what surveillance solution is installed.