AV-over-IP Network Design

A Crestron DM NVX AV-over-IP (AVoIP) distribution system routes and manages digital AV and USB signals over standard gigabit Ethernet infrastructure. The DM NVX AVoIP platform also includes DM NAX Audio-over-IP technology for distribution of digital audio signals based on AES67 standards. DM NVX AVoIP traffic is multicast by design, so careful and thorough network design is critical to a successful deployment. For a proper installation of a DM NVX AVoIP distribution system, refer to the best practices that follow.

NOTE: Additional content pertaining to systems utilizing DM NAX Audio-over-IP technology is available in the DM NAX Audio-over-IP Network Design topic in the DM NAX Audio-over-IP Platform Product Manual.

Minimum Network Requirements

Several network switch hardware and firmware features are required in order for an install to successfully support DM NVX AVoIP.

Required network switch features and settings:
- 1 Gbps port for each connected DM NVX endpoint
- Nonblocking backplane
- Layer 3 switching
- IGMPv2 Snooping
- IGMPv2 Querier
- Fast-leave (also known as immediate leave)
Interswitch uplink requirements (if needed):
- Must have sufficient bandwidth for all encoder and decoder traffic to be passed along the uplink (allocate 1 Gbps of traffic per device)

Network Design Overview

DM NVX networks must be designed to isolate traffic on network segments specifically configured to handle DM NVX AV-over-IP (AVoIP) and DM NAX Audio-over-IP (AoIP) traffic. This can be accomplished by using separate infrastructure, Virtual Local Area Networks (VLANs), or Multi-Protocol Label Switching (MPLS). DM NVX network segments carry DM NVX multicast streams, DM NVX control, and ancillary traffic.

The location of other Crestron network devices relative to network infrastructure must be determined. A decision must be made as to whether the devices are to coexist on the same network segment as the DM NVX segment or on another segment that has traversal capabilities to the DM NVX segment, but is not multicast enabled. Networked AV devices other than DM NVX devices can be placed on the DM NVX network segment if their bandwidth requirements are relative to the DM NVX endpoint bandwidth requirements.

A DM NVX device can have several addresses:

An IP address is required for control of the device and access to the web configuration interface and console. For the DM‑NVX‑352, DM‑NVX‑352C, DM‑NVX‑363, and DM‑NVX‑363C, an IP address for the Dante® module is also required.
Multicast addresses are required for multicast streams:
- One multicast address is required for the primary multicast stream of audio and video.
- Another multicast address is required for the DM NAX (AES67) audio multicast stream.
- (DM‑NVX‑352, DM‑NVX‑352C, DM‑NVX‑363, and DM‑NVX‑363C only) A Dante multicast address is also required if a Dante multicast stream is used.
During endpoint configuration, the primary multicast address must be set manually to an address ending with an even number in the last octet. The DM NAX (AES67) audio multicast stream address can be automatically assigned to take the next odd-numbered multicast stream address (for example, a primary address of 239.8.0.10 will automatically assign a DM NAX address of 239.8.0.11). Alternatively, the DM NAX (AES67) audio multicast stream can be manually set.

A Dante multicast address is automatically assigned. The address must be unique and must not match a DM NVX multicast address. If the Dante multicast address does match a DM NVX multicast address, the DM NVX multicast address must be changed. Refer to the Audinate website for further information regarding Dante networking.

The DM NVX network segment must receive network services, including DNS, DHCP, Active Directory, and RADIUS services. Coordinate with IT staff to provide access to these services and to create the proper traversal rules to the DM NVX network segment.

Network Segmentation Along Logical Boundaries

Consideration must be given to blocking at both the switch level and the network design level. DM NVX network switches must have enough switch fabric bandwidth to support full nonblocking bidirectional gigabit bandwidth on all ports simultaneously. This is a common feature in enterprise-grade gigabit network switches, but it should not be assumed that a switch is nonblocking or is configured as nonblocking.

Due to system size or physical layout, most DM NVX installations require multiple network switches. The network switches must connect to each other via a high-bandwidth uplink port. For network design purposes, assume that each DM NVX link consumes the full gigabit of link bandwidth.

Consider the example of a standard 48-port Gigabit Ethernet switch with one 40-gigabit uplink (or four 10-gigabit uplinks). Since each DM NVX endpoint consumes 1 Gbps of bandwidth, this switch can support up to 40 DM NVX devices in a nonblocking way. If more devices are connected, the uplink becomes a bottleneck, introducing the potential for difficult-to-diagnose blocking problems.

