Why do BMS systems use so much mobile data?

Aggressive polling/logging, verbose payloads and cloud sync. A single 1 MB message every 5 seconds is ~17 GB/day before any public-IP noise or remote sessions.

Do blocked pings/scans still count towards data?

Yes. Packets are metered once they reach the modem interface, even if the firewall drops them. Public IPs attract continuous probes.

What reduces background noise most effectively?

Remove public exposure with a private APN/CGNAT and VPN. If public IP is required, enable flood/scan protections, default-deny the firewall, restrict port forwards and whitelist source IPs.

What is a healthy daily baseline?

Many tuned sites run ~200–400 MB/day telemetry. Background idle can be <10–50 MB/day on private APN/VPN designs; public IP exposure may add hundreds of MB/day if unfiltered.

4G router

Why BMS Systems Use So Much Mobile Data (and How to Fix It)

22nd October 2025 · 3 min read

TL;DR: Two things drive big bills: chatty BMS telemetry and public IP noise. Calculate both with the tools below, then fix: raise poll intervals, use COV with deadbands, batch/compress, enable flood/scan protections, and—ideally—remove public exposure with private APN/VPN.

Why BMS/SCADA burn mobile data

Defaults used during commissioning—1–10 s polls, verbose payloads, cloud sync and open remote sessions—often remain in production. On cellular, every byte costs.

Aggressive polling

Temperature/energy rarely need sub-10 s scans. Aim for 60–300 s, or use Change-of-Value with sensible deadbands (≈0.3 °C, 2% RH).

Verbose payloads

Uncompressed JSON and frequent TLS handshakes waste bytes. Batch points, compress where supported, and keep TLS sessions alive.

Cloud sync & historians

Nightly full uploads dwarf telemetry. Push deltas/aggregates and schedule off-peak or over non-cellular backhaul.

Remote desktop left open

RDP/VNC idles at 50–150 kbps. Use VPN, set timeouts, avoid all-day sessions.

The simple maths: 1 MB every 5 s → 12/min → 720/hour → ≈17.28 GB/day, from a single job.

BMS data usage calculator

Estimate daily/weekly/monthly data from telemetry settings. Try 1000 KB payload at 5 s to visualise the 17 GB/day scenario.

Payload per message (KB) Interval between messages (seconds) Messages that actually send (% COV hit rate) Protocol overhead (%)

— MB/day

— GB/week

— GB/month

Public IP noise: why “blocked” still costs

Routers on fixed public IPs attract constant probes—ICMP pings, TCP SYN scans, HTTP(S) bursts. Packets are counted when they reach the modem, even if the firewall drops them. Whitelisting reduces successful sessions, not the inbound noise itself.

Source	What it is	Why it adds up	Mitigation
ICMP pings & TCP SYN scans	Automated reachability and port discovery	Dozens to hundreds of sources, all day, every day	Flood/scan protection; hide behind private APN/VPN
NTP time sync	Devices polling pool servers	Many small packets at short intervals	Space out NTP; local NTP; reduce retries
Keepalives/heartbeats	VPN or platform liveness checks	Short timers (1–10 s) create a steady baseline	Use 60–120 s where possible
Reboots/forensic uploads	Logs/state sent after restart	Hundreds of KB per event, multiplied across devices	Reduce crash verbosity; stagger reconnects

Public IP noise simulator

Simulate unsolicited probes plus routine housekeeping. Compare with the BMS result to understand total exposure.

ICMP packet size (bytes) Pings per source (interval seconds) Distinct probing sources

NTP response size (bytes) NTP queries per day Keepalive packet size (bytes)

Keepalive interval (seconds) Mgmt platform polls per day Mgmt poll size (KB)

Reboots per month Reboot upload size (KB) Extra protocol overhead (%)

— MB/day

— GB/week

— GB/month

Busy IP? Try 200–500 sources at 5–10 s intervals. You’ll see how “idle” becomes costly.

What to check in router logs and counters

Data usage (daily/iface)

Track inbound when BMS is quiet. Set caps with 50%/80% alerts.

Realtime traffic

LAN idle but WAN inbound ticking? That’s likely scans/floods.

Kernel/Firewall logs

Look for “syn flood”, “port scan”, “icmp flood”, “drop”, “invalid”. After enabling protections, drops should stabilise.

Forwards & ACLs

Remove unused forwards. Change management ports. Whitelist known IPs only.

Best practice: getting from GB to MB

BMS tuning: 60–300 s polls; COV with deadbands; batch and compress; avoid all-day RDP/VNC.
Reduce exposure: Prefer private APN/CGNAT with outbound VPN. If public IP is mandatory, default-deny firewall, minimal forwards, source whitelists, enable flood/scan protections.
Quiet housekeeping: NTP hourly to 12-hourly; keepalives 60–120 s; reduce management inventory frequency; disable speed tests.
Alerting & RF: Data caps with alerts; ensure good RSRP/SINR to avoid retransmit overhead.

Frequently asked questions

Why is my BMS using so much mobile data?

Aggressive polling/logging and verbose payloads. A single 1 MB/5 s job is ~17 GB/day. Tune intervals, enable COV, batch/compress.

Does whitelisting stop the background data?

No. It stops unauthorised sessions completing. Probes still arrive and are counted. Flood/scan protections reduce impact; private APN/VPN removes exposure.

What’s a realistic daily target?

Telemetry: ~200–400 MB/day for many sites. Background idle: <10–50 MB/day on private APN/VPN; public IP may be far higher if unfiltered.

Bottom line: measure both sides—BMS telemetry and public exposure. Fix configuration, quiet the housekeeping, and remove exposure where you can. The data bill—and stability—improves fast.