In the security field, ultra-high definition video surveillance has a very promising application prospect. However, the application prospects will become clear only after solving several problems that hinder the application's transmission, computing power, algorithms, storage, and security. On the other hand, the traditional network is undergoing tremendous changes, the computing and storage capabilities are unprecedentedly improved, the algorithm is further hardware-intelligent, and security issues have never become the national will as it is today. All these are technological breakthroughs for ultra-high-definition video surveillance. Come to the bright future and the motivation to forge ahead.
1. Transmission problem
The first problem facing ultra high definition video surveillance is the transmission problem. Due to the large resolution of 4K video, for the frame rate of 25fps, the code rate is about 4 times higher than that of HD video (1080P) under the same coding specification, and the transmission requirement is also increased several times. Even with the more advanced encoding methods such as H.265, the transmission volume of ultra-high definition video in terms of color depth, frame rate, resolution, etc., can not be underestimated. In the era of 8K ultra-high definition video, the transmission volume will increase exponentially. Therefore, increasing the bandwidth, that is, increasing the throughput capability of the end side and increasing the transmission capacity of the intermediate link are the primary problems faced by the ultra high definition video surveillance.
(1) increase the throughput capacity of the end side
At the receiving end and the transmitting end of the ultra-high definition video, it is extremely important to increase the uplink and downlink capabilities of the network cards at both ends. The uplink and downlink capabilities are constrained by the following factors: network card performance, buffer size and scheduling mechanism, network protocol stack efficiency, throughput of the ultra-high-definition video surveillance application process itself, and video receiving and sending policies.
1 NIC performance optimization
In order to ensure the quality of surveillance video transmission, we calculate the effective uplink and downlink transmission rate of 60% of single gigabit cards. In the case of a single Gigabit card, the 4K Ultra HD video encoded by H.264 MainProfile will be close to 30 Mbps even if its code rate is only 4 times that of 1080P, so a single Gigabit NIC can only carry about 4 channels of 4K Ultra HD video. . This may not be a problem for browsing the client, but it is not enough for a streaming server. Therefore, upgrading from a Gigabit card to a 10 Gigabit card, or multiple Gigabit card bindings to expand the uplink and downlink capabilities is particularly important.
On the other hand, for many transmission functions completed by software, such as network packet soft check, encryption and decryption, DPI and other functions can be completely "unloaded" into the hardware, which is our familiar hardware offload acceleration technology. It is wise to implement these functions in hardware language by means of SOC, and it is wise to implement ASIC circuits in the SOC.
2 buffer optimization
Streaming media servers account for the bulk of traffic in network surveillance applications for video surveillance. Therefore, it is more and more necessary for streaming media services to improve mechanisms and improve performance. As an intermediate medium for the interaction between the network card and the operating system and application software, the buffer should be improved accordingly.
a.HugePage mechanism: The allocation granularity of memory pages in the operating system is 4KB. This is obviously not enough for ultra-high-definition video, so selectively enable large memory page mechanism or even huge page mechanism to make the allocation granularity reach several MB or even 1GB, to reduce the system overhead caused by memory page switching, which is very important for both the sender and the receiver.
b. DMA mechanism: DMA is the direct memory access mechanism. Through DMA, the traditional "network card cache -> main memory -> CPU cache" transmission path can be abandoned, and the DMA controller can be used to establish a fast exchange of data between the network card cache and the CPU level three cache. Since the slower steps of main memory reading and writing are bypassed and the IO of the PCI-E bus is omitted twice, the read/write speed is greatly accelerated.
3 network protocol stack optimization
The traditional network protocol stack exists in the operating system in a kernel-driven manner. The key working mechanisms are interrupt response, delay process processing, and general packet processing.
Interrupt response: The traditional network protocol stack driver is based on the network card's interrupt mechanism. The arrival and transmission of the network packet are notified to the upper layer network protocol stack by the interrupt mechanism, so that the protocol stack driver continues to process the receiving and transmitting.
