To send data between a device on one local area network
to another device on another LAN, a standard way of communicating is required
since local area networks may use different types of technologies. This need
led to the development of IP addressing and the many IP-based protocols for
communicating over the Internet, which is a global system of interconnected
computer networks. (LANs may also use IP addressing and IP protocols for
communicating within a local area network, although using MAC addresses is sufficient
for internal communication.) Before IP addressing is discussed, some of the
basic elements of Internet communication such as routers, firewalls and
Internet service providers are covered below.
Routers
To forward data packages from one LAN to another LAN via
the Internet, a networking equipment called a network router must be used. A
router routes information from one network to another based on IP addresses. It
forwards only data packages that are to be sent to another network. A router is
most commonly used for connecting a local network to the Internet.
Traditionally, routers were referred to as gateways.
Firewalls
A firewall is designed to prevent unauthorized access to
or from a private network. Firewalls can be implemented in both hardware and
software, or a combination of both. Firewalls are frequently used to prevent
unauthorized Internet users from accessing private networks that are connected
to the Internet. Messages entering or leaving the Internet pass through the
firewall, which examines each message, and blocks those that do not meet the
specified security criteria.
Internet connections
In order to connect a LAN to the Internet, a network
connection via an Internet service provider (ISP) must be established. When
connecting to the Internet, terms such as upstream and downstream are used.
Upstream describes the transfer rate with which data can be uploaded from the
device to the Internet; for instance, when video is sent from a network camera.
Downstream is the transfer speed for downloading files; for instance, when
video is received by a monitoring PC.
In most scenarios — for example, a laptop that is
connected to the Internet — downloading information from the Internet is the
most important speed to consider. In a network video application with a network
camera at a remote site, the upstream speed is more relevant since data (video)
from the network camera will be uploaded to the Internet.
IP addressing
Any device that wants to communicate with other devices
via the Internet must have a unique and appropriate IP address. IP addresses
are used to identify the sending and receiving devices. There are currently two
IP versions: IP version 4 (IPv4) and IP version 6 (IPv6). The main difference
between the two is that the length of an IPv6 address is longer (128 bits
compared with 32 bits for an IPv4 address). IPv4 addresses are most commonly
used today.
IPv4 addresses
IPv4 addresses are grouped into four blocks, and each
block is separated by a dot. Each block represents a number between 0 and 255;
for example, 192.168.12.23.
Certain blocks of IPv4 addresses have been reserved
exclusively for private use. These private IP addresses are 10.0.0.0 to
10.255.255.255, 172.16.0.0 to 172.31.255.255 and 192.168.0.0 to
192.168.255.255. Such addresses can only be used on private networks and are
not allowed to be forwarded through a router to the Internet. All devices that
want to communicate over the Internet must have its own individual, public IP
address. A public IP address is an address allocated by an Internet service
provider. An ISP can allocate either a dynamic IP address, which can change
during a session, or a static address, which normally comes with a monthly fee.
Ports
A port number defines a particular service or application
so that the receiving server (e.g., network camera) will know how to process
the incoming data. When a computer sends data tied to a specific application,
it usually automatically adds the port number to an IP address without the
user’s knowledge.
Port numbers can range from 0 to 65535. Certain
applications use port numbers that are pre-assigned to them by the Internet
Assigned Numbers Authority (IANA). For example, a web service via HTTP is
typically mapped to port 80 on a network camera.
Setting IPv4 addresses
In order for a network camera or video encoder to work in
an IP network, an IP address must be assigned to it. Setting an IPv4 address
for an Axis network video product can be done mainly in two ways: 1)
automatically using DHCP (Dynamic Host Configuration Protocol), and 2) manually
by either entering into the network video product’s interface a static IP
address, a subnet mask and the IP address of the default router, or using a
management software tool such as AXIS Camera Management.
DHCP manages a pool of IP addresses, which it can assign
dynamically to a network camera/ video encoder. The DHCP function is often
performed by a broadband router, which in turn gets its IP addresses from an
Internet service provider. Using a dynamic IP address means that the IP address
for a network device may change from day to day. With dynamic IP addresses, it
is recommended that users register a domain name (e.g., www.mycamera.com) for
the network video product at a dynamic DNS (Domain Name System) server, which
can always tie the domain name for the product to any IP address that is
currently assigned to it.
Using DHCP to set an IPv4 address works as follows. When
a network camera/video encoder comes online, it sends a query requesting
configuration from a DHCP server. The DHCP server replies with an IP address
and subnet mask. The network video product can then update a dynamic DNS server
with its current IP address so that users can access the product using a domain
name.
