1. Getting Started

The WINK Media Router facilitates service and distribution of live video streams. The WINK Media Router enables advanced delivery, security and authentication controls of your live streaming video. The WINK Media Router also offers aggregate video publish and highly available functionality.

This document covers the basic concepts of the configuration. For advanced controls, functionality and advanced routing options, especially if you wish to use multiple WINK Media Routers and/or multiple WINK Forges, it is recommended you pair your network design with WINK Crossroads.

2. Web Interface Access

The web interface can be accessed via HTTP on TCP Port 88 or HTTPS on TCP Port 444.

2.1 Default Login

Default login credentials for the web administration interface are:

3. System Internals

3.1 Paths and Access URLs

Local publishing for Web output mode (RTMP, HLS, MPD & JPG) is commonly used as the standard output in addition to a parallel output for debugging purposes.

The standard input path is:

Example URLs

3.2 HLS and MPEG-DASH Configuration

WINK Media Routers produce HLS and MPEG-DASH sequences with the following default parameters:

Static JPEGs (Video Previews)

Static JPEGs or previews are produced at a rate of once every 10 seconds. The system will retain and display the last generated JPEG as long as the stream remains in the start status regardless of input availability. The JPEG creation frequency or interval can only be modified using WINK Crossroads.

The file's timestamp provided over the HTTP or HTTPS protocol can be referenced to verify the date or time of the file's production.

3.3 Access Control Lists

Access is defined per application instance. The correct syntax is IP-based CIDR notation with comma-separated values.

ACL Examples

Publish ACL (IP Address Publish)

This parameter defines the allowed address of hosts, WINK Forges, WINK Media Routers or WINK Gateways permitted to publish to the WINK Media Router.

Playback ACL (IP Address Playback)

This parameter defines the allowed address of hosts permitted to view streams for the RTMP protocol. This value does not affect or control HTTP-based protocols.

3.4 One-Time Password (OTP) Authentication

One-Time Password is the ideal way to secure live and video on demand streams from unwanted or unauthorized viewers. OTP with predefined auto-renewing expiries is one of the easiest ways for simple control and integration into existing video players.

See supplemental API documentation for OTP implementation details.

3.5 Globally Unique Identifier (GUID)

Each WINK Media Router is issued a Globally Unique Identifier, and no two systems will contain the same GUID. This value, as the name implies, is unique. Uniqueness is important to avoid collisions of publishing and to help identify the owner of a stream to a specific WINK Forge.

Example GUID

These values are respected as a unit by the WINK Media Router and must be referenced when accessing, manipulating or viewing streams.

GUID Collision Avoidance

If your deployment requires duplicate GUIDs across devices for high availability purposes, it is recommended to isolate the publishers via Media Router or unique Application or publish points.

4. Network Ports and Communication

The following tables define the inbound and outbound ports required for operation of the associated protocols.

Required Ports

Optional Ports

5. Media Formats and Protocols

The WINK Media Router supports a wide range of popular and standard transport protocols. In addition, a broad range of custom or proprietary transport protocols are supported. There are furthermore a number of proprietary protocols provided by WINK Streaming and partner companies or vendors.

5.1 RTMP

5.2 RTSP

Enhanced RTSP Features:

• ONVIF Compliance: Full support for ONVIF Profile S/G/T
• PTZ Control: Pass-through PTZ commands
• Metadata: ONVIF analytics and event metadata
• Keep-Alive: Automatic connection maintenance
• Reconnection: Configurable retry with backoff

5.3 HTTP/HTTPS

Usage format:

5.4 HLS

Usage format:

5.5 MPEG-DASH

Usage format:

5.6 SRT (Secure Reliable Transport)

SRT Features:

• Low Latency: Sub-second glass-to-glass delivery
• Error Recovery: ARQ with configurable latency buffer
• Firewall Traversal: UDP-based with NAT support
• Bandwidth Efficiency: Adaptive bitrate and congestion control
• Stream ID: Metadata support for routing

5.7 WebRTC

WebRTC Features:

• Ultra-Low Latency: < 500ms typical
• Browser Native: No plugins required
• Adaptive Bitrate: Automatic quality adjustment
• P2P Option: Direct peer connections when possible
• Mobile Support: iOS/Android SDK compatible
• Standards Compliant: WHIP/WHEP for interoperability

5.8 Camera Protocol Emulation

The WINK Media Router can emulate various camera manufacturers' protocols, enabling seamless integration with VMS platforms that don't support standard protocols. This powerful feature allows the router to appear as a native camera to the VMS.

