Selection of Switches in Security Video Surveillance

When video surveillance enters the era of network high-definition, the role of switches in video surveillance projects has become more and more important. In many cases, the video surveillance screen freezes, the video files are not available for a certain period of time, individual cameras are often disconnected, the entire surveillance system freezes badly, the switch returns to normal after restarting, and it will not work after a while, etc. These problems are serious. Part of the reason lies in the switch.

In the monitoring project, it is particularly important to select the appropriate and appropriate switch.

Combined with the security video surveillance project, let’s first make a simple classification of the switch.

Switch classification

  • By interface type Electrical port, ordinary network interface, use twisted pair cable, network cable transmission interface, the transmission is generally electrical signals, the transmission distance is within 100 meters. Optical port, the interface that uses optical fiber transmission, generally requires the use of optical fiber modules, and the transmission distance ranges from several kilometers to tens of kilometers. Optical fiber interfaces are generally used in pairs, one for sending and one for receiving, and the transmission is an optical signal.
  • According to the interface transmission rate According to the transmission rate of the port, it can be divided into 100M, Giga, and 10G. After conversion, the maximum code stream supported by the 100M port can be up to 12.5MB/s. It is enough to connect to a conventional IPC, and the general access camera will not involve two-way data transmission.
  • POE power supply When the switch port is transmitting data, it can also supply power to the camera through the network cable. A switch with this port is called a POE switch. This saves the step of laying the power cord separately. POE, Power Over Ethernet means power supply through network cable. There will be a special article about the POE power supply follow-up.
  • Working protocol layer According to the working protocol layer, the OSI model, the switch can be divided into 2 layers, 3 layers, 4 layers…, that is, access, convergence, core…
  • Managed and unmanaged Switch ports, various parameters, and functions. Users can set and configure themselves, support various network management protocols, and support management, called managed switches, and non-supported ones are unmanaged switches. Generally speaking, in the security video surveillance project, the access layer switch can be unmanaged. When the number of cameras connected to the entire project is small, it is better to use unmanaged switches at the aggregation layer and core layer.
  • Installation method When the switch needs to be installed in a standard cabinet, the size of the switch must conform to the installation size of the cabinet, and it must be equipped with corresponding mounting brackets. Supports installed on the cabinet are called rack switches. Others are generally called desktop type, which not only means that the switch can be directly placed in a place similar to the desktop, but also that the switch is simple to use and simple in function.
  • Expansion slot Some large switches support the expansion of functional modules. Modules can be plugged and unplugged through card slots to expand ports, functions and performance. They are generally called modular switches.

Main parameters of the switch


Port is the carrier of switch data exchange. It is introduced above. According to the transmission rate, the port can be divided into 100M, Giga, and 10G. According to the transmission medium, it can be divided into electrical ports and optical ports.

A 24-port switch means that this switch has 24 ports that can be connected to the device. Some switches will separate several ports, such as 2 or 4 ports for data uplink, that is, upload data to the upper level switch or device. The independent uplink port will be marked separately in the name to show the difference. For example, a 24+4 port switch means that this switch has 4 independent uplink interfaces. Generally, the transmission rate of the uplink port is better than that of the ordinary port. For example, the ordinary port is 100M, and the uplink port is Gigabit. Of course, the uplink port can also be used as a normal port, and there is no difference at this time.

In the security video surveillance project, connect the camera-side switch, and select the switch with the corresponding number of ports according to the number of connected cameras. There is no requirement for the transmission rate, and one hundred megabytes is enough. It should be noted that if there are more than 8 cameras connected to a single switch, a gigabit uplink port is required to meet the bandwidth requirements of all cameras for uploading data.

Backplane bandwidth

Backplane bandwidth refers to the maximum amount of data that can be handled between the switch interface processor or interface card and the data bus. The backplane bandwidth indicates the total data exchange capacity of the switch, in Gbps, also called exchange bandwidth.

It should be noted that only modular switches (with expandable slots, which can flexibly change the number of ports) have this concept of backplane bandwidth, fixed port switches do not have this concept, and the backplane capacity and switching capacity of fixed port switches Are equal. The author has been stuck in this misunderstanding for many years, remember!

The backplane bandwidth determines the upper limit of the connection bandwidth between each board (including the board that has not been installed in the expandable slot) and the switching engine. Due to the different architectures of modular switches, the backplane bandwidth cannot fully represent the true performance of the switch.

In actual security projects, if we use fixed-port switches, there is no need to consider the parameter of backplane bandwidth. For example, a 24-port full Gigabit switch must have a backplane bandwidth of 24x1000x2=48Gbps.

The calculation formula of the backplane bandwidth: Number of ports × corresponding port rate × 2 (full duplex mode)

For example, a 24-port 100M+2-port Gigabit switch, backplane bandwidth=24x2x100+2x2x1000=8.8Gbps.

Packet forwarding rate

The measurement standard of packet forwarding line speed is based on the number of 64-byte data packets (minimum packets) sent per unit time as the calculation basis. For Gigabit Ethernet, the calculation method is as follows: 1,000,000bps/8bit/(64+8+12)byte=1,488,095pps

Note: When the Ethernet frame is 64byte, the fixed overhead of 8byte frame header and 12byte frame gap needs to be considered.

