Deploying Video over IP Network Cameras

WHITE PAPER

Introduction
Whether it relates to property or individuals, physical security is becoming a growing concern in
today’s world. And now with the pervasive availability of IP networks and digital imaging technology,
the possibility of using low-cost, highly flexible video monitoring has become a reality for more
and more organizations. This paper discusses the ways in which it is possible to implement this
new method of providing security camera surveillance. Simply put: if a location is equipped with
a computer network the necessary basic infrastructure is already in place to add networked
video. The design considerations discussed in this document will help explain how best to deploy
highly effective networked IP video camera applications across a network.

Integrated Solutions for Networked IP Cameras

Application
Servers

Server
Aggregation 3CR17161-91
SuperStack
4 Switch
5500-EI
28-Port

3CR17161-91
SuperStack
4 Switch
5500-EI
28-Port

Switches
PSTN
Intrusion Network Core
WAN Prevention Switches
Router 6080 Security

Voice over
IP Server

Network
Management

Workgroup
WAN / Internet Aggregation
Switches

Wireless Switch
Controller

WX4400
LAN Controller
Wireless
3CRWX440095A

Wireless
Access Point PoE Edge IntelliJack™ IP Phone
3CR17161-91
SuperStack
4 Switch
5500-EI
28-Port

3CR17161-91
SuperStack
4 Switch
5500-EI
28-Port

Switch Switch
28-Port
5500-EI 28-Port
4 Switch 5500-EI
SuperStack 4 Switch
SuperStack
3CR17161-91
3CR17161-91

28-Port
5500-EI 28-Port
4 Switch 5500-EI
SuperStack 4 Switch
SuperStack
3CR17161-91
3CR17161-91

