How LoRaWAN Works: Long-Range IoT Networking with Chirp Spread Spectrum

LoRaWAN (Long Range Wide Area Network) is a low-power, wide-area networking protocol designed for wirelessly connecting battery-operated devices to the internet over distances of up to 15 kilometers in rural environments and several kilometers in dense urban areas. Unlike WiFi, which trades range for throughput, LoRaWAN is built for IoT sensors that transmit small payloads -- a few bytes of temperature data, a GPS coordinate, a water level reading -- at data rates measured in kilobits per second. The protocol is defined by the LoRa Alliance and operates on top of the LoRa physical layer, a proprietary chirp spread spectrum modulation developed by Semtech.

LoRaWAN occupies a specific niche in the wireless landscape: applications where devices must run for years on a single battery, where the data payloads are small and infrequent, and where cellular connectivity is either too expensive or unavailable. Smart agriculture sensors, water meters, parking sensors, environmental monitors, and asset trackers are canonical LoRaWAN use cases. Understanding the protocol requires examining both the LoRa physical layer and the LoRaWAN MAC layer that sits on top of it.

LoRa Physical Layer: Chirp Spread Spectrum

The foundation of LoRaWAN's range advantage is the LoRa modulation at the physical layer. LoRa uses a technique called Chirp Spread Spectrum (CSS), where each symbol is encoded as a frequency chirp -- a signal that sweeps linearly across the entire bandwidth of the channel over a fixed time period. An "up-chirp" sweeps from the lowest frequency to the highest; a "down-chirp" sweeps in the opposite direction.

In LoRa, data is encoded by varying the starting frequency of each chirp. A symbol with value 0 starts at the base frequency, a symbol with value 1 starts one step higher, and so on. The number of possible starting frequencies -- and therefore the number of distinct symbols -- is determined by the Spreading Factor (SF). With SF7, each chirp encodes 7 bits (128 possible symbols). With SF12, each chirp encodes 12 bits (4096 possible symbols), but the chirp takes much longer to transmit, reducing the data rate dramatically while increasing range and noise immunity.

LoRa Chirp Spread Spectrum Modulation Frequency Time f_max f_min Symbol 0 Symbol 3 Symbol 5 Symbol 7 Each chirp sweeps the full bandwidth. Starting freq encodes the symbol value.

The key properties of CSS that make it suitable for long-range IoT communication:

Spreading Factors and the Range-Rate Tradeoff

LoRa defines spreading factors from SF5 to SF12 (though SF5 and SF6 are only used in specific configurations). Each step up in SF doubles the airtime of a packet while increasing the link budget by approximately 2.5 dB. This creates a clear tradeoff:

SF   Chips/Symbol   Bit Rate (125kHz BW)   Sensitivity    Max Payload   Airtime (10 bytes)
SF7     128           5,470 bps             -123 dBm       242 bytes     ~36 ms
SF8     256           3,125 bps             -126 dBm       242 bytes     ~64 ms
SF9     512           1,760 bps             -129 dBm       115 bytes     ~113 ms
SF10   1024             977 bps             -132 dBm       51 bytes      ~206 ms
SF11   2048             537 bps             -134.5 dBm     51 bytes      ~372 ms
SF12   4096             293 bps             -137 dBm       51 bytes      ~682 ms

A device using SF12 can reach a gateway several times farther away than one using SF7, but its packet takes nearly 20 times longer to transmit. This has direct implications for battery life and duty cycle compliance: longer airtime means more energy consumed per transmission and more time occupying the channel. The LoRaWAN MAC layer uses Adaptive Data Rate (ADR) to automatically select the optimal SF for each device based on its observed signal quality.

Frequency Bands and Regional Parameters

LoRaWAN operates in unlicensed ISM bands, but the specific frequencies and regulatory constraints vary by region:

The choice of sub-GHz frequencies is deliberate. Lower frequencies propagate farther, diffract around obstacles more effectively, and penetrate buildings better than the 2.4 GHz and 5 GHz bands used by WiFi. A LoRa signal at 868 MHz can travel 5-15 km in line-of-sight conditions and 2-5 km in urban environments with significant building penetration.

LoRaWAN Network Architecture

LoRaWAN uses a star-of-stars topology. End devices do not communicate with each other or form mesh networks. Instead, every uplink message is received by one or more gateways and forwarded to a central network server.