Network Topologies

Connect devices such as control processors, touch screens, servers, personal computing devices, and DM NVX endpoints directly to network switches. In a large network with multiple layers of switch hierarchy, situate these devices at the network’s edge. The network edge switches are often connected via uplinks to other switches and routers. This aggregates traffic from the network edge and forms the network’s core. The relationships between network switches and their interconnection to each other define the network’s topology.

The following general rules apply for sizing network switches in terms of switch fabric nonblocking bandwidth:

The network core must support a nonblocking bandwidth and port speed. Nonblocking core bandwidth is calculated as 1 Gbps multiplied by the total number of either encoder endpoints or decoder endpoints (whichever is lesser), plus the number of USB extenders.
Network edge switches must support a nonblocking bandwidth and uplink speed. Nonblocking edge bandwidth is calculated as 1 Gbps multiplied by the total number of either encoder endpoints or decoder endpoints (whichever is greater), plus the number of USB extenders.

Star

The default recommended network topology is a star. Using a fully nonblocking switch, the star topology allows any combination of one or more endpoints to connect to any other combination of endpoints. It also easily allows the network to grow beyond a single switch if the uplink in the switch supports the maximum specified bandwidth.

For small DM NVX systems that employ only one network switch, use a nonblocking switch to prevent a bottleneck. Star topologies can accommodate very large DM NVX installations by using large modular switch frames.

Star Network Using a Nonblocking Switch

Tree

A tree network is a combination of more than one star network existing on a core-switching infrastructure. The tree network allows failure in one part of the attached star networks without widely affecting the other star networks. Configure the core network, which is the larger network switch, for redundancy and scalability.

Tree Topology Using Nonblocking Switches on a Core Network

Daisy Chain

Daisy chaining is appropriate for specific deployment applications such as video walls or jury boxes in which all displays receive the same video source as the first DM NVX endpoint in the chain.

For video wall applications and any other application in which displays are near each other and share the same source, up to 16 endpoints can be daisy chained together. Larger video walls can be divided into individual daisy chains that each contain up to 16 endpoints.

For applications such as information signage in which more than one display is viewable concurrently without being dependent on the viewing of another display in the daisy chain, up to 64 endpoints can be daisy chained together.

Daisy Chain Network Configuration for 3 x 3 Video Wall

Daisy Chain Network Configuration for 12-Person Jury Box

Due to limited bandwidth for audio and video, a USB host or device on a daisy chained endpoint is not recommended. For maximum flexibility and the ability to reconfigure video walls with multiple sources, connect DM NVX endpoints directly to switches rather than daisy chain the endpoints.

Other Topologies and Network Functionality

Other valid deployment topologies for DM NVX networks are ring and mesh. These deployments require project-specific discovery and configuration of the network switch. For projects using advanced topologies for deployments, a networking professional must be involved early in the network design process.

Multicast Network Traffic

DM NVX networks rely on multicast functionality to send and receive video, even in the simplest case of a single encoder endpoint and a single decoder endpoint. Internet Group Management Protocol (IGMP) multicast in the Ethernet context replaces a fixed switching architecture in AV distribution.

Segregation of DM NVX traffic by using a VLAN or MPLS is usually the first step in enabling multicast. A VLAN or MPLS ensures that DM NVX traffic stays on the DM NVX network and does not route to other network segments and interfere with their operation. A VLAN or MPLS also ensures that traffic from other network segments does not interfere with DM NVX operation. Within that segment, all ports can be flooded by IGMP traffic regardless of whether that traffic was intended to be sent or received by a network device at any time. This will result in interference with network operation and can be a means of implementing a denial-of-service attack on a network if done maliciously.

To ensure that only traffic between intended multicast senders and multicast receivers appears at a given port, IGMP snooping must be enabled. IGMP snooping refers to the ability of the network switch to limit multicast traffic only to ports between intended senders and receivers. DM NVX devices support both versions of IGMP snooping: IGMPv2 and IGMPv3.

In order for the network switch to know where route limiting is implemented in the network for multicast traffic, an IGMP querier must be enabled. In most instances, a single network switch is selected by address to act as the IGMP querier; however, if multiple switches are configured as queriers, the switch with the lowest numerical IP address on the network is typically the default. The default leave time for the querier (typically 125 seconds) is sufficient for a DM NVX network.

