Thursday, July 25, 2013

Internet communication

To send data between a device on one local area network to another device on another LAN, a standard way of communicating is required since local area networks may use different types of technologies. This need led to the development of IP addressing and the many IP-based protocols for communicating over the Internet, which is a global system of interconnected computer networks. (LANs may also use IP addressing and IP protocols for communicating within a local area network, although using MAC addresses is sufficient for internal communication.) Before IP addressing is discussed, some of the basic elements of Internet communication such as routers, firewalls and Internet service providers are covered below.

Routers

To forward data packages from one LAN to another LAN via the Internet, a networking equipment called a network router must be used. A router routes information from one network to another based on IP addresses. It forwards only data packages that are to be sent to another network. A router is most commonly used for connecting a local network to the Internet. Traditionally, routers were referred to as gateways.

Firewalls

A firewall is designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks that are connected to the Internet. Messages entering or leaving the Internet pass through the firewall, which examines each message, and blocks those that do not meet the specified security criteria.

Internet connections

In order to connect a LAN to the Internet, a network connection via an Internet service provider (ISP) must be established. When connecting to the Internet, terms such as upstream and downstream are used. Upstream describes the transfer rate with which data can be uploaded from the device to the Internet; for instance, when video is sent from a network camera. Downstream is the transfer speed for downloading files; for instance, when video is received by a monitoring PC.
In most scenarios — for example, a laptop that is connected to the Internet — downloading information from the Internet is the most important speed to consider. In a network video application with a network camera at a remote site, the upstream speed is more relevant since data (video) from the network camera will be uploaded to the Internet.

IP addressing

Any device that wants to communicate with other devices via the Internet must have a unique and appropriate IP address. IP addresses are used to identify the sending and receiving devices. There are currently two IP versions: IP version 4 (IPv4) and IP version 6 (IPv6). The main difference between the two is that the length of an IPv6 address is longer (128 bits compared with 32 bits for an IPv4 address). IPv4 addresses are most commonly used today.

IPv4 addresses

IPv4 addresses are grouped into four blocks, and each block is separated by a dot. Each block represents a number between 0 and 255; for example, 192.168.12.23.
Certain blocks of IPv4 addresses have been reserved exclusively for private use. These private IP addresses are 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255 and 192.168.0.0 to 192.168.255.255. Such addresses can only be used on private networks and are not allowed to be forwarded through a router to the Internet. All devices that want to communicate over the Internet must have its own individual, public IP address. A public IP address is an address allocated by an Internet service provider. An ISP can allocate either a dynamic IP address, which can change during a session, or a static address, which normally comes with a monthly fee.

Ports

A port number defines a particular service or application so that the receiving server (e.g., network camera) will know how to process the incoming data. When a computer sends data tied to a specific application, it usually automatically adds the port number to an IP address without the user’s knowledge.
Port numbers can range from 0 to 65535. Certain applications use port numbers that are pre-assigned to them by the Internet Assigned Numbers Authority (IANA). For example, a web service via HTTP is typically mapped to port 80 on a network camera.

Setting IPv4 addresses

In order for a network camera or video encoder to work in an IP network, an IP address must be assigned to it. Setting an IPv4 address for an Axis network video product can be done mainly in two ways: 1) automatically using DHCP (Dynamic Host Configuration Protocol), and 2) manually by either entering into the network video product’s interface a static IP address, a subnet mask and the IP address of the default router, or using a management software tool such as AXIS Camera Management.
DHCP manages a pool of IP addresses, which it can assign dynamically to a network camera/ video encoder. The DHCP function is often performed by a broadband router, which in turn gets its IP addresses from an Internet service provider. Using a dynamic IP address means that the IP address for a network device may change from day to day. With dynamic IP addresses, it is recommended that users register a domain name (e.g., www.mycamera.com) for the network video product at a dynamic DNS (Domain Name System) server, which can always tie the domain name for the product to any IP address that is currently assigned to it.
Using DHCP to set an IPv4 address works as follows. When a network camera/video encoder comes online, it sends a query requesting configuration from a DHCP server. The DHCP server replies with an IP address and subnet mask. The network video product can then update a dynamic DNS server with its current IP address so that users can access the product using a domain name.
With AXIS Camera Management, the software can automatically find and set IP addresses and show the connection status. The software can also be used to assign static, private IP addresses for Axis network video products. This is recommended when using video management software to access network video products. In a network video system with potentially hundreds of cameras, a software program such as AXIS Camera Management is necessary in order to effectively manage the system.

NAT (Network address translation)

When a network device with a private IP address wants to send information via the Internet, it must do so using a router that supports NAT. Using this technique, the router can translate a private IP address into a public IP address without the sending host’s knowledge.

