This article is a brief explanation of IP and how it relates to our industry. I wont be going into details of all the application layers on top of transport layer (tcp/ip)

History of IP
The Internet Protocol Stack (IP) started life as part of a project by DARPA (Defence Advanced Research Projects Agency) at the beginning of the 1970’s. This project was the ARPANET (Advanced Research Projects Agency Network) and the very beginning of what we now know as the ‘internet’.

Throughout the project various implementations and protocol stacks were developed which culminated in DARPA contacting the University College of London and Stanford University. Their goal was to develop a transmission control protocol on the various hardware platforms. Four versions were developed TCP v1, v2, v3 and the version currently in widespread use today v4.

In 1975 a 2 network TCP/IP was tested between Stanford and The University College of London. In 1977 a three network TCP/IP test was carried out between the U.S., the U.K. ans Norway. In march of 1982 it was agreed that TCP/IP would form the basis of military computer networking in the U.S.

Technology
The TCP/IP stack is made up of 5 layers.
1. The physical layer, Ethernet cable, wifi, modems etc
2. The data link layer, ATM, PPP, GPRS etc
3. The Network Layer, IP (v4 & v6), ICMP, IPsec etc
4. The Transport Layer, TCP, UDP etc
5. The application Layer, DHCP, HTTP, POP3, SSL etc

Implementation
The main bits that we need to worry about are the physical layers and the application layer. Usually the other layers are either provided for us by default or by others (telcos etc). As the bulk of our use of IP is for CCTV or signalling, we will usually be plugging into an existing network and will usually be an ethernet port. It might be a ‘patch panel’, a router or a socket either way they are all basically the same.

All devices that ’sit’ on this network as with anything needs an address. This address is most commanly recorded as dot-decimal notation. i.e. 192.168.0.1.
Various address’s are reserved and cannot be used publically. Your isp/telco will inform you of your ‘public’ i.e. internet address which will be different to your internal ‘private’ address

Obviously 2 devices cannot sit on any network with the same address. Common ways of addressing devices are DHCP (Dynamic Host Control Protocol) or static. If using DHCP a server will automatically assign the correct details to the device, if the device supports DHCP. IF not then we must statically assign the address manually. To do this we need a spare address and we need to know the subnet and the gateway.
The subnet mask is a means to restrict the available address’s on a network. For example a subnet of
255.255.255.255 allows 1 address
255.255.255.0 allows 254 address’s
255.255.0.0 allows 64,516 address’s etc etc

The subnet will usually be provided or will be 255.255.255.0 on small (less than 254 devices) networks
So if we assume a subnet of 255.255.255.0 this will allow address 192.168.0.1 - 192.168.0.255 to communicate with each other, but address 192.168.1.1 will not be able to communicate with any devices beginning with 192.168.0.x as the subnet restricts this.
An easy way to test communication between devices is the use of the ‘ping’ command. On windows and Unix/Linux machines using

ping 192.168.0.1 will usually ping the router/gateway and can be used to test the communication path. You would expect to see times for the ping to be reported. If the communication fails due to an invalid address or a fault then you will see ‘timeouts’. Be warned most system admins block pings on external networks for security reasons

Next we have the ‘gateway’ or router address. This tells the device how to communicate with devices not on its own address/subnet range. If we assume our network is made of
Router - 192.168.0.1
PC 1 - 192.168.0.2
IP cam - 192.168.0.3
IP signalling device 192.168.0.4

and our PC wants to connect to our camera, it can communicate directly as its on the same subnet/address range. But if it wanted to connect to 192.168.1.1 then as its not on its own address range it would use the ‘gateway’.

The gateway would then send a request for the data to 192.168.1.1 on PC 1’s behalf and when a reply was received it would be forwarded on by the gateway to PC 1. Obviously this would apply to PC 1, the ip cam or the signalling device.

A gateway also uses ‘port forwarding’ when in a NAT based system. NAT (network address translation) is how the router works in the above example. Acting as a go between for all the devices on the network and the internet. As the router only has 1 address on the network, but may ‘translate’ for thousands behind it. When PC 1 requests data the router sends the request on, and when the answer is returned the router knows that PC 1 requested the data, so that data is forwarded onto PC 1. But what happens when data is requested from the router on its public (internet) address. It doesn’t know what to do so we use ‘port forwarding’ rules. i.e. if the request for data comes in on port 80, then we can set up a rule to forward all requests for data on port 80 to the ip camera. That way when entering the public ip of the router on a remote machine, the machine will request the router for data on port 80, the router will look at its ‘rules’ and send the request onto the ip camera. The ip camera will then send the requested data (the image) to the router, which in turn will send it to the machine requesting it. We can have thousands of ports doing different things on a single ip address.

Written by James Wilson - Visit Website
James Wilson is Technical Manager for Secure It All. Secure It All are a Midlands based leading electronic protection provider who are NSI Gold Approved for Access Control, CCTV and Intruder Alarms. James started his career at Secure It All in 1992. James has gained many specialist qualifications throughout his time at Secure It All and also won the coveted Security Installer 'Engineer of the year' award for 1998.