Protocol Independent Multicast (PIM)

Protocol Independent Multicast (PIM) is a family of multicast routing protocols for IP networks. PIM offers one‑to‑many and many‑to‑many distribution of data. PIM modes include PIM Sparse Mode (PIM‑SM), PIM Dense Mode (PIM‑DM), and PM Source-Specific Multicast Mode (PIM‑SSM). PIM‑SM must be used for large DM NVX networks. PIM‑SM finds the shortest trees per path from a multicast source to multicast receivers on a network and is more scalable than PIM‑DM or PIM‑SSM. PIM‑SM also prevents edge-to-switch link saturation and network loops in multicast traffic routing.

Enabling network Quality of Service (QoS) helps prioritize DM NVX traffic over other traffic at both the source and the destination. The highest priority on IGMP multicast traffic must be enabled. An example of enabling network QoS is as follows:

Enable 802.1Q VLAN tagging support in the network switch.
Enable and assign an 802.1P priority (for example, 5, 6, or 7) to DM NVX addresses and ports or IGMP protocol traffic.
For other traffic, such as HTTP for web services or SSH for console access, assign lower priority numbers (for example, 0 to 4) based on their addresses, ports, or protocols.
For successful QoS operation, ensure that all traffic types are included in the QoS setup.

NOTE: In addition to 802.1Q and 802.1P mentioned on the preceding page, other QoS protocols exist and are dependent on the switch vendor. The protocols are configured similar to the 802.1Q and 802.1P examples on the preceding page.

PIM Multicast Routing Protocol for an IP Network

Network Security

Security requires the support of particular capabilities within all devices on the network. DM NVX networks employ the following security features:

802.1X authentication is used to ensure that devices on the network have been authorized by the network administration team. Unauthorized devices are prevented from being added to the network and from having access to sensitive content.
Active Directory services for endpoint administration can be used to ensure that administrative privileges for DM NVX devices can be centrally managed, granted, and revoked when necessary.
DM NVX endpoints use Advanced Encryption Standard (AES) block cipher with Public Key Infrastructure (PKI) for stream encryption to protect content from unauthorized access as it crosses the network.
SSL-based Secure Cresnet over IP (SCIP) for DM NVX control ensures that control processors and DM NVX devices communicate with the intended party device and that any unauthorized device on the network cannot monitor commands and status.
SSH-based command line console access for device configuration and status protects the device console from access by unauthorized users.

SSL-based Cresnet over IP and SSH-based command line console access are automatically configured within DM NVX devices and support software. The designer should focus on 802.1X and Active Directory services within the design.

For additional information about deploying security with Crestron products, refer to the IP Considerations Guidelines for the IT Professional Design Guide and Online Help Answer ID 5571.

Network Design Considerations

Consider and apply the following network design best practices:

