The love-hate relationship between video surveillance networks and IPv6 in the era of the Internet of Things

Among the three major layers of the Internet of Things, the perception layer, as the source of the Internet of Things to identify objects and collect information, has become the key to the Internet of Things. According to relevant data, the data information collected by cameras accounts for more than half of the storage capacity of the Internet of Things data in the world. Traditional video surveillance technology has been widely used in various industries such as smart cities and public security, and currently network video surveillance technology is being upgraded to "Internet of Things information services with video as the core", namely "video +", "video + multi-dimensional perception" and "video + multi-dimensional application". The video surveillance network has become the most widely used and most mature Internet of Things.

[[257813]]

The use of IP technology in the perception layer of the Internet of Things will require a large amount of IP address resources to achieve "one thing, one address, everything is online". Judging from the currently available IPv4 address resources, it is far from meeting the networking needs of perception smart terminals. Especially after the large-scale popularization of applications such as video surveillance, smart home appliances, and automotive communications, the demand for IP addresses will grow rapidly. At present, IPv4 addresses can be said to be basically exhausted.

1. "Love You You": Replace IPv4 and look at the more excellent IPv6

1. The network address of “Yangliang”

At present, the network addresses assigned to IoT devices are generally IPv4 addresses, which are composed of 4 groups of 8-bit binary numbers arranged and combined. There are a total of 2 to the power of 32 addresses available, totaling 4,294,967,296. Although IPv4 provides a "massive" number of addresses, with the rapid growth of the Internet of Things, there are currently tens of billions of IoT devices in the world, but only more than 4 billion network addresses. IPv6 can provide a "massive" number of network addresses, which is much larger than IPv4. There are a total of 2 to the power of 128 addresses available, that is, there are 340282366920938463463374607431768211456 IPv6 addresses available. If each IoT device is likened to a grain of sand, even if a network address is assigned to every grain of sand covering the surface of the earth, the number of network addresses provided by IPv6 is still sufficient. Although the demand for video surveillance network addresses is huge in the era of the Internet of Things, there is no need to worry about the number of IPv6 network addresses.

2. Smaller router tables

IPv6 address allocation follows the principle of "aggregation" from the beginning, which enables the router to use one record in the routing table to represent a subnet, greatly reducing the length of the routing table in the router and increasing the speed of the router forwarding data packets, which makes it faster to connect and obtain content through IPv6 than IPv4, which is very important for video surveillance networks with high real-time requirements in the era of the Internet of Things. IPv6 technology can not only improve the performance and quality of video surveillance network infrastructure, but also better improve the construction of the overall video surveillance network system.

3. IP layer security

Traditional network security mechanisms are only established at the application layer program level, such as E-mail encryption, SNMPv2 network management security, access security (HTTP and SSL), etc. There is no way to ensure the security of the Internet and the Internet of Things from the IP layer. IPv6 can achieve security at the IP layer. Users can encrypt data at the network layer and verify IP messages, ensuring the integrity and confidentiality of the packets. IPSec is an IP address security protocol that was created in the past to solve the security problems of IPv4. IPv6 incorporates IPSec into its architecture, allowing IPSec to be directly embedded in IPv6 packets. This feature can enhance the security of IoT video surveillance network-related equipment and data, upgrade the security of user information, and effectively prevent video surveillance data from being illegally stolen.

4. Added enhanced multicast support and stream control

IPv6 multicast technology (Multicast) can avoid the waste of network resources, reduce network congestion and broadcast storms, etc., can effectively use bandwidth, improve data transmission efficiency, and is especially suitable for the transmission of large amounts of data such as audio and video streams in video surveillance networks. At the same time, IPv6 adds a new field - Flow Control, which marks data streams that require special processing by IPv6 routers. This field is used for certain communications that have special requirements for the quality of service of the connection, such as real-time data transmission such as audio or video. These two functions have given the application of video surveillance networks in the era of the Internet of Things an opportunity for rapid development, providing a good network foundation and platform for QoS (Quality of Service) control, and are more suitable for the forwarding and control of video streams.

5. Excellent automated configuration management solution

When connected to an IPv6 network, an IPv6 host can use the neighbor discovery protocol to automatically configure itself. When connected to the network for the first time, the host will send a link-local router request to obtain configuration parameters, and the router will respond with a router announcement message containing Internet layer configuration parameters. This is an improvement and extension of the DHCPv4 protocol, and in scenarios where IPv6 stateless automatic configuration is not suitable, the network can use DHCPv6 stateful configuration or manually configure using static settings. IPv6 also has features such as convenient addressing and plug-and-play support, which can better support IoT services, especially its mobile features to support video surveillance networks.

6. Multi-host features support 5G applications

A typical IPv6 device can have multiple addresses, and a terminal can establish multiple hosts (Multi Homing) at the same time, providing source address-based traffic diversion applications for mobile edge computing. The slicing and isolation of mobile edge computing are implemented through multiple links. Due to the multi-host feature, it can be established first and then disconnected during switching, which reduces the impact of data packet loss, reduces switching time, and improves user experience. In the upcoming 5G era, IPv6 will have a wider application in video surveillance networks.

