LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL

2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

1. Give me your detailed argumentation regarding below problems :(5 points)

(a) Why does POSIX standardize library procedures instead of the
system-call interface ? As we may know that the POSIX interface
defines a set of library procedure.
(b) Why does Linux distinguish between standard output and standard
error, when both standard default to the terminal ?
(c) Why are process groups provided in Unix FreeBSD ?
(d) Why is the scatter-gather I/O useful in Unix FreeBSD ?

Jawab :
a) Portable Operating System Interface for Unix – IEEE standard for
system interface Standardization process began circa 1985 –
necessary for system interoperability atau diperlukan untuk
interoperabilitas sistem
b) The purpose of the standard error stream is to separate error
messages from regular output. This is important in contexts such as
shell scripts, where the standard output might be sent to a pipe or to
a file. That redirection leaves standard error still going to a different
place — usually the terminal.
c) Karena process groups adalah kumpulan proses terkait, seperti shell
pipeline, yang semuanya telah diberi pengidentifikasi process group yang
sama. Pengidentifikasi process group sama dengan PID dari anggota awal
process group, dengan demikian pengidentifikasi process group berbagi
ruang nama pengidentifikasi proses. Ketika process group baru dibuat,
kernel mengalokasikan struktur process group untuk diasosiasikan
dengannya. Struktur process group ini dimasukkan ke dalam tabel hash
grup proses sehingga dapat ditemukan dengan cepat.
d) Scatter/gather I/O. Memungkinkan single call untuk membaca atau
menulis data ke many buffers sekaligus, berguna untuk menggabungkan
fields of different data structures ke form one I/O transaction

2. A mouse can have one, two or three buttons along with its scroll wheel.
All of them are in use. Does the hardware abstraction layer hide this
difference from the rest of the operating system ? Why or why not ?(3 points)
Jawab :
hardware abstraction adalah seperangkat rutinitas perangkat lunak yang
memungkinkan program untuk mengakses sumber daya perangkat keras melalui
antarmuka pemrograman. Antarmuka pemrograman memungkinkan Anda untuk
mengakses semua perangkat perangkat keras kelas C tertentu melalui antarmuka
yang sama, tetapi C berisi subkelas perangkat yang berbeda, masing-masing
menyediakan antarmuka perangkat keras yang berbeda.
Dengan kata lain, lapisan Hardware Abstraction Layer (HAL) menyembunyikan

Page 1 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

perbedaan perangkat keras dari sistem operasi sehingga kode yang seragam
dapat digunakan untuk semua perangkat keras. Semua perangkat keras terlihat
sama di sistem operasi karena "melihat" perangkat keras melalui the filtered
glasses of the HAL.

3. The implementation of mutexes within the eCos kernel does not support recursive
locks. If a thread has locked a mutex and then attempts to lock the mutex again,
typically as a result of some recursive call in a complicated call graph, then either
an assertion failure will be reported or the thread will deadlock. Give me your
suggestion and your reason for this eCos policy ! (5 points)
Jawab :
This behaviour is delibrate when a thread has just locked a mutex associated with
some data structure it can assume that the data structure is in consistent state.
• Before unlocking the mutex again it must ensure that the data structure is
again in a consistent state
• Recursive mutex allow a thread to make arbitrary changes to a data
structure then in a recursive call lock the mutex again while the data
structure is still inconsistent.
• The net result is that code can no longer make any assumptions about data
structure consistency which defeat the purpose of using mutexes.

4. Operating systems often do naming at two different levels: external and internal.
What are the differences between these names with respect to : (1) Uniqueness ?
(2) Hierarchies ? (4 points)
Jawab :
1. Uniqueness = The names of the internal variables are unique while the
names of the external variables may be different. For example. in the UNIX
system. the same object can be pointed by two different names.
2. Hierarchies = The internal names are stored in the tables. Thus, a common
name space is used by internal names. On the other hand, an external name
uses a hierarchy.

