How They Really Work, What They Actually Are, and Why “IoT SIM” Is Mostly a Label
Roaming SIM cards sit at the centre of modern connected infrastructure. They keep CCTV online in empty buildings, connect EV chargers in car parks with no fixed line, run digital signage, power vending machines, and glue together thousands of remote systems that nobody wants to visit in person.
They are often described as IoT SIMs, M2M SIMs, multi-network SIMs, or global SIMs. Most of those labels are unhelpful. Some are outright misleading.
This guide explains, in practical terms, what roaming SIM cards actually do, how they behave inside routers such as the Teltonika RUTC41, how networks are selected, how IP addressing really works, and why many of the problems people experience are not faults at all but side effects of how mobile networks are designed.
It also tackles the uncomfortable question the industry avoids:
Are these really “IoT SIM cards”, or are they just professional cellular connections wrapped in better tooling?
First: What Do We Mean by M2M and IoT?
Before talking about SIMs, it is worth clearing up terminology.
M2M (Machine-to-Machine)
M2M is the older term, and it describes direct device-to-device communication with minimal abstraction.
Typical characteristics:
• One device talks to one server
• Traffic is predictable and narrow
• Connectivity is a utility, not a platform
• Remote access is often required
• Security is handled at network level
Examples:
• Payment terminals
• Early CCTV backhaul
• Industrial telemetry
• Alarm signalling
M2M came from the telecoms world.
IoT (Internet of Things)
IoT is broader and more layered.
Typical characteristics:
• Devices feed into platforms
• Data is aggregated, processed, visualised
• Connectivity is part of a wider system
• Device management matters
• APIs, dashboards, and automation exist
Examples:
• Smart cities
• EV charging networks
• Asset tracking platforms
• Environmental sensors
IoT came from the software world.
The uncomfortable truth
Most deployments described as IoT today are still fundamentally M2M with better tooling.
The SIM does not make something IoT.
The application layer does.
Which leads us neatly to the SIM itself.
Are These Really “IoT SIM Cards”?
Strictly speaking, no.
A SIM card does not know or care whether it is being used for:
• CCTV
• A vending machine
• A router
• A sensor
• A laptop
What people call an “IoT SIM” is really this:
A professional cellular subscription designed for unattended devices, with additional controls, policies, and management features layered around it.
The difference is not the SIM.
It is everything around the SIM.
What actually makes a SIM suitable for IoT / M2M
• Roaming capability
• Long-term availability (years, not months)
• Predictable commercial model
• Private APNs
• Fixed or deterministic IP options
• Estate management portals
• API access
• Support for remote access strategies
• Conservative network behaviour
Consumer SIMs can technically work.
They just fail operationally.
What Happens When You Insert a Roaming SIM into a Router
Let’s get practical.
Take a router such as the Teltonika RUTC41 and insert a roaming SIM.
From power-up to connectivity, this is what actually happens.
Step 1: Router and Modem Initialisation
When the router powers on:
• The router OS boots
• The cellular modem initialises
• The SIM is powered and queried
At this point, nothing is connected.
The router has no network, no IP, no data path.
Step 2: Network Scanning and PLMN Discovery
The modem scans supported frequency bands and listens for broadcast information from nearby mobile networks.
Each network broadcasts a PLMN (Public Land Mobile Network), defined by:
• MCC – Mobile Country Code
• MNC – Mobile Network Code
In the UK, examples include:
• Vodafone
• O2
• EE
• Three
The modem reports all visible PLMNs to the SIM.
The SIM then decides:
• Which networks it is allowed to use
• Which networks it prefers
• Which networks it must avoid
This logic lives on the SIM and in the SIM provider’s core.
Step 3: Network Selection and Registration
Once a candidate network is chosen, the modem attempts to register.
This involves:
• SIM authentication
• Validation of roaming agreements
• Establishment of signalling channels
If registration fails, the modem moves on.
If it succeeds, the router is now attached to a mobile network, but still has no data session.
Step 4: APN Selection and Data Session Setup
Next comes the APN.
The APN defines:
• What service this SIM receives
• Which core network is used
• How traffic is routed
• What IP addressing policy applies
This is where consumer and professional SIMs diverge sharply.
IP Addressing: Where Most Confusion Lives
Once the APN session is accepted, the network assigns an IP address.
This is where terms like public IP, private IP, and CGNAT get misused.
Let’s clear it up properly.
