I. Summary
This article analyzes the characteristics of the growing demand for video surveillance for residential and personal networks, and provides a cost-effective and easy-to-use P2P solution for large-scale deployment.
Due to limited space, this article only provides the ideas of the solution, and does not elaborate on more in-depth technical details. If you are interested, you can continue to study in depth.
Ii. Keywords
Ipcam, P2P, Nat, stun, turn, ice, pjsip, opensips, UDT, TCP, UDP
Iii. Demand proposal
The online video surveillance market continues to heat up. In addition to the rapid growth of the public security market, the demand for home and personal video surveillance in the civil market has also increased in recent years. This mainly benefits from the following:
1. The price of online video surveillance products has been reduced to a level that is easily accepted by individuals.
2. The gradual popularization of home broadband networks.
3. The gradual popularization of 3G networks.
The demands for home and personal monitoring are significantly different from those for traditional public security monitoring. Their characteristics are mainly reflected in the following aspects:
1. Small Scale. Usually one or several.
2. No dedicated monitoring client is required, and no long-term monitoring is required.
3. The monitoring client and Network Camera are mostly on different networks. For example, if a Network Camera is in the home, users can view videos through the company's network or mobile phone.
4. No one can view a video at the same time. A maximum of one or two users can view the video at the same time, with a low probability.
5. You do not need to keep a video for a long time. You can use mobile detection or other alarms to trigger the video, take a photo, and send an email or SMS notification.
4. Technical difficulties
From the above analysis, we can see that the video surveillance requirements of families and individuals are very different from those of the traditional public security market, which determines that they must adopt different technical routes and solutions:
1. Network Cameras and monitoring clients (PCS/mobile phones) are located in different networks, with firewalls isolated between them. They cannot be directly connected to the network like traditional security products through IP addresses.
2. The number of network cameras is large (at least 10 thousand), but they belong to multiple users. If the central server forwarding scheme is adopted, a considerable number of forwarding servers need to be deployed on the internet, resulting in high costs.
3. plug-and-play is required, and users cannot perform complicated installation configurations. Otherwise, the cost of after-sales service is too high.
To achieve a large number of network cameras and client-side point-to-point access in different networks, it is feasible and economical to achieve firewall penetration (NAT ), allows the client to establish a direct data transmission channel between the Network Camera and transmit video streams and messages.
To implement NAT traversal, a mechanism is required to easily establish a connection between the client and the Network Camera. Simply put, the client can find the camera you want to access, then implement NAT traversal to access videos and perform other operations.
Only by solving the above two technical difficulties can a large-scale P2P network video surveillance system be deployed.
5. Solutions
After in-depth research and analysis, the author provides the following solutions.
1. NAT traversal
NAT traversal is not a technology in the security monitoring field. It is a basic technology for VoIP and instant messaging products. Currently, it is mature and has a complete technical standard RFC, there are also many implementation solutions, including many open-source projects that have been widely used.
Simply put, NAT traversal is possible, and the probability of success is also relatively high. The success rate of data transmission through NAT over UDP protocol is relatively high, which is close to 100%. In some cases, the traversal cannot be implemented over TCP, which is mainly restricted by the port ing mechanism of the router.
To implement NAT traversal, A traversal control server must be deployed on the Internet (with a fixed domain name or IP address), which assists network cameras and clients in NAT traversal. Some servers can also implement the relay (Data Relay forwarding) function when TCP cannot be crossed to ensure data communication between them.
The NAT traversal Control Server is different from the media forwarding server in the security monitoring system. It performs signaling interaction and does not forward media data, the corresponding Network Camera and client will no longer occupy server bandwidth and processing capabilities, so a traversal control server can access a large number of network cameras and clients.
2. Access Mechanism between Network Camera and client
Generally, a network camera has a unique ID and is registered to the traversal control server through this ID. When the client needs to access the corresponding Network Camera, it also needs to first register to the cross control server, and submit the ID of the corresponding Network Camera, by the cross control server to find the corresponding Network Camera, it also assists network cameras and clients in NAT traversal and finally opens a point-to-point data transmission channel. Then, the two can interact normally with media and messaging.
For more effective management, servers can authenticate Device Access. In addition, if the device ID is too long, you can create an alias for the device. When the client accesses the device, the device alias is used as the parameter, and the server searches for the corresponding device.
3. Data Transmission Mechanism
Data transmission between the Network Camera and the client includes media streams and signaling streams. The amount of signaling stream data is small, the volume of media stream data is increased, and good real-time performance is required.
If the media stream and the signaling stream are transmitted separately, multiple channels need to be connected, increasing the complexity and error possibilities, and increasing the burden on the server.
As mentioned above, UDP can achieve good Nat penetration and is also suitable for media stream transmission, but it has poor reliability and is not suitable for transmitting signaling. To reduce the burden on the server (to prevent TCP from penetrating, forwarding is required) and improve the penetration success rate, we recommend that you connect only one UDP channel, use this UDP channel to encapsulate media and signaling streams, and distinguish them at the application layer, which are media streams and those are signaling streams.
Due to the poor reliability of UDP transmission signaling, even if media data is transmitted, packet loss may occur in the Internet environment, and image screenshots or decoding errors may still occur, therefore, you must solve this problem.
This is not the first question we have proposed. The need to use UDP for reliable data transmission has long existed, and we have a good solution, that is, data buffering, serialization, retransmission, reliability control and congestion control are implemented at the application layer through UDP protocol.
If the above three problems have been solved, the P2P solution for network video monitoring has been basically implemented, and the rest is the productization problem. The following is a brief description of the implementation of PC Access and mobile access:
1. Access the Network Camera from the PC.
The PC accesses the Network Camera. You can first access a webpage and input the serial number of the Network Camera.
When a webpage loads a control, the control uses the NAT traversal control server and the Network Camera corresponding to the serial number to implement Nat penetration, and transmits signaling and media data through reliable UDP. Controls provide video browsing, intercom, cloud platform control, parameter query settings, and other functions.
2. Access the Network Camera through a mobile phone.
Because of the platform differences, mobile phones need to independently develop corresponding clients or plug-ins to achieve similar features as PC Access. However, the principle is the same. You must control the server through NAT traversal and the Network Camera corresponding to the serial number to implement Nat penetration and transmit signaling and media data through reliable UDP. Because the open-source NAT traversal library can be transplanted, the same NAT traversal function can be implemented in Linux, WinCE, IOS, Android, and sbrian.
6. Implementation Suggestions
Finally, the author provides several suggestions on technical solutions. If you are interested, you can do further research on your own.
1. For the selection of NAT traversal libraries, I recommend pjsip, which can be used by network cameras and clients.
2. I recommend opensips to select a NAT traversal control server.
3. for reliable UDP transmission solutions, we recommend UDT.