5. Modern applications must save their state to disk every time the user switches
away from the application. This seems inefficient, as users may switch back to an
application many times and the application simply resumes running. Why does
the operating system require applications to save their state so often rather than
just giving them a chance at the point the application is actually going to be
terminated ? (3 points)
Jawab :
Sebuah program yang mengatur alokasi sumber daya komputer, terutama

Page 2 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

sumber daya ini di antara program-program lainnya. Sumber daya umum

termasuk central processing unit (CPU), memori komputer, penyimpanan file,
perangkat input / output (I / O), dan koneksi jaringan. Tugas manajemen
termasuk penjadwalan penggunaan sumber daya untuk menghindari konflik dan
gangguan antar program. Tidak seperti kebanyakan program, yang
menyelesaikan tugas dan mengakhiri, sistem operasi berjalan tanpa batas dan
berakhir hanya ketika komputer dimatikan.
6. What are the roles of compression and encryption in the operation of a computer
virus ? (5 points)
Jawab :
Compression : The virus compresses the file it want to infect by the size of
the virus. After the virus is preprended to the compressed file the file size of
the infected file is exactly the same as the original file
Encryption : A portion of the virus creates a random encryption key and
encrypts the remainder of the virus. The key is stored with the virus. When an
infected program is invoked, the virus uses the stored random key to decrypt
the virus. When virus replicates, a different random key is selected. Because
the bulk of the virus is encrypted with a different key for each instance, there
is no constant bit pattern to observe.
7. In the traditional Unix file access model, Unix systems provide a default setting
for newly created files and directories, which the owner may later change. The
default is typically full access for the owner combined with one of the following:
no access for group and other, read/execute access for group and none for other,
or read/execute access for both group and other. Give me the advantages and
disadvantages of each of these cases, including an example of a type of
organization where each would be appropriate ! (6 points)
Jawab :
Sistem keamanan file Unix dapat mencegah pengguna yang tidak berwenang
membaca atau mengubah file. Setiap file dan direktori memiliki izin khusus yang
terkait dengannya, memberikan berbagai kategori izin tertentu kepada pengguna
untuk melihat atau mengubah file, dan untuk menjalankan file yang dapat
dieksekusi.
Read, write and execute permissions ditetapkan untuk direktori serta file.Read
permission berarti pengguna dapat melihat isi direktori (misalnya gunakan ls
untuk direktori ini.). Write permission berarti pengguna dapat membuat file di
direktori. Execute permission berarti bahwa pengguna dapat memasuki direktori
(yaitu menjadikannya direktori saat ini.)
Sebagai contoh, to display the permissions on the file lookup.icn, type the
command:

% ls -l lookup.icn
-rw-r--r-- 1 lnp5jb 777 Dec 18 lookup.icn

Page 3 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

The first set of characters in the output from the command (-rw-r--r--) gives the
permissions. The username in the middle of the line (lnp5jb) is the owner of the file. This
is user who created the file. The following fields tell you the number of characters in the
file, the date it was created and the name of the file.Note that the first character specifies
the file type. This is normally one of the following:

- indicates a file, d indicates a directory

The following nine characters represent permissions for different classes of users. Users
on a Unix system are assigned to a group or groups, which might correspond to a
particular department, or research group in the real world. Members of a particular group
can be allowed access to files belonging to other members of the group.

The second, third and fourth characters in the permissions string represent permissions
that apply to the owner of the file. The next three characters apply to members of the
owner's group. The last three apply to all other users. The file in this example therefore
has rw- for the owner, r-- for the group and r-- for others.

The three characters corresponding to each class of user each represent a different type
of permission. The first character represents 'read' permission. This means that a user has
permission to open a file and view the contents. If there is an r in this position then that
class of users has read permission. In this example all users have read permission. In this,
and in every case, a horizontal bar character (-) means that permission is denied.

The second position represents 'write' permission (the right to make changes to a file).
In the example, only the owner has write permission. Normally, you will not want others
to be allowed to make changes to your files, so write permission is only allowed to the
owner.

The third position represents 'execute permission'. This means permission to 'execute',
or run, a file that works like a command. In this example no-one has execute permission
for the file lookup.icn (it is an Icon program, and it would have to be compiled before it
could be executed, so execute permission would be useless).