Wireless Wireless IP Camera PoE IP Camera Client PCs

Notebook Clients Workgroup
Bridge

1
 3COM ® DEPLOYI NG VIDEO OVER IP NETWORK CAMERAS WHITE PAPER
CONTENTS
Introduction....................................................1
Deploying Video over IP Network Cameras .....2
Alternate Approaches to Implementing
Closed Circuit Television .............................2
Example Applications.................................2
Network Video Use in Market Sectors........3
Advantages of Video over IP Solutions .......3
Installation Considerations .........................4
Wireless LANs ............................................6
Wide Area Networks .................................7
Internet and Virtual Private Networks.........7
Summary ........................................................8
2
Deploying Video over IP Network Cameras
Alternate Approaches to
Implementing Closed Circuit Television
Traditional surveillance (CCTV) cameras are
usually connected to a monitor by means of
dedicated coaxial cabling. If a multiplexer is
added, it’s then possible to display images
from several cameras on a single monitor. It
is also relatively easy to add one or two more
monitors within a building. But viewing
images from additional outside locations
becomes progressively more complicated,
because dedicated cable is required to add a
new monitor or camera to any existing
system. What’s more, CCTV users must
always consider how to store the large quan-
tities of magnetic tape that result.
In contrast, network cameras are designed
with built-in video servers and Ethernet
connectivity, enabling their images to be
viewed from any computer connected to a
local area network, over a private intranet,
or even the Internet. A network video
camera can be configured to provide the
entire Internet community with access to its
images via a web site, or conversely to
provide restricted viewing access to a
limited number of authorized people.
Why use networked video over IP tech-
nology? Because it makes it possible to
access up-to-the-second images at any time
from any computer anywhere. The images
can be stored at remote locations for conven-
ience and/or security, and the Internet can
be used as carrier for the information. A
camera can be placed almost anywhere.
There are no limitations tied to physical
inputs or frame grabbers; the product can be
connected to a LAN, xDSL, modem, wireless
adapter, or mobile phone. Network video
images can be received from any location
that calls can be received on a mobile phone.
And network video technology is highly
cost-effective, since it doesn’t even require a
new PC to make the camera usable. Any
existing computer can be used for viewing
video images; there is no need to buy dedi-
cated video monitors. With an existing
network infrastructure capable of video
transmission, no separate coaxial video
cables are required.
Example Applications
Remote monitoring
Network video is useful for thousands of
applications. Simply attach a camera to an
existing IP network and view live video on a
PC with an Internet browser. Use network
cameras in schools to see who is in the hall,
computer room, lab, or cafeteria. Install it at
manufacturing plants to see that production
is running smoothly, and that the machinery
is performing as it should. Or remotely
monitor and record images from multiple
retail outlets to protect staff and assets
Security surveillance
False alarms present a big problem to secu-
rity systems. Network cameras enable alarms
to be checked and confirmed from anywhere
before action is taken. They are as equally
well suited to taking snapshots of people
passing through a door, as they are to being
used in sophisticated biometric systems with
dedicated application software. For example,
a security guard who has been alerted to a
break-in can get a view of the room where
the break in has occurred by checking video
images sent to his wireless PDA. Then he
knows whether or not it is safe to enter.
With network video products there is no
longer any need to worry about changing (or
forgetting to change) tapes in time-lapse
recorders. And because images are stored on
hard disks instead of VHS tapes, any old
unwanted images can be erased automati-
cally. The ability to deliver live high-quality
images and sound also makes network video
ideal for improving school and campus secu-
rity. In combination with a security firewall,
network cameras can be quickly configured
for securely monitoring hallways, class-
rooms, and parking lots.
Broadcasting images over the Internet is a
great way for companies to promote their
services, and to provide customers with up-
to-the minute information. For example,
cameras transmitting video of a ski station
show the weather conditions on the slopes.
People can check these by browsing the
Internet before leaving home. Live video—
whether it shows images and sounds of a
bustling city, a busy university, or the
beauty of a mountain, beach, or forest—can
make a web site attractive, dynamic, inter-
esting and worth a return visit. With HTML
(Hyper-Text Mark-up Language) it’s easy to
create web pages, web sites, or home pages
that display images from network cameras
3COM ® DEPLOYI NG VIDEO OVER IP NETWORK CAMERAS WHITE PAPER

Network Video Use in Market Sectors Advantages of Video over IP Solutions

Education
Educational establishments are increasingly
using network cameras to monitor and
protect staff, students, and property.
Surveillance and remote monitoring of
playground areas, corridors, halls, and class-
rooms are easy to achieve. It’s even possible
to give parents limited, controlled access to
let them monitor their child in the school
environment.
Banking
Bank branch offices are often small and
geographically dispersed. A network video
system offers the major advantage of
enabling security personnel to view from a
central location images from every local
office. The administration of a network
video system is simpler and less labor inten-
sive than CCTV. Images are stored on
computer hard disks— employees do not
have to change and take care of video tapes.
Using a network video system also makes it
possible to quickly provide emergency serv-
ices agencies with photos that can help them
identity and apprehend suspected criminals.
Industrial
Manufacturing lines, industrial and pharma-
ceutical processes, automation, warehouse,
and stock control systems are just a few of
the many industrial applications that
network video can monitor effectively. This
“virtual set of eyes” can greatly improve
efficiency at a production plant.
In comparison to legacy video monitoring
systems, IP-based video cameras can dramat-
ically impact the total cost of ownership
while delivering enhanced features and flex-
ibility. They offer the following advantages:
• Lower infrastructure costs—converged
networks use a single cable infrastructure
and component equipment, typically less
expensive than legacy CCTV systems;
separate support and maintenance
contracts for dedicated coax CCTV
network can also be eliminated
• Scalability—changing camera placement
or adding new cameras can be accomplished
with relative ease.
• Integration with other applications—many
related technologies, such as building
access control systems and biometrics,
can be supported by the same network
infrastructure
• Digital storage—digitally recorded images
are not prone to degradation, are easily
stored on computer hard drives, and take
up less space than traditional and less reli-
able VCR analogue magnetic tape cassettes.
Digital images are easier to index, archive,
search, and retrieve for fast access
• Remote accessibility—camera access can
be made available to any authorized user
at any place within an organization’s IP
network; in the case of a special event, a
wider community can be given access via
the Internet