Delay processing: After the protocol stack driver responds to the interrupt, it does not include the packet collection or transmission processing in the interrupt processing routine. The interrupt has a higher priority. If the interrupt takes too long, it will affect other priorities. The execution of the thread, so the interrupt processing routine puts the transactional work such as specific collection/transmission in the DPC (Delayed Process Call) queue, and processes it when the interrupt priority is lowered, thus reducing the time taken by the interrupt interruption.
General Packet Mechanism: The network protocol stack is aimed at the general-purpose network packet processing. Therefore, each layer of the OSI model will be processed and verified accordingly, which is more suitable for different types of traffic. The traffic on the high-definition video streaming server is large, and the transmission is generally signaling packets and video packets, and the protocol format and encapsulation mode are fixed.
The above mechanism reduces the processing efficiency of the protocol stack to a certain extent. For ultra-high definition video streaming servers, the improved protocol stack can be used to bypass the traditional protocol stack, such as custom protocol stack drivers specifically for streaming media transmission, or protocol stack drivers for grafting high-speed transmission devices. The DPDK (Data Plane Development Kit) framework is a good choice. DPDK is a network packet processing framework based on IntelX86/X64 platform. It is also a set of packet bypass processing scheme with high IO processing speed. It is mostly used in the forwarding drive framework of SDN high-speed switches and routers. Features and mechanisms:
a. UIO mechanism: The UIO (Userspace I/O) mechanism runs a small portion of the driver in the kernel state space (hard interrupts can only be processed in the kernel state space), and most of them run in the user state space to implement the bypass mechanism.
b. SIMD mechanism: The DPDK framework processes multiple network data packets simultaneously in a batch manner. Based on vector programming, all network data packets are processed in one cycle, which increases the processing throughput.
c. Cache optimization mechanism: Cacheline alignment, Cache data prefetching and other strategies to speed up the reading and processing of data in the cache.
d. PDM mechanism: The PDM (PoolModeDriver) mechanism discards the interrupt mode and instead receives the packet based on the interrupt + polling mode, avoiding the interrupt overhead.
e. Lock-free circular queue mechanism: support single producer entry, single-consumer dequeue and multi-producer enrollment, multi-consumer dequeue operation, thus improving transmission efficiency and ensuring data synchronization.
f. Processor affinity mechanism: Use the processor affinity (CPUAffinity) mechanism to bind the IO thread to several CPU cores, thereby reducing thread scheduling and switching to reduce switching overhead, while the thread is bound On a fixed CPU core, the CPU cache hit rate is greatly improved.
g. Multi-queue mechanism: Each queue is bound to a different CPU core through the support of multi-queue network card driver to meet the high throughput requirements of the network card.
h.DDIO mechanism: DDIO (DataDirectIO) is a technology proposed by Intel, which allows the network card and CPU to directly exchange network data through LLC (lastlevelcache), thereby bypassing the main memory, which shortens the interaction process and speeds up the interaction. This technique is similar to the DMA mechanism but is more efficient than DMA.
i. Hardware Acceleration Mechanism: “Unload†basic repetitive soft transactions (such as computational analysis tasks, TCP group task tasks, and TCP segmentation tasks) to hardware to speed up processing.
In addition to network transmission, SPDK (StoragePerformanceDevelopmentKit) framework can also be used in the video storage field to replace the traditional storage protocol stack driver framework. SPDK is an effective means to double the efficiency, and the framework is a very popular software-defined storage. Accelerator.
4 application process software tuning
In addition to the above several mechanisms, the transmission node can be improved for the characteristics of the ultra high definition video. For example, based on the fixed feature of the video packet encapsulation protocol, the session negotiation message can be transferred through the traditional protocol stack, and the streaming media package is transmitted through the DPDK driver, and the DPDK is tailored accordingly, and only needs to adapt to TCP, UDP, and SCTP. Different packaging requirements for the four-layer protocol are sufficient.
At the same time, other software tuning ideas can be used, such as:
The software architecture adopts the decentralized design idea to avoid global sharing as much as possible to reduce the global competition and the ability to lose horizontal expansion;
Do not use memory across Nodes under NUMA architecture to avoid remote access to memory;
Do not use the slow API;
The video application process does not take on too many tasks in the IO thread, and should avoid any form of blocking without special requirements.