Port forwarding

To access cameras that are located on a private LAN via the Internet, the public IP address of the router should be used together with the corresponding port number for the network camera/video encoder on the private network.
Since a web service via HTTP is typically mapped to port 80, what happens then when there are several network cameras/video encoders using port 80 for HTTP in a private network? Instead of changing the default HTTP port number for each network video product, a router can be configured to associate a unique HTTP port number to a particular network video product’s IP address and default HTTP port. This is a process called port forwarding.
Port forwarding works as follows. Incoming data packets reach the router via the router’s public (external) IP address and a specific port number. The router is configured to forward any data coming into a predefined port number to a specific device on the private network side of the router. The router then replaces the sender’s address with its own private (internal) IP address. To a receiving client, it looks like the packets originated from the router. The reverse happens with outgoing data packets. The router replaces the private IP address of the source device with the router’s public IP address before the data is sent out over the Internet.
Port forwarding by router
Thanks to port forwarding in the router, network cameras with private IP addresses on a local network can be accessed over the Internet. In this illustration, the router knows to forward data (request) coming into port 8032 to a network camera with a private IP address of 192.168.10.13 port 80. The network camera can then begin to send video.

Port forwarding is traditionally done by first configuring the router. Different routers have different ways of doing port forwarding and there are web sites such as www.portfoward.com that offer step-by-step instruction for different routers. Usually port forwarding involves bringing up the router’s interface using an Internet browser, and entering the public (external) IP address of the router and a unique port number that is then mapped to the internal IP address of the specific network video product and its port number for the application.
To make the task of port forwarding easier, Axis offers the NAT traversal feature in many of its network video products. NAT traversal will automatically attempt to configure port mapping in a NAT router on the network using UPnP™. In the network video product interface, users can manually enter the IP address of the NAT router. If a router is not manually specified, then the network video product will automatically search for NAT routers on the network and select the default router. In addition, the service will automatically select an HTTP port if none is manually entered.


IPv6 addresses

An IPv6 address is written in hexadecimal notation with colons subdividing the address into eight blocks of 16 bits each; for example, 2001:0da8:65b4:05d3:1315:7c1f:0461:7847.
The major advantages of IPv6, apart from the availability of a huge number of IP addresses, include enabling a device to automatically configure its IP address using its MAC address. For communication over the Internet, the host requests and receives from the router the necessary prefix of the public address block and additional information. The prefix and host’s suffix is then used, so DHCP for IP address allocation and manual setting of IP addresses are no longer required with IPv6. Port forwarding is also no longer needed. Other benefits of IPv6 include renumbering to simplify switching entire corporate networks between providers, faster routing, point-to-point encryption according to IPSec, and connectivity using the same address in changing networks (Mobile IPv6).
An IPv6 address is enclosed in square brackets in a URL and a specific port can be addressed in the following way: http://[2001:0da8:65b4:05d3:1315:7c1f:0461:7847]:8081/
Setting an IPv6 address for an Axis network video product is as simple as checking a box to enable IPv6 in the product. The product will then receive an IPv6 address according to the configuration in the network router.

Data transport protocols for network video

The Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) are the IP-based protocols used for sending data. These transport protocols act as carriers for many other protocols. For example, HTTP (Hyper Text Transfer Protocol), which is used to browse web pages on servers around the world using the Internet, is carried by TCP.
TCP provides a reliable, connection-based transmission channel. It handles the process of breaking large chunks of data into smaller packets and ensures that data sent from one end is received on the other. TCP’s reliability through retransmission may introduce significant delays. In general, TCP is used when reliable communication is preferred over transport latency.
UDP is a connectionless protocol and does not guarantee the delivery of data sent, thus leaving the whole control mechanism and error-checking to the application itself. UDP provides no transmissions of lost data and, therefore, does not introduce further delays.
Protocol Transport protocol Port Common usage Network video usage
FTP (File Transfer Protocol) TCP 21 Transfer of files over the Internet/intranets Transfer of images or video from a network camera/video encoder to an FTP server or to an application
SMTP (Send Mail Transfer Protocol) TCP 25 Protocol for sending e-mail messages A network camera/video encoder can send images or alarm notifications using its built-in e-mail client.
HTTP (Hyper Text Transfer Protocol) TCP 80 Used to browse the web, i.e. to retrieve web pages from web servers The most common way to transfer video from a network camera/video encoder where the network video device essentially works as a web server making the video available for the requesting user or application server.
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) TCP 443 Used to access web pages securely using encryption technology Secure transmission of video from network cameras/video encoders.
RTP (Real Time Protocol) UDP/TCP Not defined RTP standardized packet format for delivering audio and video over the Internet— often used in streaming media systems or video conferencing A common way of transmitting H.264/MPEG-based network video, and for synchronizing video and audio since RTP provides sequential numbering and timestamping of data packets, which enable the data packets to be reassembled in the correct sequence. Transmission can be either unicast or multicast.
RTSP (Real Time Streaming Protocol) TCP 554 Used to set up and control multimedia sessions over RTP
Common TCP/IP protocols and ports used for network video.