Abstract
Flow-based inspection is playing an important role in network security monitoring systems such as intrusion detection, attacks detection and so on. Traditional flow scheduling strategies are usually based on calculated hash values of input flows which is fixed for a long time. As the bandwidth grows dramatically these years, it is observed that servers handling flow inspections may be crashed due to large flow rates. However, fixed flow scheduling may still assign flows to the busy or crashed server causing those flows unprocessed. Thus it is important to choose proper scheduling strategy to fully exploit the server groups. In this article, a dynamic flow scheduling technique is proposed, where the flows are scheduled in reciprocal proportion to the load of targeted servers, i.e. CPU utility, memory usage, etc‥ A demonstration system is built and the results show that the proposed scheduling technique effectively reduced the packet drop rate of servers by 15%.