Low latency server-side redirection of UDP-based transport protocols traversing a client-side NAT firewall

What is claimed is: 1. A computer implemented method comprising: receiving, at a first server from a second server, a request to provide a data resource to a client; receiving, at the first server from the second server, one or more server-to-server messages comprising connection information for connecting to the client; and providing, by the first server, the data resource to the client using the received connection information, wherein the connection information includes one or more cryptographic connection-initiation packets comprising a HELLO packet and security information based on preparatory data originating from the client, wherein the connection information and the security information are used to establish a connection to the client through a client-side firewall. 2. The computer implemented method of claim 1 , wherein the preparatory data comprises cryptographic materials for encrypting messages sent to the client. 3. The computer implemented method of claim 2 , wherein the cryptographic materials comprise a client selected globally unique identifier (GUID). 4. The computer implemented method of claim 2 , wherein the cryptographic materials comprise a public key comprising a Diffie-Hellman public Key, the Diffie-Hellman public Key being used in a Quick UDP Internet Connection (QUIC) HELLO packet, and a master secret for use in constructing a session symmetric key. 5. The computer implemented method of claim 1 , wherein the one or more server-to-server messages comprise an attestation by the second server regarding ownership of source IP and port addresses associated with the data resource. 6. The computer implemented method of claim 1 , wherein the one or more server-to-server messages comprise a request that an initial message from the first server to the client initiate providing the data resource to the client using at least one of a spoofed source IP address or a spoofed source port address. 7. The computer implemented method of claim 1 , wherein the one or more server-to-server messages are received using a protocol comprising one of TCP, Secure Socket Layer (SSL), Transport Layer Security (TLS), QUIC, or SPDY. 8. The computer implemented method of claim 1 , wherein the connection information comprises a spoofed source IP and port addresses that match client NAT outbound IP and port addresses. 9. A system comprising: memory to store instructions; and a processor configured to execute the instructions to: receive from a server a request for providing a data resource to a client and connection information for connecting to the client; retrieve the data resource from a database; and send the retrieved data resource to the client using the received connection information, wherein the connection information includes one or more cryptographic connection-initiation packets comprising a HELLO packet and security information based on preparatory data originating from the client, wherein the connection information and the security information are used to establish a connection to the client through a client-side firewall. 10. The system of claim 9 , wherein the processor is further configured to execute the instructions to receive one or more server-to-server messages from the server, wherein the one or more server-to-server messages are received using a protocol comprising one of TCP, Secure Socket Layer (SSL), Transport Layer Security (TLS), QUIC, or SPDY. 11. The system of claim 10 , wherein the one or more server-to-server messages comprise attestation by the server regarding ownership of source IP and port addresses associated with the data resource. 12. The system of claim 10 , wherein the one or more server-to-server messages comprise a request that an initial message from the system to the client to initiate providing the data resource to the client using at least one of a spoofed source IP address or a spoofed source port address. 13. The system of claim 10 , wherein: the preparatory data comprises cryptographic materials for encrypting messages before being sent to the client, the cryptographic materials comprise a client selected Globally Unique Identifier (GUID) or a public key comprising a Diffie-Hellman public Key, and the Diffie-Hellman public Key is used in a QUIC HELLO packet and a master secret for use in constructing a session symmetric key. 14. The system of claim 9 , wherein the connection information comprises spoofed source IP and port addresses that match client NAT outbound IP and port addresses. 15. A non-transitory machine-readable medium comprising instructions stored therein, which when executed by a machine, cause the machine to perform operations comprising: receiving, at a first server, from a second server, a request for providing a data resource to a client; receiving, at the first server from the second server, one or more server-to-server messages including connection information for connecting to the client; and providing, by the first server, the data resource to the client, using the received connection information, wherein the connection information includes one or more cryptographic connection-initiation packets comprising a HELLO packet and security information based on preparatory data originating from the client, wherein the connection information and the security information are used to establish a connection to the client through a client-side firewall. 16. The non-transitory machine-readable medium of claim 15 , wherein the one or more server-to-server messages comprise attestation by the second server regarding ownership of a source IP and a port addresses associated with the data resource, the one or more server-to-server messages comprise a request that an initial message from the first server to the client to initiate providing the data resource to the client using at least one of a spoofed source IP address or a spoofed source port address, and the one or more server-to-server messages are received using a protocol comprising TCP, Secure Socket Layer (SSL), Transport Layer Security (TLS), QUIC, or SPDY. 17. The non-transitory machine-readable medium of claim 15 , wherein the preparatory data comprises cryptographic materials for encrypting messages sent to the client. 18. The non-transitory machine-readable medium of claim 17 , wherein the cryptographic materials comprise a client selected globally unique identifier (GUID) or a public key comprising a Diffie-Hellman public Key, and wherein the Diffie-Hellman public Key is used in a Quick UDP Internet Connection (QUIC) HELLO packet and a master secret for use in constructing a session symmetric key. 19. The computer implemented method of claim 1 , wherein the cryptographic connection-initiation packets comprise a Quick UDP Internet Connection (QUIC) HELLO packet. 20. The system of claim 9 , wherein the cryptographic connection-initiation packets comprise a Quick UDP Internet Connection (QUIC) HELLO packet.