Use nonblocking Layer 3 switches with port-based QoS such as 802.1P with 802.1Q at all stages of the design. Use sufficient switch bandwidth and port speeds. Less expensive switches cause loss of capability in the network.
Choose switches with sufficient bandwidth at each segment (from edge to core) to accommodate a nonblocking architecture for DM NVX endpoints and any additional needs.
Choose an appropriate network topology. Consider the network, including basic functionality and redundancy, and whether video walls or repetitive display signage is necessary. When planning a topology for the network, ensure that network IT staff and network architects are involved in the decisions.
Enable an IGMP Querier on at least one switch in the DM NVX network. The IGMP Querier ensures that all switches know which multicast transmitters and receivers are connected to which switches in the network. Enabling an IGMP Querier on multiple switches causes the switch with the lowest value of IP source address to take priority and act as the Querier.
Consult the network switch manufacturer’s documentation to ensure that the uplinks are properly configured to support multicast traffic.
Use switches that support 802.1X for endpoint authentication by implementing 802.1X endpoint authentication through TLS or MS-CHAP v2. Only authorized endpoints can communicate with the network.
Ensure that VLANs or MPLS are implemented correctly. Leveraging existing switch infrastructure with VLANs or MPLS can cause conflicts with network provisioning needs. If a dedicated DM NVX network is not going to be used, VLANs must be implemented correctly with their own IP subnet, and MPLS networks must be configured correctly.
Account for even-numbered DM NVX primary stream multicast address assignments since both primary and secondary multicast streams are possible. The assignment of multicast IP addresses for primary streams should be even numbered to allow the secondary stream to be assigned to the odd-numbered IP address, which is one higher than the primary stream’s IP address. For multicast IP address assignment, refer to the guidelines in IETF RFC 3171.
Use the Active Directory service for administration security:
- Create an Active Directory group responsible for device administration.
- Add device administrators to the group.
- Add the group to the DM NVX device on the Device page of the web interface.
Use of the Active Directory service with DM NVX endpoint logins allows for easy, seamless, and better controlled access from a central directory authority with fewer risks.
Use a DHCP server with link-layer filtering, and configure the IP addresses of endpoints using DHCP rather than static IP addresses. Using a DHCP server with short lease times, MAC address filtering, and sufficient address space for future needs makes network management easier.
Enable IGMPv2 (DM NVX default) or IGMPv3 multicast snooping on all switches in the DM NVX network. This is a requirement for all designs in order to enable multicast delivery to multiple endpoints. Without IGMP Snooping enabled, switches that receive a multicast stream will transmit that stream to all ports simultaneously and saturate all network links.
Use the Rapid Spanning Tree Protocol (RSTP) on the network to ensure that network loops are discoverable and to prevent deployment issues. Network management should account for RSTP discovery downtime when the network changes.
Use and plan for DM NVX Director management of endpoints.
Use daisy chaining to connect video wall endpoints or repeated displays. For video walls or endpoints that receive the same source from a single transmitter to feed multiple identical displays or in a video wall using a single source, it is simpler and less expensive to daisy chain the network.
Disable IGMP Proxy functionality on Crestron control processors with routers to ensure that DM NVX multicast traffic does not interfere with the control processor. The CP3N, PRO3, and AV3 control processors, as well as DMPS3 presentation systems, should have IGMP Proxy functionality disabled when connected to the DM NVX network.
Account for high-bandwidth external USB devices that are to be connected to DM NVX devices. Ensure that the bandwidth is accounted for as a separate 1 Gbps link since USB 2.0 bandwidth can consume 480 Mbps of the 1 Gbps link.
Ensure that multicast IP addresses do not share the multicast MAC addresses. Sharing MAC addresses can cause network collisions and prevent normal operation of the DM NVX network.
For Dante or AES67 audio networking with DM‑NVX‑352, DM‑NVX‑352C, DM‑NVX‑363, and DM‑NVX‑363C devices, additional network considerations may need to be addressed. For Ethernet switch guidelines, refer to the information provided on the Audinate website.

System Installation

The installation phase should ensure that the interaction among designer, installer, programmer, and end user is considered in all installation decisions.

Endpoint Installation

Each DM NVX endpoint has unique installation requirements that depend on the following:

Copper or fiber network connectivity of the endpoint
Surface-mountable or card-based form factor
Configuration of a combined encoder/decoder endpoint as a transmitter or a receiver or whether the endpoint is to switch dynamically between modes
Additional local HDMI inputs that require configuration
Use of source autoswitching or external switching control
Additional audio sources that require encoding
USB device or host functionality
Whether the endpoint is part of a video wall or goes to multiple identical displays
Requirement for Serial or IR control, or both

A Crestron touch panel can be linked through a spare LAN port on an endpoint. An audio input/output port can be repurposed to be a balanced line input for external analog audio input or for line output to a speaker system at the endpoint. The endpoint features and attached devices can be configured through programming or through the web interface.

Depending on the location of the control processor, serial and IR control of endpoint devices may be routed directly from that control processor. Access to HDMI and USB inputs and outputs can be provided through Crestron HDMI breakout devices for tabletops and walls.

Surface-mountable endpoints can be mounted in any orientation as required. Typical locations for surface-mountable endpoints include inside closets and drop ceilings, underneath tables, and in podiums. The specific location is determined by the following factors:

Length of HDMI and USB cable runs
Location of display and audio devices, network connectivity, power for the device, and physical security requirements

Serial and IR connectivity can be run at longer lengths and are typically not drivers of the endpoint mounting location.

For card-based endpoints, the DMF‑CI‑8 card chassis is placed in a closet or locked rack near the source and display devices. (To ensure that the environmental conditions in the rack meet the specifications outlined, refer to the DMF‑CI‑8 product page on the Crestron website).