8. One way to handle tables whose size is not known in advance is to make them
fixed, but when one fills up, to replace it with a bigger one, copy the old entries
over to the new one, then release the old one. What are the advantages and
disadvantages of making the new one twice the size of the original one, as
compared to making it only one and a half times as big ? (5 points)
Jawab :
Purging old data is a great example. Periodic purge jobs may need to remove quite
a bit of data, and doing this in one massive query could lock a lot of rows for a
long time, fill up transaction logs, hog resources, and block small queries that
shouldn’t be interrupted. Chopping up the DELETE statement and using
medium-size queries can improve performance considerably, and reduce
replication lag when a query is replicated

Page 4 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

9. One disadvantage of Graphical Interchange Format is that the image must include
the color palette, which increases the file size. What is the minimum image size
for which an 8-bit-wide color palette breaks even ? And what is the minimum
image size for which a 16-bit-wide color palette breaks even ? (5 points)
Jawab :
Each color in a digital image is made up of the three primary colors – Red, Green &
Blue. Each of these is known as a color channel and can have any range of values of
color intensity depending on the bit depth. So here comes the main reason for the
confusion – since there are three channels in a digital color image (RGB = Red, Green
and Blue), a photo that is 8 bits/channel (bits per channel) would have 24 (8 x 3)
bits/pixel (bits per pixel) and the total of 16,777,216 colors available. A 16
bits/channel photo would have = 48 bits /pixel, and so on.
10. In Windows operating system, it is easy to implement facility where threads
running in the kernel can temporarily attach to the address space of a different
process. Why is this so much harder to implement in user mode ? Why might it
be interesting to do so ? (3 points)
Jawab :
Kernel thread and User The desired Kernel Thread (KT) yang diinginkan juga
dikenal sebagai Light Weight Process (LWP). Kernel yang diinginkan membuat
dan menjadwalkan KT. User Thread (UT) yang diinginkan tidak semahal
pembuatan dan pengelolaannya seperti KT. Membuat KT yang diinginkan
ditangani oleh Kernel dan spesifik untuk platform.
The threading library membuat user thread dan menjadwalkan pemanggilan
thread sesuai aplikasi yang mewarisi threading library. User Thread hanya
berjalan dalam mode pengguna. Ketika sebuah proses dijalankan oleh pengguna,
maka User Thread yang sesuai akan dibuat. User Thread bersifat portabel karena
spesifik untuk pengguna dan ditangani oleh aplikasi pengguna.
11. Give me your reason regarding why the eCos bitmap scheduler does not support
time slicing ! (5 points)
Jawab :
The bitmap scheduler does not support any time-slicing at all. because each level
has only one thread.and a lower priority thread cannot execute untill and unless
there is high priority thread for execution.
12. Give me the brief explanation regarding below problems : (6 points)
(a) What are the two broad categories of defenses against buffer over flow ?
(b) What are the differences between anomaly intrusion detection and signature
intrusion detection ?
(c) It was stated that the inclusion of the salt in the Unix password schemes
increases the difficulty of guessing by a factor of 4096. But the salt is stored in
plaintext in the same entry as the corresponding ciphertext password. Therefore,
those two characters are known to the attacker and need not be guessed. Why is
it asserted that the salt increases security ?

Page 5 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

(d) Why are rootkits extremely difficult or almost impossible to detect as opposed
to viruses and worms ?
(e) Give me the name of two serious errors in below instuctions, especially while
the user did the following instructions for recovering from a virus attack, such as:
i. Boot the infected system. ii. Back up all files to an external medium. iii. Run
fdisk (or similar program) to format the disk. iv. Reinstall the operating system
from the original DVD-ROM media. v. Reload the files from the external
medium.
(f) The security implications of using the self-extracting archives, which contain
one or more compressed files packaged with an extraction program, were
frequently used to deliver programs or program updates !
Jawab :
a. Two major types of buffer overflow defenses are: compile-time defenses which
aim to harden programs against attacks in new programs; and enforcement
protections to detect and reverse attacks in existing programs.
b. Since signature-based IDS monitors packets over the network, it compares
those packets against a database of known IOCs or attack signatures to report
any suspicious behavior. On the other hand, anomaly-based intrusion detection
systems can alert you to unknown suspicious behavior.
c. Salting changes the hash of one password so that it does not match the
hash of another password. A salt and a password are concatenated and
processed by a cryptographic hash function. Salt prevents the use of
rainbows and hash tables to attack and crack passwords.
For example, a user has password "password000" and is subject to a
SHA1 hash. In a password database, all users with the password
"password000" will have the same hash, due to the nature of hash
functions. So if an attacker breaches the database and brute force the
password of the user mentioned above, he can search all the hashes that
match the original user's password and will know that their password is
also "password000".
By applying a salt, the password hashes will no longer be the same, even
if the actual password is still the same. This forces the attacker to go in
and try to force a second password (which has a different salt), even
though it may be the same as the first. In a nutshell, this prevents an
attacker from discovering one password and then discovering several
others.
d. Rootkit, a form of malware, or malicious software, that infects a
computer's hard drive and allows unauthorized access and control of the
computer at the "root level". Rootkits are difficult to detect because they
are designed to be hidden
e. Give me the name of two serious errors in below instuctions,
1. Boot the infected system.
2. Back up all files to an external medium.
3. Run fdisk (or similar program) to format the disk.
4. Reinstall the operating system from the original DVD-

