This post is out of an interesting conversation I had with one of my readers.
In LTE, UE gets attached to a network in a single shot. That is when the UE is switched on it will send a NAS message, Attach Request along with PDN connectivity request. Look here.
3GPP TS 24.301 has a little different story to tell though. According to the spec UE shall not include APN and PCO in the PDN connectivity request when the same is sent along with attach request. The spec says UE shall send the PDN connectivity request with a flag "ESM Information transfer" on and no APN or PCO shall be included. Once MME receives the Attach Request+PDN connectivity request, it shall go ahead and accept the attach but it shall not establish the EPS bearers just yet.
MME now goes ahead with establishing security context. Look here. After the security context is established MME will send a NAS message "ESM Information Request" asking UE for APN and PCO. Now UE shall send "ESM Information Response" with APN and PCO, encrypted(?). Once MME receives this response it will go ahed with establishing the EPS bearers. If the response doesn't include APN then default APN shall be used by MME.
Why this? I guess this is for security. We just dont want to reveal the user name passwords to any network that asks for it, right?. And also above is only valid if Attach Request and PDN connectivity request messages are sent together. The story is different if the two messages are sent separately. More thoughts?