Serial and IR interfaces are not provided by card-based endpoints. The functionality must be provided by other means, such as through a local Crestron control processor on the DM NVX network.

For a maintenance-free installation, follow these guidelines:

While considering cable distances, plan the optimum location for the surface-mountable or card-based endpoint, especially when distance-limited HDMI cables are involved.
Avoid direct access to the endpoint by the end users. End users can induce failures or create a security risk due to unauthorized network access. Ensure that HDMI cables and wall plates are routed away from the endpoint appropriately.
Use Category 2 certified HDMI cables to meet the minimum HDMI specifications at 4K or 1080p and to prevent problems such as degradation or loss of video or audio.
Use properly terminated network cables. Network cabling must be either of the following:
- Fiber that is terminated with a clean LC connector
- Shielded or unshielded Cat 5e or higher copper cable that is terminated with an RJ-45 connector
Observe the minimum bend radiuses and pull forces of cables to maintain cable integrity and prevent failures.
Use plenum-rated cables in plenum spaces. Cables such as Crestron DigitalMedia™ plenum-rated cables are suitable. Fire-rated conduit for any fiber or copper cabling used in plenum spaces is also suitable.
Practice good cable dressing, especially for card-based endpoints in racks.
Manage EDID and HDCP proactively. For additional information, refer to the Crestron DigitalMedia System Design Guide.
HDR and deep color sources may not display correctly on endpoints with non-HDR or non-deep color displays. Ensure that the capabilities of the sources are matched to the capabilities of the displays.
Use descriptive names for endpoints either through the DM NVX web interface or by replacing the default name in the Crestron Toolbox™ software. Do not rely on the default name or the Crestron IP ID.
Physically secure the endpoint to a fixed point or rack to prevent movement over time. Secure all mounting points and mounting hardware for surfacemountable endpoints, card chassis, and card-based endpoints.
Leverage use of the DM NVX Director server for endpoint configuration. The presence of a DM NVX Director server makes it easy to configure and control multiple DM NVX endpoints on the network.
Thoroughly document the installation of endpoints, including drawings, lists, and descriptions, in order to provide detailed information for those who are to maintain or upgrade the DM NVX network.

Network Installation

The installation of a DM NVX network varies greatly depending on a number of factors, including the following:

Whether existing network infrastructure such as switches and cabling are to be reused
Location of closets, racks, Intermediate Distribution Frames (IDFs), and Main Distribution Frame/Combined Distribution Frame (MDF/CDF) relative to the endpoints

For optimal installation and maintenance of the DM NVX network, follow these best practices:

Use or repurpose existing infrastructure in DM NVX network installation cases.
Use physical security for the network. Secure all network locations (MDF/CDF and IDF down to individual closets) from unauthorized access.
Disable any unused ports on the network switches.
Use a structured cabling approach such as those described in the TIA/EIA‑568 standard. Include keystones in jacks and patch panels, shielded or unshielded solid copper conductor cable not exceeding 295 ft (90 m), and patch cables not exceeding 33 ft (10 m) to connect between patch panels. Use cable testers to verify the integrity of the installation and capacity for future expansion and backup.
Use Crestron-verified switch configuration files when possible. Refer to Online Help Article 1000314 for information on verified configurations.
Configure the routing of external servers. If nondedicated DHCP, RADIUS, Active Directory, or other servers are used, ensure that the servers access the DM NVX network.
Thoroughly document all DM NVX network hardware and configurations.

Crestron Service Provider Handoff

Consult the Crestron Service Providers (CSPs) once the DM NVX network and endpoints are installed and interconnected. Typical activities of a CSP in a DM NVX installation may include the following:

Writing appropriate control programs for controllers on the network
Programming appropriate serial and IR control for endpoint devices
Configuring external analog and digital audio source input and output
Configuring video walls
Designing button and UI features for control surfaces such as touch screens and switches
Managing EDID for endpoint devices

As CSPs implement and deploy the program, installers and designers should test and review the functionality. The programmer must document the program functionality to avoid future issues.

Have feedback on this document? Contact docfeedback@crestron.com.

All brand names, product names and trademarks are the property of their respective owners. Certain trademarks, registered trademarks, and trade names may be used to refer to either the entities claiming the marks and names or their products. Crestron disclaims any proprietary interest in the marks and names of others. Crestron is not responsible for errors in typography or photography. Specifications are subject to change without notice.