The ABC of IP (Part 2)

IP technology is set to change the way that the security industry performs its business, offering benefit to both the installer and end user. For users of the system, IP will have an interface that is familiar to them. For the installer, this change to IP may not seem so comfortable due to the differences between IP and the video-based systems that have been used for so many years.

The strength of IP technology is its ability to allow large numbers of devices to communicate with one another on an ever increasing scale. Expansion of these systems is possible with the minimum of effort. However, there are a number of design issues installers must consider as the network grows. To manage an IP network it is possible to divide it into smaller self contained networks. Each device on a network is uniquely identified by a series of numbers, known as an IP address.

As with a postal address on an envelope, an IP address contains more than just a single address. A postal address has a house number, street name and a city. Without this information it would be impossible to guarantee delivery of the letter to the correct house. Similarly, an IP address must contain some information to distinguish its device from other devices on a larger network.

To manage a large network it is best to separate it into an organised series of smaller networks. And to further manage these smaller networks, break them down again to an even smaller group of networks. This is how the Internet gets its name, Inter-Networking – a collection of smaller networks joined together.

An IP address can be arranged into three addresses, a Network ID, a subnet ID and finally a host, or device ID. Compared to a postal address, the Network ID would be the name of the city, the subnet address equivalent to a street name and the house number is the device’s unique ID.

Unlike a postal address, an IP address is arranged into a group of numbers. This group of numbers is large enough to allow a network of over 4 billion devices. With such a large number of addresses available there needs to be a method to distribute these fairly. To cater for individual network requirements three main types of Network ID are used, known as Class A, B and C. Each of these classes represent a network ID suitable for networks of varying size, much in the same way that cities and towns vary in size.

Class A network IDs consider those networks that have a very high number of devices connected. A city such as London or Manchester would be the equivalent of a class A network. Even though Class A addressing allows for a large number of devices to be associated with that network address, only a small number of these network IDs exist. Therefore, they are reserved for very large organisations. Class B and C form a compromise between the number of network and Device IDs available.

An IP address is formed out of four values, each within 0 and 255, written in the form xxx.xxx.xxx.xxx. The left hand section of the IP address is the network ID and the device ID on the right. For example, the Class A IP address 10.120.50.14 has a network ID of 10, and a device ID of 120.50.14. Using this network ID allows for more than 16 million possible devices to communicate on a single network.

This would be like sending a letter to a city with only house numbers and no street name and, understandably, this would be very difficult to design and manage. To overcome this issue, we use part of the address to give the equivalent of street names, by adding a subnet mask.

IP addresses and subnet masks for a site will normally be assigned by the manager of the local network, and therefore, it is not the concern of the installer that the settings used are correct, although it is useful to understand the effects subnets can have on a network. On a single site subnets can be used to separate traffic between users or applications. This separation might be considered to enhance performance, manageability and security.

Security cameras can be installed on their own subnet to restrict access of the cameras from normal users of the network. Since the networks are separated, camera operation will not impair the performance of office users on the network.

Subnet masks form a trade off between the amount of devices that can be attached to a network and manageability. Fig 1 shows how separating an IP address range into smaller subnets will reduce the number of devices connected to a particular network whilst increasing the number of networks available. For a small office example a subnet mask of 255.255.255.192 creates four networks of 62 devices. Each of these networks can then be used for their individual requirements. One network can be used for employees computers, another for IP telephones, a further network for the company's servers and finally a network used for their security system. The diagrams in Fig 2 show how an address range is affected by subnet masks. Two subnet masks are used below, the size of the subnet and their relevant address range are affected by the choice of mask. Once configured, communication is restricted to within the subnet. For example, with the subnet mask set as 255.255.255.128 a device with address 192.168.0.10 can communicate with a device with address 192.168.0.120 but not 192.168.0.140. However if the subnet mask is changed to 255.255.255.192 communication would not be possible with either device without additional equipment as they are outside of the normal network range. The address range for each subnet is shown on the right.

This application of subnets comes at a cost to the network administrator, devices on one subnet cannot communicate with a device on a different subnet. This is how we gain additional security of the network, potentially removing access of IP cameras and network video recorders to all employees of a company.

To communicate between these networks a router is required. The purpose of the router is to determine where the data needs to be sent, unlike a switch or hub; a router determines the route using the IP addresses provided by the device. Where the network exists over a larger area and the sites are separated, subnets can be used to identify each site. In a retail environment each store has a need to communicate with the head office, but not necessarily with other stores. Therefore, each store is given its own subnet ID. Communications between a store and Head Office could include point of sale information, current figures relating to sales and stock, mail, and now the addition of security systems.

Security equipment on site can be viewed by selected staff such as the store manager or security personnel. In addition, recording from the IP equipment can be performed across this local network to a dedicated video server on site. This means that if an incident occurs and the manager wishes to review it, it can all be performed locally and no contact with the company's head office would be needed.

There are also advantages to distributing the video from a site to the company's head office (Fig 3). For example, if an incident happens out of hours or there is a risk that the recordings cannot be preserved on site; this could be due to theft or damage of security equipment during an incident. In the event of an incident, recordings will be transmitted across the network to a dedicated server. This server might be controlled by the company, or a specialist monitoring company might review this footage and take action against the intrusion at the time of the event.

The UK's leading independent specialist drinks retailer, Thresher Group, whose brand portfolio includes Threshers, Wine Rack, Victoria Wine and Bottoms Up, are currently using IP technology in a number of their stores as a cost effective solution to recording images digitally on site and monitoring out of hours.

Intruder alarms activated from the store start a response by the system to transmit details of the intrusion and camera images from the site to an Alarm Control Room operated by Initsys. Within 30 seconds of the alarm trigger the incident can be reviewed, a click of a button at the Alarm Control Room changes the images viewed by the operator to live pictures at about 15fps.

Further to responding to alarms, the Initsys system constantly monitors the activity of the network, cameras and alarms for system failure.

• We have seen how IP allows surveillance to be distributed between an organisation on a private network and how these devices are likely to be addressed. In the final article next month we will look at how this can be shared on the Internet to allow these systems to be truly open.

• Justin Harrison is Project Engineer, System Solutions, Panasonic Business Systems, Willoughby Road , Bracknell, Berkshire. Tel 01344 853940