Network Architecture
Understanding LoRaWAN network architecture helps you troubleshoot issues and optimize device deployments.
Network Topology
LoRaWAN uses a star-of-stars topology:
┌─────────────┐
│ Application │
│ Server │
└──────┬──────┘
│
┌──────┴──────┐
│ Network │
│ Server │
└──────┬──────┘
│
┌──────────┼──────────┐
│ │ │
┌───┴───┐ ┌───┴───┐ ┌───┴───┐
│Gateway│ │Gateway│ │Gateway│
└───┬───┘ └───┬───┘ └───┬───┘
│ │ │
┌─┴─┐ ┌─┴─┐ ┌─┴─┐
│Dev│ │Dev│ │Dev│
└───┘ └───┘ └───┘Network Components
End Devices
- LoRaWAN sensors or actuators
- Transmit data to any gateway in range
- Battery-powered or mains-powered
- Identified by a unique DevEUI
Gateways
- Relay messages between devices and the network server
- Can handle thousands of devices
- Connected via WiFi, Ethernet, or cellular
- Multiple gateways can receive the same message for improved reliability
Network Server
- Manages the network
- Handles device authentication
- Removes duplicate packets
- Selects the best gateway for downlinks
- Manages data rates and channels
Application Server
- Processes decoded data
- Implements business logic
- Stores historical data
- Triggers alerts and actions
Communication Flow
Uplink (Device → Application)
- Device transmits on a random channel using the current data rate
- Multiple gateways may receive the packet
- Gateways forward the packet to the Network Server with metadata (RSSI, SNR, timestamp)
- Network Server:
- Authenticates the message
- Removes duplicates
- Forwards to the Application Server
- Application Server decodes and processes the data
Downlink (Application → Device)
- Application sends a command to the Network Server
- Network Server:
- Queues the message
- Waits for the next uplink from the device
- Selects the best gateway based on signal quality
- Gateway transmits during the RX1 or RX2 window
- Device receives in the receive window
Activation Methods
OTAA (Over-the-Air Activation)
Recommended for production
- Device joins the network dynamically
- Keys are exchanged during the join process
- Session keys change with each join
- More secure
Required credentials:
- DevEUI: Device unique identifier
- AppEUI/JoinEUI: Application identifier
- AppKey: Secret key for join
Join process:
Device → Join Request → Network
Network → Join Accept → Device
(Session keys generated)ABP (Activation By Personalization)
Simpler but less secure
- Device pre-configured with session keys
- No join procedure needed
- Keys do not change
- Faster for testing
Required credentials:
- DevAddr: Device address
- NwkSKey: Network session key
- AppSKey: Application session key
Security
Encryption Layers
Application Layer (AES-128)
- Encrypts payload data
- Uses AppSKey
- Provides end-to-end encryption
Network Layer (AES-128)
- Protects network communication
- Uses NwkSKey
- Prevents replay attacks
Frame Counters
- Track uplink and downlink messages
- Increment with each message
- Prevent replay attacks
- Reset only on re-join (OTAA)
Adaptive Data Rate (ADR)
The Network Server optimizes:
- Data rate: Higher rates reduce airtime
- Transmit power: Lower power saves battery
- Trade-off: Balances range, speed, and power
How it works:
- Device sends with ADR enabled
- Network Server monitors signal quality
- Sends commands to adjust data rate and power
- Device adapts parameters
Duty Cycle
Regulatory limits on transmission time:
- EU868: 1% duty cycle (36 seconds/hour)
- US915: Higher limits with frequency hopping
Example:
- 1% duty cycle
- 200ms transmission
- Must wait 20 seconds before the next transmission
Best Practices
Device Configuration
- Use OTAA for production
- Enable ADR for stationary devices
- Disable ADR for mobile devices
- Set appropriate transmission intervals
Network Planning
- Ensure adequate gateway coverage
- Plan for gateway redundancy
- Monitor gateway health
- Consider interference sources
Security
- Never hardcode AppKeys in code
- Rotate keys periodically
- Monitor for unusual activity
- Implement application-level authentication
Performance
- Minimize payload size
- Use appropriate data rates
- Respect duty cycles
- Implement exponential backoff for retries
Troubleshooting
Device Not Joining
- Verify DevEUI, AppEUI, and AppKey
- Confirm gateway coverage
- Ensure the frequency plan matches the region
- Check for join accept in gateway logs
Packet Loss
- Check RSSI and SNR values
- Verify gateway connectivity
- Monitor duty cycle compliance
- Check for interference
High Battery Drain
- Reduce transmission frequency
- Enable ADR
- Lower transmit power if possible
- Check for continuous retries
Network Providers
Helium Network (Legacy)
- Community-built coverage
- Crypto-based incentives
- Transitioning to new model
ChirpStack
- Open-source Network Server
- Self-hosted or managed
- Full LoRaWAN support
Commercial Providers
- HeyIoT
- Meteo Scientific
- The Things Network/Industries