My Show Networks talk from The Eleventh HOPE (Hackers On Planet Earth) is now here on Youtube. It's about 50 minutes long, and it was a lot of fun. This is my fourth time over the last eight years at this fantastic conference.
A couple people came up to me at the end of the talk to point out that broadcast storms can cross VLAN's on a switch, which I had said off the cuff at the end in response to a question.
For my Networks On Shows and In Venues: What Do You Need to Know? panel yesterday at the North American Theatre Engineering Conference (NATEAC), I assembled a panel of experts and together we came up with John, Kevin, and Peter’s Show Networking Best Practices. That panel was Kevin Loewen, Engineering Manager at the Pathway Connectivity office of Acuity Brands Lighting and Peter Stepniewicz, Principal Show Electronic Engineer, Walt Disney Imagineering. Special thanks also to Kevin Gross, AVA Networks, for giving us feedback on the document.
We came up with the following list of what we consider current best practices for the use of networks on shows. This list simply represents the personal opinions of the three of us and not necessarily our employers, etc.
General Network Architecture
- View cable/fiber plant as a flexible infrastructure, which potentially can be used for networking, audio/video distribution, DMX 512, or even analog signals.
- Use wireless only for special use cases where you have no alternative.
- Select entertainment control protocols that are modern and network-friendly where possible.
- Hire a qualified contractor for permanent installations, or be sure to read and follow specifications and instructions, and performance-test all network links.
- Consider venue/show staff knowledge and support sources when designing your system.
- Choose Static or DHCP address assignment by type of gear that will be used
- Keep in mind that well designed network/cable infrastructure helps to accommodate future technologies.
- 1Gb switches give plenty of bandwidth for most entertainment control applications today and likely into the near future. 10Gb might be useful or needed for current or future special applications (like video) or high capacity backbones.
- Avoid consumer-grade switches, and consider using managed switches, since in the context of an entertainment control system, switches are cheap, and some more advanced features (like Internet Group Management Protocol (IGMP)) available in managed switches are increasingly important in modern systems.
- Consider using switches made for the entertainment industry, since they are better focused on the needs of our market and our users, have accessible support, and are made to be easy to use; enterprise grade IT equipment can be very confusing to setup.
- Consider (more expensive) Power over Ethernet (PoE) switches for some specialized applications like IP surveillance cameras and A/V network devices.
- Consider (more expensive) AVB capable switches if running audio equipment that uses it (Meyer Sound, Biamp).
- Ensure that Energy-Efficient Ethernet (EEE) can be disabled (or is not implemented) in switches used for audio networks like Dante.
- Incorporate monitoring ability. Computers are cheap these days.
- Use physically redundant switches or Virtual Local Area Networks (VLAN) to segregate traffic. VLANs are very easy to configure with modern entertainment-oriented switches.
- Use small business or enterprise-grade dedicated wireless access points (Cisco, Aruba, Ruckus, etc.) when necessary (and don’t use Wi-Fi for real-time control). Don’t use home grade routers (you don’t likely need the router anyway and if you do, you don’t want a consumer grade router).
- Comply with the TIA/EIA-568 structured cabling standard. The B version is more common, but either A or B can be fine if used consistently on a show/venue.
- Cat 5e Unshielded Twisted Pair (UTP) is suitable for Gigabit Ethernet and should be fine for most entertainment control applications in North America today and into the near future.
- Cat 6, 6A or Shielded Twisted Pair (STP) may be required or recommended currently or in the future by some manufacturers for specialized (typically high bandwidth) applications.
- Use pre-made patch cables. Companies like Monoprice make cable so cheap that it’s typically not worth crimping your own connectors.
- Don’t make loops (unless your network equipment specifically supports this sort of topology for redundancy using techniques like Rapid Spanning Tree Protocol (RSTP), or Ethernet Automatic Protection Switching (EAPS)).
- Keep total Cat 5e segment length under 100m (including patch cables). Cat 6, depending on the use, can have shorter working lengths.
- Heavier duty Neutrik Ethercon (and compatible) connectors are available for show purposes.
- Heavier duty (and easier to coil) Cat 5e (like Belden DataTuff) is available.
- For permanent copper installations:
- Terminate cable runs to a jack in the wall, then use a patch cord for the short run to the equipment.
- Minimize the patch cable length since these cables are typically lower performance.
- Remember that conduit runs are typically specified by others and can often be longer than you think. 80m is a good target length, 90m maximum to accommodate 5m patch cables on each end.
- Fiber today is still complicated/expensive to terminate and is best for long runs or high bandwidth applications, or where lightning/extreme EMI immunity is needed.
- LC Duplex is most common fiber connector in our market; you might also see SFP connectors on networking equipment.
- Single mode fiber is typically needed for very long distances.
- Heavier duty Neutrik opticalCON Duo or Quad ruggedized connectors are available.
- Physical security is very important in our industry and is your first line of network defense.
- Keep in mind that few of our protocols have any intrinsic security.
- Consider not using or restricting access to DHCP servers
- Use firewalls, start with firewall that is totally closed and open from there
- Use VPN for remote access
- Shut down unneeded Wi-Fi (which is very useful for programming, etc.) during the show.
- Keep your network off the internet. If you have to put it on the internet, limit and constrain access. A useful approach when this is necessary is to have one machine on the show network and use a highly secure external remote access method to that one machine. Then you are virtually in the show network without exposing the whole thing.