White Paper on IP Signaling Alarms
submission by Steve Nut, IP Alarms Ltd – part 2 Can Be read HERE
Alarm Installers guide to IP Signaling – part 1
It is not the objective of this short article to instruct you how to become an Internet expert – only to give you an insight into what you are likely to experience if you decide to embrace the technology of signaling alarms over the internet. With this in mind, acronyms will be used as little as possible for worry of discouraging the less technical readers. This may be much more challenging than it sounds in the acronym-ridden world of the internet, so if you are one of those people that simply should know what certain terms or words mean, then you will have to do some extra research. That said, it’s only fair that everyone ought to know that IP is short for Internet Protocol.
An summary of Alarm Signaling over PSTN(POTS)
Many installers will already know the intricacies of how an alarm panel, digital communicator or digital dialer communicates with an alarm receiver at a monitoring Centre. However, there are likely numerous much more that do not know – so here goes.
Without focusing on a particular alarm protocol, here is what ought to happen when many popular DTMF protocols are used.
When an alarm event occurs, the panel will go off hook and “grab” the phone line. The panel will dial the DTMF digits of the pre programmed primary telephone number and wait until the alarm receiver answers the call. Upon answering the call, the receiver will play what is known as a handshake. This would typically be either a single high pitched tone or two very rapid, short, high pitched tones.
When the panel hears the handshake, it will start to send its first message as a series of DTMF tones. These tones are detected by the alarm receiver and checked at the end of each sequence. If the message is valid, the receiver will play what is known as a kiss-off tone. This is typically a single high pitched tone of up to one second in length.
On hearing the kiss-off tone, the panel either sends the next signal in the queue, or it hangs up – pleased in the knowledge that its message has been sent and accepted.
Enter global Voice over IP and 21CN in the UK
After decades of signaling alarms over PSTN, the major Telco’s recently started to tell us that VoIP will increasingly replace circuit switched communications as the preferred method of communication. Rollout of British Telecom’s 21CN has shown this to be the case in the UK and there are numerous similar projects underway throughout the world. The days of the plain Old Telephone System (POTS) seem to be numbered.
Back in the late nineties, VoIP started to acquire popularity in numerous countries and by the year 2000 accounted for over 3% of all voice traffic in the USA. due to the enhanced availability of broadband and FTTH (Fiber) services, VoIP has experienced phenomenal growth because then and it is forecasted that consumer VoIP will reach much more than 37 million subscribers in the us by 2011. numerous in the safety and security industry thought that the analogue terminal adapters (ATA’s) used by the VoIP world would offer a quick, low cost method of signaling alarms over the internet. After all, if two people could talk over the Internet using ATA’s in the same way as they talk over a conventional phone line, then certainly an alarm panel ought to be able to speak with an alarm receiver in much the same way as it has always done.
Unfortunately, even after a certain amount of success in some tests, this has shown not to be the case. somewhere between converting analogue into digital, traveling over the wire and converting digital back to analogue, things like noise and latency are introduced and along with other audio problems associated with VoIP networks, can cause alarm communications to fail. There is however an alternative method of using ATA’s to bypass these problems and we will come back to this in part 2.
The challenge for safety and security equipment Manufacturers
Due to the sheer volume of monitored alarms that are in service worldwide over PSTN as described, and coupled with the reluctance of end users to change their alarm control panels, producers and developers of IP equipment and software are faced with the unenviable task of offering us with devices and services that maintain compatibility with existing panels, yet communicate over an entirely different network – the internet.
Dialer capture and I/O Devices
There are numerous commercial devices available today that can either capture the DTMF tones sent out by alarm panels or offer inputs that discover changes from alarm panel outputs. Some devices also support FSK (SIA) and pulse protocols. The resulting signals can be reliably and securely transmitted to a monitoring Centre over the internet.
So, what does an alarm installer need to know in purchase to confidently install such a device?
Connecting the device to a Modem/Router
Some installers may think that a modem is the same as a router, and typically they do come together in the same casing as a combined Modem/Router. Although it is not vital to have an extensive knowledge of either device, it is essential to know that they are certainly different.
A modem is responsible for negotiating and maintaining a connection to the Internet through the service company network. This would typically be DSL or cable, and as far as the IP device is concerned, there is no difference between the two types of network.
To conquer the problem of the limited number of public IP addresses that are available, versus the enormous number of network devices being produced, each requiring it’s own IP address, a router uses a technology known as network address translation (NAT) so that it can have one public IP address and allocate numerous internal IP addresses to computers or other devices on the internal network.
NAT routers come with the additional benefit of offering computer users with protection from malicious activity from outside the network, however, for the purposes of alarm signaling this very same feature prevents our IP devices from having true end-to-end connectivity. The initiation of connections from outside the network, or the use of certain Internet protocols such as UDP, can be disrupted.
Getting back to basics, and in summary, a modem connects one network device or computer to the internet. A router connects a modem to several computers or network devices and allows them all to share one Internet connection.
If your customer has a separate modem and router, you will connect into a totally free port on the router. If they have a combined unit, then it will typically have four or much more ports that you can connect into.
What about Firewalls?
