Connecting clients to servers presents challenges when the client is behind a firewall or router. A common scenario is as illustrated in FIG. 3. Here, a variety of clients 302-1 through 302-C are located in a house 301 and are connected to a firewall 304. Connections 306 are needed between the firewall 304 and the server 308. The firewall 304 may also be another device that protects and/or limits communication. For example, the firewall may be a gateway, a Network Address Translation (NAT) apparatus, etc.
A common situation arises as follows. A service provider has a server on the Internet, and a user has a client on a local LAN (Local Area Network) that is intended to work with the server. However, the LAN and the Internet are separated by a firewall. The LAN may be, for example, either a corporate LAN, a home network, etc. The firewall is often used to provide protection (especially in the case of a corporate LAN) between external and internal resources but sometimes it may be present as part of a NAT (Network Address Translation) to provide additional IP (Internet Protocol) addresses on the LAN. In many cases, a user will want the client and the server to communicate with each other without modifying the firewall, either because the firewall is not within their control (it may be run by the information systems department or the Internet service provider) or because they don't know how or don't want to go through the trouble of modifying the firewall.
Many Internet-based services require server-initiated transactions. For example, if a user has a network-enabled security system and wants to check on the status of the system while on vacation, the security service's server must initiate a transaction with, for example, a motion sensor to query the status. Before a transaction can be initiated, there must be a network connection between the client and the server. However, if there is a firewall or NAT router between the client and the server, the server may not be able to initiate a connection to the client because it will be blocked by the firewall/NAT. Firewalls attempt to make it impossible for unauthorized connections from the outside (i.e. Internet) to clients behind the firewall to occur while NATs exhibit this behavior as a side-effect. However, firewalls and NATs, relatively freely allow connections from the inside out to the Internet.
Therefore, one possible solution for server-initiated transactions is to first establish a persistent network connection from the client to the server. With a persistent connection between the client and the server, the server can initiate transactions whenever necessary, and the client can also initiate transactions over the same connection. The client initiates the connection, since it can initiate network connections out to the server relatively easily. The client may connect to the server upon, for example, powering on, and maintain the connection indefinitely, or establish a connection on a prescribed schedule. If a connection is dropped by intervening routers, etc., the client may attempt to reestablish the connection.
This scheme may work fine, for a small numbers of clients. However, for a large number (i.e. thousands or more) of clients connecting to a single server, the server will soon be overloaded by the large number of simultaneous connections, even if none are actively engaged in transactions. Industry-standard servers do not handle persistent connections well because each connection uses resources, and only a limited number of connections can be maintained simultaneously. In a typical Operating System (such as Solaris, Linux, Windows) the TCP/IP (Transmission Control Protocol/Internet Protocol) implementation is designed such that when a connection is established, a significant amount of system memory is allocated for data buffers and structures to keep track of the state of the connection. As the data structures grow, more computing time is needed to service each connection when it is active. Application level connections such as HTTP (Hypertext Transfer Protocol) carry similar (additional) burdens. If a server is attempting to manage a large number of connections, it is soon overwhelmed with the overhead of simply managing the connections. This presents a problem.