7. Provides an opportunity to add new root servers

In the IPv4 era, there were only 13 root domain name servers in the world, 1 main root server in the United States, 9 of the 12 auxiliary root servers in the United States, 2 in Europe, and 1 in Japan. China, as the country with the largest number of Internet users in the world, does not have an autonomous and controllable root server. In the IPv6 DNS system, the data frame structure can arrange 25 IPv6 root servers. After obtaining the root zone file, the pure IPv6 root server can also resolve IPv4, providing an opportunity for adding new root servers. Based on full compatibility with the existing IPv4 root server system architecture, the "Snowman Project" has completed the installation of 25 IPv6 root servers in 16 countries around the world, including the United States, Japan, India, Russia, Germany, and France, forming a new pattern of 13 original roots plus 25 IPv6 roots. China has deployed 4 of them (1 main and 3 auxiliary), breaking the dilemma of China's lack of root servers in the past.

IPv6 has many other functions. For example, when new technologies or applications require it, it allows the protocol to be expanded and use new options to implement additional functions. IPv6 uses a better header format, and its options are separated from the basic header. If necessary, the options can be inserted between the basic header and the upper layer data, simplifying and accelerating the routing process. In short, IPv6 has the characteristics to meet our various requirements for the future Internet of Things. Although it is not yet popular, I believe that IPv6 will definitely come to us in the future. The tide of history is irreversible.

2. “Hate is endless”: The road to IPv6 replacing IPv4 is long and arduous

In fact, as one of the earliest countries in the world to conduct research and formulate standards for IPv6 and next-generation Internet technology, China built the world's largest pure IPv6 network as early as 2008, and the total number of addresses allocated ranks second in the world. However, the actual application of IPv6 in China is very low. Data shows that the proportion of IPv6 users in the world's Internet users is 18%, of which the United States has reached 30%, Belgium has reached 56%, and my country is only 3%, far behind the world average. Why is IPv6 still half-hidden in China and has been called for many times? The author believes that the main reasons are as follows:

1. NAT technology brings joy and worries

(Network Address Translation) is a technology developed to solve the problem of IPv4 address shortage. It can also effectively avoid attacks from outside the network, hide and protect computers inside the network. Therefore, many operators and companies use NAT to assign private IPv4 addressing addresses to users instead of public IPv4 addresses. Most users have no reason to replace existing network equipment and upgrade to IPv6 immediately. In the era of the Internet of Things, video surveillance networks have certain particularities. Most of them are internal networks that are not open to the outside world, and there is not much demand for access to the Internet. Some video surveillance networks cannot access the Internet due to security and confidentiality requirements, especially for public security departments. Using private addresses can solve related problems, so the enthusiasm for using IPv6 is not very high.

In fact, when networks communicate, the existence of NAT will increase the exchange delay, affect the performance of the network, and reduce the network throughput; secondly, it destroys the original end-to-end transparency of the network and is only applicable to client/server mode applications. Users cannot do streaming media traversal after NAT, which will affect the effect of CDN; in the equipment that maintains the connection status and dynamic mapping information, single point failures may occur, and when integrating with other networks, address conflicts (overlapping) may also occur; many high-level application protocols are incompatible with NAT, and some authentication mechanisms and technologies are more complicated and even invalid after NAT; NAT shields the real address of the user, making it impossible to trace the user, which has an adverse impact on network security and hinders the provision of security services at the network layer. Therefore, in the era of the Internet of Things, NAT technology will not be able to adapt to the needs of the development of video surveillance networks with large data volumes and more complex data volumes. Only IPv6 can shoulder the burden of future networks.

2. Transition from IPv4 to IPv6 is not easy

In some cases, the more fully a technology is developed and the more widely it is used, it may not be a good thing, because it may become an obstacle to the deployment of the next new technology. IPv6 has encountered such an embarrassment: the huge user base and devices of IPv4 have forced IPv6 to consider how to achieve a smooth transition from IPv4 to IPv6. The three commonly used transition conversion technologies have their own advantages, but also their own defects:

(1) Dual stack technology: refers to running both IPv4 and IPv6 protocols on network nodes at the same time, thus forming two logically independent networks in the IP network: IPv4 and IPv6 networks. The nodes in the network support both IPv4 and IPv6 protocol stacks. The source node selects different protocol stacks according to the destination node, and the network equipment selects different protocol stacks for processing and forwarding according to the protocol type of the message. When IPv6 is deployed using dual stack technology, there is no mutual impact between IPv4 and IPv6 network deployment. It can be deployed on demand to achieve the coexistence of the two networks. However, it cannot solve the interoperability problem between IPv4 and IPv6 networks, and it does not save IPv4 addresses, and cannot solve the problem of IPv4 address exhaustion.

