Surveillance Traffic Over Network?
-
I have an 8 channel IP Camera surveillance setup on a home network.
Each channel (camera) is about 6 Mbps. It is current set up as:
Surveillance Cameras > POE Switch > NVR > Unmanaged Switch < PFSense Box
As it is right now, all of the recording is done to the NVR via the SATA interface only.
I want to add redundant recording via iSCSI to a FreeNAS box.
Is it worthwhile to add another NIC to the PFSense and FREENAS boxes for the Surveillance equipment? Or will the additional 48Mbps make any noticeable difference in this case?
-
If you just plug the FreeNAS box into a switch port, then the switch will learn the MAC addresses of the NVR nad FreeNAS boxes and forward packets directly between the 2 switch ports. Other ports on the switch won't see the traffic and pfSense won't see it either. So it is not a performance issue.
The only reason I can think of to put that on a separate switch/LAN (or smart switch with VLAN) is for security - so that the camera traffic can never be intercepted by anything else on the ordinary LAN.
-
The only reason I can think of to put that on a separate switch/LAN (or smart switch with VLAN) is for security - so that the camera traffic can never be intercepted by anything else on the ordinary LAN.
That's generally true if all you're worried about is someone looking for video traffic you don't want them to see, but what about looking at from the NAS' POV?
If I have some new delightful media app that wants to broadcast it's presence all over my network, there's a fair chance the NAS/NVR will be affected if only to drop packets it doesn't care about. Will it be enough to affect recording and/or playback? Maybe not, but as video traffic increases with more/better cameras, what do want to bet? Maybe the device doing the video recording/playback is good enough/can be configured to filter the noise, but again what do want to bet?
Fairly simple to segregate with VLANS or a 2nd NIC and switch to avoid the issue entirely, especially since any number of the IP cameras out there are not known for "shining internal security measures". pfSense is a fairly excellent solution for managing this kind of network traffic BTW.
Just my $.02
-
Sounds like what you want is a smart/managed switch.. There is no reason to route this traffic over pfsense.. If you want your nas to talk to something else to copy its video too, then that something should be on same layer 2.
I would agree you prob don't want all your other network stuff on this same network. So you put your camera stuff on its on network/vlan ie layer 2. Now be it you want to talk to this stuff from another network or allow it to talk to other stuff via layer 3 then sure that would route through pfsense.
Having another nic in pfsense would allow for having multiple nics for your other networks so you don't have to put everything on a vlan sharing the same phy speed limitation of 1 nic.. But once you get switch that supports vlans pfsense could be used with just 1 nic, etc.
Isolation/separation of networks is yeah good security practice.. I sure don't trust all this iot stuff to be on the same network as all my other stuff. So yeah they all get put on their own vlan.. They can talk to each other.. I let them talk to the internet - but they don't talk to any of my other local networks. For example nest thermo and nest protect. They are on their own wifi segment. They have no access to anything else on my network. Once I get a cameras setup it would be the same way, my directv dvr is on its own segment, etc.