Use Cases for Camera Emulation

• Legacy VMS Integration: Connect modern streams to older VMS systems
• Cross-VMS Bridging: Share cameras between incompatible VMS platforms
• Protocol Translation: Convert unsupported formats to VMS-native protocols
• Cloud to On-Premise: Present cloud streams as local cameras

Example: Axis Camera Emulation

When configured for Axis emulation, the Media Router responds to:

• VAPIX discovery requests
• Parameter queries (resolution, framerate, etc.)
• PTZ commands (if source supports PTZ)
• Event and analytics metadata
• Motion detection alerts

5.9 UDP/MPEG-TS

Use Cases:

• IPTV Distribution: Multicast streams for set-top boxes
• Broadcast Integration: Professional broadcast workflows
• Low-Latency Distribution: LAN-based video delivery
• Legacy System Support: Compatible with older equipment

5.10 Comprehensive Codec Support

6. Settings

6.1 User Accounts

Accounts are managed when logged in as admin in the Settings → User Accounts section.

Default Credentials

WINK Media Routers are instantiated with the following default account login credentials:

Permission Levels

Three permission levels exist in the WINK Media Router via the local management interface:

6.2 Network Configuration

WINK Media Routers can be configured with static or dynamic IP addresses, though it is highly recommended that users always use a static IP address. Optional network failover bonding is available by selecting two interfaces and setting the correct network parameters.

Default Network IP Address

Each WINK Media Router comes preconfigured with this default IP address. This system will always be available as a backup mechanism to contact the system via the primary network interface.

Bonding Modes

The default bonding mode is failover, where the first interface is active and the secondary interface is used in the event the primary interface fails. Alternative bonding modes are available to suit your network environment and performance needs.

MTU Configuration

A maximum transmission unit (MTU) is the largest packet or frame size, specified in octets (eight-bit bytes) that can be sent in a packet- or frame-based network such as the internet.

6.3 VRRP High Availability

Virtual Router Redundant Protocol (VRRP) is an open source protocol very similar to Cisco's HSRP. It enables multiple devices to share a Virtual IP address in a master/slave configuration.

VRRP uses the multicast address 224.0.0.18 for communication. To ensure VRRP communication between hosts, you must allow continuous multicast communication between WINK Media Routers via this multicast address.

VRRP Configuration Parameters

6.4 System Options

Hostname Configuration

The system hostname should be a unique name for each WINK Media Router in your local and global deployment. The hostname has the following requirements:

• Maximum 63 alphanumeric characters
• May include the minus sign (-) but not at the end
• Case-insensitive for network operations
• Should be DNS-compliant

Time Management

Local or remote NTP time servers are essential for maintaining several services on a WINK Media Router including:

• Audio & video synchronization
• Valid SSL certificates
• Valid WINK Media Router license
• Log file accuracy
• VRRP synchronization

6.5 SSL Certificate Management

In the event you wish to use signed certificates with your WINK Media Router, you have the option to generate a certificate and either self-sign the certificate or have the certificate signed by a signing authority.

Certificate Requirements

• Format: PFX (PKCS#12) bundle
• Must include full certificate chain
• Password protected
• Supports wildcard certificates
• Corporate intermediate certificates supported

7. Tools

The WINK Media Router includes several diagnostic tools to help troubleshoot network and streaming issues.

Available Tools

TCPDump Advanced Usage

This tool is for advanced testing to confirm receipt or delivery of data from a camera encoder or to a media delivery point.

