What Is an APN? Access Point Names Explained

22.12.2020
guide-image

Quick definition: APN stands for Access Point Name. It’s a gateway between a cellular network and the Internet. Any time a cell phone or IoT device uses data, its Mobile Network Operator (MNO) reads the APN to assign the device an IP address, determine what kind of network access it needs, and implement security measures.

Basically, your APN defines your connectivity settings. And any time you change carriers, you need a new APNbecause the name is specific to each MNO.

Here’s what an APN looks like:

“Internet.mcc310.mnc070.3gppnetwork.org”

It may look somewhat random, but it follows a standard APN structure that makes it easy to tell some basic information about the gateway, such as what network it’s a gateway to and which MNO it’s associated with.

APN structure

Access Point Names have two main components:

  1. A network identifier
  2. An operator identifier

The network identifier specifies which external network the gateway connects to, and the operator identifier tells you which MNO the gateway is associated with. The operator identifier includes two parts as well: the Mobile Network Code (MNC) and the Mobile Country Code (MCC). The MNC is unique to the carrier, and the MCC is based on the region a carrier operates. Usually, the MNC and MCC are three digits each.

Additionally, every APN ends with either “.gprs” or “.3gppnetwork.org”, which associates the APN with a data standard.

APNs can also have custom names, which makes them easier to enter and remember. This is especially helpful in cellular IoT applications, where manufacturers have to manually set their APNs. When you use EMnify as your connectivity solution, your APN is simple: “em”. Custom APNs still use network identifiers and operator identifiers, but they get translated from the unique domain into the standard APN format. (This happens on the backend, so you don’t have to worry about it.)

APN types

There are four main types of APNs. They each have to do with whether the Access Point Name connects to a public or private network, and whether it uses dynamic or static IP addresses. The different APNs we used in the past to provide different level of security, separate subscribers and corporates, and deal with different use cases.

Public APN

Public APNs allow devices to access the public Internet, and they assign a dynamic IP address to any device that uses the APN. The address comes from a pool of available addresses within the public network, and when the device no longer needs a connection, the IP address it used returns to the pool. The next time it needs a connection, it receives another IP address from the pool of available ones, which may or may not include the address it used last time.

Public APN with public static IP

Public APNs with public static IP addresses will assign an IP address based on the pool of available ones, but once a device has been assigned an address, it uses that address every time it connects to the gateway.

Private APN

Private APNs have been used for corporate devices users to give more security and have different settings than the public internet. For example access to the private APN can require a password or filter specific web pages. Usually the private APN was then also connected to the corporate network via a VPN. As with public APNs, a private APN assigns devices a dynamic public IP address from the pool of available ones.

Private APN with private static IP

With a private APN devices may still use a dynamic / shared public IP address when talking to the public internet, but they can get a private static IP for connecting to another remote private network. In order to communicate with or access the device over this private IP address a virtual private network needs to be established from the other private network.

What’s the difference between a private APN and a VPN?

A private APN is an identifier of a gateway of your MNO’s cellular network that has certain policies assigned. This APN usually has a policy to allow or disallow public internet.

A VPN is a Virtual Private Network, that works on top of a public Internet connection to establish a private connection between two different networks. The virtual private connection encrypts any data sent over the Internet between these networks, so their connection is more secure compared to the public internet path.

Private APNs and IoT

There are some common misconceptions about APNs. Some developers assume that you need an APN to get more security, or that a private APN is required to establish a VPN. Neither of these things are true. APNs are a roundabout way to separate customers in different IP address spaces and to  solve the problem of dynamic IP addresses, which make remote access particularly difficult for IoT manufacturers. But there’s a better solution.

The challenge with dynamic IP addresses

With traditional cellular carriers, SIM cards usually get dynamic private IP addresses. Every time they send data, they get a different public IP address. This public address gets shared using Carrier Grade NAT. Next time the device transmits, it may have a different IP address, and another device may use the old IP address as well.

Dynamic IP addresses make remote troubleshooting a lot more difficult. You can’t access the device remotely without a VPN client-server in the device to connect, and small embedded devices simply don’t have enough processing power to facilitate the additional software and hardware. You can install gateways that connect your devices to a VPN, but then in order for each of your customers to have a VPN, you have to manage a new VPN for every deployment or gateway.

When you have a contract with a regular operator, you need to have a private APN to get static private IP addresses within an own IP range. This IP address range makes it possible to establish a Virtual Private Network with your application. This was often used to connect business smartphones to the corporate intranet. But it’s not the best way to solve this problem when you’re building an IoT application.

Why you don’t need an APN

With emnify, private APNs are a thing of the past. Our IoT communication platform gives every customer their own private secure address range, and your devices have static IP addresses by default.

Using OpenVPN or CloudConnect, you can remotely access your devices over one VPN connection (you don’t have to manage a separate connection for each gateway). All the data is transported over the VPN without ever breaking out to the public internet and without a Carrier Grade NAT.

Secure your connection with emnify

If you’re an IoT manufacturer, you don’t want holes in your connectivity to leave your customers vulnerable to network failures or attacks. emnify is a complete end-to-end connectivity solution for cellular IoT. We offer advanced IoT network security features like cellular network firewalls, the ability to create a private network using intra cloud connect, private DNS, and tools to limit service functionality. With emnify, your device can’t be part of any malicious communication.

Get in touch with our IoT experts

Discover how emnify can help you grow your business and talk to one of our IoT consultants today!

Related Posts