SIM-to-SIM private networking, built in
Put two or more SIMs in the same private subnet. Traffic between them is reflected at the SIMSY network layer and never reaches the public internet. No VPN, no tunnels, no fixed IPs, no infrastructure beyond the SIM itself.
What you get for free
Three primitives do the work
Cellular Private LAN is not a separate product — it is what you get when you compose three building blocks on the SIMSY API.
VSlice
A virtual slice of the SIMSY network. Configure subnets, DNS, IP allocation, regional gateway, and routing policy. Endpoints sharing a VSlice can be in the same private subnet.
Endpoint Group
A logical group of endpoints (SIMs) that inherit the same subnet, APN, routing policy, and VSlice membership. The usual unit you manage at scale.
Routing Policy
Where traffic from this VSlice goes. Default-deny for external destinations, allowed routes for the private subnet, and an explicit policy for anything that needs to leave.
Put two SIMs on the same private subnet
Everything below is callable through https://api.s-imsy.com/api/v1 with a Bearer token. Request and response bodies are in the OpenAPI spec — try them live in the interactive docs.
1. Inspect or create a VSlice
The VSlice owns the subnet, IP allocation mode, DNS, and routing policy. Start by listing existing VSlices on your account.
$ curl https://api.s-imsy.com/api/v1/vslices \ -H "Authorization: Bearer $SIMSY_TOKEN" # Each VSlice returns: id, moniker, name, subnets, # ipAllocationType, dnsMode, dnsServers, routingPolicyId, # endpointCount, endpointGroupCount, and more.
2. Group the endpoints you want on the same LAN
An endpoint group inherits the VSlice's networking. Assign your endpoints to a group bound to the right VSlice.
# List endpoint groups
$ curl https://api.s-imsy.com/api/v1/endpointgroups \
-H "Authorization: Bearer $SIMSY_TOKEN"
# Move an endpoint into a group (full body in the spec)
$ curl -X POST \
https://api.s-imsy.com/api/v1/endpointgroups/{groupIdOrMoniker}/endpoints \
-H "Authorization: Bearer $SIMSY_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "endpointIds": ["..."] }'3. Confirm the endpoints see each other
Once both endpoints have come up on the network with the right VSlice, they can address each other directly on the private subnet. No tunnel software, no client config.
# Find the other endpoint's private IP from the SIMSY portal
# or the API, then:
$ curl http://10.42.0.17:8080/health
{"status":"ok"}
# The traffic stays inside the SIMSY network.
# It does not traverse the public internet.4. Watch the events
Endpoint-to-endpoint sessions, IP assignments, and routing policy changes all surface as events on the account.
$ curl https://api.s-imsy.com/api/v1/events \
-H "Authorization: Bearer $SIMSY_TOKEN"
# Or per-endpoint:
$ curl https://api.s-imsy.com/api/v1/endpoints/{id}/events \
-H "Authorization: Bearer $SIMSY_TOKEN"The network is the perimeter
Sensor fleets that talk to a gateway
Hundreds of sensors all on cellular, talking only to a single gateway endpoint. The gateway is reachable; the sensors are not exposed. No DDNS, no static IPs.
Edge AI inference clusters
Multiple Pis or industrial PCs cooperating on inference, with a shared private subnet for coordination traffic. The orchestrator endpoint reaches them; everything else does not.
OT/IT segregation at the cellular layer
Operational endpoints in one VSlice, IT-side endpoints in another. The segregation is enforced by SIMSY routing — not by hoping a router config does the right thing.
Multi-site connectivity without a VPN
Three sites, ten endpoints each, one VSlice. They behave like a single LAN. No tunnel concentrator, no certificate rotation.
Get two SIMs and try it
Two developer SIMs in the same VSlice is the smallest useful test. Tell us what you're connecting and we'll set up the right group and routing policy with you.
Request developer SIMs