Question Network Efficiency

[Prezken]

My company helps setup camera networks for federal and state organizations. Everything looks pretty solid to me, but their network setup has been used for 10+ years and I was just curious if there is anything you guys can think of to improve it. A new set of eyes is always useful. So, here is the basic layout. We use 64 channel NVRs and each one has a unique VLAN associated with it. So, if there are 5 NVR's then we would have VLAN 1-5 with an IP scheme of 192.168.VLAN.XXX. The NVR's are all located in one central location. All cameras and devices are in other buildings on campus and follow this same scheme. Example: VLAN1 would contain NVR 1 and all cameras, decoders, & clients associated with it would be 192.168.1.XXX.

Every building has separate switches that all run on a separate trunk VLAN through a fiber backbone that goes to a single SFP gateway. They use two concurrent networks. They have their state or federal network and a separate local camera network setup on each NVR. They setup persistent routes to allow the use of both networks at the same time on the machines. So, as I said everything looks pretty solid to me, but if there is something you guys see that could be improved then please let me know. l am open to any advice.

Thank you!

 

[Ralston18]

Do you have a network map (topology) showing all locations, devices, IP addresses, MACs, configuration settings, connectivity, etc?

The proverbial "big picture" look..... Likely poster sized at least if working with a campus of locations.

Does not necessarily need to be to scale but keep the geography accurate.

Idea being being that if there is a problem then the diagram will help with determining possible "what" and "where".

I.e., communication is lost with Building X and someone knows that there are/were ongoing street repairs nearby.

The network map does not need to be fancy - just accurate and maintained. Likely can be drawn up using some available or even a free version of some graphical tool.

Along with the supporting documentation, policies, procedures, and so forth. User manuals, warranties, spares, emergency/contingency plans. Include locations, photographs, POC's (Points of Contact), power connections, sources. Include any remote monitoring information if any and available.

Organize supporting materials by location so all will be together and handy. Maybe copies at each location.

3-Ring binders: clearly identifiable, labled, organized, and dated.

Keep everything in one central secure administrative location with backups (multiple) in other secure locations.

If someone without any knowledge of the network in question can look at the diagram and get an immediate sense of understanding that is very good. If a network expert/admin can look at the diagram, ask questions, reference documentation etc. that is even better.

The network map will change and need to be revised to keep all up to date. Do so.

Take away advice being to fully document what you have. A drawn out network map is the starting point.

Just my thoughts on the matter.

 

[bill001g]

In general nothing in networking has changed in many years. Wifi is about the only thing you see innovation in.

The equipment has gotten much cheaper over the years. When you consider higher end pc come with 2.5g ethenret ports ...not that they actually need it.

The only issue I would think would be as cameras have increased in resolution the bandwidth has increased even though the cameras themselves compress the data. The concern would be the trunk ports between the switches even though the cameras systems are on different vlans you still have to be careful about the total bandwidth.

Since it is highly likely you are using some kind of commercial switch it is likely there is a way you can see the utilization of the ports. You used the term "SFP" which generally means it can only run 1gbit. Maybe you just neglected to add the "+". You might want to consider using 10gbit sfp+ modules if the switch also supports it......then again it all depends on how much traffic you are really running. If your design isolates the cameras and nvr from each others traffic then the main uplinks might still be ok.

Pretty much if it currently works don't mess with it. I would wait until you see some kind of issue or you plan some kind of upgrade to change things. 10yr old cameras have to be pretty much garbage compare to the fancy cameras now available.

 

[punkncat]

Just to be clear here, according to who and what you are working with in reference to a government entity may actually be a violation of your clearance and/or contract to disclose information about those networks here.

 

[Prezken]

Do you have a network map (topology) showing all locations, devices, IP addresses, MACs, configuration settings, connectivity, etc?

The proverbial "big picture" look..... Likely poster sized at least if working with a campus of locations.

Does not necessarily need to be to scale but keep the geography accurate.

Idea being being that if there is a problem then the diagram will help with determining possible "what" and "where".

I.e., communication is lost with Building X and someone knows that there are/were ongoing street repairs nearby.

The network map does not need to be fancy - just accurate and maintained. Likely can be drawn up using some available or even a free version of some graphical tool.

Along with the supporting documentation, policies, procedures, and so forth. User manuals, warranties, spares, emergency/contingency plans. Include locations, photographs, POC's (Points of Contact), power connections, sources. Include any remote monitoring information if any and available.

Organize supporting materials by location so all will be together and handy. Maybe copies at each location.

3-Ring binders: clearly identifiable, labled, organized, and dated.

Keep everything in one central secure administrative location with backups (multiple) in other secure locations.

If someone without any knowledge of the network in question can look at the diagram and get an immediate sense of understanding that is very good. If a network expert/admin can look at the diagram, ask questions, reference documentation etc. that is even better.

The network map will change and need to be revised to keep all up to date. Do so.

Take away advice being to fully document what you have. A drawn out network map is the starting point.

Just my thoughts on the matter.

We do indeed provide all of the above when we close out a job. Still solid advice all around.

 

[Prezken]

In general nothing in networking has changed in many years. Wifi is about the only thing you see innovation in.

The equipment has gotten much cheaper over the years. When you consider higher end pc come with 2.5g ethenret ports ...not that they actually need it.

The only issue I would think would be as cameras have increased in resolution the bandwidth has increased even though the cameras themselves compress the data. The concern would be the trunk ports between the switches even though the cameras systems are on different vlans you still have to be careful about the total bandwidth.

Since it is highly likely you are using some kind of commercial switch it is likely there is a way you can see the utilization of the ports. You used the term "SFP" which generally means it can only run 1gbit. Maybe you just neglected to add the "+". You might want to consider using 10gbit sfp+ modules if the switch also supports it......then again it all depends on how much traffic you are really running. If your design isolates the cameras and nvr from each others traffic then the main uplinks might still be ok.

Pretty much if it currently works don't mess with it. I would wait until you see some kind of issue or you plan some kind of upgrade to change things. 10yr old cameras have to be pretty much garbage compare to the fancy cameras now available.

Yeah, the bandwidth was my main concern just as you mentioned. The switch to 4k has really cranked up the bandwidth and storage numbers. 200TB needed per NVR is wild these days. Funny you should mention the 10gig+ because we were just discussing that last week. Hopefully moving to h.265 should help as well. Thanks for the input. Appreciate it!