How Super SIM Devices Connect to Cell Networks
You’ve chosen Super SIM to bring global connectivity to your IoT devices and to allow you to choose the most cost-effective networks in each of the territories in which your devices will operate. But how does Super SIM make this happen? How do your devices connect through any Twilio partner network to gain access to the Internet?
Read on for the answers to these questions.
To provide IoT devices with Internet connectivity, Super SIM uses a number of techniques. One of these is unique: it’s an on-SIM applet that can switch the International Mobile Subscriber Identity (IMSI) that its host cellular module presents to a network to which it’s trying to attach. If the target network rejects the current IMSI, the modem tries another network. If all the networks that the modem can reach refuse attachment, Super SIM switches to a different IMSI, and the modem tries again to attach to one of the available networks. This IMSI-switching feature is covered in detail in a separate article, but will come into play here too.
The other techniques employed by Twilio are features of all cellular networks, so by taking a look at these, you’ll get an understanding not only of how Super SIM powered devices establish connections to the Internet, but how all cellular-enabled devices do so too.
First of all, though, we need to understand how modern cellular networks are organized. All cellular networks comprise two key components: the core and the network.
How modern networks are organized
The network is a carrier’s collection of cell base-stations: the antennas and the electronics that manage the radio link between tower and connected user equipment (UE) — your IoT device, in other words. 4G/LTE base-stations incorporate what is called a Mobility Management Entity (MME). This is the system which UE communicates with to request access to a carrier’s cellular network. This takes place when the device tries to attach to the cell.
The core is the infrastructure to which all of the carrier’s base-stations are connected. What links them is an IPX (IP eXchange), which is essentially a private Internet. Connections exist between different carriers’ IPXs to form a global IPX which allows phones to call customers of other carriers, to reach landlines, and to break out to the Internet. This network of networks is often called the IP Backbone.
Major carriers like AT&T, Deutsche Telecom, Vodafone, and Telefónica own both components: they maintain a network of base-stations, all of which are connected over their IPX to their own core. Other carriers rent access to these resources — these are the so-called mobile virtual network operators (MVNOs). Twilio isn’t an MVNO. It doesn’t have any base-stations — instead it leverages all of those other networks’ cell towers. But it does have its own mobile core, connected to the global IP Backbone. The core is where all the real smarts of the cellular network are located.
Twilio’s core is also distributed: it is deployed to multiple data centers around the world. This ensures that devices get a consistent connectivity experience, whether they’re deployed in Los Angeles, Berlin, Taipei, or Nairobi. The result: less device downtime, and a real choice of which networks to use in any given region.
The roaming model
The model for the interaction between a Super SIM-enabled device and a partner network is international roaming. When you take your phone overseas, it doesn’t connect to your provider’s home network — in full, a Home Public Land Mobile Network (HPLMN) — but to a visited network, or Visited Public Land Mobile Network (VPLMN). Even if the visited network is owned by your provider — if it’s large enough to have a presence in multiple countries — you will almost certainly be making a roaming connection.
When your phone first tries to attach to the visited LTE network, the visited cell’s MME communicates over the IP Backbone with your home network’s Home Subscriber Service (HSS), which is the core-hosted service that manages users’ accounts and their access permissions. If your account has roaming enabled, the HSS instructs the MME to let your phone attach.
Super SIM works this way too: all Twilio partner networks are de facto visited networks. When your Super SIM-enabled device attempts to attach to a network, the cell’s MME talks to Twilio’s HSS to determine if the device should be allowed to connect. Twilio doesn’t make that decision, you do when you configure your Super SIM Fleets and Network Access Profiles. Twilio’s response to the MME is defined entirely by the choices you’ve made:
Assuming that you have allowed a given Super SIM to use the network to which it’s trying to attach, the HSS will tell the MME to permit the device to connect to the network. It may also instruct the MME to limit the host device’s functionality — for example, to block text messaging, or to apply a limit to how fast packets can be transferred between device and tower. Again, it does so based on settings you apply using the Super SIM API. Any such restrictions are enforced by other base-station systems under the direction of the MME:
How does the visited network’s MME know which HSS to contact? At the very start of the conversation between device and MME, the device’s cellular module will send an Attach Request message. This request includes the IMSI in order to identify the module to the network. The module gets the IMSI from its SIM.
Inside the IMSI
The IMSI comprises three numerical components:
- A Mobile Country Code (MCC). This is a three-digit ID indicating the SIM’s home territory.
- A Mobile Network Code (MNC). This is a two- or three-digit ID indicating the network the SIM belongs to.
- A nine-digit code called the Mobile Subscription Identification Number (MSIN) that identifies the SIM specifically to its home network.
