Lolo Company

The Lolo Company Doco

Welcome to the Lolo Company doco to help you start working with Lolo!


APN / DNN Onboarding

How to Onboard an APN / DNN


The Programmable Virtual Private Cloud (PVPC) is a programmable distributed overlay network and one central method of onboarding large number of devices is through onboarding a private Access Point Name (APN) or Data Network Name (DNN) in pre- and post-5G speak respectively. This document will use the term APN universally, but both the term is interchangeable.

APNs are onboarded onto one of our many Regional Sites based on latency requirements and access to carrier networks.

Using the APN method, all the mobile devices using the APN will be manageable in the Lolo PVPC infrastructure. From there you can manage these networks and devices using the PVPC APIs.

APN integration relies on the methods in the ETSI standard TS 129 061 - Interworking between the Public Land Mobile Network (PLMN) supporting packet based services and Packet Data Networks (PDN) which can be found here.

The following definitions are set out and used in this document:




Access Point Name used interchangeably with Data Network Name or DNN in 5G

CSP Gateway

CSP Gateways are high performance, redundant gateways which run in the Regional Sites and terminate APNs using IPSec or fiber connections.

Egress Site

These are special Regional Sites where only CG-NAT is hosted for egress pinning

Enterprise Gateway

The Enterprise Gateway is a Programmable Virtual Private Cloud router spun as a private network for the customers


Packet Data Network (PDN) Gateway used interchangeably with User Plane Function or UPF in 5G

Regional Site

Regional Sites are one of the global sites where the PVPC traffic plane is hosted.
Regional Sites host the following:

  • CSP Gateways
  • PVPC Enterprise Gateways
  • CG-NAT
  • IPSec Contrators

The overview of the architecture is as follows:

Onboarding of an APN is a service request (not done through the API) in which the Lolo operations team establishes an IPSec VPN to the Connectivity Service Provider's (CSP) PGW - typically along with RADIUS integration, however other protocols such as Diameter are supported. Once an APN is terminated in the CSP Gateways, the traffic and devices attached to these networks now becomes manageable using the PVPC API.

IPSec Integration

The following parameters are typically exchanged as part of the IPSec Integration:
Tunnel MTU

IKE Proposal

  • IKE Version
  • Pre-shared Key
  • Hash Algorithm
  • Encryption Algorithm
  • Key Exchange

IPSec Proposal

  • Transport Protocol
  • Authentication Algorithm
  • Encryption Algorithm
  • Perfect Forward Secrecy
  • Data lifetime

Tunnel Monitoring attributes

BGP Information for Redundant VPNs

  • IP Addresses
  • Routes

RADIUS Integration

The following parameters are typically exchanged as part of the RADIUS Integration:
Primary and Secondary RADIUS Server IP Addresses
Usage for Authentication, Accounting and IP Address Allocation
Username - typically [email protected]
Set to use DNS on APN

A number of additional RADIUS attributed as defined in TS 129 061 are specified.

Updated 7 months ago

APN / DNN Onboarding

How to Onboard an APN / DNN

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.