Do I need a router for Blue Iris NVR system?

[roechas]

Currently, I have a 15-camera system tied into my local Ubiquiti home Network. 10 Cameras are POE to Ubiquiti switch. Then I have 5 wireless cameras connected to my Ubiquiti access point.
I have created a VLAN and all cameras and wireless cameras are on the VLAN network with no internet access.

NEW PLAN
I am contemplating creating a separate new network for my cameras so I can get all the camera traffic off my local network.
I bought another No-Name POE Switch to plug the cameras into. This POE switch will not be tied into my local home network.
I need an access point to connect my wireless cameras. Should I buy a cheap wireless router like (TP-Link AC1200) or should I get just an access point (TP-Link EAP225)?
I know without a router I will have to statically assign all IP addresses to each camera and this network will not have internet access.

On the Blue Iris server, I plan to have two network cards in it. One network card will connect to the POE switch with cameras. Then the other network card will connect to my home network with internet. This in theory should allow me to be able to view the cameras remotely.

Does this setup sound more secure and efficient for my network?

 

[wittaj]

Best practice is you should be assigning static IP addresses to each of your cameras. The fact that it hasn't burned you yet doesn't mean to continue that way. Especially with recent changes in BI where it looks for MAC addresses, it has caused a lot of people using DHCP to wake up one morning with missing cameras.

Blue Iris is changing IP addresses randomly

Hello All I have a system with 4 cameras and recently 2 squares in BI are displaying the same camera. I change it back and a few hours/days there will be 2 the same again. Here you can see that at 12 noon two changed to 192.168.2.50. There is no cameras here. then about 40 min later they...

ipcamtalk.com

Many have used an old or cheap router not connected to the internet to use for wifi cams.


And yes a dual NIC system is what many of us use to isolate the cameras from the internet.

Dual NIC setup on your Blue Iris Machine

In making your system more secure this is a great option to eliminate your cameras calling home / connecting to the internet This is a great place to start to setup a bit more secure network and learn more about IP/Subnets etc. before adding dual NICs: Router Security - Subnets and IP addresses...

ipcamtalk.com

 

[roechas]

Best practice is you should be assigning static IP addresses to each of your cameras. The fact that it hasn't burned you yet doesn't mean to continue that way. Especially with recent changes in BI where it looks for MAC addresses, it has caused a lot of people using DHCP to wake up one morning with missing cameras.

And yes a dual NIC system is what many of us use to isolate the cameras from the internet.

Dual NIC setup on your Blue Iris Machine

In making your system more secure this is a great option to eliminate your cameras calling home / connecting to the internet This is a great place to start to setup a bit more secure network and learn more about IP/Subnets etc. before adding dual NICs: Router Security - Subnets and IP addresses...

ipcamtalk.com

Yep, I currently already have all my cameras set with static addresses. They also use a different subnet address from my local network.
I guess my main question is I can do without a router, as long as I set static addresses on all my cameras and my BI server?
As far as NAT goes there isn't much benefit of the traffic going through a router.
So I would be best off just getting the TP-Link EAP225?

 

[looktall]

so I can get all the camera traffic off my local network.

If you have created a vlan for your cameras then that traffic is not on your local network.
It's on the vlan network.

 

[roechas]

If you have created a vlan for your cameras then that traffic is not on your local network.
It's on the vlan network.

You are correct in it doesn't interact with my local network. But my Router/Switch is still having to utilize bandwidth to accommodate my camera network.

 

[wittaj]

A router is not needed for the subnet that the cameras are on. Most of us here just have POE switches with cameras set to static addresses.

But you said you have 5 wireless cameras you want to bring in, so you need to have a way to do that, and adding a cheap wifi router and not plugging in an internet access cable into it and place it on the segment with your cameras will accomplish it.

 

[wittaj]

You are correct in it doesn't interact with my local network. But my Router/Switch is still having to utilize bandwidth to accommodate my camera network.

This exactly!

That is why most of us run the dual NIC system.

