To enable devices to communicate with one another across a network (such as the Internet), each device has an address that other devices can use to address it. The current form of Internet addressing, known as IPv4, is limited to 232, or 4,294,967,296, unique device addresses. Each device that is publicly accessible by other computers on the Internet is represented with an IP address. IPv4 sets the following format for each IP address: xxx.xxx.xxx.xxx. Each ‘xxx’ in this address format represents a number from 0-255. All of these IP addresses make up what is referred to as the “address space.” However, large portions of this address space have already been allocated. Consequently, the number of available addresses will soon run out.
Solutions exist for allowing multiple devices to access the Internet without allocating unique, publicly addressable IP addresses to each device. For example, Network Address Translation (NAT) is used to allow a set of devices, each having a private IP address, access the Internet. Multiple devices organized into a network with a single point of entry NAT device, typically a firewall and/or router, are represented to the rest of the Internet as a single IP address that is associated with the NAT device. In this way, the NAT device acts as a “public face” of the networked devices that are said to be “behind” the entry device. Devices (such as computers, tablets, or the like) may access devices on the rest of the Internet through the NAT device. The NAT device receives a communication from such a device, including a destination IP address, a destination port, a source IP address, and a source port. The NAT device then assigns a new source port to the communication and keeps track of that new source port. Responses to that communication will reference that new source port, enabling the NAT device to determine which device to send the communication to. This enables routing of traffic between devices behind the NAT device and devices on the rest of the Internet.
However, because IP-based networks only allow 216 different ports (i.e., 0-65535), the number of connections to devices behind a NAT device may be limited because each device may attempt to make multiple connections. For example, if 1000 devices in a network attempt to access 60 different web pages during a period of time, the number of available ports will be exhausted quickly because each outgoing communication may result in initiating an assignment of a new source port.
NAT is also limited in its ability to enable information providers, such as websites, Software as a Service (SaaS) providers, or the like, to communicate with devices behind a NAT device. For instance, it is difficult for information providers to communicate with devices behind a NAT device without the devices behind the NAT device initiating the communication. One solution is to expose a single device behind the NAT device to the rest of the Internet by forwarding all incoming traffic to that device. This is known as a “demilitarized zone” or “DMZ.” Using a DMZ enables communication with that single device, but can create security concerns, because the exposed device may be attacked by outside entities (e.g., ping floods, hacking, denial-of-service, or the like). Using a DMZ also only allows information providers to communicate with only the exposed device, as opposed to enabling communication with multiple devices behind the NAT device.