It’s hard to talk about SMPTE 2110 system design without hearing the term ‘spine and leaf’. It’s a fundamental decision that needs to be made early on in the project; how many switches will you use and how will they be interconnected? Deciding is not without accepting compromises, so what needs to be considered?
Chris Lapp from Diversified shares his experience in designing such systems. Monolithic design has a single switch at the centre of the network with everything connected directly to it. For redundancy, this is normally complemented by a separate, identical switch providing a second network. For networks which are likely to need to scale, monolithic designs can add a hurdle to expansion once they get full. Also, if there are many ‘low bandwidth’ devices, it may not be cost-effective to attach them. For instance, if your central switch has many 40Gbps ports, it’s a waste to use many to connect to 1Gbps devices such as audio endpoints.
The answer to these problems is spine and leaf. Chris explains that this is more resilient to failure and allows easy scaling whilst retaining a non-blocking network. These improvements come at a price, naturally. Firstly, it does cost more and secondly, there is. added complexity. In a large facility with endpoints spread out, spine and leaf may be the only sensible option. However, Chris explores a cheaper version of spine and leaf often called ‘hub and spoke’ or ‘hybrid’.
If you are interested in this topic, listen to last week’s video from Arista’s Gerard Philips which talked in more detail about network design covering the pros and cons of spine and leaf, control using IGMP and SDN, PTP design amongst other topics. Read more here.
Anup Mehta and Rahul Parameswaran from Cisco join the VSF’s Wes Simpson to explain their approach to getting ST 2110 working to deliver a scalable truck for All Mobile Video. This brief was to deliver a truck based on NMOS control, maximal COTS equipment, flexible networking with scalable PTP and security.
Thinking back to yesterday’s talk on Network Architecture we recognise the ‘hub and spoke’ architecture in use which makes a lot of sense in OB trucks. Using monolithic routers is initially tempting for OB trucks, but there is a need for a lot of 1G and 10G ports which tends to use up high-bandwidth ports on core routers quickly. Therefore moving to a monolithic architecture with multiple, directly connected, access switches makes them most sense. As Gerard Philips commented, this is a specialised form of the more general ‘spine-leaf’ architecture which is typically deployed in larger systems.
One argument against using IGMP/PIM routing in larger installations is that those protocols have no understanding of the wider picture. They don’t take a system-wide view like a SDN controller would. If IGMP is a paper roadmap, SDN is satnav with up to date road metrics, full knowledge of width/weight restrictions and live traffic alerts. To address this, Cisco created their own technology Non-Blocking Multicast (NBM) which takes in to account the bandwidth of the streams and works closely with Cisco’s DCNM (Data Centre Network Manager). These Cisco technologies allow more insight into the system as a whole, thus make better decisions.
Anup and Rahul continue to explain how the implementation of PTP was scaled by offloading the processing to line cards than relying on the main CPU of the unit before explaining how the DCNM, not only supporting the NBM feature, also supports GV Orbit. This is the configuration and system management unit from GV. From a security perspective, the network, by default, denies access to any connections into the port plus it has the ability to enforce bandwidth limits to stop accidental flooding or similar.
The benefits of IP sound great, but many are held back with real-life concerns: Can we afford it? Can we plug the training gap? and how do we even do it? This video looks at the latter; how do you deploy a network good enough for uncompressed video, audio and metadata? The network needs to deal with a large number of flows, many of which are high bandwidth. If you’re putting it to air, you need reliability and redundancy. You need to distribute PTP timing, control and maintain it.
Gerard Philips from Arista talks to IET Media about the choices you need to make when designing your network. Gerard starts by reminding us of the benefits of moving to IP, the most tangible of which is the switching density possible. SDI routers can use a whole rack to switch over one thousand sources, but with IP Gerard says you can achieve a 4000-square router within just 7U. With increasingly complicated workflows and with the increasing scale of some broadcasters, this density is a major motivating factor in the move. Doubling down on the density message, Gerard then looks at the difference in connectivity available comparing SDI cables which have signal per cable, to 400Gb links which can carry 65 UHD signals per link.
Audio is always ahead of video when it comes to IP transitions so there are many established audio-over-IP protocols, many of which work at Layer 2 over the network stack. Using Layer 2 has great benefits because there is no routing which means that discovering everything on the network is as simple as broadcasting a question and waiting for answers. Discovery is very simple and is one reason for the ‘plug and play’ ease of NDI, being a layer 2 protocol, it can use mDNS or similar to query the network and display sources and destinations available within seconds. Layer 3-based protocols don’t have this luxury as some resources can be on a separate network which won’t receive a discovery request that’s simply broadcast on the local network.
