The IP surveillance has evolved into a mainstream scheme in surveillance industry, and successfully applied in Peace Project, highways, security network, parks and other large items. The standards and openness of IP also makes the integration of various network islands and the scale expansion of the network easier. In consideration of the constriction of Ipv4 address resource and the overlapping of the address of each Local Area Network (LAN) segment, as well as the needs of a variety of network security, Network Address Translation (NAT), the firewall, the security isolation gateway and other equipment are used in large networks in a large number. This makes the signaling and the data process of the IP surveillance system very complex, and even lead to some service data is unable to carry out in certain networks. The following briefly describes that when the video surveillance network is in existence under the NAT, the firewall, and the security isolation gateway, why the video surveillance traffic becomes so complex and difficult.
In the presence of a NAT device, because the source IP address or the destination IP address will change after the IP packets pass through the NAT device, and in view of the signaling generally also including the source IP address and the destination IP address, the internal and the external addresses are not uniform. This will causes distress to the process of the video surveillance service. In addition, if the devices in the network outside NAT have to initiate the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) connection toward inner network firstly, it is necessary to assign the internal server address/port mapping at the NAT devices for the devices in the inner network. Obviously it will waste a lot of public addresses, which is not allowed in many cases. When a control server is capable of determining the devices' location, i.e., inside or outside the NAT, the control server can inform the network device outside the network to initiate actively the connection with the device inside the network. But it requires that each connection performs two or more processes. For a service process comprising various conversations, this combination will be very complicated. Moreover, some of the standard service does not allow the interactive parties to reverse their Client/Server (C/S) roles.
In the presence of the firewall, it requires the firewall to open a significant number of UDP/TCP ports to a terminal outside the firewall, such as the video surveillance client, so as to access the server inside the firewall, such as the video management (VM) server. This gives the security implications to the intranet.
In the presence of the security isolation gateway, a large number of IP proxy gateway (i.e. an traffic from the outside will be send to a proxy IP of the gateway, and the gateway will modify the destination IP and then forward to the intranet) usually requests the gateway to assist in correspondingly modifying the internal information of the signaling. That is because there may be the IP address information included therein. Therefore, every time the surveillance system manufacturers develop a new feature, the gateway company may be asked to make the appropriate characteristics with development.