LoRaWAN Network Architecture Sensor A (Class A) Meter B (Class A) Actuator C (Class C) Tracker D (Class A) End Devices LoRa Radio Gateway 1 8-ch receiver Gateway 2 8-ch receiver Gateways IP Backhaul (Ethernet/WiFi/4G) Network Server dedup, MAC, ADR Network Server Join Server OTAA key mgmt App Server 1 agriculture App Server 2 metering App Server 3 tracking Application Servers LoRa / LoRaWAN TCP/IP / TLS HTTPS / MQTT

The four components of a LoRaWAN network:

A critical design decision in LoRaWAN is that gateways are dumb forwarders. All intelligence resides in the network server. This simplifies gateway deployment enormously: you can place gateways on rooftops, lamp posts, or cell towers without worrying about configuring device associations, managing keys, or handling routing. Any device's uplink can be received by any gateway; the network server sorts out the rest.

Device Classes: A, B, and C

LoRaWAN defines three device classes that represent different tradeoffs between downlink latency and power consumption:

Class A (All devices)

Class A is the baseline and the most energy-efficient mode. A Class A device sleeps most of the time. When it has data to send, it wakes up, transmits an uplink, and then opens two short receive windows (RX1 and RX2) at precisely defined delays after the uplink transmission. RX1 opens 1 second after the uplink ends (configurable via the RX1Delay parameter); RX2 opens 1 second after RX1 closes (typically 2 seconds after uplink). Each window is open for just a few hundred milliseconds.

If the network server has a downlink message queued for the device, it must transmit it during one of these windows. If neither window is used, the device goes back to sleep. There is no way to reach a Class A device outside of these windows. The server must wait until the device sends its next uplink, which might be minutes, hours, or days later depending on the application.

Class A is ideal for sensors that report periodically (every 15 minutes, every hour) and rarely or never need to receive commands from the server.

Class B (Beacon)

Class B extends Class A by adding scheduled receive windows at regular intervals, synchronized by beacons broadcast by the gateway. The gateway transmits a beacon every 128 seconds, and Class B devices use this beacon to align their internal clocks and open "ping slots" at predetermined times. The network server knows when each device's ping slots are open and can schedule downlinks accordingly.

This provides a predictable downlink latency (configurable from about 1 second to 128 seconds) at the cost of additional power consumption. The device must wake up periodically to receive beacons and keep its ping slot windows open. Class B is useful for actuators that need to respond to server commands within a bounded time -- for example, a valve controller that must respond within 30 seconds of a command.

Class C (Continuous)

Class C devices keep their receive window open continuously whenever they are not transmitting. This provides the lowest possible downlink latency (the server can reach the device almost immediately) but at the highest power cost. Class C devices typically require mains power, since continuously listening to the radio channel drains batteries quickly.

Class C is used for devices like streetlight controllers, industrial actuators, or gateway-like concentrators that need to receive commands at any time and are connected to permanent power supplies.

Security: End-to-End Encryption

LoRaWAN provides two layers of encryption, ensuring that neither the gateway nor the network server can read application data in transit:

This separation of keys is fundamental to the LoRaWAN security model. A network operator can run the network server and manage device connectivity without being able to read the data those devices are sending. This enables multi-tenant network deployments where multiple organizations share the same infrastructure.

OTAA vs ABP: Device Activation

LoRaWAN supports two methods for devices to establish session keys and join the network:

Over-The-Air Activation (OTAA)

OTAA is the recommended method for production deployments. The device is provisioned with three root identifiers:

When the device powers on, it sends a Join Request containing its DevEUI, JoinEUI, and a random DevNonce. The join server verifies the request by computing a CMAC over the Join Request using the device's AppKey. If valid, the join server responds with a Join Accept message containing a network-assigned DevAddr (32-bit device address) and parameters like the RX delays and channel configuration. Both the device and the join server independently derive the NwkSKey and AppSKey from the AppKey and the nonces exchanged during the join procedure.

OTAA provides forward secrecy: each time a device re-joins (after a reset, a firmware update, or at regular intervals), new session keys are derived. If an attacker captures session keys from one session, they cannot decrypt traffic from previous or future sessions without the root AppKey.

Activation By Personalization (ABP)

ABP bypasses the join procedure entirely. The DevAddr, NwkSKey, and AppSKey are hardcoded into the device at manufacturing time. The device can start transmitting immediately without a join handshake.

ABP is simpler to implement but has significant drawbacks: there is no key rotation, no forward secrecy, and the device cannot roam to a different network server (since the session keys are permanently bound to a specific server). ABP also creates risks if frame counters are reset (e.g., after a battery replacement), as the network server may reject frames with lower-than-expected counters as replay attacks. For these reasons, OTAA is strongly preferred for any deployment where security matters.

Adaptive Data Rate (ADR)

ADR is a critical mechanism for optimizing network capacity and device battery life. Without ADR, every device would need to be manually configured with an appropriate spreading factor and transmit power -- an impractical task for deployments with thousands of devices at varying distances from gateways.