(2) Increase the transmission capacity of the intermediate link
With the development and maturity of 5G, a new generation network featuring SDN/NFV and IPV6 has quietly landed, which provides an opportunity for the transmission capacity of access networks, metropolitan area networks and core networks to increase, and more ultra-high-definition video. Transmission provides a means of expansion.
First, the popularity of IPV6 can effectively reduce the deployment of traditional IP expansion devices such as NAT, greatly reducing the transmission bottlenecks and limitations in the Internet environment.
Furthermore, SDN (Software-Defined Network) isolates the data plane and control plane of the transmission. On the one hand, it decouples the binding of software and dedicated hardware. More importantly, the switching device itself no longer assumes the logic judgment function of finding a route and finding a route. Greatly released the IO capabilities of the switching device. The SDN application layer can customize the QoS service of the ultra-high-definition video, and replaces the QoS service originally implemented by MPLS by using the switch flow entry, omitting the overhead of packet encapsulation and decapsulation, and improving the transmission efficiency.
Finally, NFV (Network Function Virtualization) supports the implementation of virtualization-based network service functions on a common platform, further unlocking the computing power of the general-purpose computing platform.
2. Calculation problem
For ultra-high definition video surveillance, the power problem is the efficiency of codec. Due to the huge resolution, even with the compression standard of H.265, its storage and network overhead cannot be ignored. However, increasing the compression standard will inevitably bring about the computational overhead of "coding" and "solution" between the encoding end and the decoding end. Here we focus on the decoding capabilities.
For the common decoding end (including decoder, PC, mobile and set-top box, etc.), decoding 4K or even 8K Ultra HD video in the current configuration is very difficult, which is mainly caused by the following reasons:
(1) The ultra-high definition video source itself has a very high compression standard, code rate, resolution, and frame rate, which brings great pressure on decoding and time synchronization.
(2) Most of the performance of the decoder is not particularly high, and it is very expensive to configure a dedicated high-performance graphics card. Especially when the mobile computing power is still thin, the high-load decoding pressure is difficult.
(3) The operating system has not been responsible for the rendering transaction after decoding the ultra high definition video. In addition to hardware optimization, the optimization of the driver software, especially the graphics card driver and display framework is also very important.
In view of the above reasons, when processing ultra-high definition video, the performance of the decoder can be flexibly targeted.
• Configuring a high-performance graphics card is the most direct and effective means. For example, Nvidia's graphics cards have the widest range of acceleration support for both decoding and encoding, and GPU performance and parallel computing power are also very powerful. In particular, the driver of the graphics card itself better handles the IO interaction between the memory and the main memory, so that the decoding and rendering can be in the same rendering pipeline environment, and the processing speed of the ultra high definition video is accelerated.
• Codec acceleration support based on proprietary vendor chips is also a very good option. This solution is also a solution for on-chip system decoding + rendering. For example, Intel's QSV (High Speed ​​Image Synchronous Transcoding Technology) acceleration technology for its core graphics card is based on the HDGraphics series of core graphics cards that are packaged into CPU chips. This method can improve the decoding processing capability of the ultra high definition video to a certain extent.
• Software improvements to the operating system display driver architecture are an effective means of ultra-high definition video rendering acceleration. For example, the rendering improvement and acceleration of Windows' latest graphics driver model WDDM (WindowsDisplayDriverModel), especially for the DirectDraw base library (mainly used for playing video), is also an aspect that cannot be ignored.
At this stage, the mainstream open source library supporting soft decoding is FFMPEG, and FF has good support for hardware acceleration of codec. For example, support for IntelQSV technology has been integrated into FF (integrated with Intel's MediaSDK) and has shown good performance (the memory usage will be slightly larger when decoding). The FFmpegCUVID (CUDA-based video decoding library)/NVECN/CUDA part also integrates filter mechanisms such as Scaling that support hardware-accelerated decoding, encoding, and partial CUDA acceleration.
In addition, there are several platform-independent optimization options, including:
OpenMax: This is an open multimedia accelerator developed by KhronosGroup, which includes a full set of APIs for audio, video and image processing. No need to pay attention to the underlying logic when using, reducing the design flow of streaming software, easy to expand, and completely free.
