Being able to access devices and functions over the Internet has greatly improved modern communications and data access. Because of the improvements, such access has become extremely popular. The extreme popularity also brings along the need to have very large-scale operations, often referred to Internet-scale. A factor complicating the large-scale operations is that access to the service or function is often through a single uniform resource identifier (URI) or Internet Protocol (IP) address. An additional factor complicating the large-scale operations is the need to keep the devices providing the services or functions protected from improper access. A gateway or firewall provides the security capability while a load balancer provides the distribution to the many devices that actually provide the services and functions. A problem arises because the gateways and the devices are generally configured to operate on a local or private IP address space, whereas the external address of the load balancer is a public IP address. Therefore, a mapping or network address translation (NAT) must occur and this mapping needs to be stateful and needs to maintain persistent connections as well. The load balancer can perform the mapping function, but the stateful nature, combined with the extremely large numbers of connections in a large-scale operation, means that the load balancer is a heavily loaded device and thus becomes very expensive.
It is desirable to be able to provide Internet-scale operations without requiring a very expensive and complicated, public-facing load balancer or equivalent but also to maintain security of the internal devices providing the services and functions.