Search

US-12619453-B2 - Communication processing device, program and communication processing method

US12619453B2US 12619453 B2US12619453 B2US 12619453B2US-12619453-B2

Abstract

Provided is a communication processing device capable of preventing, by using a link-down function of a virtual NIC, communication frames that were in the process of being transmitted prior to pause of a virtual machine from being transmitted. The disclosed communication processing device 100 has a virtualization unit 10 that provides operating environment of virtual machines 20 - 1 and 20 - 2 . The virtualization unit 10 includes a processing unit 11 , the virtual machines 20 - 1 and 20 - 2 include virtual NICs 24 - 1, 24 - 2 - 1 and 24 - 2 - 2 , and when the virtual machines 20 - 1 and 20 - 2 are paused, the processing unit 11 links down the virtual NICs 24 - 1, 24 - 2 - 1 and 24 - 2 - 2 of the virtual machines 20 - 1 and 20 - 2 paused.

Inventors

  • Masanobu Tsuchiya
  • Yoshitaka Yoshida

Assignees

  • YOKOGAWA ELECTRIC CORPORATION

Dates

Publication Date
20260505
Application Date
20210317
Priority Date
20200330

Claims (7)

  1. 1 . A communication processing device comprising at least one physical processor for performing functions of a virtualization unit and a processing unit, wherein the virtualization unit provides operating environment in which a virtual machine operates; the virtualization unit includes the processing unit and the virtual machine includes a virtual NIC; when the virtual machine is paused, the processing unit waits for a first time after the virtual machine is paused, performs link-down to disable the virtual NIC of the virtual machine paused from communicating with other machines, and discards communication frames that are in process; and when the virtual machine is resumed, the processing unit waits for a second time which differs from the first time after the virtual machine is resumed, and performs link-up to enable the virtual NIC of the virtual machine resumed to communicate with other machines, wherein the virtual NIC discards the communication frames, and the time from resumption of the virtual machine to the discarding of the communication frames by the virtual NIC is shorter than the second time.
  2. 2 . The communication processing device according to claim 1 , wherein the processing unit performs the link-down to the virtual NIC that is responsible for control communication.
  3. 3 . The communication processing device according to claim 1 , wherein, the processing unit performs the link-up to the virtual NIC that is responsible for control communication.
  4. 4 . The communication processing device according to claim 1 , wherein when the virtual machine is paused, the processing unit performs link-down to a predetermined virtual NIC among a plurality of virtual NIC of the virtual machine.
  5. 5 . The communication processing device according to claim 1 , wherein when the virtual machine is resumed, the processing unit performs link-up to a predetermined virtual NIC among a plurality of NIC of the virtual machine.
  6. 6 . A non-transitory computer readable medium including a computer program instruction configured to cause a computer to function as a communication processing device according to claim 1 .
  7. 7 . A communication processing method using a communication processing device comprising at least one physical processor in which a virtual machine operates, the method comprising: determining that the virtual machine is paused: in response to determining that the virtual machine is paused, waiting for a first time after the virtual machine is paused, performing link-down to disable a virtual NIC of the virtual machine paused from communicating with other machines, and discarding communication frames that are in process; resuming the virtual machine; and in response to resuming the virtual machine, waiting for a second time which differs from the first time after the virtual machine is resumed, and performing link-up to enable the virtual NIC of the virtual machine resumed to communicate with other machines, wherein the virtual NIC discards the communication frames, and the time from resumption of the virtual machine to the discarding of the communication frames by the virtual NIC is shorter than the second time.

Description

CROSS-REFERENCE TO RELATED APPLICATION The present application claims priority to and benefit of Japanese Patent Application No. 2020-061242 filed on Mar. 30, 2020, the entire contents of which are incorporated herein by reference. TECHNICAL FIELD The present disclosure relates to a communication processing device, a program and a communication processing method. BACKGROUND In recent years, control communication by using virtualization technology is increasing in the process control system. As the virtualization technology. Patent Literature (PTL) 1 discloses a technology of linking down a virtual Network Interface Card (NIC) so that unauthorized communication frames will not be transmitted to the outside when a virtual machine is infected with a virus. CITATION LIST Patent Literature PLT 1: JP6337498 (B2) SUMMARY A communication processing device according to some embodiments is a communication processing device including a virtualization unit that provides operating environment of a virtual machine, in which the virtualization unit includes a processing unit, the virtual machine includes a virtual NIC, and when the virtual machine is paused, the processing unit links down the virtual NIC of the virtual machine paused. A program according to some embodiments causes a computer to function as the communication processing device. A communication processing method according to some embodiments is a communication processing method using a communication processing device in which a virtual machine operates, the method including a step of, when the virtual machine is paused, linking down a virtual NIC of the virtual machine paused. BRIEF DESCRIPTION OF THE DRAWINGS In the accompanying drawings: FIG. 1 is a diagram illustrating a communication processing device according to an embodiment of the present disclosure; and FIG. 2 is a diagram illustrating a communication processing method according to an embodiment of the present disclosure. DETAILED DESCRIPTION A virtual machine may be paused when a backup is acquired online or when a system administrator makes an operational error. Further, when detecting an abnormality in a computer or itself the virtualization unit may pause a virtual machine in order to protect processing and data inside the virtual machine. Examples of abnormality include, for example, the case where hardware such as computer storage or a physical NIC fails, the processing load of the virtualization unit increases due to concentration of accesses from other computers. When the virtual machine is paused, all the functions inside the virtual machine are paused causing the following problems. When resuming from pause, the virtual machine resumes transmission of communication frame that were in the process of being transmitted prior to the pause. However, if the time from pause to resumption is long, there may be the case where communication frames that were in the process of being transmitted prior to pause may be things of the past and should not be transmitted. In the control communication, a real-time property is required to communicate between a control device and a computer without delay. Thus, if old communication frames that have become things of the past are transmitted, it may lead to wrong decisions based on the old device information or wrong operations based on the old operation instructions. Asa countermeasure, if the link-down function of the virtual NIC can be used, as in PTL 1, when the virtual machine is paused, for example, the old unauthorized communication frames and the communication frames that were in the process of being transmitted prior to the pause of the virtual machine are discarded. However, with the technology of PTL 1, the inside of the virtual machine cannot recognize the pause of the virtual machine in the first place. Therefore, when the virtual machine is paused, the link-down function of the virtual NIC cannot be used, and the above-described problem cannot be solved. It is therefore an object of the present disclosure to provide a communication processing device, a program and a communication processing method that can prevent, by using the link-down function of the virtual NIC, communication frames that were in the process of being transmitted prior to pause of the virtual machine from being transmitted. The communication processing device according to some embodiments is a communication processing device including a virtualization unit that provides operating environment of the virtual machine, in which the virtualization unit includes a processing unit, the virtual machine includes a virtual NIC, and when the virtual machine is paused, the processing unit links down the virtual NIC of the virtual machine paused. In this manner, even if the virtual machine is resumed from pause, since the virtual NIC is linked down, communication frames that were in the process of being transmitted prior to pause of the virtual machine is prevented from being transmitted. In a