Retailing
The use of network video for security and
remote monitoring purposes can help keep
store owners better informed, prevent theft,
and improve store management efficiency.
Images from stores from various locations
can be accessed from a chain’s headquarters
at any time over the IP network. Cameras
can also be deployed quickly in stores to
monitor consumer behavior and to improve
the impact of merchandising efforts.

3
3COM ® DEPLOYI NG VIDEO OVER IP NETWORK CAMERAS WHITE PAPER
Installation Considerations
There are several key factors that should be
considered before implementing a video
over IP solution for surveillance cameras:
• power delivery
• IP addressing
• bandwidth
Power Delivery
The majority of networked video cameras
utilize an external power supply to provide
the low voltage (typically between 12 and
24V DC) from the AC main supply. Given
that the majority of cameras will be physi-
cally installed in hard-to-reach places such
as ceiling corners, supplying easily accessed
power can be a significant problem.
There are innovative technologies that can
address this issue. Of particular benefit is
IEEE 802.3af Power over Ethernet (PoE),
which enables a single UTP cable to supply
both DC power and Ethernet connectivity to
the camera. If the networked camera does
not support this type of power delivery,
then small external “splitters” can be used
to channel the PoE-enabled connection to
separate traditional data and DC power
connections.
There are two methods for providing Power
over Ethernet.
1. Use a PoE-enabled switch such as the
3Com Switch 5500 to provide LAN
switching and power over the same
connection.
2. Use a “mid-span” PoE device that sits in-
between an existing data-only switch and
combines the data with the provision of
DC power. For new installations, a PoE
switch provides a lower cost of acquisition
and requires less space in the wiring closet.
If PoE is the chosen power delivery method,
then a single network cable is the only
connection required from the network
camera back to the switch / mid-span PoE
device. If there is a nearby Ethernet cable
already in place, it is possible to use small
in-wall mountable devices such as the 3Com
Intellijack™ switch to increase the density
of ports and provide PoE forwarding. These
switches are powered via the PoE feed. If
PoE is not selected, then a suitable local
source of main AC power will need to be
provided for the networked camera’s power
supply.
When the networked video camera is to be
connected directly to a wireless local area
network (WLAN), but does not have an
4
inbuilt WLAN capability, an external “client
bridge” can be used. WLAN and IP cameras
are ideal for quick installation of a tempo-
rary or ad-hoc video system.
IP Addressing
Network video cameras are IP devices and as
such require defined IP address properties to
participate in the IP network. It is common
practice for client PCs and devices to have
dynamically allocated IP addresses using a
network service such as Dynamic Host
Configuration Protocol (DHCP). A DHCP
server (or software service running on a
device within the network) allocates IP
address properties from a pool of free
addresses when requested by network
devices wishing to join the IP network.
DCHP servers typically supply IP addresses
for a single IP Subnet.
While DHCP is a very useful network
feature that reduces IP administrative over-
heads, it is recommended that cameras use
fixed IP addresses for fast and consistent
address accessibility. This fixed IP address
can be manually configured within the
camera, It must be removed from the pool of
addresses available to any DHCP server to
eliminate the chance of duplicate IP
addresses appearing in the network. Where
the DHCP server supports mapping of the
camera’s Ethernet MAC address to a fixed IP
address, the DHCP server can handle the IP
address assignment.
The majority of networked cameras can be
managed remotely, typically with a web-
based or a command line interface, using a
telnet session or SNMP (Simple Network
Management Protocol). To prevent
unwanted configuration changes within the
device, it is highly recommended that the
default administrator password be replaced.
To further boost security, the web-based
management can be reconfigured with a
nonstandard TCP port (HTTP Default Port is
80), preventing the loading of a web
browser session and even an administrative
management login. For still further safety,
the cameras can be placed on a separate
virtual LAN (VLAN). A “Camera” VLAN can
be completely isolated from the regular users
of the network or made visible only to
defined devices within the main network by
using intra-VLAN routing and Access
Control Lists (ACLs) on a Layer 3 switch or
router (See Figure 1). And when the camera
is connected to a managed PoE switch, it’s
possible to remotely re-set the camera or
turn its power on and off—greatly
enhancing management and control.
 3COM ® DEPLOYI NG VIDEO OVER IP NETWORK CAMERAS WHITE PAPER

