Networking for Video Surveillance: IP addressing

[Editor's Note: This series of articles will examine basic concepts that systems integrators need to comprehend when deploying video systems over a network. Articles will appear monthly on the CCTV and Integrators sections of and under the "columns" listing of]

IP addressing is one of the first topics people learning the Internet Protocol (IP) must comprehend and will need to use when deploying IP video surveillance cameras on a LAN switch. Because most IP surveillance cameras have an underlying IP stack based on a Linux implementation, they require an IP address just like a laptop PC or server on the network. IP surveillance cameras typically only have a single Ethernet interface; unlike routers which have multiple interfaces on different IP networks.

IP addressing (IPv4/IPv6)
IP addressing is a general term for assigning a unique address to the network layer (Layer 3 of the OSI model) of the IP camera. IP addresses can be either IP Version 4 or Version 6. IP Version 6, or IPv6, will gradually replace IPv4 networks and many vendors already support IPv6 in their cameras. However, most enterprise networks continue to use IPv4 and will for some time. Before considering IPv6, IPv4 addressing must be well understood. In this article, let's look at IPv4 addressing and unless noted, references to "IP addressing" refers to IPv4 addresses.

IP addresses are four-byte fields in the IP header. There are two IP address fields assigned, a source IP address and a destination address. The source address is where the packet originated and the destination address is where it is going. To transport a video feed across the network for recording, an IP camera places its IP address in the source address field and the IP address of the server or network digital video recorder (NDVR, a.k.a. NVR) is in the destination field.

Displayed below is a screenshot of a packet capture of a media stream from a high-definition IP camera to the server.  This capture was made by using a program called Wireshark.Click on the image to view it in a readable, full-size window.
Packet capture -- video surveillance camera
In this capture the source IP address is and the destination IP address is This H.264 stream is encapsulated in UDP/RTP; User Datagram Protocol/Real-time Transport Protocol.

Subnetting (Masks)
The four byte IP address is typically written in dotted decimal format, as in Each of the 4 bytes are separated by a 'dot' to make it easier for humans to read and write the address. In order to scale the network, the IP address is broken down into a network part and host part.

Routers on the network decipher the network part from the host part based on the subnet mask associated with the address. Masks are also written in dotted decimal format, as in, or as a count of the number of bits in the mask, and noted with a 'slash' followed by the number of bits /27. The mask is equivalent to /27. The mask is first configured on the router interface connecting that subnet to the rest of the IP network, and the hosts on the subnet should be configured with the same mask as the router. The mask is not included, or part of, the IP packet.

If we tell the network administrator that 20 video surveillance cameras must be deployed at a location, he/she may allocate a network address of and use IP address for the interface of the router. That allows up to 32 host addresses, addresses for cameras and servers on that 'subnet'. The lowest address ( and the highest address ( are reserved. Therefore, the first IP camera could be, the second, and so on. All the IP cameras would use the same mask,

Public versus Private IP addressing
There are three blocks of the IP address space which can be used within an enterprise or service provider address space. These blocks of addresses are not routed over the Internet. They are called private IP addresses and are also referred to as RFC1918 addresses, which is the document number that defines their use. These addresses are:

  • - (10/8 prefix)
  • - (172.16/12 prefix)
  • - (192.168/16 prefix)

For a device assigned one of the private IP address to be reachable over the Internet, the private address must be translated to a public address. Routers and firewalls use Network Address Translation (NAT/pNAT) to perform the translation.

In many instances, the organization does not have requirement to access cameras directly from the public Internet, so private addressing is ideal for IP video surveillance deployments. In fact, most surveillance management systems stream the camera feed first to a NDVR; viewing of live or archived video feeds are through the NDVR acting as a proxy to the cameras. The NDVR is allocated a public IP address, the cameras can be allocated private IP addresses, and viewing stations on the Internet access video directly from the public IP address of the NDVR.

This article examines how IP cameras communicate over an IP network by using IP addressing to transmit video feeds from cameras to servers. Routers and hosts like cameras and servers use the subnet mask of assigned along with the IP address to decipher which part of the address identifies the network verses the hosts of that network. Private IP addresses are ideal for cameras because in many instances, they need not be accessible directly outside the enterprise network. In next month's article, we will examine how IP video surveillance cameras obtain an IP address and the role of Dynamic Host Configuration Protocol (DHCP).