Vulkan: This is the next generation of open graphics display API developed by KhronosGroup. It has a simpler display driver layer than OpenGL, and supports cross-platform features, multi-threading features and pre-compiled Shaders.
OpenCL: As a standard framework for heterogeneous high-performance computing, OpenCL provides both task-based and data-based parallel computing, not just for graphical computing. However, FFMPEG only optimizes the AVFilter (filtering framework) part, mainly used in hardware accelerated transcoding scenarios.
In addition to decoding and rendering, you should also consider playback issues. For example, 4K ultra-high definition video playback requires HDMI1.4a and above interfaces, HDMI1.4 supports 10.2Gbps bandwidth, and only supports UHD4K playback of 24fps, 25fps, 30fps. Therefore, in the future, it is necessary to accelerate the development of the HDMI 2.0 standard with a maximum bandwidth of 18 Gbps and a 4K resolution and 3D video.
3. Security issues
Security issues are not unique to ultra-HD video surveillance, and all information technology areas must address a variety of security issues. Security issues can be divided into the following areas: system security, data security, network security, and application security. For ultra high definition video surveillance we need to pay attention to the following.
(1) System security
Faced with triple security threats from server hardware, operating systems and monitoring terminals. For server systems, the huge vulnerabilities of Spectre and Meltdown as processors have been fixed, but the 0-Day vulnerability of how many processors, including fixes, is not known. The operating system has more vulnerabilities. The "Eternal Blue" series of vulnerabilities that broke out in 2017 were directly exploited by hackers to develop the Wannacry ransomware. The terrible scene is still vivid. For the monitoring terminal, the operating system is increasingly open source, and the processor platform is becoming more and more common, which also facilitates the rootkit invasion of various IoT devices and industrial control devices.
In view of the above situation, in addition to the security hardening of the operating system, the entire process control of the operating system of the monitoring terminal is also required. Security testing can be performed on the startup of the operating system using the idea of ​​trusted computing. For example, a trusted computing base TCB is embedded in the CPU chip, and layer-by-layer security metrics are performed at different stages of system startup.
1) The BIOS measures the TCB in the chip as a standard;
2) After the BIOS is trusted, the main measurement area is the new TCB metric main boot area MBR;
3) After the MBR is trusted, the activity metric is used as the new TCB to measure the active partition OBR.
Such layer metrics, although the startup will be slightly slower, but it is worthwhile and necessary to reinforce the operating system security of the server and the terminal to a certain extent.
(2) Data security
As the pioneer and pathfinder of data security in the field of video surveillance, GB35114 has begun to practice in the industry and has begun to build an ecosystem. For ultra-high definition video surveillance, Class B and Class C standards that comply with the GB35114 specification necessarily mean greater encryption and decryption computing power requirements. Especially for the encryption and decryption of the C-level standard video content itself, the cost is very huge.
Based on this, we should study the data security mechanism for the ultra high definition video itself. For the computing power of encryption and decryption, it should be "unloaded" into a proprietary chip (such as ASIC). For the asymmetric encryption mechanism, it can also be implemented by hardware + software. At the same time, several video frames can be extracted in an agreed manner for encryption and decryption to reduce the computational overhead.
(3) Network security
In the ultra-high-definition video surveillance system, it is necessary to strengthen the ability and means to resist DDOS attacks, and increase the data migration and verification mechanism. Especially in the case of huge HD video traffic, this is a major test for data ferry equipment. In addition, the security access system for cameras via echo technology should also be deployed and used as appropriate.
(4) Application security
In the field of video surveillance, we should also pay attention to the vulnerability and protection of the application software itself. For buffer overflow vulnerabilities, digital overflow vulnerabilities, malicious module injection, SQL injection vulnerabilities, Bypass vulnerabilities, etc., there must be detection and protection measures to ensure the stability of the entire application system, and these vulnerabilities cannot be made into viruses and APTs in information systems. A threat to the spread of sustainable threats.
Indoor Trampolines,Bowl Trampoline,12ft toys Trampoline,Fitness indoor Trampoline
Jiangsu Baoxiang Sports Equipment Co., Ltd , https://www.skyboundsports.com