Page 6 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

ROM media.
5. Reload the files from the external medium.
Jawab :
1. Boot the infected system
2. Reinstall the operating system from the original DVD-ROOM media.

f. A self-extracting file is used to share a compressed file with a party that does
not necessarily have the software to decompress the file. Users can also use the
self-extracting feature to distribute their own software. For example, the
WinRAR installer is performed using the GUI RAR self-extracting graphical
module Default.sfx.

13. Give me the brief explanation regarding critical regions on code sections really
necessary in an symmetric multiprocessing program operating system to avoid
race conditions or will mutexes on data structures do the job as well ? (6 points)
Jawab :
The critical section is the part of the code that reads and writes shared memory
from multiple parallel contexts.
In the example above, the minimal critical section is starting with the counter
decrement and ending with checking the counter's value.
Once the critical section has been identified race conditions can be avoided by
using one of the following approaches:

• make the critical section atomic (e.g. use atomic instructions)

• disable preemption during the critical section (e.g. disable interrupts, bottom-half
handlers, or thread preemption)
• serialize the access to the critical section (e.g. use spin locks or mutexes to allow
only one context or thread in the critical section)

14. Give me your argumentation regarding which service type is most appropriate for below
different types of network services table : (6 points)
Service Example
Reliable byte stream Remote
login Unreliable datagram Network
test packets
Request-reply Database
query
Reliable message stream Sequence of pages
of a book
Unreliable connection Digitized voice
Acknowledged datagram Registered mail

(a) Downloading a web page.

Page 7 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

(b) Video on demand over the internet.

(c) Live video streaming over the internet.

Jawab :
a. Downloading a web page.
- Login unreliable datagram | Network,
- test packets Request-reply | Database query
- dan juga Reliable message stream | Sequence of pages,
karena disaat mendownload web page, network sangat penting dalam membuat
unduhan karena untuk menjalankan suatu unduhan dibutuhkan adanya network
dan test packets atau database juga sangat penting karena didalam
mendownload ada semacam packets request untuk mengunduh website
tersebut dan juga sequence of pages sangat penting untuk mengetahui ada
berapa halaman atau tabs didalam web tersebut
b. Video on demand over the internet.
- Login unreliable datagram | Network,
- Unreliable connection Digitized voice,
karena menonton video didalam internet atau youtube, itu juga memerlukan
network atau internet, dan juga digitized voice untuk mendengarkan video
tersebut.
c. Live video streaming over the internet.
- Login unreliable datagram | Network,
- Unreliable connection | Digitized voice,
- Reliable byte Stream | Remote,
- Acknowledged datagram | registered mail,
Karena didalam melakukan live stream itu harus membutuhkan kecepatan
internet yang besar, otomatis dalam melakukan livestream sudah pasti memakai
remote byte stream seperti OBS, streamlabs, dll dan juga kita harus memiliki akun
youtube yang sudah teregistered untuk melakukan livestream di youtube

15. Give me the brief explanation regarding critical regions on code sections really
necessary in an symmetric multiprocessing program operating system to avoid
race conditions or will mutexes on data structures do the job as well ? (6 points)
Jawab :
16. Give me your output from Unix console and your full copy of your configuration files and their
complete paths, when you execute the following commands after you have configured your
Berkeley internet name domain name service application from Unix FreeBSD ports. (4 points)
(a)
# service named restart
# ps -ax | grep named

