JP2016201690A - Information processing device, program, and control method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technique for facilitating management of a network.SOLUTION: An information processing device 2000 is connected with network interfaces 120 via a network 130. The information processing device 2000 includes a reception unit 2020 and an estimation unit 2040. The reception unit 2020 receives data. The estimation unit 2040 estimates whether the network interface 120 of a transmission source of the data is a physical network interface or a virtual network interface.SELECTED DRAWING: Figure 3

Description

  The present invention relates to an information processing apparatus, a program, and a control method.

  In recent years, virtual machine technology has been introduced in various environments. The virtual machine technique is a technique for operating a plurality of virtual machines on one physical machine. This virtual machine is called a virtual machine (VM). A VM can operate an operating system (OS) like a physical machine, and provides the OS with a hardware environment similar to that of a physical machine.

  On the other hand, a VM is a virtual machine realized by software, and therefore has a different property from a physical machine having a physical entity. For example, VMs can be created and deleted more easily than physical machines.

  In recent years, it has become common to connect machines via a network. For example, in an office environment, each employee's PC (Personal Computer) is connected to the network.

“Zabbix Documentation 2.2”, [online], [searched on March 13, 2015], Internet <URL: https://www.zabbix.com/documentation/2.2/manual/vm_monitoring> "RFC (Request for Comments) 826", [online], [March 13, 2015 search], Internet <URL: http://tools.ietf.org/html/rfc826> "RFC792", [online], [Search on March 13, 2015], Internet <URL: http://tools.ietf.org/html/rfc792> "RFC4443", [online], [Search on March 13, 2015], Internet <URL: http://tools.ietf.org/html/rfc4443> "RFC4861", [online], [Search on March 13, 2015], Internet <URL: http://tools.ietf.org/html/rfc4861>

  When VMs are used on physical machines connected to the network, VMs and physical machines are mixed on the network. As mentioned above, VMs are easy to create, so network environments that include VMs and physical machines can easily occur not only in special environments such as data centers, but also in general environments such as office environments. .

  In order to properly manage a network in which VMs and physical machines are mixed in this way, it is preferable to be able to consider differences in the properties of VMs and physical machines. To do so, you need to know whether each machine on the network is a VM or a physical machine.

  However, it is difficult to determine whether a machine is a VM or a physical machine from external devices. As mentioned above, the VM provides the same environment as the physical machine to the OS running on it, so the software running on the VM and the software running on the physical machine can operate in the same way. is there. For example, the packet sent from the VM and the packet sent from the physical machine have the same format, so it is determined whether the machine is a VM or a physical machine based on the format of the packet received from a machine. Difficult to do.

  Non-Patent Document 1 discloses a system that detects that a specific physical machine or VM is started on a network. However, a person who uses this system (such as a network administrator) knows in advance information (UUID (Universally Unique Identifier), etc.) that identifies each physical machine or VM that is to be detected. Must be described in the system configuration file. Therefore, in order to use the system of Non-Patent Document 1, it is necessary to know in advance whether each machine is a physical machine or a VM. Further, the system of Non-Patent Document 1 cannot detect a physical machine or a VM introduced without the administrator's knowledge.

  The present invention has been made in view of the above problems. An object of the present invention is to provide a technique for facilitating network management.

  The information processing apparatus according to the present invention uses a receiving unit that receives data, and a network interface that is a transmission source of the data using the received data, which is a physical network interface or a virtual network interface. And estimating means for performing such estimation.

  The control method of the present invention is executed by a computer. The control method includes a reception step of receiving data, and using the received data, estimating whether a network interface of a transmission source of the data is a physical network interface or a virtual network interface. An estimation step.

  According to the present invention, a technique for facilitating network management is provided.

It is a figure which illustrates the form in which the network environment in a physical machine is constructed | assembled using a virtual bridge. It is a figure which illustrates the form by which the network environment in a physical machine is constructed | assembled as a NAT environment. 1 is a block diagram illustrating an information processing apparatus according to a first embodiment. It is a block diagram which illustrates the hardware constitutions of information processing apparatus. 3 is a flowchart illustrating a flow of processing executed by the information processing apparatus according to the first embodiment. It is a figure which illustrates the structure of a MAC address. It is a figure which illustrates the list | wrist of OUI which may be contained in the MAC address of a virtual network interface. 6 is a flowchart illustrating a flow of processing executed by the information processing apparatus according to the second embodiment. FIG. 6 is a block diagram illustrating an information processing apparatus according to a third embodiment. It is a graph which illustrates RTT at the time of transmitting an ARP request. It is a graph which illustrates RTT when NS message is transmitted. It is a graph which illustrates RTT at the time of transmitting an ICMP echo request. It is the 1st figure which illustrates the composition of a network. It is the 2nd figure which illustrates the composition of a network. 10 is a flowchart illustrating an overview of a flow of processing executed by the information processing apparatus according to the third embodiment. It is a flowchart which illustrates the flow of the estimation process performed based on the magnitude | size of RTT. It is a flowchart which illustrates the flow of the estimation process performed based on the dispersion | variation in RTT. It is a figure which illustrates the structure by which information processing apparatus and the some physical machine are connected via the switch. It is a figure which illustrates a mode that the information processing apparatus and each physical machine are connected by 1 to 1 by the port VLAN. FIG. 10 is a block diagram illustrating an information processing apparatus according to a fourth embodiment. It is a figure which illustrates the flow which VMM and VM start. 10 is a flowchart illustrating a flow of processing executed by the information processing apparatus according to the fourth embodiment. FIG. 10 is a block diagram illustrating an information processing apparatus according to a fifth embodiment. It is a graph which illustrates in a time series the state of each network interface grasped by an information processor. 10 is a flowchart illustrating the flow of processing executed by the information processing apparatus according to the fifth embodiment. It is a figure which illustrates a mode that a physical network interface functions as an ARP proxy. 14 is a flowchart illustrating a flow of processing executed by the information processing apparatus according to the sixth embodiment. FIG. 10 is a block diagram illustrating an information processing apparatus according to a seventh embodiment. 15 is a flowchart illustrating the flow of processing executed by the information processing apparatus according to the seventh embodiment. FIG. 3 is a diagram illustrating a configuration in which a plurality of IPv4 addresses are assigned to one MAC address in a virtual environment. 10 is a flowchart illustrating the flow of processing executed by an information processing apparatus according to an eighth embodiment. FIG. 16 is a block diagram illustrating an information processing apparatus according to a tenth embodiment. It is a figure which illustrates the matching produced | generated by the matching part.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In all the drawings, the same reference numerals are given to the same components, and the description will be omitted as appropriate.

[Description of assumptions]
First, assumptions common to the embodiments will be described.

  The network interface is an interface for transmitting and receiving data via a network line. For example, a general PC has a network interface (so-called on-board network interface) preinstalled on a motherboard or a network interface implemented by a PCI (Peripheral Component Interconnect) card. Hereinafter, the network interface physically mounted in this manner is referred to as a physical network interface.

  There is a technology for virtually realizing a network interface with software. Hereinafter, such a network interface virtually realized by software is referred to as a virtual network interface. One such technology is virtual machine technology. The virtual machine technology is a technology for operating a plurality of VMs on one physical machine. The VM is a virtual machine composed of virtual hardware. The virtual network interface is one of virtual hardware that constitutes a virtual machine.

  In order to use the virtual machine technology, a software layer called a virtual machine monitor (VMM) is introduced. VMM manages physical hardware by operating directly on the physical hardware. VMM constructs VM by generating virtual hardware that abstracts physical hardware. Each VM can run an OS like a physical machine. Here, the OS running on the VM is generally called a guest OS.

  A guest OS running on a VM communicates with a VM running on the same physical machine, another physical machine, or a VM running on another physical machine, using the virtual network interface of the VM. However, in order for a VM to communicate with another physical machine or a VM running on another physical machine, it is necessary to use the physical network interface of the physical machine that operates the VM. This is because the VM network interface is virtual hardware implemented by software.

  Hereinafter, a network environment in a physical machine in which virtual machine technology is introduced will be described. 1 and 2 are diagrams illustrating a network environment in a physical machine 10 in which a virtual machine technology is introduced. The physical machine 10 has a physical network interface 30. The physical network interface 30 is connected to the physical network 100. The physical machine 10 communicates with an external physical machine or VM via the physical network 100. Further, the physical machine 10 operates the VMM 20 thereon.

  The VMM 20 operates four VMs 50. Each VM 50 has a virtual network interface 70. Each virtual network interface 70 has a MAC address different from the MAC (Media Access Control) address of the physical network interface 30. Each VM 50 operates a guest OS 60 thereon.

  Note that the MAC address described above may be a layer 2 address other than the MAC address. The layer 2 address is an address handled in the data link layer (layer 2) of the OSI (Open Systems Interconnection) reference model. Similarly in the following descriptions, the MAC address may be a layer 2 address other than the MAC address.

  FIG. 1 is a diagram illustrating a form in which a network environment in the physical machine 10 is constructed using a virtual bridge 80. The virtual bridge 80 is a virtual bridge realized by software. The VMM 20 constructs a virtual network 110 inside the physical machine 10. Each virtual network interface 70 is connected to the virtual bridge 80 via the virtual network 110. One of the network interfaces included in the virtual bridge 80 is the physical network interface 30. The virtual network 110 belongs to the same network segment as the physical network 100. Therefore, each virtual network interface 70 is assigned an IP address that can be used in the physical network 100.

  The virtual bridge 80 performs the same operation as a physical bridge. Specifically, the virtual bridge 80 dispatches the acquired data based on the destination MAC address. For example, when the transmission destination MAC address of the data acquired from the virtual network interface 70 indicates other than the MAC address of each virtual network interface 70, the virtual bridge 80 transmits the data to the outside via the physical network interface 30. To do.

  For example, when the transmission destination MAC address of data acquired from the virtual network interface 70 indicates the MAC address of another virtual network interface 70, the virtual bridge 80 passes the data to the virtual network interface 70. In this case, the guest OS 60 operating on the VM 50 having the virtual network interface 70 that has received the data handles the data.

  Further, for example, the virtual bridge 80 passes the data acquired from the physical network interface 30 to the virtual network interface 70 having the transmission destination MAC address. Also in this case, the guest OS 60 operating on the VM 50 having the virtual network interface 70 that has received the data handles the data.

  FIG. 2 is a diagram illustrating a form in which the network environment in the physical machine 10 is constructed as a NAT (Network Address Translation) environment. The VMM 20 constructs a virtual network 110 inside the physical machine 10. In the case of this form, the network segment of the virtual network 110 is a network segment different from the physical network 100. Therefore, a local IP address in the virtual network 110 is assigned to the virtual network interface 70 instead of an IP address that can be used in the physical network 100.

  Each virtual network interface 70 is connected to the physical network 100 via the virtual router 90. The virtual router 90 is a router virtually realized by software. The virtual router 90 has two network interfaces, a physical network interface 30 connected to the physical network 100 and a NAT interface 40 connected to the virtual network 110. That is, the virtual router 90 functions as a gateway that connects the virtual network 110 and the physical network 100.

  The virtual router 90 performs the same operation as that performed by the gateway in a general NAT environment. As a result, each virtual network interface 70 does not have an IP address that can be used in the physical network 100, and uses the IP address of the physical network interface 30 to transmit / receive data to / from an external machine.

  When data is received by the physical network interface 30, the VMM 20 first determines whether or not the data is addressed to the VMM 20. This determination is made by examining the destination MAC address and destination IP address indicated by the data. If the data received by the physical network interface 30 is not data addressed to the VMM 20, the VMM 20 causes the virtual router 90 or the virtual bridge 80 to process the data. On the other hand, when the data received by the physical network interface 30 is data addressed to the VMM 20, the VMM 20 performs appropriate processing such as extracting the contents of the data.

  Here, the form of the network environment in the virtual machine environment is not limited to the above-described example. Other examples will be described in later-described embodiments as necessary.

  The purpose of introducing virtual machine technology is various. For example, the virtual machine technology is introduced to virtually realize a desktop machine and a server machine. For example, a virtual machine is introduced in order to virtually realize network devices such as routers and layer 2 switches. In this way, a technology for virtualizing network devices by introducing virtual machine technology is called NFV (Network Functions Virtualization). In the present invention, the purpose of introducing the virtual machine environment is not limited to a specific purpose. Therefore, the purpose of introducing the VM may be any of the above-mentioned purposes, or may be other purposes.

  Further, the virtual network interface in the present invention is not limited to a virtual network interface realized by virtual machine technology. For example, the virtual network interface may be a virtual network interface realized by emulation by an emulator. Even when a virtual network interface is realized by an emulator, a network in a physical machine is realized using, for example, a virtual bridge or a virtual router. Details of this realization method are omitted.

  Based on the above matters, each embodiment of the present invention will be described.

[Embodiment 1]
FIG. 3 is a block diagram illustrating the information processing apparatus 2000 according to the first embodiment. In FIG. 3, each block represents a functional unit configuration, not a hardware unit configuration.

  The information processing apparatus 2000 is connected to the network interface 120 via the network 130. The information processing apparatus 2000 includes a reception unit 2020 and an estimation unit 2040. The receiving unit 2020 receives data. The estimation unit 2040 uses the received data to estimate whether the network interface 120 that is the transmission source of the data is a physical network interface or a virtual network interface.

<Hardware configuration example>
Each functional component of the information processing apparatus 2000 according to the second embodiment may be realized by hardware (for example, a hard-wired electronic circuit) that implements each functional component, or between hardware and software. It may be realized by a combination (for example, a combination of an electronic circuit and a program for controlling the electronic circuit).

  The information processing apparatus is implemented as various computers such as a PC, a portable terminal, or a server machine. Here, the information processing apparatus 2000 may be mounted on a dedicated computer for mounting the information processing apparatus 2000, or may be mounted on a general-purpose computer that includes other applications and the like.

  FIG. 4 is a block diagram illustrating a hardware configuration of the information processing apparatus 2000. The information processing apparatus 2000 includes a bus 1020, a processor 1040, a memory 1060, a storage 1080, an input / output interface 1100, and a network interface 1120. The bus 1020 is a data transmission path through which the processor 1040, the memory 1060, the storage 1080, the input / output interface 1100, and the network interface 1120 transmit / receive data to / from each other. However, the method of connecting the processors 1040 and the like is not limited to bus connection. The processor 1040 is an arithmetic processing unit such as a CPU (Central Processing Unit) or a GPU (Graphics Processing Unit). The memory 1060 is a memory such as a RAM (Random Access Memory) or a ROM (Read Only Memory). The storage 1080 is a storage device such as a hard disk, an SSD (Solid State Drive), or a memory card. The storage 1080 may be a memory such as a RAM or a ROM.

  The input / output interface 1100 is an interface for connecting the information processing apparatus 2000 and the input / output device. The input / output device is, for example, a keyboard, a mouse, or a display.

  The network interface 1120 is a physical network interface for connecting to the network 130. The network interface 1120 may be a network interface for connecting to a wired line or a network interface for connecting to a wireless line.

  The storage 1080 stores a program for realizing the functions of the information processing apparatus 2000. Specifically, the program module which implement | achieves the function of the receiving part 2020 and the estimation part 2040 is memorize | stored. The processor 1040 implements the functions of the reception unit 2020 and the estimation unit 2040 by executing these program modules. Here, when executing the above modules, the processor 1040 may execute the modules after reading them onto the memory 1060 or without reading them onto the memory 1060.

  The hardware configuration of the information processing apparatus 2000 is not limited to the configuration shown in FIG. For example, each program module may be stored in the memory 1060. In this case, the information processing apparatus 2000 may not include the storage 1080.

<Receiver 2020>
Data received by the receiving unit 2020 is data transmitted from each network interface 120. There are various sources of this data. For example, this data is generated by an OS or VMM that manages the network interface 120 that transmitted the data, or an application that runs on the OS or VMM.

  There are various destinations of data received by the receiving unit 2020. For example, the destination of this data is the network interface 1120 that the information processing apparatus 2000 has. In this case, the data received by the receiving unit 2020 is data representing a response to a request transmitted from the information processing apparatus 2000, for example. Details of a method for transmitting a request or the like from the information processing apparatus 2000 will be described in each embodiment described later. Note that the data destined for the network interface 1120 may be data other than data representing a response to the request transmitted from the information processing apparatus 2000.

  Further, for example, the destination of data received by the receiving unit 2020 is a plurality of network interfaces including the network interface 1120 and the network interface 120. Data destined for a plurality of network interfaces is, for example, a multicast packet or a broadcast packet.

  The destination of data received by the receiving unit 2020 may not include the network interface 1120. There are various methods for receiving data not addressed to itself. For example, there is a method of connecting the network interface 1120 to the network 130 via the mirror port of the L2 switch. The network interface connected to the mirror port can also receive data not destined for the network interface. Here, since the method of receiving data using a mirror port is known, detailed description is abbreviate | omitted. Further, the method in which the receiving unit 2020 receives data not destined for the network interface 1120 is not limited to a method using a mirror port.

  Hereinafter, “addressing the network interface 1120 included in the information processing apparatus 2000” is also simply referred to as “addressing the information processing apparatus 2000”.

<About the estimation unit 2040>
Details of the operation of the estimation unit 2040 will be described in each embodiment described later.

<Process flow>
FIG. 5 is a flowchart illustrating the flow of processing executed by the information processing apparatus 2000 according to the first embodiment. The receiving unit 2020 receives data from the network interface (S102). The estimation unit 2040 uses the received data to estimate whether the network interface is a physical network interface or a virtual network interface (S104).

<Action and effect>
According to the present embodiment, based on the data received by the information processing apparatus 2000, it is estimated whether the network interface 120 connected to the network 130 is a physical network interface or a virtual network interface. Here, a machine having a physical network interface is a physical machine. On the other hand, a machine having a virtual network interface is a machine realized by software, such as a virtual machine. Therefore, by using the information processing apparatus 2000 of this embodiment, it is possible to estimate whether each machine connected to the network 130 is a physical machine or a virtual machine. Therefore, an administrator of the network 130 or a device that manages the network 130 can appropriately manage the network 130 after grasping whether each machine on the network 130 is a physical machine or a virtual machine. become.

[Embodiment 2]
An information processing apparatus 2000 according to the second embodiment is illustrated in FIG. 1, for example, similarly to the information processing apparatus 2000 according to the first embodiment. Except as described below, the information processing apparatus 2000 according to the second embodiment has the same functions as the information processing apparatus 2000 according to the first embodiment.

  The data received by the receiving unit 2020 of the second embodiment includes the MAC address (source MAC address) of the source network interface 120. Specifically, this data is data including an Ethernet (registered trademark) frame. The MAC address of the network interface 120 of the transmission source is indicated in the Ethernet (registered trademark) header of the Ethernet (registered trademark) frame.

  The estimation unit 2040 performs estimation using an OUI (Organizationally Unique Identifier) included in the transmission source MAC address indicated by the data received by the reception unit 2020. The following describes the OUI (OUI of the physical network interface) indicated by the MAC address of the physical network interface and the OUI (OUI of the virtual network interface) indicated by the MAC address of the virtual network interface.

<About OUI of physical network interface>
The MAC address of the physical network interface is assigned to the network interface when the network interface is manufactured. Therefore, in general, the MAC address of a physical network interface is not changed by the OS that uses the network interface.

  The OUI of the physical network interface is an identifier for identifying the vendor that manufactured the network interface. A vendor that manufactures a network interface assigns a MAC address including the OUI assigned to that vendor to the manufactured network interface. Each vendor receives an OUI assignment by applying to the IEEE (the Institute of Electrical and Electronics Engineers, Inc.), which manages the OUI.

  FIG. 6 is a diagram illustrating a configuration of the MAC address. The MAC address is a 48-bit value. In general, the upper 24 bits of the MAC address represent OUI. Vendors assign unique MAC addresses to each network interface they manufacture. This prevents MAC addresses from overlapping between physical network interfaces.

  However, the information processing apparatus 2000 of this embodiment does not depend on the number of digits of the MAC address and the number of digits of the OUI. Therefore, the information processing apparatus 2000 can operate even when the number of digits of the MAC address or the number of digits of the OUI is changed in the future.

<About OUI of virtual network interface>
A virtual network interface is not physically manufactured hardware. For example, the virtual network interface of a virtual machine is virtually realized by VMM. In principle, VMM can assign any MAC address to a virtual network interface. Therefore, the OUI of the virtual network interface can take any value.

  However, if VMM completely assigns an arbitrary MAC address to a virtual network interface, there may be multiple network interfaces with the same MAC address in the network. As a result, problems such as data not reaching the target network interface may occur.

  Therefore, it is common to assign a MAC address including a specific OUI to a virtual network interface. For this reason, some software vendors that create each VMM apply to IEEE (registered trademark) and are assigned an OUI. By using the OUI assigned in advance as the virtual network interface in this way, network interfaces indicating different OUIs are assigned to virtual network interfaces generated by different types of VMMs. For example, a vendor who creates VMM prepares a template for the VM configuration file, and sets the OUI of the MAC address described in the template to the OUI assigned to the vendor. In general, users often use this template to describe VM settings. Therefore, it can be said that there is a high probability that the MAC address assigned to the virtual network interface includes a vendor-specific OUI.

  Similarly, it is necessary to avoid duplication of MAC addresses for virtual network interfaces generated by emulators. For this reason, it is thought that vendors that generate emulators will also avoid duplicating MAC addresses using a similar mechanism.

<Estimation using OUI>
The estimation unit 2040 of the present embodiment performs estimation by paying attention to the above-described OUI features. For example, the estimation unit 2040 acquires a list of OUIs that can be included in the MAC address of the virtual network interface. The estimation unit 2040 determines whether or not the OUI of the network interface 120 to be estimated (the network interface 120 having the MAC address of the transmission source of the data received by the reception unit 2020) is included in this list. Then, when the OUI of the network interface 120 to be estimated is included in this list, the estimation unit 2040 estimates that this network interface 120 is a virtual network interface. On the other hand, if the OUI of the estimation target network interface 120 is not included in the list, the estimation unit 2040 estimates that the network interface 120 is a physical network interface.

  FIG. 7 is a diagram exemplifying a list of OUIs that can be included in the MAC address of the virtual network interface. This list is referred to as a list 200. For example, the list 200 is a list that lists OUIs assigned to software vendors that create VMMs. When the OUI of the estimation target network interface 120 matches any of the OUIs listed in the list 200, the estimation unit 2040 estimates that the network interface 120 is a virtual network interface.

  Note that the estimation unit 2040 may obtain a list of OUIs that can be included in the MAC address of the physical network interface. For example, this list lists the OUIs assigned to each hardware vendor that manufactures the physical network interface. The estimation unit 2040 estimates that the network interface 120 is a physical network interface if the OUI of the network interface 120 to be estimated is included in this list. On the other hand, when the OUI of the estimation target network interface 120 is not included in the list, the estimation unit 2040 estimates that the network interface 120 is a virtual network interface.

<OUI list acquisition method>
There are various methods by which the estimation unit 2040 obtains the list of each OUI described above. For example, a list of OUIs that can be included in the MAC address of the virtual network interface and the OUI that can be included in the MAC address of the physical network interface is created in advance, and a storage unit provided inside or outside the information processing apparatus 2000 Remember it. Then, the estimation unit 2040 acquires a list of these OUIs from this storage unit. Here, the list of OUI that can be included in the MAC address of the physical network interface and the OUI of the virtual network interface is inquired of the vendor that manufactures the physical network interface, the vendor that creates VMM, etc., or the IEEE (registered trademark) that manages OUI ) To inquire.

  Further, the estimation unit 2040 may create the above-described OUI list by automatically acquiring information related to the OUI from each of the above-described vendors or IEEE (registered trademark). For example, when an OUI database or the like is disclosed by each vendor or IEEE (registered trademark), the estimation unit 2040 acquires and uses information on the OUI from this database.

<Process flow>
FIG. 8 is a flowchart illustrating the flow of processing executed by the information processing apparatus 2000 according to the second embodiment. Hereinafter, the network interface 120 to be processed is referred to as a network interface X.

  The receiving unit 2020 receives data from the network interface X (S202). The estimation unit 2040 extracts the OUI of the transmission source network interface (network interface X) from the received data (S204). The estimation unit 2040 acquires a list of OUIs of the virtual network interface (S206). The estimation unit 2040 determines whether or not the OUI extracted in S204 is included in the list acquired in step S206 (S208). If included (S208: YES), the process of FIG. 8 proceeds to step S210. On the other hand, if not included (S208: NO), the process of FIG. 8 proceeds to step S212.

  In S210, the estimation unit 2040 estimates that the network interface X is a virtual network interface. On the other hand, in S212, the estimation unit 2040 estimates that the network interface X is a physical network interface.

<Hardware configuration example>
For example, the hardware configuration of the information processing apparatus 2000 according to the second embodiment is represented in FIG. 4 as with the information processing apparatus 2000 according to the first embodiment. In the present embodiment, each program module stored in the storage 1080 described above further includes a program that realizes each function described in the present embodiment. Further, when the OUI list of the virtual network interface and the OUI list of the physical network interface are stored in the information processing apparatus 2000, the memory 1060, the storage 1080, and the like store these lists.

<Action and effect>
According to the information processing apparatus 2000 of this embodiment, based on the OUI of the network interface 120 indicated by the data received from the network interface 120, it is estimated whether the network interface 120 is a virtual network interface or a physical network interface. Is done. Specifically, the estimation unit 2040 performs the above estimation by determining whether or not the OUI of the network interface 120 is included in the OUI list of the virtual network interface, the physical network interface list, or the like. According to this method, the above estimation can be performed by a simple process of comparing the OUI of the network interface 120 extracted from the received data with the OUI included in the list or the like. Therefore, there are advantages that the time required for estimation is short and the computer resources required for estimation are small.

[Embodiment 3]
FIG. 9 is a block diagram illustrating an information processing apparatus 2000 according to the third embodiment. In FIG. 9, each block represents a functional unit configuration, not a hardware unit configuration. Except as described below, the information processing apparatus 2000 of the third embodiment has the same functions as the information processing apparatus 2000 of the first embodiment.

  The information processing apparatus 2000 according to the third embodiment further includes a transmission unit 2060. The transmission unit 2060 transmits data to each of the plurality of network interfaces. Hereinafter, data transmitted by the transmission unit 2060 is referred to as transmission data.

  The receiving unit 2020 according to the third embodiment receives data representing a response to transmission data (hereinafter, response data) from each network interface 120. The estimation unit 2040 according to the third embodiment performs estimation using a time (Round Trip Time (RTT)) from when transmission data is transmitted until response data is received.

<Points of interest>
The estimation unit 2040 according to the third embodiment performs estimation while paying attention to the difference between the RTT when transmission data is transmitted to the physical network interface and the RTT when transmission data is transmitted to the virtual network interface. Hereinafter, this difference will be described.

  The time required for data handling differs in principle between the physical network interface and the virtual network interface. As described above, even when data is received by the virtual network interface, data is first received by the physical network interface. Then, the data received by the physical network interface is transferred to the virtual network interface.

  For example, in the case of FIG. 1, data destined for the virtual network interface 70 is first received by the physical network interface 30 and processed by the VMM 20. When the VMM 20 determines that the destination of the data is not the physical network interface 30, the VMM 20 executes processing by the virtual bridge 80. As a result of the processing by the virtual bridge 80, the data is passed to the destination virtual network interface 70. The data is processed by the guest OS 60 operating using the virtual network interface 70. On the other hand, when the data destination is the physical network interface 30, the processing by the virtual bridge 80 is not executed.

  As described above, when the destination of the transmission data is the virtual network interface, overhead (processing by the virtual bridge 80 or the like) due to virtualization or emulation occurs. Therefore, the RTT when the transmission data destination is a virtual network interface is longer than the RTT when the transmission data destination is a physical network interface.

  In addition, there is variation in each RTT when transmission data is transmitted to the network interface 120 a plurality of times. The variation in RTT is larger when the transmission destination of the transmission data is a virtual network interface than when the transmission destination of the transmission data is a physical network interface. In general, variation in time required for data processing tends to increase as the processing becomes more complicated. For this reason, when sending data is sent to a virtual network interface with virtualization or emulation processing, the RTT is sent more than when sending data is sent to a physical network interface without these processing. The variation becomes large.

<Specific examples of RTT>
The following are examples of measured values of RTT size and variation. 10 to 12 are graphs illustrating the RTT when transmission data is transmitted to the network interface. In each of FIGS. 10 to 12, the X axis represents the number of trials, and the Y axis represents RTT. The transmission data in FIG. 10 is an ARP (Address Resolution Protocol) request, the transmission data in FIG. 11 is an NS (Neighbor Solicitation) message, and the transmission data in FIG. 12 is an Internet Control Message Protocol (ICMP) echo request. A description of each of these transmission data will be given later.

  10 to 12, the RTT when the physical network interface is the transmission destination is smaller than the RTT when the virtual network interface is the transmission destination. Also, in any graph, the RTT when the physical network interface is the transmission destination has less variation than the RTT when the virtual network interface is the transmission destination.

  Therefore, the estimation unit 2040 according to the third embodiment performs estimation by the following method, for example.

<Estimation method using RTT size>
As described above, the RTT is smaller when transmission data is transmitted to the physical network interface than when transmission data is transmitted to the virtual network interface. Therefore, the estimation unit 2040 performs estimation using the magnitude of RTT.

  For example, the estimation unit 2040 transmits transmission data to each network interface 120 and estimates that the network interface 120 having the smallest RTT is a physical network interface. For example, the estimation unit 2040 estimates that the network interface having the largest RTT is a virtual network interface.

  For example, the estimation unit 2040 may cluster the network interface 120 into a plurality of groups based on the size of the RTT. Then, the estimation unit 2040 performs estimation using these groups. For example, the estimation unit 2040 estimates that the network interface 120 belonging to a group having a predetermined rank or higher is a physical network interface when the groups are arranged in ascending order of the RTT. In addition, the estimation unit 2040 estimates that the network interface 120 belonging to the group whose rank is lower than the predetermined rank is a virtual network interface. For example, the predetermined order is 1. In this case, the estimation unit 2040 estimates that the network interface 120 belonging to the group having the smallest RTT is a physical network interface. The predetermined order may be set in advance in the estimation unit 2040 or may be stored in an internal or external storage unit of the information processing apparatus 2000. In the latter case, the estimation unit 2040 acquires the predetermined order from the storage unit when performing the estimation.

  Note that the estimation unit 2040 may transmit a plurality of transmission data to each of the plurality of network interfaces 120. In this case, the estimation unit 2040 calculates the RTT statistical value for each network interface 120. And the estimation part 2040 performs each above-mentioned estimation using this statistical value. For example, the estimation unit 2040 estimates that the network interface 120 having the smallest RTT average value is a physical network interface. For example, the estimation unit 2040 estimates that the network interface 120 having the largest average RTT value is a virtual network interface. Moreover, the estimation part 2040 may perform estimation by the above-mentioned clustering using this statistical value.

  There are various statistics representing the magnitude of RTT. For example, the statistical value is an average value, median value, or mode value of RTT.

<Estimation method using RTT variation>
As described above, it is considered that the variation in RTT is smaller when transmission data is transmitted to the physical network interface than when transmission data is transmitted to the virtual network interface. Therefore, the estimation unit 2040 performs estimation using the variation in RTT.

  For example, the estimation unit 2040 estimates that the network interface with the smallest variation in RTT is a physical network interface. For example, the estimation unit 2040 estimates that the network interface 120 having the largest variation in RTT is a virtual network interface.

  For example, the estimation unit 2040 may cluster the network interface 120 into a plurality of groups based on the variation in RTT. Then, the estimation unit 2040 performs estimation using these groups. For example, the estimation unit 2040 estimates that the network interface 120 belonging to a group having a predetermined rank or higher is a physical network interface when the groups are arranged in ascending order of variation in RTT. In addition, the estimation unit 2040 estimates that the network interface 120 belonging to the group whose rank is lower than the predetermined rank is a virtual network interface. For example, the predetermined order is 1. In this case, the estimation unit 2040 estimates that the network interface 120 belonging to the group having the smallest variation in RTT is a physical network interface. The predetermined order may be set in advance in the estimation unit 2040 or may be stored in an internal or external storage unit of the information processing apparatus 2000. In the latter case, the estimation unit 2040 acquires the predetermined order from the storage unit when performing the estimation.

  When using variation in RTT, the transmission unit 2060 transmits a plurality of transmission data to each of the plurality of network interfaces 120. Then, the estimation unit 2040 calculates a statistical value representing the variation in RTT for each network interface 120. And the estimation part 2040 performs the said estimation using the statistical value showing this dispersion | variation.

  There are various statistics that represent the variation in RTT. For example, this statistic is RTT variance or standard deviation.

<Other processing performed by the estimation unit 2040>
The estimation unit 2040 may perform the following process in order to increase the accuracy of estimation.

  For example, the estimation unit 2040 does not use the first predetermined number (for example, one) of data received from each network interface 120 for calculation of RTT statistical values and variations. When transmission data is first transmitted to the network interface 120, address resolution of the network interface 120 can be performed. Therefore, the observed RTT may be larger than the observed RTT. Therefore, the accuracy of estimation by the estimation unit 2040 is higher when the RTT statistical value is calculated without the first observed RTT.

  The estimation unit 2040 may exclude outliers of RTT for each network interface 120. For example, the estimation unit 2040 calculates an average value μ and a standard deviation σ for the set of RTTs observed for the network interface X. The estimation unit 2040 excludes an RTT whose distance from the average value μ is larger than σ (an RTT larger than μ + σ or an RTT smaller than μ−σ) as an outlier from the set of RTTs. Then, the estimation unit 2040 performs estimation using a set excluding outliers. Note that there are various known methods for excluding outliers when performing statistical processing, and the estimation unit 2040 can use these various known methods. Therefore, the method for excluding outliers is not limited to the exemplified method.

<Details of Operation of Transmitter 2060>
The transmission unit 2060 transmits transmission data that can obtain a response from the network interface 120 to each network interface 120. There are various types of such transmission data. For example, the transmission unit 2060 transmits an ARP request. When an OS or VMM that operates using the network interface 120 receives an ARP request, it transmits an ARP reply. The receiving unit 2020 receives an ARP reply as response data. Therefore, RTT is the time from when the transmission unit 2060 transmits an ARP request until the reception unit 2020 receives an ARP reply. Note that ARP requests and ARP replies are defined in RFC 826 (Non-Patent Document 2).

  For example, the transmission unit 2060 transmits an ICMP echo request. When an OS or VMM that operates using the network interface 120 receives an ICMP echo request, it sends an ICMP echo reply. The receiving unit 2020 receives an ICMP echo reply as response data. Therefore, RTT is the time from when the transmission unit 2060 transmits an ICMP echo request until the reception unit 2020 receives an ICMP echo reply.

  An ICMPv6 (ICMP version 6) echo request may be sent to a network interface having an IPv6 address. In this case, the receiving unit 2020 receives an ICMPv6 echo reply as response data.

  ICMP is defined in RFC792 (Non-Patent Document 3). ICMPv6 is defined in RFC4443 (Non-Patent Document 4).

  For example, the transmission unit 2060 transmits an NS message. When the OS operating using the network interface 120 receives an NS message, it transmits an NA (Neighbor Advertisement) message. The receiving unit 2020 receives an NA message as a response message. Therefore, RTT is the time from when the transmission unit 2060 transmits the NS message until the reception unit 2020 receives the NA message. The network interface 120 that receives the NS message is a network interface having an IPv6 address. NS message and NA message are defined in RFC4861 (Non-Patent Document 5).

  The transmission data is not limited to the above-described ARP request or the like as long as it is data that can obtain a response from the network interface 120 that has received the transmission data.

<Configuration of network 130>
Depending on the configuration of the network 130, data that can be used as transmission data differs. Specifically, it differs depending on whether or not the information processing apparatus 2000 and the network interface 120 are in the same link. This is because when the network interface 120 exists on a different link from the information processing apparatus 2000, transmission data (such as an ARP request) transmitted at the layer 2 level cannot reach the network interface 120.

  FIG. 13 is a first diagram illustrating the configuration of the network 130. In FIG. 13, each network interface 120 exists in the same link as the information processing apparatus 2000. In this case, the data transmitted from the transmission unit 2060 may be any type of data described above.

  FIG. 14 is a second diagram illustrating the configuration of the network 130. In FIG. 14, each network interface 120 exists in a different link from the information processing apparatus 2000. In this case, the transmission unit 2060 transmits data that can reach the network interface 120 existing in a different link. Specifically, the transmission unit 2060 transmits layer 3 level protocol data (such as an ICMP echo request).

  The items described with reference to FIGS. 13 and 14 are the same for each of the embodiments described later that transmits data from the information processing apparatus 2000 to the network interface 120.

<Process flow: Overview>
FIG. 15 is a flowchart illustrating an overview of the flow of processing executed by the information processing apparatus 2000 according to the third embodiment. S302 to S308 are loop processes performed for each of the plurality of network interfaces 120. In S302, the transmission unit 2060 determines whether there is a network interface 120 that is not yet a transmission destination of transmission data. If all the network interfaces 120 have already been set as transmission destinations of the transmission data, the processing in FIG. 15 proceeds to S310. On the other hand, if there is a network interface 120 that is not yet a transmission destination of transmission data, the processing in FIG. 15 proceeds to S304. At this time, the transmission unit 2060 selects one of the network interfaces 120 that is not yet a transmission destination of transmission data. In FIG. 15, the network interface 120 selected here is represented as a network interface i.

  In S304, the transmission unit 2060 transmits transmission data to the network interface i. In step S306, the reception unit 2020 receives response data from the network interface i. However, the receiving unit 2020 may receive received data from the network interface i asynchronously. In this case, the process of FIG. 15 proceeds to S308 after S304. S308 is the end of loop processing A. The processing in FIG. 15 returns to S302.

  As described above, when all the network interfaces 120 are the transmission destinations of the transmission data, the processing in FIG. 15 proceeds to S310. In S310, the estimation unit 2040 performs estimation using the RTT obtained for each network interface.

  When transmitting transmission data to each network interface 120 a plurality of times, S304 and S306 are executed a plurality of times for each network interface 120.

  As described above, the estimation by the estimation unit 2040 includes, for example, a method using the RTT size and a method using the RTT variation. Hereafter, the flow of each method is illustrated using a flowchart.

<Flow of estimation process using RTT size>
FIG. 16 is a flowchart illustrating the flow of estimation processing performed based on the size of RTT. The estimation unit 2040 clusters network interfaces into a plurality of groups based on the size of RTT (S402). The estimation unit 2040 sorts the groups in ascending order of the RTT size (S404). The estimation unit 2040 estimates that the network interface 120 belonging to the group of the predetermined order or higher is a physical network interface (S406). The estimation unit 2040 estimates that the network interface 120 that is less than the predetermined order is a physical network interface (S408).

<Flow of estimation processing using RTT variation>
FIG. 17 is a flowchart illustrating the flow of estimation processing performed based on the variation in RTT. The estimation unit 2040 clusters the network interfaces into a plurality of groups based on the degree of variation in RTT (S502). The estimation unit 2040 sorts the groups in ascending order of the variation in the RTT (S504). The estimation unit 2040 estimates that the network interface 120 belonging to the group of the predetermined order or higher is a physical network interface (S506). The estimation unit 2040 estimates that the network interface 120 belonging to the group lower than the predetermined order is a virtual network interface (S508).

<Building an environment where the number of physical network interfaces is limited to one>
When the information processing apparatus 2000 performs estimation after constructing an environment in which the number of physical network interfaces is limited to one, the estimation accuracy can be increased. If the number of physical network interfaces is unknown, it may be impossible to determine whether the network interface 120 with the second smallest RTT or the network interface 120 with the third smallest RTT is a physical network interface or a virtual network interface. sell. On the other hand, if the number of physical network interfaces is limited to one, the estimation that “the network interface 120 with the smallest RTT is a physical network interface and the other network interfaces 120 are virtual network interfaces” can be made with high accuracy. It can be carried out.

  Therefore, the information processing apparatus 2000 may construct an environment in which the number of physical network interfaces is limited to one, and then perform estimation by the estimation unit 2040. For example, it is assumed that the information processing apparatus 2000 is connected to another physical machine with the configuration illustrated in FIG. FIG. 18 is a diagram illustrating a configuration in which the information processing apparatus 2000 and a plurality of physical machines are connected via a switch.

  For example, the information processing apparatus 2000 performs setting so that the information processing apparatus 2000 and each physical machine are connected one-to-one by using a port VLAN (Virtual LAN). FIG. 19 is a diagram illustrating a state in which the information processing apparatus 2000 and each physical machine are connected on a one-to-one basis using a port VLAN. By operating the transmission unit 2060 after performing such settings, the estimation unit 2040 can perform estimation in an environment where the number of physical network interfaces is limited to one. Therefore, the accuracy of estimation by the estimation unit 2040 is increased. Since port VLAN is an existing technology, a description thereof will be omitted.

<Hardware configuration example>
For example, the hardware configuration of the information processing apparatus 2000 according to the third embodiment is represented in FIG. 4 as with the information processing apparatus 2000 according to the first embodiment. In the present embodiment, each program module stored in the storage 1080 described above further includes a program that realizes each function described in the present embodiment. The storage 1080 further stores a program module that implements the transmission unit 2060. The processor 1040 implements the function of the transmission unit 2060 by executing this program module.

<Action and effect>
According to the present embodiment, estimation is performed based on the RTT when transmission data is transmitted to each network interface 120. Unlike the method of the second embodiment, this method has an advantage that it is not necessary to prepare information used for estimation such as an OUI list.

[Embodiment 4]
FIG. 20 is a block diagram illustrating an information processing apparatus 2000 according to the fourth embodiment. In FIG. 20, each block represents a functional unit configuration, not a hardware unit configuration.

  The information processing apparatus 2000 according to the fourth embodiment includes a detection unit 2080. The detection unit 2080 uses the data received from the network interface 120 to detect that the network interface 120 is ready to transmit and receive data. Hereinafter, “a state where data can be transmitted / received” is also referred to as online, and “a state where data cannot be transmitted / received” is also referred to as offline.

  The estimation unit 2040 according to the fourth embodiment performs estimation based on the timing when the network interface 120 is online. For example, the estimation unit 2040 estimates that the network interface that is earliest online is a physical network interface.

<Points of interest>
The information processing apparatus 2000 of this embodiment performs estimation by paying attention to the difference between the timing when the physical network interface is online and the timing when the virtual network interface is online. Specifically, the timing when a physical network interface of a certain physical machine comes online is earlier than the timing when a virtual network interface generated on the physical machine comes online. The reason will be described below.

  As described above, the virtual network interface is realized by VMM or emulator running on a physical machine. When VMM or an emulator that creates a virtual network interface is running, the physical network interface is generally online.

  For example, the case of VMM will be described as an example. FIG. 21 is a diagram illustrating a flow of starting up VMM and VM. First, the physical machine is started, and then VMM is started. Then, the physical network interface is brought online by the VMM initializing the physical network interface. Next, the VM is started by VMM, and the guest OS is started on the VM. In addition, the virtual network interface is brought online when the virtual network interface is initialized by the guest OS. When multiple VMs are started, the VMs may be started in order or in parallel.

  As illustrated in FIG. 21, the timing at which the physical network interface is brought online in the virtual machine environment is earlier than the timing at which the virtual network interface is brought online.

  When the virtual network interface is realized by emulation, the emulator is started by the OS that runs directly on the physical machine. Therefore, when the emulator starts, the OS startup process is complete. Therefore, the physical network interface initialized by this OS is online. Therefore, even in the emulation environment, the timing when the physical network interface comes online is earlier than the timing when the virtual network interface comes online.

<Estimation Process by Estimating Unit 2040>
Focusing on the above points, the estimation unit 2040 of the present embodiment estimates that the network interface 120 that is online at the earliest timing is a physical network interface.

  Further, according to the above description, it can be said that the timing when the virtual network interface is online is later than the timing when the physical network interface is online. Therefore, the estimation unit 2040 may estimate that the network interface 120 with the latest timing to go online is a virtual network interface.

<Method for Detecting that Network Interface 120 is Online>
In general, the network interface transmits and receives data after the initialization process and the initialization is completed. For example, a network interface that is automatically assigned an IP address sends a DHCP discovery packet at the initialization timing. Furthermore, for network interfaces with IPv6 addresses, DAD (Duplicate Address Detection) processing is performed when the network interface is activated. Specifically, the network interface sends NS messages. Furthermore, the network interface can also send advertisement data (data such as LLMNR (Link-Local Multicast Name Resolution) and mDNS (multicast Domain Name System)) for file sharing and service discovery. Thus, when the network interface 120 is online (when the network interface 120 is initialized) or thereafter, the network interface 120 transmits some data.

  Therefore, the detection unit 2080 detects that the network interface 120 is online based on the data received from the network interface 120. For example, when receiving predetermined data from the network interface 120, the detection unit 2080 determines that the network interface 120 is online. The predetermined data is, for example, the aforementioned DHCP discover packet or NS message.

  The definition of “what kind of data is handled as the predetermined data” may be set in the detection unit 2080 in advance, or stored in a storage unit provided inside or outside the information processing apparatus 2000. Also good. In the latter case, the detection unit 2080 obtains information from the storage unit, thereby grasping which type of data is handled as predetermined data.

  In order to determine “which network interface 120 is online first”, it is necessary to grasp the timing when all the network interfaces 120 are offline. Otherwise, for example, when it is detected that a certain network interface 120 is online after the information processing apparatus 2000 has started to operate, and it is not detected that the other network interface 120 is online, it is estimated The estimation by the unit 2040 becomes difficult. This is because there is a distinction between the case of “other network interfaces 120 are offline” and the case of “other network interfaces 120 are already online before the information processing apparatus 2000 starts operating”. This is because there is not.

  There are various methods for grasping the timing when all the network interfaces 120 are offline. For example, it is assumed that the environment in which the information processing apparatus 2000 is operated is operated based on a rule that the user returns home after turning off the power of a PC or the like as in a general office. In this case, for example, the information processing apparatus 2000 considers that all the network interfaces 120 are offline at a predetermined time (for example, midnight).

  Further, the information processing apparatus 2000 may detect that each network interface 120 goes offline. Specifically, as shown in a fifth embodiment described later, the information processing apparatus 2000 repeatedly transmits data to the network interface 120, and when the reception unit 2020 no longer receives a response to the data, the information processing apparatus 2000 It is determined that the interface 120 has gone offline. Details of this method will be described in Embodiment 5.

  However, the information processing apparatus 2000 may consider that all the network interfaces 120 are offline when the information processing apparatus 2000 starts operation.

<Process flow>
FIG. 22 is a flowchart illustrating the flow of processing executed by the information processing apparatus 2000 according to the fourth embodiment. The detection unit 2080 detects that each network interface is online based on data received from each network interface (S602). The estimation unit 2040 estimates that the network interface that comes online first is a physical network interface (S604).

  Note that the estimation unit 2040 may estimate that “a network interface other than the network interface that comes online first is a virtual network interface”.

<Building an environment where the number of physical network interfaces is limited to one>
Similar to the information processing apparatus 2000 of the third embodiment, the information processing apparatus 2000 of the fourth embodiment may perform estimation after building an environment in which the number of physical network interfaces is limited to one.

<Hardware configuration example>
For example, the hardware configuration of the information processing apparatus 2000 according to the fourth embodiment is illustrated in FIG. 4 as with the information processing apparatus 2000 according to the first embodiment. In the present embodiment, each program module stored in the storage 1080 described above further includes a program that realizes each function described in the present embodiment. The storage 1080 further stores a program module that implements the detection unit 2080. The processor 1040 implements the function of the detection unit 2080 by executing this program module.

<Action and effect>
According to the information processing apparatus 2000 of the present embodiment, it is possible to estimate whether the network interface 120 is a physical network interface or a virtual network interface based on the timing when the network interface 120 comes online. Since the estimation is performed based on the timing when the network interface 120 comes online, there is an advantage that the estimation by the estimation unit 2040 can be performed immediately after the network interface 120 is connected to the network 130.

[Embodiment 5]
FIG. 23 is a block diagram illustrating an information processing apparatus 2000 according to the fifth embodiment. In FIG. 23, each block represents a functional unit configuration, not a hardware unit configuration.

  The information processing apparatus 2000 according to the fifth embodiment includes a determination unit 2100. The determination unit 2100 determines whether the network interface 120 is online using the history of data received from the network interface 120. Hereinafter, the history of received data is referred to as a reception history. The estimation unit 2040 according to the fifth embodiment performs estimation using the determination result obtained by the determination unit 2100.

<Points of interest>
Generally, in an environment where there is one physical network interface, the situation “virtual network interface is online and physical network interface is offline” does not occur. As described above, the virtual network interface communicates with an external physical machine or the like using the physical network interface. Therefore, when the virtual network interface communicates with an external physical machine or the like, not only the virtual network interface but also the physical network interface needs to be online.

  On the other hand, the situation that “the virtual network interface is offline and the physical network interface is online” is a situation that can generally occur. For example, the situation “VMM is running but VM is not running” corresponds to this situation.

<Estimation Process by Estimating Unit 2040>
Therefore, the estimation unit 2040 estimates that the network interface X is a virtual network interface when “one network interface X is offline and another network interface Y is online”.

  Further, for example, when there is only one online network interface, the estimation unit 2040 estimates that the network interface is a physical network interface.

<Details of Determination Unit 2100>
The determination unit 2100 uses the history of data received from the network interface 120 in order to grasp the state of each network interface 120. There are various histories used by the determination unit 2100. For example, the determination unit 2100 uses a history of data indicating a response to data (such as an ICMP echo request or NS message) transmitted from the information processing apparatus 2000, such as an ICMP echo reply or an NA message. By using this history, the determination unit 2100 determines that the network interface 120 is online when a response is received from a certain network interface 120 and that the network interface 120 is offline when no response is received.

  Further, for example, an OS or VMM that operates using a network interface may be configured so that data is repeatedly transmitted spontaneously. For example, the VMM or guest OS periodically transmits a heartbeat, and the reception unit 2020 receives the heartbeat. The determination unit 2100 uses this heartbeat history. Specifically, when a heartbeat is received from a certain network interface 120, the network interface 120 is online, and when no heartbeat is received, it is determined that the network interface 120 is offline.

<Specific example>
FIG. 24 is a graph illustrating the state of each network interface 120 grasped by the information processing apparatus 2000 in time series. The horizontal axis of the graph in FIG. 24 indicates time, and the vertical axis indicates the name of the network interface 120. The cross indicates the time when data is received from the network interface 120. The area surrounding the cross indicates the time when the network interface 120 is estimated to be online.

  First, the state of the network interface 1 will be described. The receiving unit 2020 has not received data from the network interface 1 before time t1. The receiving unit 2020 continues to receive data from the network interface 1 after the time t 1. From such a data history, the determination unit 2100 determines that the network interface 1 has been online since time t1.

  Next, the state of the network interface 2 will be described. The receiving unit 2020 has not received data from the network interface 2 before time t2. The receiving unit 2020 receives data from the network interface 2 a plurality of times from time t2 to time t3. The receiving unit 2020 has not received data from the network interface 2 after time t3. From such data history, the determination unit 2100 determines that the network interface 2 is online from time t2 to t3 and is offline at time t3.

  In FIG. 24, it can be seen that after time t3, the network interface 2 is offline and the network interface 1 is online. Therefore, the estimation unit 2040 estimates that the network interface 2 is a virtual network interface. The estimation unit 2040 estimates that the network interface 1 is a physical network interface.

<Building an environment where the number of physical network interfaces is limited to one>
Similarly to the information processing apparatus 2000 of the third embodiment, the information processing apparatus 2000 of the fifth embodiment may perform estimation after building an environment in which the number of physical network interfaces is limited to one.

<Process flow>
FIG. 25 is a flowchart illustrating the flow of processing executed by the information processing apparatus 2000 according to the fifth embodiment. The determination unit 2100 determines the state of each network interface 120 using the history of data received from each network interface 120 (S702).

  The determination unit 2100 determines whether there is an offline network interface 120. If there is no offline network interface 120 (S704: NO), the process of FIG. 25 proceeds to S702 again. On the other hand, if there is an offline network interface 120 (S704: YES), the processing in FIG. 25 proceeds to S706. Note that the processing of FIG. 25 may wait for a predetermined time before proceeding to S702.

  In step S706, the determination unit 2100 determines whether there is an online network interface 120. If there is no online network interface 120 (S706: NO), the processing in FIG. 25 ends. On the other hand, if there is an online network interface 120 (S704: YES), the processing of FIG. 25 proceeds to S708.

  In step S708, the estimation unit 2040 estimates that the offline network interface 120 is a virtual network interface.

<Hardware configuration example>
For example, the hardware configuration of the information processing apparatus 2000 according to the fifth embodiment is represented in FIG. 4 as with the information processing apparatus 2000 according to the first embodiment. In the present embodiment, each program module stored in the storage 1080 described above further includes a program that realizes each function described in the present embodiment. The storage 1080 further stores a program module that implements the determination unit 2100. The processor 1040 implements the function of the determination unit 2100 by executing this program module.

<Action and effect>
According to the present embodiment, by detecting the state that “one network interface 120 is offline and another network interface 120 is online”, the network interface 120 is either a physical network interface or a virtual network interface. It can be estimated. For example, the information processing apparatus 2000 monitors each network interface 120 on a daily basis by receiving data from each network interface 120 on a daily basis (for example, periodically). By performing daily monitoring in this manner, estimation can be performed without temporarily increasing the load on the network 130.

[Embodiment 6]
The information processing apparatus 2000 according to the sixth embodiment is represented in FIG. 9 as the information processing apparatus 2000 according to the third embodiment. In the information processing apparatus 2000 according to the sixth embodiment, the transmission unit 2060 transmits transmission data to the network interface 120 as in the information processing apparatus 2000 according to the third embodiment. The receiving unit 2020 receives response data that represents a response to the transmission data. The transmission data is the ARP request, ICMP echo request, or NS message described in the third embodiment.

<Assumed environment>
As described above, data destined for the virtual network interface is first received by the physical network interface before reaching the virtual network interface. Focusing on this feature, there is a method for causing a physical network interface to function as a proxy for a virtual network interface. In this embodiment, an environment is assumed in which the physical network interface operates as a proxy for the virtual network interface. Hereinafter, the configuration in which the physical network interface functions as a proxy for the virtual network interface will be described more specifically.

  For example, there is a configuration in which a physical network interface functions as an ARP proxy. FIG. 26 is a diagram illustrating a state in which the physical network interface 30 functions as an ARP proxy. In FIG. 26, an ARP request destined for the virtual network interface 70 is transmitted.

  First, this ARP request is received by the physical network interface 30. Here, since the destination of this ARP request is not the physical network interface 30 but the virtual network interface 70, the VMM 20 normally passes this ARP request to the virtual network interface 70. Then, the guest OS 60 processes the passed data.

  In contrast, in FIG. 26, the VMM 20 does not pass the ARP request destined for the virtual network interface 70 to the virtual network interface 70, but generates and transmits an ARP reply for the ARP request. As a result, the VMM 20 functions as an ARP proxy.

  In order to realize such processing, the VMM 20 grasps the IP address and MAC address of the virtual network interface 70 in advance.

  Further, based on the same principle, a configuration in which “the VMM 20 processes an NS message destined for the virtual network interface 70 instead of the guest OS 60 and transmits an NA message” can be realized.

<Estimation by the estimation unit 2040>
Usually, the network interface 120 that is the transmission destination of transmission data and the network interface 120 that is the transmission source of reception data are the same network interface. However, when the transmission unit 2060 transmits transmission data to the virtual network interface 70 in the assumed environment described above, the response data received by the reception unit 2020 indicates a transmission source different from the transmission destination of the transmission data. For example, in the case of FIG. 26, the transmission source of the response data is the physical network interface 30, and the transmission destination of the transmission data is the virtual network interface 70. This is because a response to data destined for the virtual network interface 70 is performed by the VMM 20 instead of the guest OS 60.

  Therefore, the estimation unit 2040 according to the present embodiment performs estimation based on the difference between the network interface 120 that is the transmission destination of the transmission data and the network interface 120 that is the transmission source of the reception data. For example, when the network interface 120 that is the transmission destination of transmission data is different from the network interface 120 that is the transmission source of response data for the transmission data, the estimation unit 2040 is the physical network interface. Estimated. In this case, the estimation unit 2040 may estimate that the network interface that is the transmission destination of the transmission data is a virtual network interface.

  The transmission destination of transmission data and the transmission source of received data can be specified by the IP address and MAC address indicated by the header of each data. For example, the network interface 120 of the transmission data destination can be specified by the destination IP address or the destination MAC address indicated by the header of the transmission data. The network interface 120 that is the transmission source of the received data can be specified by the transmission source IP address or the transmission source MAC address indicated by the header of the reception data. Therefore, the estimation unit 2040 determines the difference between the network interface 120 that is the transmission destination of the transmission data and the network interface 120 that is the transmission source of the reception data, using the above-described information indicated by the headers of the transmission data and the reception data.

<Processing flow 1>
FIG. 27 is a flowchart illustrating the flow of processing executed by the information processing apparatus 2000 according to the sixth embodiment. In FIG. 27, a transmission destination of transmission data is denoted as a network interface X.

  The transmission unit 2060 transmits the transmission data to the network interface X (S802). The receiving unit 2020 receives the response data (S804). The estimation unit 2040 determines whether or not the transmission source of the response data is the network interface X (S806). When the transmission source of the response data is not the network interface X (S806: NO), the processing in FIG. 27 ends. On the other hand, when the transmission source of the response data is the network interface X (S808: YES), the process of FIG. 27 proceeds to S808.

  The estimation unit 2040 estimates that the network interface that is the transmission source of the received data is a physical network interface (S808). It is estimated that the network interface X is a virtual network interface (S810).

<Building an environment where the number of physical network interfaces is limited to one>
Similar to the information processing apparatus 2000 of the third embodiment, the information processing apparatus 2000 of the sixth embodiment may perform estimation after building an environment in which the number of physical network interfaces is limited to one.

<Hardware configuration>
For example, the hardware configuration of the information processing apparatus 2000 according to the sixth embodiment is illustrated in FIG. 4 as with the information processing apparatus 2000 according to the first embodiment. In the present embodiment, each program module stored in the storage 1080 described above further includes a program that realizes each function described in the present embodiment. The storage 1080 further stores a program module that implements the transmission unit 2060. The processor 1040 implements the function of the transmission unit 2060 by executing this program module.

<Action and effect>
According to the present embodiment, it is possible to estimate whether the network interface 120 is a physical network interface or a virtual network interface in an environment where the physical network interface functions as a proxy for the virtual network interface. Therefore, even in a special environment as described above, it is possible to estimate whether the network interface 120 is a physical network interface or a virtual network interface by using the characteristics of such an environment.

[Embodiment 7]
FIG. 28 is a block diagram illustrating an information processing apparatus 2000 according to the seventh embodiment. In FIG. 28, each block represents a functional unit configuration, not a hardware unit configuration.

  The information processing apparatus 2000 according to the seventh embodiment includes a second determination unit 2120. The second determination unit 2120 according to the seventh embodiment uses the data received by the reception unit 2020 from each of the plurality of network interfaces 120 to determine whether a plurality of IPv4 addresses are associated with one MAC address, or 1 Judge whether multiple IPv6 addresses of the same scope are associated with one MAC address. The estimation unit 2040 then associates a plurality of IPv4 addresses with a single MAC address, or a plurality of IPv6 addresses with the same scope associated with a single MAC address. It is estimated that the network interface 120 having the physical network interface 120 is a physical network interface.

  Here, that the MAC address is associated with the IP address means that the IP address is assigned to the network interface having the MAC address.

<About IP address>
First, general IPv4 addresses and IPv6 addresses assigned to network interfaces will be described.

<< About IPv6 address >>
In IPv6, multiple IPv6 addresses with different scopes can be assigned to one network interface. The scope of an IPv6 address is the range within which the IPv6 address is valid. There are global addresses, ULA (Unique Local IPv6 Unicast Address), and link local addresses as IPv6 addresses with different scopes.

  Normally, however, multiple IPv6 addresses with the same scope are not assigned to a network interface. For example, two global addresses are not assigned to a certain network interface.

<< About IPv4 Address >>
IPv4 has no concept of scope in IPv6. Therefore, one IPv4 address is usually assigned to one network interface.

  From the above, normally, a single MAC address is not associated with a plurality of IPv4 addresses or a plurality of IPv6 addresses of the same scope.

<Focusing network environment>
In a virtual environment or an emulation environment, there may be a configuration in which “a plurality of IPv4 addresses or a plurality of IPv6 addresses of the same scope are associated with one MAC address”. FIG. 29 is a diagram illustrating a configuration in which a plurality of IPv4 addresses are associated with one MAC address in a virtual environment.

  In FIG. 29, the same MAC address as that of the physical network interface 30 is assigned to the virtual network interface 70. On the other hand, the IPv4 address assigned to the virtual network interface 70 is different from the IPv4 address assigned to the physical network interface 30. Therefore, multiple IPV4 addresses are associated with one MAC address.

  The VMM 20 determines which network interface is the data received by the physical network interface 30 using the destination IPv4 address of the data. Therefore, the VMM 20 grasps in advance the IPv4 addresses of the physical network interface 30 and the virtual network interface 70.

  Note that a plurality of IPv6 addresses of the same scope can be associated with one MAC address by the same configuration as in FIG. Specifically, the virtual network interface 70 has the same MAC address as the physical network interface 30, and the virtual network interface 70 and the physical network interface 30 are assigned different IPv6 addresses of the same scope.

  In addition to a virtual environment, a similar network configuration can be constructed in an emulation environment.

  Therefore, when a plurality of IPv4 addresses or a plurality of IPv6 addresses of the same scope are associated with one MAC address, it can be estimated that the above-described virtualization environment and emulation environment are constructed. In this case, a MAC address associated with a plurality of IPv4 addresses or a plurality of IPv6 addresses of the same scope can be estimated as the MAC address of the physical network interface 30.

  Therefore, the estimation unit 2040 grasps the correspondence between the MAC address and the IP address based on the data received from each network interface 120. Then, when a plurality of IPv4 addresses or a plurality of IPv6 addresses of the same scope are associated with one MAC address, the estimation unit 2040 estimates that the network interface 120 having the MAC address is a physical network interface. To do. This is because the MAC address associated with a plurality of IP addresses is the MAC address of the physical network interface as described with reference to FIG.

  For example, the second determination unit 2120 extracts the transmission source MAC address and the transmission source IP address of the data received by the reception unit 2020 from each network interface 120 and associates them. The second determination unit 2120 extracts associations indicating the same MAC address from a plurality of associations generated based on the data received from each network interface 120. Then, the second determination unit 2120 indicates that when a plurality of associations indicating the same MAC address indicate different IPv4 addresses or different IPv6 addresses of the same scope, It is determined that multiple IPv6 addresses with the same scope are associated.

<Process flow>
FIG. 30 is a flowchart illustrating the flow of processing executed by the information processing apparatus 2000 according to the seventh embodiment.

  The receiving unit 2020 receives data from the plurality of network interfaces 120 (S902). The second determination unit 2120 generates a correspondence between the transmission source MAC address and the transmission source IPv4 address for each received data (S904). The second determination unit 2120 uses the generated association to determine whether there is a MAC address associated with a plurality of IPv4 addresses (S906). If there is no MAC address associated with a plurality of IPv4 addresses (S906: NO), the processing in FIG. 30 ends. On the other hand, if there is a MAC address associated with a plurality of IPv4 addresses (S906: YES), the processing in FIG. 30 proceeds to S908.

  The estimation unit 2040 estimates that the network interface 120 having a MAC address associated with a plurality of IPv4 addresses is a physical network interface (S908).

  Note that FIG. 30 illustrates the case where the IP address is an IPv4 address. The flow of processing when the IP address is an IPv6 address is the same as the flow shown in FIG. However, in step S906, the second determination unit 2120 determines whether there are a plurality of MAC addresses associated with IPv6 addresses of the same scope. In S908, the estimation unit 2040 estimates that the network interface 120 having a plurality of MAC addresses associated with a plurality of IPv6 addresses of the same scope is a physical network interface.

<Building an environment where the number of physical network interfaces is limited to one>
Similar to the information processing apparatus 2000 of the third embodiment, the information processing apparatus 2000 of the seventh embodiment may perform estimation after building an environment in which the number of physical network interfaces is limited to one.

<Hardware configuration>
For example, the hardware configuration of the information processing apparatus 2000 according to the seventh embodiment is represented in FIG. 4 as with the information processing apparatus 2000 according to the first embodiment. In the present embodiment, each program module stored in the storage 1080 described above further includes a program that realizes each function described in the present embodiment. The storage 1080 further stores a program module that implements the second determination unit 2120. The processor 1040 implements the function of the second determination unit 2120 by executing this program module.

<Action and effect>
According to the present embodiment, in an environment in which the same MAC address as that of the physical network interface is assigned to the virtual network interface, the network interface 120 uses either the physical network interface or the virtual network interface by utilizing the characteristics of the environment. Can be estimated.

[Embodiment 8]
An information processing apparatus 2000 according to the eighth embodiment is illustrated in FIG. 1 in the same manner as the information processing apparatus 2000 according to the first embodiment.

  The receiving unit 2020 according to the eighth embodiment acquires interface information or machine information from the network interface 120. The interface information received from a certain network interface 120 indicates information regarding the network interface 120. The machine information received from a network interface 120 indicates information related to the machine having the network interface 120. Here, a machine having a physical network interface is a physical machine, and a machine having a virtual network interface is a machine (such as a virtual machine or an emulated machine) realized by software.

  The estimation unit 2040 according to the eighth embodiment performs estimation using interface information or machine information. Details will be described below.

<Estimation based on the name of the network interface 120>
In general, there are various types of physical network interfaces that a physical machine has. For example, the physical network interface mounted on the physical machine differs for each physical machine manufacturer. Further, when a new physical network interface is developed, the new physical network interface comes to be mounted on a physical machine sold thereafter.

  On the other hand, the types of virtual network interfaces generated by VMM and emulator are limited. For example, the virtual network interface of each VM generated by the same type of VMM is often a reproduction of the same type of physical network interface. In general, a virtual network interface generated by a VMM or an emulator often reproduces a type of physical network interface that is older than the physical network interface installed in the physical machine.

  From the above, the name and characteristics of the network interface are often different between the virtual network interface and the physical network interface.

  Therefore, the estimation unit 2040 estimates whether the network interface 120 is a virtual network interface or a physical network interface based on the interface information of the network interface 120.

  For example, the estimation unit 2040 performs estimation based on the name of the network interface 120. For example, the estimation unit 2040 acquires a list of names that can be virtual network interfaces. Then, the estimation unit 2040 determines whether or not the name of the network interface 120 indicated by the interface information of the network interface 120 is included in the acquired list. Then, when the name of the network interface 120 is included in the list, the estimation unit 2040 estimates that the network interface 120 is a virtual network interface.

  Note that the method by which the estimation unit 2040 acquires a list of names that can be virtual network interfaces is the same as the method by which the estimation unit 2040 of the second embodiment acquires a list of OUIs of a virtual network interface, for example.

  Note that the estimation method using the name of the network interface 120 is not limited to the above example. For example, it is assumed that machine information received from a certain network interface 120 indicates information on the network interface 120 managed by an OS or VMM running on a machine having the network interface 120. For example, in the environment of FIG. 2, the machine information received from the physical network interface 30 indicates information on the physical network interface 30 managed by the VMM 20 and information on the NAT interface 40. Here, the NAT interface 40 is a virtual network interface generated by the VMM 20. In general, the name of the NAT interface 40 is often a characteristic name so that it can be understood that it is not a physical network interface but a virtual network interface for NAT.

  Accordingly, the estimation unit 2040 is a list that represents the characteristics (such as words that are likely to be used) of the names of virtual network interfaces (such as the NAT interface 40) that the VMM 20 generates in order to construct the network environment in the physical machine 10. Estimate using. Specifically, the estimation unit 2040 determines whether there is a name that matches the feature indicated by the list among the names of the network interfaces indicated by the machine information acquired from the network interface 120. If there is a network interface with a name that matches the above characteristics, the estimation unit 2040 estimates that the network interface 120 from which the machine information is acquired is a physical network interface. For example, if there is a name that is considered to be the name of a NAT interface among the names of the interfaces indicated by the machine information, the network interface 120 that transmitted the machine information is the physical network interface 30 managed by the VMM 20. It can be estimated that there is.

<Estimation using host name>
The machine information includes information on the hardware configuration of the machine and information on software such as an OS running on the machine. Here, the software running on the physical machine is VMM or an emulator, and the software running on the virtual machine or emulated machine is a guest OS.

  For example, machine information indicates the host name assigned to the OS running on the machine. The host name can be assigned automatically by the DNS server or manually. However, even if it is assigned automatically by the DNS server, the person who sets the "what name to assign" is generally a person. Thus, in general, a host name is something that a person thinks.

  For example, a person gives a VM or an emulated machine a host name that makes it easy to know that the machine is not a physical machine but a VM, or the physical machine host name (physical In many cases, a host name related to the OS or VMM running on the machine is given. This is because there are advantages such as easy machine management. For example, if the host name of the physical machine is user1, the person sets the VM host name to user1_vm.

  Therefore, the estimation unit 2040 performs estimation based on the host name indicated by the machine information acquired from the network interface 120. For example, when the host name indicated by the machine information acquired from a certain network interface 120 includes a predetermined character string related to virtualization or emulation, the estimation unit 2040 is the virtual machine network interface. Estimated. Here, the predetermined character string related to virtualization or emulation is, for example, vm, emu (abbreviation of emulation), guest, or child.

  Further, for example, when the host name indicated by the machine information acquired from a certain network interface 120 includes a predetermined character string reminiscent of a physical machine, the estimation unit 2040 determines that the network interface 120 is a physical machine network. Presumed to be an interface. Here, the predetermined character string reminiscent of a physical machine is, for example, vmm, phy (abbreviation of physical), real, or parent.

  Each predetermined character string described above may be set in advance in the estimation unit 2040, or may be stored in a storage unit inside or outside the information processing apparatus 2000. In the latter case, the estimation unit 2040 acquires the predetermined character string from the storage unit when performing estimation.

<Acquisition method of interface information and machine information>
There are various methods by which the receiving unit 2020 acquires interface information and machine information. For example, the receiving unit 2020 transmits a request to each network interface 120 and acquires interface information and machine information as a response to the request. For example, the receiving unit 2020 acquires such information using SNMP (Simple Network Management Protocol). In this case, the VMM and guest OS run an SNMP server application that manages network interface information. Then, the information processing apparatus 2000 acquires information such as the name of the network interface managed by the SNMP server by transmitting a request to the SNMP server application. However, the application that provides the interface information and the like is not limited to the SNMP server application.

  Similarly, the reception unit 2020 may acquire interface information and machine information using NIQ (Node Information Query).

  The receiving unit 2020 may receive data that is spontaneously transmitted by each network interface 120. For example, when sharing a file between machines, each machine broadcasts or multicasts a host name or the like. In such a case, interface information and machine information are spontaneously transmitted from each network interface 120. Therefore, the receiving unit 2020 receives interface information and machine information flowing on the network 130 in this way.

<Process flow>
FIG. 31 is a flowchart illustrating the flow of processing executed by the information processing apparatus 2000 according to the eighth embodiment. In FIG. 31, a transmission destination of transmission data is denoted as a network interface X.

  The receiving unit 2020 receives interface information or machine information from the network interface X (S1002). The estimation unit 2040 estimates whether the network interface X is a physical network interface or a virtual network interface based on the received interface information or machine information.

<Building an environment where the number of physical network interfaces is limited to one>
Similarly to the information processing apparatus 2000 of the third embodiment, the information processing apparatus 2000 of the eighth embodiment may perform estimation after building an environment in which the number of physical network interfaces is limited to one.

<Hardware configuration>
For example, the hardware configuration of the information processing apparatus 2000 according to the eighth embodiment is illustrated in FIG. 2 as with the information processing apparatus 2000 according to the first embodiment. In the present embodiment, each program module stored in the storage 1080 described above further includes a program that realizes each function described in the present embodiment.

<Action and effect>
According to the present embodiment, it can be estimated whether the network interface 120 is a physical network interface or a virtual network interface based on information acquired from an OS, VMM, or the like that operates using the network interface 120. According to this method, the information processing apparatus 2000 can obtain more information than information (such as a transmission source IP address) included in the header of the data, so that the estimation accuracy by the estimation unit 2040 is increased.

[Embodiment 9]
The information processing apparatus 2000 according to the ninth embodiment has a configuration in which any two or more of the second to eighth embodiments are combined.

  The estimation unit 2040 of the ninth embodiment performs estimation using any two or more of the estimation methods described in the second to eighth embodiments. Furthermore, the estimation unit 2040 generates a comprehensive estimation result using two or more estimation results.

  For example, when the estimation unit 2040 of the ninth embodiment estimates that “the network interface X is a physical network interface” by a predetermined number of estimation methods or more, the overall estimation “the network interface X is a physical network interface” is performed. Generate estimation results. Similarly, when the estimation unit 2040 estimates that “the network interface X is a virtual network interface” by an estimation method of a predetermined number or more, the estimation unit 2040 gives a comprehensive estimation result that “the network interface X is a virtual network interface”. Generate. This predetermined number may be set in the estimation unit 2040 in advance, or may be stored in a storage unit inside or outside the information processing apparatus 2000. In the latter case, the estimation unit 2040 acquires the predetermined value from the storage unit when performing estimation.

For example, the estimation unit 2040 may calculate a weighted sum of the estimation results obtained by the respective estimation methods, and generate a comprehensive estimation result based on the calculation results. Formula (1) is an example of a formula for calculating a weighted sum of estimation results obtained by the respective estimation methods. i is an ID assigned to the estimation method. wi is a weight given to the estimation result of the estimation method i. ri is an estimation result of the estimation method i. For example, ri indicates 1 when the estimation result of the estimation method i is “the network interface 120 is a physical network interface”, and indicates −1 when “the network interface 120 is a virtual network interface”.

  There are various ways to use the weighted sum S. For example, when the value of the weighted sum S is larger than 0, the estimation unit 2040 generates a comprehensive estimation result that “the network interface 120 is a physical network interface”. On the other hand, when the value of the weighted sum S is less than 0, the estimation unit 2040 generates a comprehensive estimation result that “the network interface 120 is a virtual network interface”. Furthermore, when the value of the weighted sum S is 0, the estimation unit 2040 generates a comprehensive estimation result “unestimated”.

  In addition, when the number of physical network interfaces is known, the estimation unit 2040 estimates whether each network interface 120 is a physical network interface or a virtual network interface using the order of the weighted sum S of each network interface 120. May be. For example, when it is known that there is one physical network interface, the estimation unit 2040 determines that “the network interface 120 having the largest weighted sum S is a physical network interface, and the other network interfaces 120 are virtual network interfaces. ”Is generated.

  Note that the number of physical network interfaces can be limited to one by the method using the port VLAN described in the third embodiment.

<Action and effect>
Since the information processing apparatus 2000 according to the present embodiment performs comprehensive estimation based on estimation results obtained by a plurality of estimation methods, the information processing device 2000 can perform estimation with higher accuracy than when only one estimation method is used.

[Embodiment 10]
FIG. 32 is a block diagram illustrating an information processing apparatus 2000 according to the tenth embodiment. In FIG. 32, each block represents a functional unit configuration, not a hardware unit configuration.

  The information processing apparatus 2000 according to the tenth embodiment includes an association unit 2140. The associating unit 2140 according to the tenth embodiment associates a physical network interface with a virtual network interface that operates using the physical network interface. The association performed by the association unit 2140 is “association between a physical machine and a virtualized or emulated machine operating on the physical machine (eg, association between a physical machine and a VM)”. Or “association between VMM or emulator running on a physical machine and a virtualized or emulated machine running on that physical machine (eg, mapping between VMM and guest OS)” .

  In the tenth embodiment, the estimation unit 2040 constructs an environment in which the number of physical network interfaces is limited to one, and then performs estimation regarding each network interface. Then, the association unit 2140 associates the physical network interface estimated under this environment with the virtual network interface. This is because, since the number of physical network interfaces is limited to one, each virtual network interface is a virtual network interface that always operates using this physical network interface. Note that the method for constructing an environment in which the number of physical network interfaces is limited to one is as described in the third embodiment.

  There are various methods for representing the association between the network interfaces 120. For example, the associating unit 2140 associates the MAC address or IP address of the physical network interface with the MAC address or IP address of the virtual network interface. Further, the associating unit 2140 according to the tenth embodiment may associate the host name or UUID of a physical machine having a physical network interface with the host name or UUID of a VM or the like having a virtual network interface. Note that the associating unit 2140 uses the machine information described in the eighth embodiment to grasp the physical machine and the host name of the VM.

  FIG. 33 is a diagram illustrating the association generated by the association unit 2140. FIG. 33A shows a table in which the MAC address of the physical network interface is associated with the MAC address of the virtual network interface. From this table, for example, `` A VM with a virtual network interface with MAC address BB: BB: BB: BB and a VM with a virtual network interface with MAC address CC: CC: CC: CC have a MAC address of AA It runs on a physical machine with a physical network interface that is: AA: AA: AA. "

  On the other hand, FIG. 33B shows a table in which the host name of the physical machine is associated with the host name of the virtual machine. From this table, for example, it can be seen that “the VM with the host name hostB and the VM with the host name hostC are operating on the physical machine with the host name hostA”.

<Action and effect>
According to the information processing apparatus 2000 of this embodiment, the physical network interface and the virtual network interface are associated (association between a physical machine and a VM). As a result, the administrator of the network 130 and the device managing the network 130 can easily grasp the correspondence relationship (subordinate relationship) between the network interface 120 and the machine existing in the network 130. Therefore, an administrator of the network 130 can manage the network 130 more appropriately.

  As mentioned above, although embodiment of this invention was described with reference to drawings, these are the illustrations of this invention, Various structures other than the above are also employable.

Hereinafter, examples of the reference form will be added.
1. Receiving means for receiving data;
Using the received data, an estimation means for estimating whether a network interface of a transmission source of the data is a physical network interface or a virtual network interface;
An information processing apparatus.
2. The estimation means performs the estimation using an OUI (Organizationally Unique Identifier) included in the layer 2 address of the network interface of the transmission source indicated by the data. The information processing apparatus described in 1.
3. Having transmission means for transmitting transmission data to each of a plurality of network interfaces;
The receiving means receives response data for the transmission data from each of the network interfaces,
The estimation means performs the estimation using a time from when the transmission data is transmitted until the response data is received. The information processing apparatus described in 1.
4). The transmission means transmits a plurality of the transmission data to each of the network interfaces,
The receiving means receives the response data for each of a plurality of the transmission data from each of the network interfaces,
2. The estimation means calculates a statistical value of the time magnitude or a statistical value of the variation in time for each of the network interfaces, and performs the estimation using the calculated statistical value. The information processing apparatus described in 1.
5. Using the data, the detection means for detecting that the network interface is ready to send and receive data,
The estimation means estimates that the network interface that is earliest when data can be transmitted and received is a physical network interface. The information processing apparatus described in 1.
6). Determination means for determining whether the network interface is in a state where data can be transmitted and received, using the history of the received data;
The estimating means is in a state where the first network interface cannot transmit and receive data, and a second network interface different from the first network interface is in a state where data can be transmitted and received. Estimating that the first network interface is a virtual network interface; The information processing apparatus described in 1.
7). A transmission means for transmitting transmission data to the network interface;
The receiving means receives response data for the transmission data;
The estimation means is configured such that when the network interface of the transmission data is different from the network interface of the transmission source of response data to the transmission data, the network interface of the transmission data is a virtual network interface. 1. Estimate or estimate that the network interface from which the response data is received is a physical network interface The information processing apparatus described in 1.
8). The transmission data is an ARP (Address Resolution Protocol) request or NS (Neighbor Solicitation) message,
The response data for an ARP request is an ARP reply,
Response data for NS message is NA (Neighbor Advertisement) message7. The information processing apparatus described in 1.
9. The receiving means receives data from a plurality of the network interfaces,
Whether multiple IPv4 (Internet Protocol version 4) addresses are associated with one layer 2 address using data received from each of the plurality of network interfaces, or the same for one layer 2 address A determination means for determining whether or not a plurality of scope IPv6 (IP version 6) addresses are associated;
The estimation means determines that when a plurality of IPv4 addresses are associated with one layer 2 address, or when a plurality of IPv6 addresses of the same scope are associated with one layer 2 address, the layer 2 Estimate that the network interface with the address is a physical network interface. The information processing apparatus described in 1.
10. The data received from the network interface indicates information about the network interface or information about a machine operating the network interface,
The estimation means performs the estimation on the network interface using information on the network interface or information on a machine operating the network interface. The information processing apparatus described in 1.
11. The estimation means performs the estimation for the network interface using the name of the network interface or the host name assigned to the machine operating using the network interface. The information processing apparatus described in 1.
12 1. having association means for associating a network interface estimated to be a physical network interface with a network interface estimated to be a virtual network interface; Thru | or 11 the information processing apparatus.
13. Computer. To 12. A program for operating as the information processing apparatus according to any one of the above.
14 A control method executed by a computer,
A receiving step for receiving data;
Using the received data, an estimation step for estimating whether a network interface of a transmission source of the data is a physical network interface or a virtual network interface;
A control method.
15. 13. The estimation step performs the estimation using an OUI (Organizationally Unique Identifier) included in the layer 2 address of the network interface of the transmission source indicated by the data. The control method described in 1.
16. A transmission step of transmitting transmission data to each of a plurality of network interfaces;
The receiving step receives response data for the transmission data from each of the network interfaces,
13. The estimation step performs the estimation using a time from when the transmission data is transmitted until the response data is received. The control method described in 1.
17. The transmission step transmits a plurality of the transmission data to each of the network interfaces,
The receiving step receives the response data for each of a plurality of transmission data from each of the network interfaces,
The estimation step calculates a statistical value of the time magnitude or a statistical value of the variation in time for each of the network interfaces, and performs the estimation using the calculated statistical value. The control method described in 1.
18. Using the data, and detecting that the network interface is ready to send and receive data;
13. the estimation step estimates that the network interface that is earliest when data transmission / reception is enabled is a physical network interface; The control method described in 1.
19. Using the history of the received data, and determining whether the network interface is in a state where data can be transmitted and received,
The estimating step is a state in which the first network interface cannot transmit and receive data, and a second network interface different from the first network interface is in a state in which data can be transmitted and received. 14. presuming that the first network interface is a virtual network interface; The control method described in 1.
20. A transmission step of transmitting transmission data to the network interface;
The reception step receives response data for the transmission data,
In the estimation step, when the network interface of the transmission data is different from the network interface of the transmission source of response data to the transmission data, the network interface of the transmission data is a virtual network interface. 13. Estimate or estimate that the network interface from which the response data is received is a physical network interface The control method described in 1.
21. The transmission data is an ARP (Address Resolution Protocol) request or NS (Neighbor Solicitation) message,
The response data for an ARP request is an ARP reply,
Response data for NS message is NA (Neighbor Advertisement) message20. The control method described in 1.
22. The receiving step receives data from a plurality of the network interfaces,
Whether multiple IPv4 (Internet Protocol version 4) addresses are associated with one layer 2 address using data received from each of the plurality of network interfaces, or the same for one layer 2 address A determination step for determining whether or not a plurality of IPv6 (IP version 6) addresses of the scope are associated;
In the estimation step, when a plurality of IPv4 addresses are associated with one layer 2 address, or when a plurality of IPv6 addresses of the same scope are associated with one layer 2 address, the layer 2 14. Estimate that the network interface with the address is a physical network interface; The control method described in 1.
23. The data received from the network interface indicates information about the network interface or information about a machine operating the network interface,
13. the estimation step performs the estimation for the network interface using information about the network interface or information about a machine operating the network interface; The control method described in 1.
24. The estimating step performs the estimation for the network interface using a name of the network interface or a host name assigned to a machine operating using the network interface; 23. The control method described in 1.
25. 13. an association step of associating a network interface estimated to be a physical network interface with a network interface estimated to be a virtual network interface; The control method of thru | or 24.

10 Physical machine 20 VMM
30 Physical network interface 40 NAT interface 50 VM
60 guest OS
70 Virtual network interface 80 Virtual bridge 90 Virtual router 100 Physical network 110 Virtual network 120 Network interface 130 Network 200 List 1020 Bus 1040 Processor 1060 Memory 1080 Storage 1100 Input / output interface 1120 Network interface 2000 Information processing device 2020 Receiving unit 2040 Estimating unit 2060 Transmission Unit 2080 detection unit 2100 determination unit 2120 second determination unit 2140 association unit

Claims (14)

Receiving means for receiving data;
Using the received data, an estimation means for estimating whether a network interface of a transmission source of the data is a physical network interface or a virtual network interface;
An information processing apparatus.   The information processing apparatus according to claim 1, wherein the estimation unit performs the estimation using an OUI (Organizationally Unique Identifier) included in a layer 2 address of a transmission source network interface indicated by the data. Having transmission means for transmitting transmission data to each of a plurality of network interfaces;
The receiving means receives response data for the transmission data from each of the network interfaces,
The information processing apparatus according to claim 1, wherein the estimation unit performs the estimation using a time from when the transmission data is transmitted until the response data is received. The transmission means transmits a plurality of the transmission data to each of the network interfaces,
The receiving means receives the response data for each of a plurality of the transmission data from each of the network interfaces,
The information according to claim 3, wherein the estimation unit calculates a statistical value of the time magnitude or a statistical value of the variation in time for each of the network interfaces, and performs the estimation using the calculated statistical value. Processing equipment. Using the data, the detection means for detecting that the network interface is ready to send and receive data,
The information processing apparatus according to claim 1, wherein the estimation unit estimates that the network interface that is earliest when the data can be transmitted and received is a physical network interface. Determination means for determining whether the network interface is in a state where data can be transmitted and received, using the history of the received data;
The estimating means is in a state where the first network interface cannot transmit and receive data, and a second network interface different from the first network interface is in a state where data can be transmitted and received. The information processing apparatus according to claim 1, wherein the first network interface is estimated to be a virtual network interface. A transmission means for transmitting transmission data to the network interface;
The receiving means receives response data for the transmission data;
The estimation means is configured such that when the network interface of the transmission data is different from the network interface of the transmission source of response data to the transmission data, the network interface of the transmission data is a virtual network interface. The information processing apparatus according to claim 1, wherein the information processing apparatus estimates or estimates that a network interface that receives the response data is a physical network interface. The transmission data is an ARP (Address Resolution Protocol) request or NS (Neighbor Solicitation) message,
The response data for an ARP request is an ARP reply,
The information processing apparatus according to claim 7, wherein the response data to the NS message is an NA (Neighbor Advertisement) message. The receiving means receives data from a plurality of the network interfaces,
Whether multiple IPv4 (Internet Protocol version 4) addresses are associated with one layer 2 address using data received from each of the plurality of network interfaces, or the same for one layer 2 address A determination means for determining whether or not a plurality of scope IPv6 (IP version 6) addresses are associated;
The estimation means determines that when a plurality of IPv4 addresses are associated with one layer 2 address, or when a plurality of IPv6 addresses of the same scope are associated with one layer 2 address, the layer 2 The information processing apparatus according to claim 1, wherein the network interface having an address is estimated to be a physical network interface. The data received from the network interface indicates information about the network interface or information about a machine operating the network interface,
The information processing apparatus according to claim 1, wherein the estimation unit performs the estimation for the network interface using information about the network interface or information about a machine that operates the network interface.   11. The information processing according to claim 10, wherein the estimation means performs the estimation for the network interface using a name of the network interface or a host name assigned to a machine operating using the network interface. apparatus.   The information processing apparatus according to claim 1, further comprising an association unit configured to associate a network interface estimated to be a physical network interface with a network interface estimated to be a virtual network interface.   A program that causes a computer to operate as the information processing apparatus according to any one of claims 1 to 12. A control method executed by a computer,
A receiving step for receiving data;
Using the received data, an estimation step for estimating whether a network interface of a transmission source of the data is a physical network interface or a virtual network interface;
A control method.

Images