Bandwidth When deploying networked video cameras

Though the amount of bandwidth utilized across a network supporting multiple appli-
by a network camera is dynamic, it is closely cations, it is important that the camera
influenced by the image frame size, rate, and traffic can be identified by the network
amount of image motion, as well as by the infrastructure and given priority to ensure
video compression algorithm used (e.g. good performance even under high network
MPEG or Motion JPG). The more detailed loads. This concept of building an intelligent
the image and rapid the refresh rat, the network infrastructure to differentiate
greater the bandwidth requirement. between applications can be achieved in two
steps:
Transmission speeds are measured in bits
per second, 8 bits making up one byte. To 1. Identify each packet from the network
transmit one byte, approximately two extra cameras as it enters the network—
bits are needed for control. This means that configure the cameras to use a TCP port
approximately 10 bits are required to other than the typical default—TCP 80
transmit one byte. Table 1 on the following (HTTP/web). A packet analysis tool can
page illustrates some possible transmission be used to identify which TCP port numbers
rates. are currently in use. (See Figure 2)
2. Mark the packet with a priority tag.
In single-site local area network installa-
Using edge switches that support Layer 4
tions, technologies such as wire-speed
features, insert a Quality of Service (Q0S)
10/100/1000 switched Ethernet can deliver
tag—the IEEE 802.1P standard defines
the raw bandwidth demanded by high-reso-
eight levels of priority. To select an
lution, full-motion video. However, where
appropriate level of priority, take a
other critical applications co-exist on the
holistic view of all key applications using
same network infrastructure, consideration
the network, then allocate them into
should be given to identifying and control-
definitions as shown in Figure 2. It is
ling the differing applications and classes of
suggested that the priority for network
service to ensure application performance is
camera applications be set above that of
not impacted by network loading.
any critical data applications, but below
very time-sensitive application such as
Voice over IP. This type of telephony
requires predictable, rapid network
response, though not particularly much
bandwidth.

FIGURE 1: VLAN Segmentation

Management Station
Access granted to both
Layer 3 Switches camera VLANs and
Provides intra-VLAN routing and access regular user VLAN
controls to segment cameras from all but
authorized users

28-Port 28-Port
5500-EI 5500-EI
4 Switch 4 Switch
SuperStack SuperStack
3CR17161-91 3CR17161-91

Edge Switches
SuperStack
4 Switch
5500-EI
28-Port

SuperStack
4 Switch
5500-EI
28-Port
Inserts the VLAN information into the
3CR17161-91 3CR17161-91

3CR17161-91
SuperStack
4 Switch
5500-EI
28-Port

3CR17161-91
SuperStack
4 Switch
5500-EI
28-Port

network packets. Sets a high priority

for all camera VLAN traffic to ensure
28-Port 28-Port
5500-EI 5500-EI
4 Switch 4 Switch
SuperStack SuperStack
3CR17161-91 3CR17161-91

good response rates under high

network loads

Security Staff PC User PCs Network Cameras

Member of camera Member of Member of camera VLANs
VLANs, only able regular user VLAN,
to monitor unable to access
cameras security cameras