Page 8 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

(b)
# top

Output unix console domain name service = amjad.com and dns1.amjad.com

(c)
# nslookup dns1.siapasihnamakamu.com
# dig dns1.siapasihnamakamu.com

Page 9 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

(d)
# ping dns1.siapasihnamakamu.com 1

# ping siapasihnamakamu.com 2

Page 10 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

17. How can a parasitic virus do the following actions : (6 points)

(a) Ensuring that parasitic virus will be executed before its host program ?
(b) Passing control back to its host after doing whatever it does ?

Jawab :
a) A worm virus operates more or less independently of other files, whereas a virus
depends on a host program to spread itself. viruses overwrite other programs with
copies of themselves, which destroys the host program altogether. Viruses spread
when the software or document they are attached to is transferred from one
computer to another using the network, a disk, file sharing, or infected email
attachments.
b) When the host code is executed, the viral code is executed as well. Normally, the

Page 11 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

host program keeps functioning after it is infected by the virus. A computer virus
is a type of malware that propagates by inserting a copy of itself into and
becoming part of another program. It spreads from one computer to another,
leaving infections as it travels. Viruses can range in severity from causing mildly
annoying effects to damaging data or software and causing denial-of-service (DoS)
conditions.

18. Give me the complete description from below problems : (5 points)

(a) Briefly explain me the concept of client/server computing.
(b) Explain me the importance of middleware needs while we have standards
such as TCP/IP.
(c) Give me your reason why the TinyOS resource interface does not allow a
component that already has a request in the queue for a resource to make
a second request.
(d) TinyOS’s scheduler serves tasks in FIFO order. Many other
schedulers for TinyOS have been proposed, but none of them have
caught on. What characteristics of the sensornet domain might cause a
lack of need for more complex scheduling ?
(e) In a microkernel-based client-server system, the microkernel just does the
message passing and nothing else. Is it possible for user processes to
nevertheless create and use semaphores ? If it is possible, how is the
mechanisms ? If it is impossible, why not ?
Jawab :
a) client-server architecture, arsitektur jaringan komputer di mana banyak client
(remote processors ) meminta dan menerima layanan dari server terpusat (host
computer). Komputer klien menyediakan interface untuk memungkinkan pengguna
komputer meminta layanan server dan menampilkan hasil yang dikembalikan
server.
b) Middleware architectures telah terbukti menjadi sangat penting ketika berhadapan
dengan sistem terdistribusi, karena mereka mampu mengabstraksikan the inevitable
heterogeneity dari hardware yang ada dalam penyebaran dengan tujuan
menawarkan kumpulan interface dan resources of homogeneous appearance ke atas,
lapisan berorientasi aplikasi(application-oriented layers)
c) TinyOS tidak mengizinkan permintaan kedua ketika memiliki resources
karena dapat menyebabkan deadlock situation. Ketika satu komponen
menampung semua resources komponen lain mungkin harus menunggu
sampai komponen melepaskan resources.
d) Dengan multiprosesor yang digabungkan dengan erat, beberapa prosesor
memiliki akses ke memori utama yang sama. Dalam konfigurasi ini, struktur
scheduling agak lebih kompleks. Misalnya, proses tertentu dapat ditugaskan
ke prosesor yang sama untuk entire life/seluruh hidupnya atau dikirim ke
prosesor mana pun setiap kali memasuki running state.
e) Jadi microkernel artinya struktur sistem operasi di mana sistem dibangun
dengan menghapus semua komponen yang tidak penting dari kernel dan

Page 12 : 07/01/2023 17:34:20

 LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

mengimplementasikannya sebagai program tingkat sistem dan pengguna.

biasanya mikrokernel menyediakan proses minimal dan manajemen memori
di samping fasilitas komunikasi.
Dan semaphore Penghitung yang dimanipulasi secara atomik melalui dua
operasi: P(wait) dan V(signal). Catatan: semua proses yang diblokir
dimasukkan ke dalam queue P(wait): decrement, if counter is zero then
block until semaphore is signaled V(singnal): increment, wake up one
waiter jika ada
Its possible, karena Semaphore adalah sebuah struktur data komputer yang
digunakan untuk proses sinkronisasi, yaitu untuk memecahkan masalah di
mana lebih dari satu proses atau utas dijalankan secara bersamaan dan harus
diatur urutan kerjanya. Dan ini biasanya penting untuk disebuah system
operasi atau kernel.

19. Based on the paper entitled Extending the QUIC Protocol to Support Live Container
Migration at the Edge, of 2021 IEEE 22nd International Symposium on a World of
Wireless, Mobile and Multimedia Networks (WoWMoM proceeding-attached), give
me your explanation in conjunction with the following questions ! (18 points)
(a) What are gathered problems which addressed the writers in their paper ?
(b) What are their strategies and their approaches in answering the challenge that
covered in their paper ?
(c) What are their contributions that reflected in their paper ?
(d) What are the goals in their proposal which stated in their paper ?
(e) What are the definition of QUIC and its advantages which stated in their paper ?
(f) Which of their reference paper did the stop of container with an active TCP
connection and resume both the container execution and TCP connection on the same
machine ? Give me the reference titles and their authors !
(g) How did they describe the implementation of aioquic extension for supporting their
proposal which stated in their paper ?
(h) What are the results of their research which stated in their paper ?
(i) What are their future works which are not covered in their paper yet ?
Jawab :
a. Container migration is used for several reasons, one of which being to
maintain proximity between edge computing services and mobile users.
When migrating containers, however, it is important to consider that they
typically have ongoing communications with other endpoints, e.g., users’
applications. Moreover, in case of connection-oriented protocols,
communicating endpoints share a state (i.e., the connection), which needs to
be migrated as well. Connection-oriented protocols like TCP were not
designed having connection migration in mind, thus their connections
cannot survive a change of IP address or port number.

Page 13 : 07/01/2023 17:34:20

LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

b. In this paper, we extend QUIC to support server-side connection migration

when a container is migrated between hosts. More specifically, we design
two different strategies to achieve this purpose. Besides, we describe a
proof-of-concept implementation based on aioquic, a Python open-source
implementation of QUIC. We also verify that our implementation does not
break QUIC specification nor undermines aioquic interoperability. Finally,
we evaluate our solution by testing both the considered strategies using
different container migration techniques and against a no-migration
scenario.
c. • We extend QUIC to support server-side connection migration through two
different strategies (i.e., Explicit and Pool of Addresses).
• We develop and validate a proof-of-concept implementation of our
solution on aioquic, which is an opensource QUIC implementation.
• We evaluate our solution by testing both the designed strategies using
different stateful container migration techniques and against a no-migration
scenario.
The rest of the paper is organised as follows. Section II presents the
background concepts on stateful container migration and QUIC. Then,
Section III describes the design of the two strategies that we propose for
server-side connection migration in QUIC. Next, Section IV discusses the
implementation details of our strategies as well as their validation. After
that, Section V evaluates our solution. Finally, in Section VI, we draw the
conclusions and outline the future work.
d. extend QUIC to support server-side connection migration when a container
is migrated between hosts. More specifically, we design two different
strategies to achieve this purpose. Besides, we describe a proof-of-concept
implementation based on aioquic, a Python open-source implementation of
QUIC. We also verify that our implementation does not break QUIC
specification nor undermines aioquic interoperability. Finally, we evaluate
our solution by testing both the considered strategies using different
container migration techniques and against a no-migration scenario.
e. QUIC is a connection-oriented transport protocol. It runs over UDP but
provides reliable communications through the implementation of
mechanisms such as flow control, congestion control, and loss detection.
QUIC outdoes TCP in several aspects. Firstly, TCP runs in kernel space,
which means that pushing changes to TCP stacks typically requires
operating system upgrades. On the other hand, QUIC is implemented in
user space. Secondly, QUIC avoids the head-of-line blocking problem that
afflicts TCP. Namely, streams within a QUIC connection can be handled
independently from one another, so that loss of packets of a stream does not
have an impact on packets of other streams. Thirdly, TCP is not secure by
default and hence needs TLS to run over it as an additional protocol. QUIC,
instead, is an encrypted-by-default protocol that already includes TLS 1.3
handshake in its connection establishment process. This leads to a fourth
advantage of QUIC, i.e., less time to establish connections. TCP with TLS
on top of it, in fact, requires three Round Trip Times (RTT) to establish a
connection. Differently, a QUIC client needs one RTT to establish a

Page 14 : 07/01/2023 17:34:20

LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

connection towards an unknown server, while connections to known servers

are established with zero RTT.
f. for fault tolerance and load balancing purposes. The work in [16] stops a
container with an active TCP connection and, in a later moment, resumes
both the container execution and the TCP connection on the same server
machine. Besides, authors in that work test container migration to a
destination host. However, in that case, the container does not have open
TCP connections.
P. Karhula, J. Janak and H. Schulzrinne, “Checkpointing and migration of
IoT edge functions,” 2nd ACM International Workshop on Edge Systems,
Analytics and Networking (EdgeSys '19), pp. 60–65, Mar. 2019.
g. Our proof-of-concept implementation is open-source and available on
GitHub56 . To implement the proposed server-side connection migration
strategies, most of our modifications to aioquic pertained to two source
files. The first of these files is packet.py, which, among other things,
contains the definition of frames. In QUIC, frames are identified by two
hexadecimal digits. We extended the QuicFrameType class in packet.py to
include the new frames defined by our design. More specifically, we
declared SERVER MIGRATION frame as 0x32, TRIGGER frame as 0x33,
and POOL MIGRATION ADDRESS frame as 0x34.
The second aioquic file that we extended is connection.py, where we
introduced most of our modifications. First of all, in that file, we defined
three functions for each new frame. We report these functions for the
SERVER MIGRATION frame; however, functions for the other frames
follow a similar pattern. The _write_server_migration_frame function is
called by QUIC server to prepare the SERVER MIGRATION frame and
include in it an integer representation of the address where the server is
going to migrate. This function also sets the _on_server_migration_delivery
function as the handler that is invoked by QUIC server when the SERVER
MIGRATION frame is either acknowledged or lost. The third function is
_handle_server_migration_frame, which is called by QUIC client whenever
it receives a SERVER MIGRATION frame. Besides this group of three
functions for each new frame, we extended connection.py with other
elements. In particular, we defined some auxiliary functions, variables, and
flags as well as a new class called QuicServerMigrationPath. This class
represents a destination address in the PoA strategy. It includes the
following attributes: (i) addr is the destination address; (ii) was_sent is used
by QUIC server to discriminate whether or not it has sent that address to
QUIC client; and (iii) probed is instead used by QUIC client to determine
whether or not it has probed that address. In our current implementation,
QUIC client randomly selects addresses from the pool for probing.
However, the QuicServerMigrationPath class may be further extended to
include a priority attribute, which would allow a priority-based order for
probing.
h. All the results in this section are reported with a 95% confidence interval.
Fig. 5 shows the comparison between the proposed connection migration
strategies in terms of Δ. For a detailed analysis of the PoA strategy, we

Page 15 : 07/01/2023 17:34:20

LEMBAR JAWABAN UTS OPERATING SYSTEM INFORMATIKA UB GANJIL
2022/2023 : 1212001022 (Mohammad Amjad Amrullah)

carried out experiments with increasing values of the pool size (i.e., from
one to three addresses). We recall that the QUIC client randomly selects
addresses for probing and may also probe the old address of the server (see
Section III.C). This means that a pool of M addresses may lead to a
maximum of M+1 addresses being probed. As we can see, the PoA strategy
performs worse than the Explicit strategy, on average. This is also true in
case of a one-address pool, which sometimes leads to two addresses being
probed. Furthermore, the greater the pool size is, the worse is the
performance of the PoA strategy because more addresses are probed on
average. Besides, we noticed that a pool with four or more addresses often
caused the connection-migration process to fail and the QUIC connection to
be prematurely closed. This is because QUIC client increases a timer for
sending the next probe every time in which probing fails, as part of the loss
detection mechanism in QUIC.
i. For future work, we plan to evaluate our solution based on QUIC against
other protocols.

Page 16 : 07/01/2023 17:34:20