For decades, it has been known that Internet Protocol version 4 addresses would eventually be exhausted. The 32 bit system provides only about 4.3 billion possible IP addresses. One significant effort to delay exhaustion of IP addresses involves network address translation (NAT). A NAT device modifies IP address information in packet headers as the packets leave one network and enter another. Often, a reverse process is performed for data packets traveling in the opposite direction. In one sense, NAT devices “hide” entire address spaces behind a single IP address. The hidden addresses no longer need to be unique. Thus, many more than 4.3 billion devices may be connected to the Internet.
However, some Internet services rely on identity-based policies for individual user devices. If two user devices are behind the same NAT device, the two user devices may appear to have the same IP addresses to some Internet services. As a result, some current authentication infrastructures cannot adequately provide identity-based Internet services.