Gerard examines the benefits of layer 2 and explains how IGMP multicast works detailing the need for an IGMP querier to be in one location and receiving all the traffic. This is a limiting factor in scaling a network, particularly with high-bandwidth flows. Layer 3, we hear, is the solution to this scaling problem bringing with it more control of the size of ‘failure domains’ – how much of your network breaks if there’s a problem.
The next section of the video gets down to the meat of network design and explains the 3 main types of architecture: Monolithic, Hub and spoke and leaf and spoke. Gerard takes time to discuss the validity of all these architectures before discussing coloured networks. Two identical networks dubbed ‘Red’ and ‘Blue’ are often used to provide redundancy in SMPTE ST 2110, and similar uncompressed, networks with the idea that the source generates two identical streams and feeds them over these two identical networks. The receiver receives both streams and uses SMPTE ST 2022-7 to seamlessly deal with packet loss. Gerard then introduces ‘purple’ networks, ones where all switch infrastructure is in the same network and the network orchestrator ensures that each of the two essence flows from the source takes a separate route through the infrastructure. This means that for each flow there is a ‘red’ and a ‘blue’ route, but overall each switch is carrying a mixture of ‘red’ and ‘blue’ traffic.
The beauty of using IGMP/PIM for managing traffic over your networks is that the network itself decides how the flows move over the infrastructure. This makes for a low-footprint, simple installation. However, without the ability to take into account individual link capacity, the capacity of the network in general, bitrate of individual flows and understanding the overall topology, there is very control over where your traffic is which makes maintenance and fault-finding hard and, more generally, what’s the right decision for one small part of the network is not necessarily the right decision for the flow or for the network as a whole. Gerard explains how Software-Defined Networking (SDN) address this and give absolute control over the path your flows take.
Lastly, Gerard looks at PTP, the Precision Time Protocol. 2110 relies on having the PTP in the flow, in the essence allowing flows of separate audio and video to have good lip-sync and to avoid phase errors when audio is mixed together (where PTP has been used for some time). We see different architectures which include two grandmaster clocks (GMs), discuss whether boundary clocks (BCs) or transparent clocks (TCs) are the way to go and examine the little security that is available to stop rogue end-points taking charge and becoming grandmaster themselves.
As true for corporate networks as for broadcast networks, security needs to underpin everything we do to ensure the smooth running of service, that ransomware is kept out and that our data is kept in. This doesn’t mean every device has to have every security feature turned up to 11, it means that security – and which threats need to be protected against – have been thought through at the system level.
Such importance has security in broadcast facilities, that we see it as the foundational layer of the EBU’s Technology Pyramid. We see SMPTE ST 2110 at the top and whilst this is seen as the ‘business end’, it’s not practical without all that underpins it; the system timing, the NMOS protocols and the security practices.
In this video, Ray Scites explains the threats to networks and challenges the audience to take them seriously showing how mitigations can be implemented. He explains some of the common attacks on networks, both technical and human. Human attacks are phishing attacks which effectively simply ask for the details. Starting with asking for seemingly innocuous information like “Is Donald available today?” and building on knowing that someone is away to put on pressure to hand over information “Donald told me this needs doing right now or the $1,000 deposit will be lost.” With enough small information providing the context, people can be tricked into thinking that an attacker is legitimately doing business and their requests complied with.
To supplement the human element, vulnerabilities can be used. Ray highlights that it’s not just Windows 10 that needs updates, the CVE list of vulnerabilities shows that just this year over 40 security issues with Netgear devices have been publicly reported; all elements in the network need to be kept up to date.
Ray looks at the levels of firewall available from the basic features such as port blocking and forwarding to advanced, like intrusion detection and deep-packet-inspection. The latter technology being where packets are not just forwarded, but read to determine their payload and make firewall decisions based upon the contents. He then explains how port forwarding and NAT (Network Address Translation) work in firewalls.
The cloud offloads all the functionality, but none of the liability.
An important takeaway from this video is that moving infrastructure and/or data to the cloud can be a great move for your company’s workflow, IT overheads and costs but it doesn’t solve all your security issues. Your responsibility is still to implement secure practices both in the office and in the cloud. Whilst the job may be easier now as it may be someone else’s responsibility to update OSes or other software, you are still the one responsible for data breaches and for ensuring that your security coverage is complete.
Ray finishes by showing a brute-force password attack in real time and answering questions covering how to implement security around hardware devices which had no security features, using remote PC terminals to maintain security and whether attacks are on the increase.
Views and opinions expressed on this website are those of the author(s) and do not necessarily reflect those of SMPTE or SMPTE Members.
This website is presented for informational purposes only. Any reference to specific companies, products or services does not represent promotion, recommendation, or endorsement by SMPTE