Features & Limitations
An overview of what the 1NCE SIM Data Service can and cannot do.
The data service is available with all 1NCE SIMs using the Radio Access Technologies (RAT) 2G, 3G, 4G, LTE Cat-M and NB-IoT. The local availability depends on the coverage of the 1NCE roaming partners. Not all RAT are provided in each country.
Data Bandwidth Throughput
While most IoT applications might only have low bandwidth and not very strict latency requirements, other use cases might require high bandwidth with low latency. The 1NCE Data Service offers a maximum guaranteed data throughput of one megabit per second (1 MBit/s). Please note that the achievable throughput and latency are dependent on the used RAT, device specifications, and environmental factors (e.g., location, signal reception, etc.).
SIM - IP Address
- Each customer gets personal, private Internet Protocol (IP) ranges assigned for their SIM cards.
- 1NCE uses addresses from the private IP space (RFC 1597) which are not allocated in the public internet and thus can be used freely in private networks.
- All SIM cards assigned will have an IP address of one or more dedicated IP address spaces.
- Usually, /24 address spaces will be used where in total 254 SIM cards can be fitted into.
- Additional IP space(s) will be assigned automatically.
- It is possible that a SIM card can get assigned a x.x.x.0 IP address.
- The IP address spaces assigned to your account can be verified in the 1NCE Portal.
SIM IP Spaces Changes
Please note that the pool of general SIM IP Spaces might be altered and new spaces might be added later on to increase overall capacity.
SIM - IP Spaces
All 1NCE SIMs are assigned IP Addresses from the following general IP Spaces. The IP Spaces assigned to customers will originate from these larger spaces. It is important to keep track of these spaces especially for VPN, IP Sec and VPN Peering setups.
Network Translation and 1NCE VPN
The infrastructure of the 1NCE Data Service network uses Network Address Translation (NAT) to route traffic from each connected SIM device to the public internet. For providing a private, more secure connectivity, as the devices are not directly exposed to the public internet. This also implies that a connection establishment from an application on the internet towards a 1NCE SIM is not directly possible without using the 1NCE VPN Service. On the other hand, target locations in the public internet space can be reached from any device with a 1NCE SIM. The traffic from each device is routed via the 1NCE Internet Breakout. For more details review the 1NCE Network Services, Internet Breakout and VPN Service.
Data Connection Establishment
When using the default Internet Breakout, the SIM device has to establish the Data Connection towards the targeted internet service. Due to the NAT Gateway, individual SIMs are not reachable from the open internet.
The sequence diagram below shows the flow of a SIM device using the NAT Internet Breakout to establish a connection to a public internet server/service. The connection establishment always needs to come from the SIM device. After a connection session (e.g., TCP session) was opened by the SIM device, bidirectional communication is possible.
The second sequence diagram below shows the possible data service when using the 1NCE VPN Service. This free to use service allows to directly connect to the 1NCE Network to access/connect SIM devices from the customer server side. Please note that only traffic from the SIM device with the VPN client IP address as destination will be routed towards the connected VPN client. All other traffic from the SIM device will be routed through the Internet Breakout. For more details, please see the VPN Service chapter.
The concept of the Open Systems Interconnection model applies to the 1NCE Data Service structure. The GPRS Tunneling Protocol (GTP) is used on layer 3 to transfer user application data between the device with a 1NCE SIM and the internet or application server and vice versa. All the data traffic is wrapped in the GTP, on top of this protocol (layer 4+) the customer is free to use any transport protocol (e.g., TCP, UDP, MQTT, CoAP, etc.) and any port assignment.
Domain Name System (DNS)
The Domain Name System (DNS) is used to resolve Uniform Resource Locators (URL) to an addressable IP. When using the 1NCE Internet Breakout, the public IP
188.8.131.52 is served as primary and
184.108.40.206 as secondary default Domain Name Server. Some devices have issues with obtaining the DNS served by the network. A manual configuration of a DNS is sometimes advisable.
Maximum Transmission Unit (MTU) Size
The Maximum Transmission Unit (MTU) is the size of the largest IP packet (layer 4) possible which can be transferred in a respective frame on layer 3 without the need for fragmentation in the packed based core network. If a send packet is larger than the specified MTU, the packet needs to be fragmented, thus creating more overhead and delays. Theoretically, a size of 1500 bytes is possible with the 1NCE Data Service. Based on prior experience with IoT devices and mobile networks, it is recommended to keep the MTU size lower than about 1200 bytes.
Data Volume Usage
Based on the customer specific tariff of a 1NCE SIM, a certain data volume is included. The available volume and current usage can be inquired in the 1NCE Portal or through the 1NCE API. The data volume can be used freely. If the volume runs out or customer-set threshold is reached, the Data Service for a SIM card is blocked. No new data sessions (PDP Context) can be initialized. The device can still attach to the mobile network and use the other services but is not able to re-create a new PDP Context. Moreover, any existing data session is terminated if the volume limit is reached. If the restricted SIM is topped up with new data volume, the blocking will be reset and new data sessions can be established. If a SIM runs out of data volume, the device should restrict the attempts to create new (failed) PDP sessions as the reject response can lead to the device spamming the network with session requests. Please note that the customer is responsible for implementing a back off timer for this edge case behavior.
Internet Breakout Timeout
This does only apply to connections made through the 1NCE Internet Breakout and NOT the 1NCE VPN Service!
Devices using the 1NCE Internet Breakout are placed behind a NAT gateway. After 350 seconds of no packets being transmitted, a established connection via the 1NCE Internet Breakout will be closed automatically. To keep the connection alive within 350 seconds a IoT device must send a keep-alive packet at least once in the 350-second timeframe. Otherwise, the 1NCE SIM device must re-establish the connection after this timeout.
1NCE Breakout IP Blacklisting
The traffic from all 1NCE SIMs towards the public internet is routed through a NAT with a couple of public-facing IP addresses. These public breakout IPs are listed in the 1NCE Portal. All requests towards public internet services appear to come from only these few IPS. Most public services and APIs apply a request limit and smart filtering to detect and filter out denial of service (DDoS) and similar attacks. Very frequent queries (e.g., every second) from multiple SIMs towards one endpoint could trigger these filtering mechanisms. This will result in the public service blocking requests from 1NCE SIM devices, rendering the service unusable. Most public services cannot differentiate between individual SIMs due to the 1NCE NAT network structure. It is strongly recommended to program devices with 1NCE SIMs in a way that they do not aggressively query such shared resources.
Multiple PDP Data Sessions
With the 1NCE SIM connectivity, currently only one PDP data session at a time is supported. If the IoT device allows to establish multiple PDP sessions, only the last opened data session can be used to transfer data. Sessions opened prior will remain open but will be dropped on the Packet Gateway. This results in no data being transferred other the older PDP sessions.
For ease of use ensure to use only one PDP data session at a time and to always properly close each session.
Device to Device Communication
The general IP communication between individual SIM devices is not possible, but there are some exceptions where it might work. As each SIM has its own static IP and a customer can be assigned multiple /24 IP spaces for their SIMs, not all devices are in the same IP space.
Due to load-balancing in the core network, it can not be ensured that all SIMs of a customer are handled by the same Packet Gateway. Only SIMs of an individual customer handled by the same Packet Gateway can communicate with each other. As SIMs from the same IP space are handled on the same gateway, these devices should be able to communicate peer-to-peer. If by chance two separate IP spaces are handled by the same gateway, peer-to-peer communication between different IP spaces will work. Due to the nature of load-balancing of the Packet Gateways, it can not be guaranteed that peer-to-peer communication between SIMs of different IP spaces will work or stay working for longer periods.
Updated 6 days ago