System and method for hosted network management

We claim: 1. A method comprising: receiving, at a network host, a request from a node device for a network address, wherein the node device is one of a plurality of node devices in a managed network; determining that the node device is associated with device registration data in the managed network that identifies a network owner of the managed network; returning a network address allocation message to the node device based on the device registration data, the network address allocation message for use in configuring the node device for operation in the managed network; establishing, based on the network allocation message, a persistent Virtual Private Network (VPN) tunnel between the network host and the node device; maintaining the persistent VPN tunnel between the network host and the node device for exchanging network messages; and performing, by the network host, pull-based network monitoring to provide a user management interface to the network owner for managing the plurality of node devices, wherein the network host sends a query message to the node device using the persistent VPN tunnel, retrieves operational data from a query response from the node device, and provides real-time updates to the user management interface in accordance with the operational data from the node device, wherein different ones of the plurality of node devices are part of different ones of local networks associated with the network owner. 2. The method of claim 1 , wherein maintaining the persistent VPN tunnel comprises: receiving periodic authentication messages from the node device at the network host; and responding to the authentication message with an acknowledgment message. 3. The method of claim 1 , further comprising: providing the user management interface to the network owner via a portal accessed over a wide area network. 4. The method of claim 1 , wherein the node device is one of a router, a gateway device, and a wireless access point. 5. The method of claim 1 , wherein the node device is a gateway device configured to provide network address translation for a plurality of client devices located on a local area network. 6. The method of claim 1 , further comprising: sending and receiving encapsulated packet messages between the network host and the node device, the encapsulated packet messages comprising packet messages of a message protocol appended with header information associated with the managed network. 7. A network host comprising: one or more computer processors; and a memory storing instructions that, when executed by the one or more computer processors, cause the network host to: receive a request from a node device for a network address, wherein the node device is one of a plurality of node devices in a managed network; determine that the node device is associated with device registration data in the managed network that identifies a network owner of the managed network; return a network address allocation message to the node device based on the device registration data, the network address allocation message for use in configuring the node device for operation in the managed network; establish, based on the network allocation message, a persistent Virtual Private Network (VPN) tunnel between the network host and the node device; maintain the persistent VPN tunnel between the network host and the node device for exchanging network messages; and perform pull-based network monitoring to provide a user management interface to the network owner for managing the plurality of node devices, wherein the network host sends a query message to the node device using the persistent VPN tunnel, retrieves operational data from a query response from the node device, and provides real-time updates to the user management interface in accordance with the operational data from the node device, wherein different ones of the plurality of node devices are part of different ones of local networks associated with the network owner. 8. The network host of claim 7 , wherein maintaining the persistent VPN tunnel comprises: receiving periodic authentication messages from the node device at the network host; and responding to the authentication message with an acknowledgment message. 9. The network host of claim 7 , wherein the instructions further cause the network host to: provide the user management interface to the network owner via a portal accessed over a wide area network. 10. The network host of claim 7 , wherein the node device is one of a router, a gateway device, and a wireless access point. 11. The network host of claim 7 , wherein the node device is a gateway device configured to provide network address translation for a plurality of client devices located on a local area network. 12. The network host of claim 7 , wherein the instructions further cause the network device to: send and receive encapsulated packet messages between the network host and the node device, the encapsulated packet messages comprising packet messages of a message protocol appended with header information associated with the managed network. 13. A non-transitory computer-readable medium storing instructions that, when executed by a network host, cause the network host to: receive a request from a node device for a network address, wherein the node device is one of a plurality of node devices in a managed network; determine that the node device is associated with device registration data in the managed network that identifies a network owner of the managed network; return a network address allocation message to the node device based on the device registration data, the network address allocation message for use in configuring the node device for operation in the managed network; establish, based on the network allocation message, a persistent Virtual Private Network (VPN) tunnel between the network host and the node device; maintain the persistent VPN tunnel between the network host and the node device for exchanging network messages; and perform pull-based network monitoring to provide a user management interface to the network owner for managing the plurality of node devices, wherein the network host sends a query message to the node device using the persistent VPN tunnel, retrieves operational data from a query response from the node device, and provides real-time updates to the user management interface in accordance with the operational data from the node device, wherein different ones of the plurality of node devices are part of different ones of local networks associated with the network owner. 14. The non-transitory computer-readable medium of claim 13 , wherein maintaining the persistent VPN tunnel comprises: receiving periodic authentication messages from the node device at the network host; and responding to the authentication message with an acknowledgment message. 15. The non-transitory computer-readable medium of claim 13 , wherein the instructions further cause the network host to: provide the user management interface to the network owner via a portal accessed over a wide area network. 16. The non-transitory computer-readable medium of claim 13 , wherein the node device is one of a router, a gateway device, and a wireless access point. 17. The non-transitory computer-readable medium of claim 13 , wherein the node device is a gateway device configured to provide network address translation for a plurality of client devices located on a local area network.