# Setting up an SRT Listener input SRT Listener inputWorking with SRT Listener input The guide now includes information about working with SRT Listener inputs. This section describes how to set up to receive transport stream (TS) content that is pushed from an upstream system that is set up as an SRT caller. This section describes how to set up the source content on the upstream system, and how to create an input that connects the upstream system to MediaLive. The transport stream source must be encrypted with AES. **Roles** With an SRT Listener input, MediaLive has two roles and the upstream system has two roles: + For the SRT connection handshake: MediaLive is the SRT listener (the party that waits for the connection). The upstream system is the SRT caller. The upstream system initiates the SRT connection handshake that precedes the transmission of the source content. + For the transmission: After the connection is made, the upstream system is always the sender of the content. MediaLive is always the receiver of the content. In terms of the categorization of inputs into push and pull, an SRT Listener input is a push input. You must use an input security group with an SRT Listener input to control which IP addresses are allowed to push content to MediaLive. **Topics** + [ # Get ready ](input-listener-srt-prereqs.md) + [ # Create an SRT Listener input ](input-listener-srt-setup.md) + [ # Provide connection information to the upstream system ](setup-uss-srt-listener.md) + [ # Result of this procedure ](input-listener-srt-result.md) + [ # Network locations for SRT Listener inputs ](input-listener-srt-network-locations.md) # Get ready Step 1: Get ready 1. Discuss the following information with the operator of the upstream system: + The IP address that the upstream system will push from. You need this address to create an input security group that allows traffic from this address. For more information about input security groups, see [Working with input security groups](working-with-input-security-groups.md). + The encryption algorithm that the upstream system will use: AES 128, AES 192, or AES 256. Encryption is required for SRT Listener inputs. Agree on a passphrase with the operator of the upstream system. The passphrase is used to generate the key for encrypting and decrypting the source content. + The stream ID, if the upstream system uses this identifier. The stream ID is an optional free-form string that the upstream system can send during the connection handshake. MediaLive accepts all connections regardless of the stream ID value. MediaLive logs the stream ID for monitoring and troubleshooting purposes only. + The preferred latency (in milliseconds) for implementing packet loss and recovery. Packet recovery is a key feature of SRT. The valid range is 120 to 15000 milliseconds. 1. You must store the passphrase that you agreed on with the operator. Someone in your organization must store the passphrase in a secret in AWS Secrets Manager. For more information, see [Create an AWS Secrets Manager secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_secret.html). Create a secret of type **Other type of secret**. The result of creating the secret is an ARN that looks like this: `arn:aws:secretsmanager:region:123456789012:secret:Sample-abcdef` **Important** Store SRT passphrases in Secrets Manager as plaintext (for example, `secretpassword123`). Do not use the key/value option or JSON format when creating the Secret, as this may cause interoperability issues with other services. Store the passphrase as plaintext only. Ensure your passphrase is between 10 and 79 characters. 1. Create or identify an input security group that includes the IP address of the upstream system. For information about creating input security groups, see [Creating an input security group](create-input-security-groups.md). # Create an SRT Listener input Step 2: Set up the input After you have obtained the necessary information from the upstream system and created an input security group, you can create the SRT Listener input. **To set up an SRT Listener input** 1. Make sure that you have the information that you [obtained from the upstream system](input-listener-srt-prereqs.md). 1. Open the MediaLive console at [https://console.aws.amazon.com/medialive/](https://console.aws.amazon.com/medialive/). 1. In the navigation pane, choose **Inputs**. On the **Inputs** page, choose **Create input**. Then choose **SRT Listener**. 1. In the **Input class** section, choose the class for this input: + STANDARD\$1INPUT: MediaLive allocates two IP addresses for redundancy. + SINGLE\$1INPUT: MediaLive allocates one IP address. 1. In the **Input security group** section, select the input security group that you created or identified earlier. This security group must include the IP address of the upstream system that will push content to this input. 1. In the **SRT Listener settings** section, complete the following fields: + **Minimum latency**: Enter the latency value in milliseconds that you agreed on with the upstream system. The valid range is 120 to 15000 milliseconds. SRT will choose the maximum of the values proposed by the sender and receiver. + **Stream ID**: Optional. Enter the stream ID if the upstream system uses this identifier. 1. Complete the **Decryption** fields. Encryption is required for SRT Listener inputs: + **Algorithm**: Select the encryption algorithm that you agreed on with the upstream system: AES 128, AES 192, or AES 256. Encryption always uses AES, but the algorithm length can be negotiated between you and the sender. If you don't know what length to use, enter the lowest value. If the sender negotiates to use a longer length, MediaLive will always agree to that higher length. + **Passphrase secret ARN**: If the list of ARNs is populated, select the ARN of the passphrase that you [created earlier](input-listener-srt-prereqs.md). If the list is empty, type the ARN into the entry field. 1. In the **Tags **section, create tags if you want to associate tags with this input. For more information, see [Tagging resources](tagging.md). 1. Choose **Create**. MediaLive creates the input and allocates one or two IP addresses (depending on the input class). The input appears in the list of inputs with the allocated IP addresses and port 5050. # Provide connection information to the upstream system Step 3: Provide information to upstream After you create the SRT Listener input, you must provide connection information to the operator at the upstream system so they can configure their SRT caller to connect to MediaLive. **To obtain the connection information** 1. On the **Inputs** page, choose the name of the SRT Listener input that you just created. 1. On the input details page, in the **Destinations** section, note the IP addresses and port. For a standard-class input, there are two destinations. For a single-class input, there is one destination. The destinations will be in the format `srt://ip-address:5050`. For example: `srt://54.123.45.67:5050` `srt://54.123.45.68:5050` 1. Provide these destination URLs to the operator of the upstream system. The operator must configure their SRT caller to connect to these addresses. Make sure that the operator at the upstream system sets up as follows: + They set up to deliver the correct number of sources: + If the MediaLive channel is a standard channel, they must push to both destination addresses. Make sure that the two source contents are identical in terms of video resolution and bitrate. + If the MediaLive channel is a single-pipeline channel, they must push to the single destination address. + They configure their SRT caller to use the same encryption algorithm and passphrase that you agreed on. + They configure their SRT caller to use a latency value. SRT will negotiate and use the maximum of the latency values configured on both sides. + If you specified a stream ID in the input configuration, the upstream system can optionally send a stream ID value during connection. MediaLive accepts connections with any stream ID value (or no stream ID). The stream ID is logged for monitoring and troubleshooting purposes only. # Result of this procedure Step 4: Result of this procedure As a result of this setup, an SRT Listener input exists with one or two *destination* URLs. These destinations are the URLs that MediaLive allocated for receiving the source content. At runtime of the channel, the upstream system (the caller) will perform a handshake with MediaLive (the listener). The upstream system will connect to two URLs (for a standard channel) or one URL (for a single-pipeline channel), and push the source content into the channel. ![\[alt text not found\]](http://docs.aws.amazon.com/medialive/latest/ug/images\srt-push-uss-input.png) # Network locations for SRT Listener inputs Network locations SRT Listener inputs support the following network locations: + **AWS**: Standard cloud deployment. MediaLive allocates Elastic IP addresses for the input destinations. + **VPC**: Deployment in your Amazon Virtual Private Cloud. MediaLive allocates Elastic Network Interfaces (ENI) in your VPC for the input destinations. When you create an SRT Listener input in a VPC, you must specify the VPC subnets and security groups. + **ON\$1PREMISES**: MediaLive Anywhere deployment. For on-premises deployments, you must specify the IP addresses and network configuration when you create the input.