Best practices for configuring Multicast in your network for Security Center - Security Center 5.7 - 5.12

Security Center Best Practices - Enterprise

Applies to
Security Center 5.7 - 5.12
Last updated
2023-08-15
Content type
Best practices
Language
English
Product
Security Center
Version
5.12
5.11
5.10
5.9
5.8
5.7

Multicast is a one-to-many network transmission method often used for video streaming.

Multicast uses less bandwidth than Unicast transmission, but requires a multicast-enabled network infrastructure. It is mostly used for viewing live video feed. When using multicast in your network with Security Center, consider the following recommendations.

Requirements

  • It is recommended to connect the Security Center servers to a gigabit link because video traffic consumes bandwidth and can easily exceed 100 Mbps. In all cases, the best practice is to never go over 60% of network utilization on any given network link.
  • It is recommended for each network that is used for video to have at least one layer 3 device that can forward multicast traffic.
  • It is recommended to choose a layer 3 device that supports a high number of multicast groups. Each camera can generate multiple streams so that the ratio of camera to stream is higher than one-to-one. There is also more than one multicast group per camera. Typically, a high-end switch supports at least 2048 multicast groups. Your switch should at least support a minimum of 512 multicast groups. The high-end switch that you choose depends on how many cameras are streaming simultaneously on the network.
  • IGMP Querying must be configured on the layer 3 device.
  • IGMP Snooping must be enabled on all switches (layer 2 and layer 3).

Multicast Address allocation

Use a unique multicast address and port for each audio and video stream.

Example:
  • Stream 1: address = 239.16.17.10, port = 47800
  • Stream 2: address = 239.16.17.11, port = 47801
  • Stream 3: address = 239.16.17.12, port = 47802

Different multicast addresses on the same port cause performance issues in Windows, such as packet loss when the multicast throughput reaches 150 Mbps. If your system has a lot of multicast traffic, turn on the Increment ports option (off by default) on the Media Router role.

Different ports using the same multicast address might be required by certain video units. For example, some units use the same multicast address for both audio and video streams. This case can be handled by Security Center Archiver for different extensions. If your devices require this configuration, verify that your Security Center extension can support it.

Multicast across VLANs

To communicate between VLANs, the control traffic must pass through a routing device (either a router or a layer 3 switch). You must enable Dynamic multicast routing on the layer 3 device. You must also give each VLAN interface an IP address and enable IP routing.

Each manufacturer has its own way to configure the multicast routing. Refer to the manufacturer's documentation to learn more about the required settings.

Certain manufacturers, like Cisco, achieve multicast routing by enabling the Protocol Independent Multicast Sparse-Mode (PIM-SM). Other PIM modes are available (such as dense mode) but the recommended mode to use with Security Center is Sparse. If PIM protocol is supported by the layer 3 device, you must configure the following settings:
  • Configure IGMP Querying on the Layer 3 device.
  • Enable IGMP Snooping on all switches (layer 2 and layer 3).
  • Enable PIM sparse-mode on the layer 3 device on each VLAN interface.
The sparse-mode requires a router designated as a Rendezvous Point (RP). You can configure high-end equipment to automatically configure the RP. The router is, in this case, automatically designated as RP. See Cisco Commands for Multicast to learn more about the Cisco configuration.

You can also consult the following whitepaper about Bandwidth management for video surveillance.