Model 1: True Public IP on the Router
In this model:
• The router’s WAN interface receives a public IPv4 address
• That IP is directly routable
• Inbound connections work
This is now rare, especially on roaming SIMs.
It is simple, but expensive in IPv4 terms and risky without careful firewalling.
Model 2: Private IP on the Router with Dedicated 1:1 Public NAT
This is the most misunderstood and most common professional model.
Here is what actually happens:
• The router receives a private IP (RFC1918 or CGNAT range)
• The mobile core maps that IP 1:1 to a dedicated public IPv4 address
• The mapping is persistent
• The public IP is not shared
• Inbound connections work
From the router’s perspective, the IP is private.
From the internet’s perspective, it is public.
This is not CGNAT.
Why this is not CGNAT
CGNAT means:
• Many devices share a small pool of public IPs
• NAT mappings are dynamic
• Inbound traffic is blocked
• Port behaviour is unpredictable
Dedicated 1:1 NAT means:
• One SIM equals one public IP
• Routing is deterministic
• Inbound access is possible
• Firewalling and port forwarding make sense
This is why these services are legitimately sold as public IP SIMs, even though the router itself never sees a public address.
Function matters more than semantics.
Model 3: Fully Private IP with Controlled Breakout
In this model:
• The router receives a private IP
• Traffic stays within a private core
• Internet access may be restricted or proxied
• Remote access is done via VPN or platform
This is common in large IoT estates where security and predictability matter more than convenience.
Why the Same Roaming SIM Behaves Differently on Different Networks
When roaming:
• The visited network provides radio access
• The home network enforces policy
Depending on agreements and architecture:
• One network may allow local breakout
• Another may tunnel traffic back to the home core
• Another may enforce stricter NAT or firewalling
This is normal behaviour, not inconsistency.
How Roaming SIMs and Routers Switch Networks
A common question is:
Why doesn’t the router just move to a better network automatically?
Because stability beats performance.
Who controls network switching?
It is shared:
• The modem measures signal
• The router OS applies policy
• The SIM enforces permissions
• The network influences behaviour
By default, once registered, the SIM prefers to stay registered.
Why poor networks get “stuck”
Mobile networks are stateful and sensitive to signalling load.
Dropping and re-registering frequently can cause:
• Temporary blocking
• Slower reattachment
• Unstable sessions
So the default behaviour is conservative:
• Stay connected if signal is above minimum
• Do not switch unless connection fails
• Prefer continuity over throughput
This is deliberate.
What actually forces a switch
• Loss of signal
• Registration rejection
• Repeated APN failures
• Modem reset
• Explicit PLMN blacklisting
Industrial routers expose these controls.
Cheap routers do not.
Why SIM Refresh and Cancel Location Exist
Mobile cores remember things.
Sometimes they remember them wrong.
What the network tracks
• Which cell the SIM is on
• Which gateway is in use
• Which IP session exists
• Which roaming path applies
If any part of that state breaks silently, the SIM can appear connected but be unusable.
Cancel Location
Cancel Location tells the visited network:
“This subscriber is no longer valid here. Drop everything.”
It forces:
• Full deregistration
• State cleanup
• Clean reattach
This is why it fixes so many “stuck” SIMs.
SIM Refresh
SIM refresh tells the SIM to:
• Reload configuration
• Reapply PLMN rules
• Restart SIM applications
It is useful when steering rules or permissions have changed.
Proof of Delivery (PoD)
PoD confirms the SIM can still receive signalling messages.
If PoD fails, the SIM may look alive but be unreachable from the core.
In large estates, PoD failures are early warning signs.
So What Are Roaming SIMs Really For?
Roaming SIMs are not about speed.
They are not about consumer convenience.
They are not magic.
They exist to deliver:
• Predictable connectivity
• Geographic resilience
• Operational stability
• Centralised control
• Long-term availability
They are plumbing, not a product.
The Honest Summary
• “IoT SIM” is mostly a marketing label
• These are professional cellular connections
• The value is in control, policy, and management
• Private IP does not mean CGNAT
• Public IP does not always sit on the router
• Roaming prioritises stability over performance
• Many issues are state, not signal
Once you understand this, roaming SIMs stop being mysterious.
They start being what they really are:
A reliable way to keep machines talking when nobody is there to reboot them.
Optional Sources (plain text)
3GPP Mobile Network Architecture
Enterprise APN Design
Carrier Core Routing Models
Industrial Cellular Deployment Practices
IoT Connectivity Management Platforms