The dual NIC is cheaper and faster, and depending on the number of cameras, better than VLANs (although true VLAN users will refute it).

For example, the EdgeRouter X is claimed to be somewhere between 800Mbps to 1Gbps, but you see tests all over where people are only getting in the 700Mbps range.

On my isolated NIC, my cameras are streaming non-stop between 280Mbps to 350Mbps depending on motion. This is full-on, never stopping to take a breath. Even if someone has a gigabit router, a 3rd of non-buffering 24/7 data will impact its speed.

I would just as soon not have that much video data going thru a device if it doesn't need to. Has to slow the system down.

 

[looktall]

You are correct in it doesn't interact with my local network. But my Router/Switch is still having to utilize bandwidth to accommodate my camera network.

Sure but is that actually impacting your local network?
What model hardware are you talking about?
With the right gear it probably won't even break a sweat.

 

[roechas]

Sure but is that actually impacting your local network?
What model hardware are you talking about?
With the right gear it probably won't even break a sweat.

Currently, I have a UDM Pro and USW 24 Port POE Switch.
My Blue Iris server consistently has 70MBs of data coming into it from the cameras. Then I have a few remote sites that are constantly monitoring the cameras. The remote monitoring uses about 50MBs of data going out.
I only have one network card in my BI Server, so that is 120MBs of data going over that cable and I think it gets overloaded at times..
So my thought is if I move the cameras over to their own network. Then put two cards in my BI Server. One network will be receiving the 70MBs of data. The other network card will be used for sending data to the remote site monitors.

 

[looktall]

Currently, I have a UDM Pro and USW 24 Port POE Switch.

I would be staggered if your cameras even registered as more than a blip on that switch.
It wouldn't be impacting that router much either.

 

[TonyR]

FWIW, many later model wireless routers have a "AP Function", if not you can turn a wireless router into a wireless AP by disabling DHCP and assigning its LAN port a unique static IP in the same subnet as your cams. The WAN port will not be used/connected to anything.

I have an Asus wireless router set up this way serving 3 non-crucial wi-fi cams and no other devices on it.

 

[The Automation Guy]

I think there is a common misconception here that all local traffic goes through a router all the times. This is not true. When a connection is initially made, your network switches save and recall this information in their MAC address table and send the data directly to the destination device without having to communicate with the router to do so. What this means is your camera's data is NOT going through your router on the way to the NVR or BI machine.

The one time this isn't true is if you are using VLANs, a L2 network switch, and the source and destination devices are on different VLANs. Because you are having to cross VLANs on a L2 switch, that traffic will go through the router. But traffic on the same VLAN will not go through the router even in that scenario. To alleviate this from happening, you need to use a L3 switch because it can handle cross VLAN traffic without needing the router.

 

[wittaj]

I think there is a common misconception here that all local traffic goes through a router all the times. This is not true. Once a connection is initially made, your network switches will actually recall this information and send the data directly to the destination device without having to communicate with the router to do so. What this means is your camera's data is NOT going through your router on the way to the NVR or BI machine.

The one time this isn't true is if you are using VLANs, a L2 switch, and the source and destination device are on different VLANs. Because you are having to cross VLANs on a L2 switch, that traffic will go through the router, but traffic on the same VLAN will not go through the router even in that scenario. To alleviate this from happening, you need to use a L3 switch that is set up correctly because it can handle cross VLAN traffic without needing the router.

And yet we see instances where this isn't the case and if the router is somewhere between the cameras and the VMS device and the router goes wonky, they lose the cameras.

Before I upgraded my router and before I went to a dual NIC system, if I unplugged my cheap router, BI lost the cameras. My BI computer and cameras with static IPs were all hooked to the same POE switch and a cable from the POE switch to the router. When I upgraded to a better router, it didn't happen if I unplugged the router, but I figured why take the chance of the data going thru it and dual NIC'ed my system to take 350Mbps off the main network.

Here was a similar issue with someone just this week.