5
 3COM ® DEPLOYI NG VIDEO OVER IP NETWORK CAMERAS WHITE PAPER

TAB LE 1: Transmission Rate Projections MAX FRAME RATE

TIME TO TRANSMIT (BASED UPON A 25 KB
TRANSMISSION TYPICAL AVAILABLE A 25 KB IMAGE IMAGE) IN FRAMES
MEDIUM TYPE BANDWIDTH (IN SECONDS) PER SECOND

Ethernet 5 Mbps 0.05 20

Fast Ethernet 50 Mbps 0.005 200
Gigabit Ethernet 500 Mbps 0.0005 2000
802.11B WLAN 5.5 Mbps 0.05 20
802.11G WLAN 22 Mbps 0.01 100
802.11A WLAN 22 Mbps 0.01 100
E1 WAN 2.048 Mbps 0.15 9
T1 WAN 1.55 Mbps 0.2 6
ADSL 768 Kbps 0.3 3
Cable Modem 750 Kbps 0.3 3
ISDN BRI 128 Kbps 2 0.5
V.92 Analog Modem 45 Kbps 6 10 Frames per minute
GPRS 48 Kbps 6 10 Frames per minute

1 byte/s ~10 bps 1 Kbps ~1,000 bps 1 Mbps ~1,000 Kbps

Bandwidth (Kbps) = File size (KB) x Frame rate (fps) x 10

FIGURE 2: Setting Application Priorities

SNMP Network Management Higher

Voice Time Sensitive
Video High Bandwidth
ERP Critical Data Applications
Email Best Effort
Less than Best Effort File Transfer
Lower
Blocked Applications MP3, Gaming

Once these two steps have been completed, Wireless LANs

the network infrastructure can recognize
and differentiate the video camera traffic
and ensure great application response. 3Com
simplifies the defining of Class of Service
policies with tools such as the Prioritize
Network Traffic Wizard within its network
management platforms. Such tools guide the
network administrator through five steps to
define and mark applications to be priori-
tized. The tool then “rolls out” the quality
of service policy to the Layer 4 aware edge
switches across the network.
Radio-based WLANs are broadcast based
and do not currently have the ability to
enforce QoS. As at the time of writing the
proposed IEEE 802.11e standard for WLAN
QoS is not expected to be ratified before
September 2005, other methods can be used
to isolate the video traffic within a WLAN.
Figure 3 provides some reference data to
help select an alternative.
In cases where there is an existing IEEE
802.11b or 802.11g WLAN deployed for
mobile access to data applications, a separate
802.11a based WLAN can be built to carry
the video camera traffic. While IEEE 802.11a
WLANs are typically more expensive than

