The Internet continues undergoing rapid expansion in the numbers of connected computers and it is estimated that the trend towards widely available wireless connectivity and portable computing devices will increase exponentially the number of new computers that connect each day. This rapid expansion has increased radically the need for protecting computers from unauthorized access and has already started causing a number of scalability problems for the Internet network itself. For example the Internet Protocol Version 4 (IPv4) uses 32-bit IP (Internet Protocol) addresses, which means that the theoretical maximum number of computers on the Internet is about 4 billion. The practical limit however, is much lower, due to inefficiencies in how IP addresses are allocated and routed. As such, IPv4 does not provide sufficient unique addresses for the current expansion of the Internet. A newer version of the Internet Protocol (IPv6) uses a 128 bit address space and so provides a larger number of IP addresses, but until this has achieved widespread adoption, other techniques have been used to overcome the address limitations of IPv4 and provide security protection to Internet connected computers.
One such solution in wide use today is Network Address Translation (NAT), where private addresses used on internal networks, such as AOL or other Internet Service Providers (ISP), are only converted to public IP addresses when the subscriber's computer needs to reach out and connect to a public Internet server, such as a Web Server for example. Given that the number of computers that communicate over the Internet at any one time is much lower than the total number of computers that are connected but inactive, only those currently communicating are assigned a public IP address by NAT, thereby reducing the required number of IP addresses. This also provides additional security by virtue of the anonymity afforded to the computers behind NAT-routers or firewalls, which cannot be reached through connections initiated from the Internet.
NAT routers were designed primarily around the client/server paradigm, where client machines inside a private network initiate connections to public servers with stable IP addresses and domain name service or server (DNS) names.
The anonymity and inaccessibility of the internal hosts behind a NAT router is not a problem for client software such as web browsers, which only need to initiate outgoing connections to publicly available Servers. However, this is a problem for applications that require Servers to securely connect to Clients, through incoming connections going through their NAT routers, such as file sharing, games applications, video conferencing, voice-over-IP internet telephony or for secure access to computer servers that do not allow clients to directly connect to them from the internet.
When one of these computers is behind a NAT router, then the other computer cannot connect to it, without the use of special techniques and often complex manual configuration required for every change in connection type, location, service or NAT router/firewall type.
Therefore the asymmetric nature of the addressing and connectivity established by NAT does create a number of problems that a) limit the security of widely available internet services to outbound-only applications, such as the World Wide Web, and b) limit the usability and mass market availability of many additional internet applications and services potentially attractive to large consumer markets, to a smaller number of professionally trained users capable of managing the complex configuration and system management requirements imposed by the currently available NAT and NAT-transverse technology.