BI Doesn't Record when Router is Down

I have an issue with my router where it shuts itself down about 1x/day. This is annoying, but it's covered under warranty, and I'll have a replacement in place in a couple of days.. Meantime, I'm seeing an unexpected side effect where, if the router is down, BI doesn't record. You can see gaps...

ipcamtalk.com

 

[looktall]

Here was a similar issue with someone just this week

Which occured because of a poorly configured dhcp server which had a very short TTL.
The only reason any of the traffic went to the router was because the devices were trying to renew their IP addresses.

You could argue that setting static IP addresses would have avoided that problem (and it would have) which also further proves the point that the traffic doesn't otherwise go via the router because as I said before it only went to the router in the first place to renew IP addresses.

 

[wittaj]

Which occured because of a poorly configured dhcp server which had a very short TTL.
The only reason any of the traffic went to the router was because the devices were trying to renew their IP addresses.

You could argue that setting static IP addresses would have avoided that problem (and it would have) which also further proves the point that the traffic doesn't otherwise go via the router because as I said before it only went to the router in the first place to renew IP addresses.

Then how do you explain my issue or others that have had that issue that was in my post that you deleted out of your reply? When I switched out the cheap router with a better one, I could unplug the router and still see the cameras, but the cheap router I would lose them.

Like I said, all of my cameras had static IP addresses on a subnet different than what the router was assigning and routing, and yet if I unplugged it, the cameras were lost in BI.

Even though that fixed it, I wasn't going to take any chances that it could be clogging up the network, so I went dual NIC. When I went dual NIC, I simply unplugged the cable from the router and put to the second NIC instead of the same POE switch as the cameras and BI computer (and thus proving the cameras were static IP as they would have lost IP addresses if set to DHCP during reboots).

While not common, we have seen it happen. I think cheap components can cause the traffic to do some weird things. Another reason to stay away from cheap gear, but to say it can't happen isn't true either.

 

[looktall]

I could unplug the router and still see the cameras

Which also proves the point.

As for what happened previously and why.
Who knows.
Trying to diagnose a networking problem that happened however long ago without knowing a substantial amount of detail about how it was all configured is not something I am inclined to attempt.
Maybe there was a something in your BI settings that was causing it?
Maybe you were using a hub instead of a switch?

 

[wittaj]

I think it was cheap gear doing wonky things. Like literally all I did was replace the cheap router with a better router and assigned it the same IP address subnet as the previous router.

It was a cheap POE switch that has since been replaced as well.

But we have seen it happen to others here as well (although I am sure some of them are they had something set up wrong). And we have seen plenty that don't have a problem.

Whenever I am helping someone here on certain issues, I ask them to unplug their router and see if they lose their cameras. If they do, it is going thru the router and we address it.

But the point is, if possible, why even chance the potential of it using network bandwidth. Dual NIC is simple and easy and assures the data isn't clogging up the highway anywhere.

 

[looktall]

why even chance the potential of it using network bandwidth. Dual NIC is simple and easy and assures the data isn't clogging up the highway anywhere.

Multihoming your bi server is certainly a worthy option, there's no doubt about that.
And there's a number of reason why you might do that, including to address bandwidth issues.
But the bandwidth is there to be used.
It's not like you're doing any harm by using it, as long as you're not using every last scrap of it of course.
That would be a bad thing.

I think in the case of the OP he already has very good networking gear that would be more than enough to handle his cameras.
It seems like he would be taking a step backwards and making changes for no reason.

 

[The Automation Guy]

And yet we see instances where this isn't the case and if the router is somewhere between the cameras and the VMS device and the router goes wonky, they lose the cameras.

I'm not debating that cases like that don't occur - they obviously do. But those situations are the exception to the rule and it's certainly not how a normal/healthy network is designed to work. When it happens it's usually due to a settings/set-up issue, or a fault with the actual hardware being used. Take your situation for example - I think that "cheap POE switch" wasn't properly saving information to it's MAC address table. I have no idea why, but it was probably an issue with the basic programming/firmware itself. (Although it might have been something in the router as well). Like you said, it was "cheap gear doing wonky things."