Therefore, a wire-speed Gigabit Ethernet port has a packet forwarding rate of 1.488Mpps when forwarding 64byte packets, 0.1488Mpps for 100M, and 14.88Mpps for 10G.

Packet forwarding wire speed calculation: Packet forwarding rate = number of gigabit ports × 1.488Mpps + number of 100M ports x 0.1488Mpps + number of other types of ports x corresponding calculation method


The general operating mechanism of the switch used in security is the store-and-forward mode. We know that a 100M port transmits data to a 100M port or a Gigabit port, and the data is generally not lost, and there is a delay at most. But when two 100M ports transmit data to one 100M port at the same time, or two Gigabit ports transmit data to one Gigabit port at the same time, it is easy to cause congestion, packet loss, and video freeze. Even if the data transmitted by the two 100M or Gigabit ports at the same time is only 10M, it will also cause congestion, that is, the number of concurrent transactions is large. Obviously, the freeze is different from the delay. The delay is only the time delay, but the freeze is the loss of the data packet and the corresponding video is lost. In general security video surveillance, appropriate or even longer delays are acceptable, but video freeze loss is definitely not acceptable.

When there is a concurrency situation, the cache can solve this problem, and the concurrent packets are stored in the cache first, and then transmitted. So in theory, as long as the buffer of the switch is large enough, there will be no packet loss. On the other hand, if the switch buffer is too large, the data transmission delay will increase. Therefore, general switch manufacturers will make a trade-off between delay and buffer size. The cache of the switch is mainly determined by the main chip of the scheme. The chip scheme used is destined for the cache of the switch, and the switch manufacturer cannot change the cache size of the chip. The common switch cache is generally 2-4M.

Of course, on the other hand, in actual security projects, it is also difficult for us to calculate how large a cache can meet the requirements of no packet loss. Therefore, under the same conditions, it is naturally better to choose a switch in a security video surveillance project with a larger cache.

A certain brand of switch has an optimized solution for security video surveillance projects, mainly for caching, which is worth learning and recommending:

In the digital video surveillance system, the video stream enters the switch from the camera, the direction of the flow is from bottom to top, and data messages are transmitted in long messages and bursts, and a buffer allocation management mechanism is provided to make the switch’s downstream port to the upstream port The number of bursts supported is increased to reduce the probability of transmission problems.

Management function

The management function supported by the switch is an important reference for measuring the performance of a switch. In general security video surveillance projects, the management function of the front-end access layer switch is not necessary. For medium and large security video surveillance projects, such as those with 300-500 channels of access cameras, or even projects with a scale of 1,000 channels or more, these management functions of the aggregation layer and core layer switches need to be considered.


VLAN, Virtual Local Area Network, means virtual local area network. According to a certain method, divide all cameras, storage devices, and video management devices connected to the same switch into different LANs to achieve isolation. When one or some of the devices in the LAN fails and the network is blocked, it will not affect others. The equipment in the local area network provides the stability and reliability of the entire security monitoring system.

Specifically, the benefits of dividing VLANs are:

  1. Improve security (reduce and avoid DOS attacks, ARP attacks);
  2. Improve performance (reduce the impact of broadcast messages and broadcast storms on the entire system).

VLAN division method:

  1. Divided according to the mac address of the device;
  2. Divided according to the IP address of the device;
  3. Divided by port;
  4. Divided according to different agreements;
  5. User-defined, divided according to different business types.

ACL, Access Control List, is the access control list technology of the switch. ACL controls the access input and output of network resources to ensure that network devices are not illegally accessed or used as a springboard for attacks.

ACL is a table of rules. The switch executes these rules in order and processes each packet that enters the port. Each rule either allows or denies the data packet to pass according to the attributes of the data packet (such as source address, destination address, and protocol). Since the rules are processed in a certain order, the relative position of each rule is crucial for determining what data packets are allowed and not allowed to pass through the network.


QoS, Quality of Service, refers to the ability of a network to use various basic technologies to provide better service capabilities for specified network communications. It is a security mechanism for the network and is used to solve problems such as network delay and congestion. Kind of technology.

Security project switch selection reference

  • 100 pcs of 2MP IPC. Convergence, the recommended configuration of the core switch: 28 ports, backplane bandwidth 192Gbps, packet forwarding rate 42Mpps, cache 4.1M.
  • 300 pcs of 2MP IPC. Three-layer 10G switch, 28/56 ports, backplane bandwidth 256Gbps, packet forwarding rate 96Mpps/132Mpps.
  • 500 pcs of 2MP IPC. The backplane bandwidth is 336G/3.36T, and the packet forwarding rate is 126Mpps/166Mpps. Or the backplane bandwidth is 598G/5.98T, and the packet forwarding rate is 162Mpps/222Mpps.
  • 1000 pcs of 2MP IPC. The backplane bandwidth is 256G, the packet forwarding rate is 156Mpps/216Mpps, or the backplane bandwidth is 598G/5.98T, the packet forwarding rate is 222Mpps/342Mpps, or the backplane bandwidth is 1.28T, and the packet forwarding rate is 960Mpps. (Recommended models: RG-S5750-24SFP/12GT, RG-S5750C-28SFP4XS-H, RG-S6200-48XS4QXS-S)
  • 2000 pcs of 2MP IPC. The backplane bandwidth is 15.36T/81.48T, and the packet forwarding rate is 2880Mpps/28800Mpps. (Recommended model RG-S7508)
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *