The use of networks has grown significantly over the last few years. Concurrently, the sophistication of internal and external network attacks in the form of viruses, Trojan horses, worms and malware of all sorts has increased dramatically. Just as dramatic is the accelerated increase of network speeds and a corresponding drop in their cost, thereby driving their rapid adoption. Those factors and others have necessitated the development of innovative, more advanced and faster network security mechanisms.
For example, Intrusion Detection Systems (IDS) would often detect network attacks, but as passive systems they offered nothing more than after-the-fact attack notification. In contrast, Intrusion Prevention Systems (IPS) have been developed to complement traditional security products such as firewalls by proactively analyzing network traffic flows and active connections while scanning incoming and outgoing requests. As network traffic passes through an IPS, it is examined for malicious packets. If a potential threat is detected or traffic is identified as being associated with an unwanted application it is blocked, yet legitimate traffic is passed through the IPS.
Properly implemented. IPSs can be an effective network security safeguard. However, there is a current need for additional IPS capabilities, such as the ability to scale existing IPSs to accommodate higher network link speeds and balance traffic loads across multiple IPSs. Similarly, there is a growing demand for greater numbers of port types and port counts, as well as enhanced availability during system failures, replacements or updates.
Patent application Ser. No. 11/443,490, “Intrusion Prevention System Edge Controller,” filed on May 30, 2006 by Smith et al. and incorporated herein by reference in its entirety, describes a load sharing of traffic from network ports (E-ports) to IPS ports (I-ports). Known methods to distribute traffic from E-Ports to I-Ports attempt to distribute the traffic load equally across multiple processors by hashing on source and destination address fields to the packets, but the resulting distributions can vary at each processor based on the traffic patterns. Therefore, there is a need for a traffic load balancing that overcomes the problems of the prior art to provide traffic load balancing for even distribution to multiple processors receiving the traffic in a dynamically changing variety of traffic patterns.