With AXIS Camera Management, the software can
automatically find and set IP addresses and show the connection status. The
software can also be used to assign static, private IP addresses for Axis
network video products. This is recommended when using video management
software to access network video products. In a network video system with
potentially hundreds of cameras, a software program such as AXIS Camera
Management is necessary in order to effectively manage the system.
NAT (Network address translation)
When a network device with a private IP address wants to
send information via the Internet, it must do so using a router that supports
NAT. Using this technique, the router can translate a private IP address into a
public IP address without the sending host’s knowledge.
Port forwarding
To access cameras that are located on a private LAN via
the Internet, the public IP address of the router should be used together with
the corresponding port number for the network camera/video encoder on the
private network.
Since a web service via HTTP is typically mapped to port
80, what happens then when there are several network cameras/video encoders
using port 80 for HTTP in a private network? Instead of changing the default
HTTP port number for each network video product, a router can be configured to
associate a unique HTTP port number to a particular network video product’s IP
address and default HTTP port. This is a process called port forwarding.
Port forwarding works as follows. Incoming data packets
reach the router via the router’s public (external) IP address and a specific
port number. The router is configured to forward any data coming into a
predefined port number to a specific device on the private network side of the
router. The router then replaces the sender’s address with its own private
(internal) IP address. To a receiving client, it looks like the packets
originated from the router. The reverse happens with outgoing data packets. The
router replaces the private IP address of the source device with the router’s
public IP address before the data is sent out over the Internet.
Internet pic
Thanks to port forwarding in the router, network cameras
with private IP addresses on a local network can be accessed over the Internet.
In this illustration, the router knows to forward data (request) coming into
port 8032 to a network camera with a private IP address of 192.168.10.13 port
80. The network camera can then begin to send video.
Port forwarding is traditionally done by first
configuring the router. Different routers have different ways of doing port
forwarding and there are web sites such as www.portfoward.com that offer
step-by-step instruction for different routers. Usually port forwarding
involves bringing up the router’s interface using an Internet browser, and
entering the public (external) IP address of the router and a unique port
number that is then mapped to the internal IP address of the specific network
video product and its port number for the application.
To make the task of port forwarding easier, Axis offers
the NAT traversal feature in many of its network video products. NAT traversal
will automatically attempt to configure port mapping in a NAT router on the
network using UPnP™. In the network video product interface, users can manually
enter the IP address of the NAT router. If a router is not manually specified,
then the network video product will automatically search for NAT routers on the
network and select the default router. In addition, the service will
automatically select an HTTP port if none is manually entered.
IPv6 addresses
An IPv6 address is written in hexadecimal notation with
colons subdividing the address into eight blocks of 16 bits each; for example,
2001:0da8:65b4:05d3:1315:7c1f:0461:7847.
The major advantages of IPv6, apart from the availability
of a huge number of IP addresses, include enabling a device to automatically
configure its IP address using its MAC address. For communication over the
Internet, the host requests and receives from the router the necessary prefix
of the public address block and additional information. The prefix and host’s
suffix is then used, so DHCP for IP address allocation and manual setting of IP
addresses are no longer required with IPv6. Port forwarding is also no longer
needed. Other benefits of IPv6 include renumbering to simplify switching entire
corporate networks between providers, faster routing, point-to-point encryption
according to IPSec, and connectivity using the same address in changing
networks (Mobile IPv6).
An IPv6 address is enclosed in square brackets in a URL
and a specific port can be addressed in the following way:
http://[2001:0da8:65b4:05d3:1315:7c1f:0461:7847]:8081/
Setting an IPv6 address for an Axis network video product
is as simple as checking a box to enable IPv6 in the product. The product will
then receive an IPv6 address according to the configuration in the network
router.
Data transport protocols for network video
The Transmission Control Protocol (TCP) and the User
Datagram Protocol (UDP) are the IP-based protocols used for sending data. These
transport protocols act as carriers for many other protocols. For example, HTTP
(Hyper Text Transfer Protocol), which is used to browse web pages on servers
around the world using the Internet, is carried by TCP.
TCP provides a reliable, connection-based transmission
channel. It handles the process of breaking large chunks of data into smaller
packets and ensures that data sent from one end is received on the other. TCP’s
reliability through retransmission may introduce significant delays. In
general, TCP is used when reliable communication is preferred over transport
latency.
UDP is a connectionless protocol and does not guarantee
the delivery of data sent, thus leaving the whole control mechanism and
error-checking to the application itself. UDP provides no transmissions of lost
data and, therefore, does not introduce further delays.