(2) Tunnel technology: Tunnel technology is based on IPv4 tunnel to transmit IPv6 data packets. It encapsulates IPv6 packets in IPv4 packets so that IPv6 protocol packets can communicate across IPv4 networks. Therefore, isolated IPv6 networks can communicate with each other through IPv6 tunnel technology using the existing IPv4 network without any modification or upgrade of the existing IPv4 network. IPv6 tunnels can be configured between border routers or between border routers and hosts, but the nodes at both ends of the tunnel must support both IPv4 and IPv6 protocol stacks. The disadvantages of this technology are also obvious. It requires the deployment of equipment at both ends of the tunnel. The load protocol data packets will be split at the entrance of the tunnel and reassembled at the exit of the tunnel. This increases the implementation complexity of the tunnel entrance and exit, and places high requirements on the terminal system, which is not conducive to large-scale application.

(3) Address Protocol Translation Technology: This technology is actually a translation technology that realizes the protocol conversion between IPv4 and IPv6 and can flexibly convert data between the two formats. Translation involves two aspects: on the one hand, the translation between the IPv4 and IPv6 network protocol layers, and on the other hand, the translation between IPv4 applications and IPv6 applications. From the early use of NAT-PT protocol to the current NAT64 protocol, only a small amount of modification of the existing IPv4 network (usually replacing the egress gateway) is required to achieve external support for IPv6 access, which is simple and convenient to deploy. Due to the incompatibility between the IPv4 and IPv6 protocol designs, the protocol conversion process is time-consuming and labor-intensive, with high processing overhead and low efficiency. This technology should be avoided as much as possible.

3. IPv6 security challenges cannot be ignored

IPv6 will face fragmentation attacks under the existing IPv4 network (generating a large number of fragments or sending incomplete fragmented messages to consume firewall resources or processing time). Attackers can use the extended headers of IPv6 messages (optional and multiple) to construct messages containing an abnormal number of extended headers. The firewall will consume a lot of resources to parse the messages, thus affecting the forwarding performance; IPv6 uses the neighbor discovery protocol to replace IPv4's ARP (Address Resolution Protocol), but problems such as address spoofing and flooding still exist. Sending incorrect router announcements and redirection messages can divert IP flows, achieve the purpose of DDoS, interception and modification of data; IPv6's stateless address automatic allocation mechanism may also make it easier for unauthorized users to access and use the network, and the transition and interoperability solutions will also bring new security issues. Attackers can use security vulnerabilities in the transition protocol to evade security monitoring or even carry out attacks, so the security of IPv6 cannot be taken for granted.

Each layer of the TCP/IP protocol has corresponding protocols and specifications. As the only "thin waist" between the layers, the replacement of the IP layer will affect many other layers. At the same time, the compatibility between IPv6 and IPv4 is not good, and it is difficult to achieve interconnection. From a technical point of view, the upgrade from IPv4 to IPv6 itself is not easy.

From an economic perspective, my country's backbone network not only includes the network construction of the three major telecom operators, but also the internal network construction of railways, banks, and the military. No matter which type of network transformation, it requires huge economic costs, and the corresponding hardware equipment in the network also needs to be upgraded, including network cards, routers, etc. Such a huge expenditure corresponds to the situation that IPv6 has no killer applications and it is difficult to explore profit models. In addition, there is a lack of clear market guidance and government application awareness. The migration of applications and websites to IPv6 is seriously lagging behind. Some misunderstandings and interference have affected the implementation of the national IPv6 development strategy. It is not easy for IPv6 to say I love you...

3. Love and hate, but also enjoy it, looking forward to a breakthrough

In the field of Internet and IoT applications, IPv4 still dominates IP networks. Before IPv6 networks become popular, IPv6 pioneers still have a long way to go, but the IPv6ization of networks is an inevitable trend. It is understood that mainstream network equipment providers have already provided relevant IPv6 solutions, and telecom operators are also planning to deploy IPv6 networks. Once the basic network IPv6 transition is completed, the video surveillance network will inevitably transition to IPv6.

Of course, at present, the time for IPv6 to play a big role in video surveillance networks in the era of the Internet of Things is not yet ripe. The integration of video surveillance network equipment and IPv6 is mainly reflected in the combination of terminal equipment and IPv6 networks. However, the integration of IPv6 and network video surveillance systems is not that simple. Although some manufacturers have launched network cameras that support dual protocols, their practical significance is not great. As a whole application, the video surveillance network, from the front end to the back end, from collection to storage, and user supervision, all devices and platform software must support the IPv6 protocol to ensure the normal operation of the entire system. However, the reality is that each device or subsystem comes from different manufacturers, and it is currently difficult to achieve protocol unification.

In the foreseeable future, network video surveillance network equipment, including network cameras, network video servers, and network video surveillance platform software, will be the first to enter the IPv6 application. The wave of the Internet of Things will also trigger the application of IPv6 in video surveillance services such as smart cities, smart communities, smart homes, smart transportation, and smart facilities.