Internet Breakout

Default Internet accessibility with a 1NCE SIM.

The default application case for a 1NCE SIM to use data connectivity is typically achieved through the Internet Breakout Service. All devices with a 1NCE SIM can connect freely to the open internet and transfer data bidirectionally.
The Figure above illustrates the basic operation principle of the Internet Breakout. By design, this internet access is implemented with Network Address Translation (NAT). This NAT maps the private IP of each SIM to a commonly used public 1NCE IP. This network design simplifies IP Address management and enhances the access security of connected IoT devices. By using a NAT, all devices with a 1NCE SIM cannot be directly accessed from the public internet side, thus improving the resilience against external attacks and threads targeting the IoT device. After a device has established a connection to a server, bidirectional data exchange is possible. Important to note is that the device needs to open and initiate the data session towards the target when using the default Internet Breakout. Bidirectional connection establishment (device to server and server to device) can be achieved using the 1NCE VPN Service.
1NCE customers are free to use any user transport protocol (e.g., TCP, UDP, MQTT, CoAP, etc.) over the Internet Breakout Service.

Internet Breakout Service Blocking

Due to the 1NCE network structure, all requests towards public services appear to come from only these few IPs. Many public services and APIs apply a request limit and smart filtering to detect and filter out DDoS and similar attacks. Very frequent queries (e.g., every second) from multiple SIM devices towards one service could trigger these filtering mechanisms. This will result in the public service blocking requests from 1NCE SIM devices, rendering the service unusable. The public services cannot differentiate between the SIMs due to the 1NCE NAT network structure. It is strongly recommended to program devices with 1NCE SIMs in a way that they do not aggressively query such shared resources.


Did this page help you?