8. Monitoring and Support

System Graphs

System graphs should be your first point of reference when starting a debug process. A quick look at the CPU and Network graphs often very clearly paints a picture of an issue.

Network Graphs

Network graphs indicate the inbound and outbound of the primary network interface.

System Memory

Memory graphs indicate the amount of used and available memory.

System CPU

CPU graphs indicate the amount of used and idle CPU available.

Logs

The logs are a sortable and searchable interface, with a maximum limit of 10,000 records. Available log types include:

• Login: User authentication events
• Request: HTTP/API requests
• Cron: Scheduled task events
• API: API-specific events
• OTP: One-time password events
• API-USER: API user actions

9. REST API

The REST API provides a range of functionality for both programmatic operation and administration.

See the WINK Streaming - REST Command API document for detailed API documentation.

10. Advanced Configuration

Network Optimization Parameters

These advanced parameters can be configured when working with WINK Forge for optimized stream handling:

API Integration

OTP API Reference

The Media Router provides comprehensive API support for OTP token management:

curl -d "apiuser=apiuser&apipass=apipass&action=create&duration=60&hash_type=numeric&hash_length=20" \
     -X POST https://router.example.com/otp/api/

curl -d "apiuser=apiuser&apipass=apipass&action=extend&token=24814928371014572819&duration=900" \
     -X POST https://router.example.com/api/v1/otp/

curl -d "apiuser=apiuser&apipass=apipass&action=query&token=24814928371014572819" \
     -X POST https://router.example.com/api/v1/otp/

Stream Control API

When integrated with WINK Forge, the Media Router supports advanced stream control:

<wink_api user='apiuser' pass='apipass' key='shared_key'>
    <req id='unique_id' command='route_update'>
        <route>application_name</route>
        <guid>FORGE_GUID</guid>
        <stream>stream_name</stream>
        <action>add|remove</action>
    </req>
</wink_api>

High Availability Configuration

Multi-Router Setup

For mission-critical deployments, configure multiple Media Routers in a high-availability configuration:

1. Primary/Secondary Setup:
   • Configure VRRP with matching Router IDs
   • Set priority values (lower = higher priority)
   • Use shared Virtual IP for client connections
2. Load Balanced Setup:
   • Deploy multiple active routers
   • Use DNS round-robin or hardware load balancer
   • Configure identical applications on each router
3. Geographic Distribution:
   • Deploy routers in multiple data centers
   • Use GeoDNS for client routing
   • Configure cross-region replication

Performance Optimization

System Tuning

Monitoring Best Practices

• System Metrics:
  • Monitor CPU usage (target < 80%)
  • Track memory utilization
  • Watch network interface saturation
  • Monitor disk I/O for segment storage
• Stream Metrics:
  • Active connection count
  • Bandwidth per stream
  • Client geographic distribution
  • Error rates and types
• Alert Thresholds:
  • CPU > 85% for 5 minutes
  • Memory > 90% utilization
  • Network > 80% of capacity
  • Failed authentication attempts > 10/minute

Advanced Authentication

Authentication Methods

The Media Router supports multiple authentication methods for different use cases:

JWT Authentication

For scalable, stateless authentication:

HTTP-Based Authentication

Integrate with existing authentication systems:

# Authentication endpoint called by Media Router
POST https://auth.example.com/validate
Content-Type: application/json

{
  "username": "user",
  "password": "pass",
  "ip": "client_ip",
  "path": "stream_path"
}

# Expected response
{
  "authenticated": true,
  "permissions": ["read", "write"]
}
            

Integration with WINK Ecosystem

WINK Forge Integration

The Media Router works seamlessly with WINK Forge for complete streaming workflows:

WINK Archive Integration

For recording capabilities, integrate with WINK Archive:

• Route streams to Archive for storage
• Use metadata tags for searchable recordings
• Configure retention policies
• Enable compliance recording modes

WINK Crossroads Integration

For advanced routing and load balancing:

• Centralized management of multiple routers
• Intelligent routing based on load/geography
• Failover orchestration
• Global stream directory