Some residential class modem/routers will also have a built-in firewall and some larger commercial systems will have a separate hardware firewall – possibly complete with a protective network administrator who will decide who does, and does not get to connect to “his” firewall. Basically, a firewall has the job of following a set of guidelines and closely inspecting packets that travel through the network. In a residential environment, these guidelines are typically not too restrictive, however, in a commercial environment where the network administrator has done his job correctly and your IP device uses the UDP protocol, reactions from the server may be blocked.
On routers with built-in firewalls, view out for SPI – Stateful packet Inspection. Disabling it will resolve the problem for your IP device, but will decrease the safety and security level for other computers and devices on the network.
Potential connection Issues
When you connect a panel up to a monitoring Centre through PSTN – do you make it company policy to insist the customer orders a block terminal from the Telco, or do you wait until you get on site, dig into the telephone system to figure it out and then wire into it yourself?
Your answer to the above question will probably identify your expectations and the demands placed on the customer concerning their network equipment. If you do not impose any compatibility requirements, then there will certainly be occasions where you arrive on site only to find that there is no available port for you to connect your IP device into. In some countries, Internet service providers ship a USB modem that allows a single computer to connect to the internet. This type of modem does not have anywhere for you to connect your IP device, leaving you with no alternative but to ask your customer to upgrade their network equipment.
If your customer does have a suitable device, and even if there is a spare port, the router or firewall may have been configured in such a way that it is not possible for your device to function correctly.
DHCP. An Installer’s best Friend.
As previously mentioned, every device on a network requires an IP address in purchase for it to function correctly. So just where do you get this IP address from?
Luckily for Alarm Installers, the large majority of networks will include a device serving as a DHCP server. This DHCP server will dynamically allocate an IP address to your IP device when you plug it into a spare port. many routers and server computers can be configured as DHCP servers.
Sometimes you may come across networks that do not use DHCP. In this case, you will have to ask the network administrator to manually allocate an IP address for your device. When you use a fixed or static IP address in this way, you will also have to enter a Gateway and Subnet Mask – again offered by the administrator. If there is no administrator, or if you are in a residential environment, then you will either have to find the person that setup the router or figure it out for yourself.
User Interface
Your IP device will many likely come with a web browser interface that allows you to enter configuration settings such as network settings, alarm protocols and the like. Others may come with a Windows interface and a null modem cable television connection between a computer and the device, or an interactive voice recognition menu that allows programming through a telephone handset.
If the device has a web browser interface, you will typically have an option to allow access to the built-in web server on the device from outside of the network. This is where your company has to make a very essential decision on the subject of routers and port forwarding.
Company policy on Routers and Port Forwarding
Let’s just say that the public IP address of the customer router is 60.61.62.63 and the customer has 3 computers, plus your IP device on the internal network. If someone were to type the public IP address into a browser on a computer at your office, then without any port forwarding in place, the request would hit the customer’s router and quickly be rejected. This is because the router has no way of knowing if your office computer wants to communicate with one of the 3 computers, or with the IP device.
So, how can someone at your office connect to the built-in web server on your IP device in purchase to program it remotely?
The way to allow external access to the IP device is to use port forwarding. Let’s say that the internal IP address of your IP device is 192.168.0.5 and it has defaulted to port 80. change the port number on the IP device to say 8080, log into the router and port forward port 8080 to 192.168.0.5
Basically, what you are telling the router to do here is to send any external traffic it receives on port 8080 over to your IP device. So back at the office, if someone were to type 60.61.62.63:8080 into the URL bar of a browser, they ought to now see the default web page of the IP device. now that wasn’t too challenging was it? – So, what was that essential decision that you had to make?
Well, what you have just done is to allow uninvited traffic from absolutely anybody outside of the network to pass straight through the customer’s router and onto the inside of the network. remember your best pal DHCP? Well this is where it might turn around and bite you, as the next time the customer power cycles the router, DHCP could re-allocate all internal devices with different IP addresses and the port forwarding that you put in place might now point directly into one of the customer’s computers and all of its files. guess who is going to get blamed if the customer gets hacked or hit with a virus?
If you are new to IP and networking, then think very thoroughly about your company policy on port forwarding and whether or not you ought to adjust any settings in the Customer’s router. You ought to also consider situations where DHCP is not available by default.
If you are network savvy, then correctly setting up an IP device with a fixed IP, adjusting port forwarding and firewall settings will be just as easy as programming your favorite alarm control panel.
More on Routers and Port Forwarding
Unfortunately for installers new to IP, the requirement for port forwarding may not always end being as easy as allowing remote access to the web interface of your chosen IP device. The large majority of producers use UDP as their transport protocol of choice for both polling and alarm signals. As discussed earlier, NAT routers can make life quite challenging for UDP and, although there are no issues with sending out packets, without the help of port forwarding it is not always possible to get reactions back through to the IP device.
You might be thinking “well that’s ok – as long as the signal reaches the monitoring Centre”. The problem with that is the panel is expecting a kiss-off from the receiver. If it doesn’t receive a kiss-off, it will keep retrying the first signal in its buffer until it finally gives up. as well as receiving duplicates of the first signal, the monitoring Centre will never receive the second or any subsequent signals that may be stored in the panel’s buffer and this is clearly unacceptable.
Most producers of devices that use UDP suggest using port forwarding to conquer thi