Subscriber Discussion

Network Configuration On Server With 125 Cameras

UI
Undisclosed Integrator #1
Oct 06, 2017

If running a single server with upwards of say 125 cameras I have a question concerning the network setup.  We typically use 2 NIC ports.  One is for the local corporate network.  The other connects to our cameras.  If we have more than 1 switch we typically just up link them and then plug one directly into the cam NIC on the server.  Is there any benefit to going with a Quad NIC on the server and connecting each 48 port switch to its' own NIC?  Just curious because if I uplink 3-48 port switches then the last switch in line is seeing the traffic from all cameras which could create a bottleneck?  Also if one of those switches goes down the downstream switch and cameras will all go offline.  If each switch has its' own NIC then this wouldn't happen.  What is common practice/recommended?

Avatar
Dave Arnould
Oct 06, 2017

Not sure on how your network is laid out but you would need well over 3 48 port switches for just the cameras alone not to mention your POE requirements. If possible I would split your camera network and corporate network into Vlans. This way you can have cameras on the same switch as the business but the corporate network unable to see the camera network. This would help with placement and redundancy of losing a switch and taking down a large portion of the camera network. If you are going to keep the cameras on their own network I would be creating redundant ports and not daisy chain the switches. 

(1)
(1)
U
Undisclosed #2
Oct 09, 2017

I do not recommend daisy chaining switches. Avoid this whenever possible, especially in security.

I would bring all three "access layer" switches into a single "distribution layer" switch if possible, and then have the server connected to the distribution layer switch with at least two NICs configured for fault tolerance.

If you are unable to introduce that distribution layer switch and just need all three switches connected to the server, that's fine too. The thing that worries me about this is that if you have all your cameras in the same subnet, you now have a confused OS which doesn't really know which NIC it should send a packet out. Normally it decides which NIC to use based on matching the network range of the destination with the configured IP/subnet combinations on the NICs. If all three are identical, you might have intermittent connection issues.

One way to resolve this could be to use a single "supernet" of 192.168.1.0/24. so your cameras all have an IP of 192.168.1.x with a subnet mask of 255.255.255.0. But then setup your NICs with a ranges like...

 

192.168.1.0/26 (192.168.1.1 to 192.168.1.62 usable)

192.168.1.64/26 (192.168.1.65 to 192.168.1.126 usable)

192.168.1.128/26 (192.168.1.129 to 192.168.1.190 usable)

 

Then you assign all cameras on switch #1 with IP's in the 192.168.1.0/26 scope, switch #2 in the .64/26 scope and #3 in the .128/26 scope.

Now, technically, your cameras are all in the same IP range, and if you need to route them anywhere now or in the future, you only have one network range to deal with. But your OS where your VMS is installed will know exactly which NIC to use to get to any camera based on the camera's IP address.

This may sound a bit complicated but in my experience, you are bound to see intermittent issues if you put all cameras in the same network, and then have a single server connected to all three networks with the same subnet on each NIC. And you are also bound to see issues if you daisy chain your switches.

(6)
UI
Undisclosed Integrator #1
Oct 10, 2017

So if I get the above I would do my addressing like the below or am I missing something?  I have a feeling that I am.   What would I put in for the subnet mask? 

Port 1: 192.168.1.0 (cameras 192.168.1.1-.47)

Port 2:  192.168.1.64 (cameras 192.168.1.65-.112)

Port 3:  192.168.1.128 (cameras 192.168.1.129 and up)

U
Undisclosed #2
Oct 10, 2017

Yes, so the IP assignments would be...

Port 1: IP: 192.168.1.1, subnet mask: 255.255.255.192, connects to switch 1 where cameras are IP'd anywhere between 192.168.1.2 and 192.168.1.62

Port 2: IP: 192.168.1.65, subnet mask: 255.255.255.192, connects to switch 2 where cameras are IP'd anywhere between 192.168.1.66 and 192.168.1.126

Port 3: IP: 192.168.1.129, subnet mask: 255.255.255.192, connects to switch 3 where cameras are IP'd anywhere between 192.168.1.130 and 192.168.1.190

Cameras will have an IP falling into one of the ranges above depending on the switch, but their subnet mask can be 255.255.255.0.

I don't love this configuration because it's brittle. If you (or someone who doesn't know better) moves a camera to another switch during maintenance, or someone installs a new camera and gives it an IP which doesn't match the scope for that switch, you can introduce difficult to diagnose problems.

You could potentially make your life easier by using switches with a built-in DHCP server. Then you can create DHCP scopes on each switch for the range of IP addresses you want to use there, and your cameras can just use DHCP. I'd recommend using DHCP reservations to ensure that the IP addresses don't change after an extended power outage, but otherwise this would make it much less likely that someone could break something just by giving the wrong IP to a camera or plugging a camera into the wrong switch.

(1)
(1)
UI
Undisclosed Integrator #1
Oct 10, 2017

The switches will be full except for the last one and if they go into that then we will know what range is required for that switch so it should work.  Thanks for the assistance.  Would a Windows server OS handle this any differently when using a quad NIC vs. Windows 10?  

U
Undisclosed #2
Oct 10, 2017

Would a Windows server OS handle this any differently when using a quad NIC vs. Windows 10?

Not to my knowledge. A Server OS might have more NIC teaming/failover functionality but if you're just using them as plain ol' NICs I don't think there would be any difference.

U
Undisclosed #3
Oct 12, 2017
IPVMU Certified

The thing that worries me about this is that if you have all your cameras in the same subnet, you now have a confused OS which doesn't really know which NIC it should send a packet out.

Yes, but using NIC cards with the right capabilities should automatically enable SMB Multichannel on Win8 and up, no?

 

U
Undisclosed #2
Oct 12, 2017

I'm not too familiar with it, but it looks very protocol specific so it only benefits SMB file share traffic. Am I wrong?

MM
Michael Miller
Oct 09, 2017

I would setup a 10GB connection to your camera network and 1GB connection to your corp network.   Not sure how your IDFs are laid out but I would use a 10GB core switch and then use that to feed all your access switches. 

(2)
Avatar
Jon Dillabaugh
Oct 12, 2017
Pro Focus LLC

Without know much more about the physical layout of your devices, I would highly recommend Michael Miller's advice above.

You should uplink each switch via 10GbE to a core switch. Connect your server(s) to the core switch via 10GbE. Connect the server(s) to the corp LAN via GbE.

Ubiquiti has all of these products, so pricing is very low compared to other vendors.

Core Switch - EdgeSwitch 16 XG

PoE Switches - EdgeSwitch 48 500W or 750W depending on budget needed

Add in a 10GbE card into the server and voila

(1)
(1)
U
Undisclosed #2
Oct 12, 2017

This would be my preference as well.

(1)
MM
Michael Miller
Oct 12, 2017

I would do the same but use UNIFI switches to make the system very easy manage.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions