UDP VPN and Multicast – A Better Way to Stream


The Challenge
Many government and commercial organizations want to be able to easily stream video from a single point to many receivers over the public Internet.

For instance, a large traffic accident on a freeway may have video from traffic cameras, video from news helicopters, and video from patrol cars all coming back to a central command site. Incident commanders at that central site want to send these video sources back out to all first responders, over the Internet, to their smart phones, in-vehicle computers, and tablet devices. Incident commanders want to be able to control what video streams are sent out and who gets access to which, and most importantly they want to secure the video from unauthorized individuals.

Mix it Up
First, video from all of these different sources can come into a VMS (video management system), or a video display processing system for display in the central monitoring site. Here operators can, at the direction of incident commanders, can composite together windows of video from various sources into a single output video stream. This stream can then be directed to a video encoder so that it can be compressed, packetized, and served up to remote users (first responders in the field in this example) as either a Unicast or Multicast stream.

This strategy of “mixing” video in a control room at the direction of a trained supervisor, then combining the video together, encoding it, and transmitting it has a number of benefits: remote users receive a single stream with all the data they need in one source; remote users only need to run a single video player client; bandwidth can be reduced as there is only one set of header data around the single stream, rather than multiple headers around multiple streams; the stream can be sent to an unlimited number of remote clients; and when secured through a VPN (below) it can be fully secured.

Broadcast it
IP Multicast would be the ideal way to accomplish this. IP Multicast protocol allows a single server to broadcast a stream on a unique Multicast Network and TCP port, which remote users can select to view. This is similar in concept to TV receivers “tuning into” a channel. The packetized, encoded video stream is sent once out to the network, and receivers can all collectively receive it. IP Multicast is very bandwidth and server resource efficient, and therefore is very inexpensive to operate.

The alternative to IP Multicast is Unicast, where each user opens up a unique connection to a server. This is expensive, as the server must generate a stream for each user, which can require a large, or many large, servers. It also requires bandwidth for each user, as no video stream can be received by more than one user.

Also, IP Multicast relies on routers on the Internet being PIM (protocol independent multicast) and IGMP (internet group management protocol) enabled, which they are not. And since Internet routers do not typically support multicast, they cannot go to the next step of implementing secure authentication and encryption of video streams.

Secure it in a Tunnel
This challenge can be solved by using a VPN (Virtual Private Network) to tunnel multicast over a secure, authenticated, and encrypted virtual network, which can run over the Internet.

Most organizations today use VPN technology to enable users to “dial in” to office networks from home over the Internet. These VPNs are built for “bursty” data like web surfing and email, but are not generally designed for video streaming.

Most VPN technology uses TCP (transmission control protocol), which requires that every packet be acknowledged by the receiver to the sender. However Multicast runs as an unacknowledged protocol, so the receiver is not required to send any acknowledgement back to the sender. A typical VPN implementation will encapsulate the unacknowledged Multicast in an acknowledged TCP VPN tunnel, increasing delay, creating unnecessary network traffic, and generally slowing down the performance of your video network.

A better strategy is to use a UDP (unigram data protocol) based VPN, which is not acknowledged, to send your Multicast video. Video in IP Multicast is unacknowledged, and the tunnel through which you send it is also unacknowledged, meaning that you have the most efficient, low latency network available for streaming your video.

There are two currently available UDP based VPNs on the market: OpenVPN TAP, and L2TP. HauteSpot Networks fully supports both of these protocols on all of our wireless routers, edge video processors and camera systems. In fact you can also use the same VPN to bring in remote video over cellular, Internet or private broadband from remote sources using HauteSpot equipment.

Clients for Mobile Devices
Both of these protocols are widely supported with clients running on Android, IOS, Windows, Linux, and OSX operating systems. So there really is no client device that could not make use of VPN technology. With modern power management technology, there is almost no effect on battery life for having the VPN always running.

Finally, you can have your clients use a freely available video media player like VideoLAN (VLC) to receive and display your multicast video stream. Users can keep a playlist of Multicast addresses of servers on their devices at all time and open them as necessary.

Bringing it together
By combining IP Multicast with unacknowledged UDP VPN technology, you can build a highly scalable, low cost, highly efficient video distribution solution for private broadcast of IP video.

For more information on this technology or to have a skilled design engineer provide you with a solution, contact HauteSpot Networks.