The first two components are together called the Public Land Mobile Network (PLMN) ID, so you can view the IMSI as a combination of PLMN ID and MSIN.
The IMSI’s PLMN ID part gives the MME the data it needs to determine which HSS it needs to contact. The MME has a database of MCCs and MNCs in which it looks up the IP Backbone address of the target HSS, or at least the gateway the target network uses to route communications to a particular HSS. In the case of Super SIM IMSIs, the MME is directed to one of a number of Twilio partners called “sponsors” who route the MME’s requests to Twilio’s HSS. It’s the sponsors who provide the PLMN ID in Twilio’s IMSIs.
Of course, if the MME’s network is suffering a backhaul outage, it won’t be able to reach Twilio’s HSS, so it will just reject the Attach Request. This causes the device’s cellular module to attempt to attach to one of the other networks it can see, if there are any. The MME may also reject the IMSI for other reasons: perhaps it indicates a network — the one in the IMSI’s PLMN ID — that it doesn’t have a roaming arrangement with. This is why Super SIM’s ability to maintain multiple IMSIs is so useful. If its current IMSI is rejected by the network to which its host cellular module is trying to attach, it can give its module an alternative IMSI to try.
When the device is allowed to attach — in other words, when it receives an Attach Accept message — the MME also sends the device a Globally Unique Temporary Identifier (GUTI), which is a value generated in part from the IMSI’s PLMN ID and other data. The GUTI is used to authorize subsequent attachments to the same MME in place of the IMSI for privacy and security reasons. Using the GUTI minimizes the number of times the IMSI has to be sent over the radio. This in turn makes it harder for the device to be identified by its IMSI and therefore more difficult for it to be tracked by a third party snooping the radio traffic. Using an MME-issued GUTI has another benefit: the MME can speed the device’s attachment the next time the device tries to connect. Of course, if the device changes cell and therefore communicates with a second MME, the GUTI it received from the first MME will be rejected and it must submit its IMSI once again. But it then receives a new GUTI from the current MME.
Give the device Internet access
The IoT device has now been granted access to the visited network. How does it now establish an Internet connection?
Internet connections are established through an IP tunnel between two network components: the base-station’s Serving Gateway (SGW) and the core’s Packet-data Network Gateway (PGW), which is the point at which the core touches the public Internet. The tunnel is set up and maintained using the GPRS Transport Protocol (GTP), which is used even when the network is 3G or above.
The IoT device’s Access Point Name (APN) is used to find the PGW. The APN comprises a carrier-specific label (confusingly also referred to as the APN) plus a domain name. For Super SIM, the label is
super. This is prefixed to the domain name
.mcc<xxx>.mnc<yyy>.3gppnetwork.org, which is provided by the HSS on attachment. The values
<yyy> are the SIM’s actual MCC and MNC values, taken from its IMSI.
Though this yields a fully qualified domain name, it isn’t an Internet address. Don’t try it in a web browser — it won’t work. Instead, it’s a domain on the global IP Backbone. The MME uses the full APN to do a DNS lookup that will yield the numerical IP address of the PGW. The MME passes this address to the SGW, which uses it to contact the PGW and negotiate the establishment of the IP tunnel through which the IoT device will access the Internet to communicate with your servers or get data from third-party cloud services. When the tunnel is in place, the device’s data flows out through the PGW:
The Twilio Mobile Core’s HSS will provide the MME with an APN designed to route the SGW to the Twilio PGW. Today, that’s a single Internet point of presence in the US. However, Twilio will shortly add further PGWs around the globe so that device, using their stored APNs — i.e., the full APN’s prefix or label — to talk to the most geographically proximate PGW and so minimize the number of hops over which packets need to be routed as they travel between device and server:
The IoT device now has full Internet access
Older cellular technologies
What if your device needs to attach to a 3G network, or even a 2G one? The communications pathways are essentially those described above, but with different acronyms. For example, the role of an LTE network core’s PGW is taken by a Gateway GPRS Support Node (GGSN) in 2G and 3G networks. On a 2G network, a Home Location Register (HLR) is used in place of the HSS. There are 2G and 3G equivalents of the MME and SGW too, and the means by which they communicate with the home network over the IP Backbone are based on different protocols than those used in LTE networks.
There isn’t a perfect alignment between the roles and responsibilities of the LTE systems and their 2G/3G equivalents, or in the location of the boundary between one service and then next, but that’s a worry for network engineers, not IoT application developers. For those us building IoT products based on Super SIM, what matters is that all these systems work in essentially the same way to bring our devices programmable Internet access across the globe.
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.