ADR works as follows: the network server monitors the signal quality (SNR) of each device's recent uplinks. If a device is consistently received with high SNR margin -- meaning it is transmitting with more power or a higher SF than necessary -- the network server sends a MAC command (LinkADRReq) instructing the device to reduce its SF, transmit power, or both. Conversely, if the device experiences packet loss (detected via frame counter gaps), it can autonomously increase its SF to improve range.

The ADR algorithm typically maintains a margin of about 10-15 dB above the demodulation threshold to account for fading. A device received at SF12 with an SNR of +10 dB might be instructed to switch to SF9 or SF10, dramatically reducing its airtime and battery consumption while freeing up network capacity for other devices.

ADR should only be enabled for stationary devices. Mobile devices (asset trackers, vehicles) experience rapidly changing link conditions, and ADR's averaging algorithm cannot adapt fast enough. Mobile devices should use a fixed, conservative SF (typically SF10 or SF11).

Duty Cycle and Fair Access

In many regions (particularly Europe under ETSI regulations), LoRaWAN devices must comply with strict duty cycle limits. The EU868 band imposes a 1% duty cycle on the default channels, meaning a device can only transmit for 1% of the time. For a packet that takes 1 second to transmit, the device must then wait 99 seconds before transmitting again on that channel.

This has profound implications for application design:

Network operators deploying large-scale LoRaWAN networks must carefully model their airtime budget. A gateway serving 10,000 devices, each sending one 20-byte uplink per hour at SF10, must handle approximately 2,000 seconds of airtime per hour distributed across its 8 channels. This is well within the capacity of a single gateway, but as device density or reporting frequency increases, additional gateways must be deployed to absorb the load.

LoRaWAN Frame Structure

A LoRaWAN uplink frame consists of the following fields:

+----------+------+----------+---------+-----------+-----+
| MHDR     | DevAddr | FCtrl | FCnt    | FPort     | FRMPayload | MIC  |
| (1 byte) | (4 B)   | (1 B) | (2 B)  | (0-1 B)   | (0-N B)    | (4 B)|
+----------+---------+-------+--------+-----------+------------+------+
                                                     ^
                                                     |
                                          Encrypted with AppSKey

Roaming and Network Interoperability

LoRaWAN 1.1 and the LoRa Alliance's roaming specification define mechanisms for devices to roam between networks operated by different organizations. Two roaming modes are supported:

Roaming is particularly important for asset tracking use cases where devices (shipping containers, pallets, vehicles) cross national boundaries and encounter different LoRaWAN operators in each country.

LoRaWAN vs Other LPWAN Technologies

LoRaWAN competes with several other low-power wide-area technologies, each with distinct characteristics:

LoRaWAN's primary advantage is that it operates on unlicensed spectrum, allowing anyone to deploy their own network without depending on a telecom carrier. This makes it attractive for agricultural deployments, smart building projects, industrial monitoring, and municipal infrastructure where the deployer wants to control the entire stack.

Practical Deployment Considerations

Deploying a LoRaWAN network involves several engineering decisions that directly affect coverage, capacity, and battery life:

LoRaWAN and IP Networks

LoRaWAN end devices do not have IP addresses. They are identified by DevEUI and DevAddr within the LoRaWAN network, and their traffic is encapsulated and forwarded over IP only between gateways and the network server. The gateway-to-network-server link typically uses UDP (the Semtech Packet Forwarder protocol) or, in newer implementations, the LoRa Basics Station protocol over WebSocket/TLS.

This means LoRaWAN devices do not participate in IP routing, BGP, DNS, or any of the protocols that form the internet's backbone. The network and application servers act as protocol translators, exposing device data to the IP world via MQTT, HTTP webhooks, gRPC, or other application-layer protocols. From the perspective of internet routing, a LoRaWAN deployment is invisible -- it exists entirely behind the network server's IP address.

However, the backhaul connectivity between gateways and the network server is critical. If a gateway's internet connection goes down -- whether due to a BGP routing issue, a DNS failure, or a physical link problem -- all devices communicating through that gateway lose connectivity. This is why production deployments often provision gateways with redundant backhaul (e.g., Ethernet primary, cellular backup) and deploy sufficient gateway density that every device is within range of at least two gateways.

Try It Yourself

LoRaWAN devices ultimately connect to backend services over the internet, and understanding the routing infrastructure that carries that traffic is essential for building reliable IoT systems. Use the god.ad BGP Looking Glass to explore the BGP routes and autonomous systems that connect LoRaWAN network servers, cloud platforms, and application backends to the global internet.

See BGP routing data in real time

Open Looking Glass
More Articles
What is DNS? The Internet's Phone Book
What is an IP Address?
IPv4 vs IPv6: What's the Difference?
What is a Network Prefix (CIDR)?
How Does Traceroute Work?
What is a CDN? Content Delivery Networks Explained