6
 3COM ® DEPLOYI NG VIDEO OVER IP NETWORK CAMERAS WHITE PAPER
their 802.11b/g counterparts that operate in
the 2.4 GHz frequency range, they use a 5
GHz frequency range that is normally less
“crowded” with other signals and often
capable delivering better performance (see
Figure 3). When the IEEE 802.11e WLAN
QoS standard is implemented, it will become
viable to deploy video cameras on 802.11g
WLANs for lower implementation costs and
co-existence with existing data applications
and mobile user clients.
Wide Area Networks
For installations that span multiple locations
connected through a WAN, it is suggested
that the WAN routers also be configured to
prioritize the video camera traffic. Many
modern routers have the ability to under-
stand the IEEE 802.1P priority tag from
within the Ethernet frame and map/translate
it to a Layer 3 prioritization scheme such as
IPTos or DiffServ. Such a configureation will
ensure a high WAN priority level for video
streams from remote located cameras—
particularly important since WANs typically
run at high levels of utilization and are
comparatively slower than LANs. Due to the
relatively smaller bandwidth available across
WAN links, multisite implementations may
require a choice between optimized image
quality or bandwidth usage. By enabling
cameras to send only images when motion is
detected in a user-defined area of the video
frame, the amount of network bandwidth
required—as well as the image storage
requirements of the video camera manage-
ment application—can be dramatically
reduced.
FIGURE 3: Wireless Standards Overview
802.11A 802.11B
Standard Ratified 2002 1999
Radio Band 5GHz 2.4GHz
Data Rates Up to 54Mbps Up to 11Mbps
Coverage Area Up to 50 Meters Up to 100 Meters
Pros • Less potential for interference • Most widely deployed system today
• Good support for multimedia apps and • Extensive client device support
densely populated user environments
Cons • Requires hardware upgrade • Slower data rate
• Less coverage area • Interference in 2.4GHz band
• Not compatible with 802.11b/g
Internet and Virtual Private Networks
When cameras are located at remote sites
connected by the Internet, it is common for
the Internet router/gateway/firewall device
to provide a Network Translation Service
(NAT). NAT enables a private IP addressing
scheme in the remote LAN while presenting
a single public IP address to the Internet
(see Figure 4). This service disallows direct
connection to the private IP address of the
remote site camera(s). To address this
limitation, an organization can have its
ISP allocate a Static Public IP address and
configure the NAT service so that different
port numbers of the public IP address are
“mapped” (assigned) to the respective IP
addresses of the cameras. For example,
10.10.10.243:8080 will access the LAN
Private IP address 192.168.1.101.
To restrict direct Internet access to the
cameras, a Virtual Private Network (VPN)
should be established between the broad-
band router/gateway and the main site
Internet router. The VPN forms an encrypted
link between the two locations on the same
network. When using VPNs to connect/remove
sites via the Internet, there is no requirement
to configure NAT mapping of public/private
IP addresses and TCP ports. The one caveat
to VPN use in this situation is that, if
networked cameras utilize IP Multicast to
broadcast video streams, the majority of
VPN protocols do not natively support
multicast applications.
802.11G
2003
2.4GHz
Up to 54Mbps
Up to 100 Meters
• Compatible with 802.11b
• High data rates and broad coverage area
• Interference in 2.4GHz band
7
 3COM ® DEPLOYI NG VIDEO OVER IP NETWORK CAMERAS WHITE PAPER

For customers with switched without layer 4

classification features, an alternate technique
Summary
to segment and control video camera traffic 3Com delivers innovative enterprise class
is to attach cameras to a dedicated VLAN. secure converged networks that protect our
VLANs can be defined on the edge-switch customer’s right to “exercise choice”. 3Com
ports where the cameras are directly solutions and technologies unlock the hold
connected. The video camera management of proprietary systems and lower the cost of
application can either be directly connected ownership. For more information, please
to this “video VLAN” in the case of an visit www.3com.com.
autonomous system, or it can be connected
to the default VLAN. In the latter situation,
a Layer 3 switch or router that handles the
day-to-day application traffic and routing
between the video VLAN can be used. If this
last option is employed, consideration should
be given to prioritizing the video VLAN
within the main network infrastructure.

FIGURE 4: Working with NAT

Public IP Address
10.10.10.243 Broadband Router / Gateway
providing NAT service
WAN / Internet

Switch
Network Clients

Public IP Address Public IP Address Public IP Address Public IP Address Public IP Address Public IP Address
192.168.1.101 192.168.1.100 192.168.1.4 192.168.1.3 192.168.1.2 192.168.1.1

3Com Corporation, Corporate Headquarters, 350 Campus Drive, Marlborough, MA 01752-3064

To learn more about 3Com solutions, visit www.3com.com. 3Com is publicly traded on NASDAQ under the symbol COMS.
Copyright © 2005 3Com Corporation. All rights reserved. 3Com and the 3Com logo are registered trademarks of 3Com Corporation.
All other company and product names may be trademarks of their respective companies. While every effort is made to ensure the
information given is accurate, 3Com does not accept liability for any errors or mistakes which may arise. Specifications and other
information in this document may be subject to change without notice. 503155-001 08/05