alt Hacker NewsEh, assuming it's 4G LTE (or above), it's literally the same thing as Wi-Fi calling. This is technically called IMS (IP Multimedia Subsystem, https://en.wikipedia.org/wiki/IP_Multimedia_Subsystem), and is powered by "magic" DNS (no kidding, everything points to 3gppnetwork.org) and literal IP + IPSEC. Even when your phone is connected to Wi-Fi, it enters a special mode called IWLAN which powers your Wi-Fi calling, SMS, and RCS. The only actual factor here is if the ISP that you have versus your mobile network has a good peering.
No, in this case the consumer femtocells on the market (AT&T Cell Booster, Verizon LTE Network Extender) are actual eNodeBs inside the carrier’s RAN. They will IPSEC tunnel back to a security gateway (SeGW), grab provisioning information, and then come up on the carrier’s commercial license as just another (fancy low powered) LTE radio on the network.
AT&T did try to add some additional tamper switches and protection inside their units so they’d brick if you opened them - that was known since the MicroCell era. I believe T-Mobile’s former CellSpots were also tamper-protected in the same manner (they both deployed Nokia LTE small cells).
AT&T also appears to now charge you for the privilege of deploying the newer Cell Booster Pros if you want 5G - I assume that cost ($30/mo per cell!) is basically covering licensing the backend for all of that.
Wi-Fi Calling uses a different SeGW endpoint and is pure IMS back to the carrier voice network, regardless if you shoot it over WiFi or back over a dedicated APN on the LTE network in the normal VoLTE fare.