Skip to Content
FundamentalsNetwork Architecture

Network Architecture

Understanding LoRaWAN network architecture helps you troubleshoot issues and optimize device deployments.

Network Topology

LoRaWAN uses a star-of-stars topology:

┌─────────────┐ │ Application │ │ Server │ └──────┬──────┘ ┌──────┴──────┐ │ Network │ │ Server │ └──────┬──────┘ ┌──────────┼──────────┐ │ │ │ ┌───┴───┐ ┌───┴───┐ ┌───┴───┐ │Gateway│ │Gateway│ │Gateway│ └───┬───┘ └───┬───┘ └───┬───┘ │ │ │ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ │Dev│ │Dev│ │Dev│ └───┘ └───┘ └───┘

Network Components

End Devices

  • LoRaWAN sensors or actuators
  • Transmit data to any gateway in range
  • Battery-powered or mains-powered
  • Identified by a unique DevEUI

Gateways

  • Relay messages between devices and the network server
  • Can handle thousands of devices
  • Connected via WiFi, Ethernet, or cellular
  • Multiple gateways can receive the same message for improved reliability

Network Server

  • Manages the network
  • Handles device authentication
  • Removes duplicate packets
  • Selects the best gateway for downlinks
  • Manages data rates and channels

Application Server

  • Processes decoded data
  • Implements business logic
  • Stores historical data
  • Triggers alerts and actions

Communication Flow

  1. Device transmits on a random channel using the current data rate
  2. Multiple gateways may receive the packet
  3. Gateways forward the packet to the Network Server with metadata (RSSI, SNR, timestamp)
  4. Network Server:
    • Authenticates the message
    • Removes duplicates
    • Forwards to the Application Server
  5. Application Server decodes and processes the data
  1. Application sends a command to the Network Server
  2. Network Server:
    • Queues the message
    • Waits for the next uplink from the device
    • Selects the best gateway based on signal quality
  3. Gateway transmits during the RX1 or RX2 window
  4. Device receives in the receive window

Activation Methods

OTAA (Over-the-Air Activation)

Recommended for production

  • Device joins the network dynamically
  • Keys are exchanged during the join process
  • Session keys change with each join
  • More secure

Required credentials:

  • DevEUI: Device unique identifier
  • AppEUI/JoinEUI: Application identifier
  • AppKey: Secret key for join

Join process:

Device → Join Request → Network Network → Join Accept → Device (Session keys generated)

ABP (Activation By Personalization)

Simpler but less secure

  • Device pre-configured with session keys
  • No join procedure needed
  • Keys do not change
  • Faster for testing

Required credentials:

  • DevAddr: Device address
  • NwkSKey: Network session key
  • AppSKey: Application session key

Security

Encryption Layers

Application Layer (AES-128)

  • Encrypts payload data
  • Uses AppSKey
  • Provides end-to-end encryption

Network Layer (AES-128)

  • Protects network communication
  • Uses NwkSKey
  • Prevents replay attacks

Frame Counters

  • Track uplink and downlink messages
  • Increment with each message
  • Prevent replay attacks
  • Reset only on re-join (OTAA)

Adaptive Data Rate (ADR)

The Network Server optimizes:

  • Data rate: Higher rates reduce airtime
  • Transmit power: Lower power saves battery
  • Trade-off: Balances range, speed, and power

How it works:

  1. Device sends with ADR enabled
  2. Network Server monitors signal quality
  3. Sends commands to adjust data rate and power
  4. Device adapts parameters

Duty Cycle

Regulatory limits on transmission time:

  • EU868: 1% duty cycle (36 seconds/hour)
  • US915: Higher limits with frequency hopping

Example:

  • 1% duty cycle
  • 200ms transmission
  • Must wait 20 seconds before the next transmission

Best Practices

Device Configuration

  • Use OTAA for production
  • Enable ADR for stationary devices
  • Disable ADR for mobile devices
  • Set appropriate transmission intervals

Network Planning

  • Ensure adequate gateway coverage
  • Plan for gateway redundancy
  • Monitor gateway health
  • Consider interference sources

Security

  • Never hardcode AppKeys in code
  • Rotate keys periodically
  • Monitor for unusual activity
  • Implement application-level authentication

Performance

  • Minimize payload size
  • Use appropriate data rates
  • Respect duty cycles
  • Implement exponential backoff for retries

Troubleshooting

Device Not Joining

  • Verify DevEUI, AppEUI, and AppKey
  • Confirm gateway coverage
  • Ensure the frequency plan matches the region
  • Check for join accept in gateway logs

Packet Loss

  • Check RSSI and SNR values
  • Verify gateway connectivity
  • Monitor duty cycle compliance
  • Check for interference

High Battery Drain

  • Reduce transmission frequency
  • Enable ADR
  • Lower transmit power if possible
  • Check for continuous retries

Network Providers

Helium Network (Legacy)

  • Community-built coverage
  • Crypto-based incentives
  • Transitioning to new model

ChirpStack

  • Open-source Network Server
  • Self-hosted or managed
  • Full LoRaWAN support

Commercial Providers

Learn More