Will BEEP Simplify Network Programming?

hensley writes "There is a (not quite) new effort by the IETF to standardize a framework for network applications, called BEEP, the Blocks Extensible Exchange Protocol. Standardized in RFC3080, it takes care of all lower level tasks an application level protocol has to like framing, authentication and capabilities negotiation in a modular and lightweight way. In the current issue of Internet Packet Journal (a quite nice and free-as-in-beer technical publication by Cisco) is a well written Introduction to this framework. Why isn't anyone adopting this protocol besides some Java libraries like beep4j and PermaBEEP and a C library called RoadRunner. I couldn't find any applications based on this protocol, regardless of it's promised capabilities. Is everybody still inventing his own application layer protocol?"

Agreed...BEEP is great work

[robla]

I've also been disappointed with the lack of uptake on BEEP. It's a very cool concept.

BEEP is Blocks Extensible Exchange Protocol (RFC 3080). More details can be found at here.

When we were designing RTSP, we looked for something like this, and at the time, the options weren't very appealing. We ended up using HTTP as a quasi-base protocol. I think it was the best solution at the time, but had BEEP been available, we'd have used it in a heartbeat.

That C Library doesn't actually use BEEP

[Kaz+Riprock]

The guys who designed the RoadRunner C Library modified the protocol. They called it Minimal Extensible Exchange Protocol. They then implemented the protocol twice to speed up the system calls.

This way RoadRunner goes really fast with
MEEPMEEP!(thp-thp-thp-thpppp) this was all just a funny lie

Not so impressed

[Zeinfeld]

I was one of the authors of the HTTP protocol and did some work on HTTP-NG so I am broadly sympathetic to BEEP. However there are a number of reasons why it is not having a huge impact, some political, some technical.

BEEP's main proponent, Marshall Rose was one of the main wheels in the OSI project. So much of the initial buzz came from his name alone. People were talking about the protocol before they read the drafts (oh yes that is normal for the IETF).

I do have a bunch of quibbles technically. First using XML is a good idea, Using the obsolete SGML DTD mechanism to describe the protocol sucks. I think Marshall started to suplement the DTD with schema fragments but that makes things worse, not better, we now have two specs in one document, the schema version which is what people will implement and the DTD version which is normative.

The other problem is that SGML is a real baaad choice for an encoding at that level. The main complaint about http is that the encoding is too verbose leading protocol exchanges to require multiple round packets instead of one. BEEP does not address that problem.

Politically BEEP has bigger problems, first being that IETF does not have as much influence as it might appear when it comes to promoting new protocols. There haven't been very many IETF protocols that started in IETF process and took off like wildfire in the past ten years. HTTP took off and was brought into IETF process, same with TLS (SSL). Most successful IETF protocols had a userbase before the working group was formed.

The problem with BEEP is that Marshall did not start with a constituency who had a problem that BEEP was the solution for. Instead he wrote the protocol and then went off looking for consumers. So we start to see Marshall popping up at random in working groups like SACRED peddling the BEEP Kool-Aid. The problem being that if you are doing a researchy protocol like SACRED the last thing you should be doing is layering it on someone else's research.

After this happened a few times Marshall started to alienate folk like myself who might be interested in BEEP as an option but certainly were not going to allow him to insert himself onto our critical path.

The other problem is the nature of the IETF these days. The problem is that they talk a good talk about being open and such, but it is really an old-boys club. The old-fart faction is strong on the IESG and IAB, they have known each other for 20 years and they don't want anyone messing with their turf.

In theory the IETF process is open. In practice there are a bunch of shadowy cliques who make the real decisions in private. BEEP got to RFC status in record time because it was proposed by an IETF insider. Problem is that the IESG does not have much influence with the people in the Web Services world which is where all the interest in XML based protocols is at the moment.

Most of the people I see at W3C and OASIS Web Services meetings have no IETF experience at all. Of those who do, none are IETF insiders and so an endorsement by the IESG does not have much force.

For BEEP to take off it really needs an endorsement by one of the heavy hitters of the Web Services world which basically means IBM. Microsoft or Sun. I don't think that is very likely because everyone knows that there is a lot of work to be done to make Web Services work and there is simply nothing to be gained by putting BEEP on the critical path. People are more interested nailing down WS-Security, SAML, XKMS, geting WSDL to work and such.

Re:Not so impressed

[mrose]

first, i'll apologize for running beepcore.org on a small server
combined with tomcat. (if someone has some hints on making
netbsd/apache/tomcat run more robustly in the face of significant load
-- or if you can tell me how to get the thing to fail gracefully instead
of tossing its stack -- please drop me a private email -
mrose+mtr.slashdot@dbc.mtview.ca.us - thanks!).

second, i have to praise this post for the way it seemlessly blends a
little bit of truth, a little bit of wisdom, along with a healthy amount
of ignorance and untruth. (my favorite untruth: marshall as the OSI
guy. the actual truth: marshall killed OSI in the IETF on November 4th,
1993 with the "roadkill in motion" speech.)

it is easy to agree with the fact that beep suffers from both political
and technical hurdles. as usual though, folks can disgree on the actual
details.

on the technical front: the beep specs use DTD not schema -- there
aren't any schema fragments in either rfc3080 or rfc3081, you must be
thinking of something else. the choice of DTD over schema is simple:
DTDs are ugly, but schema sucks. that explains why everyone has their
own pet language for defining the acceptable syntax of an XML
document. if schema was a winner, we'd be seeing fewer alternatives
instead of more.

everyone has their own "main complaint" about http. i hadn't heard the
verbose encoding one before, but maybe we should ask Keith Moore to add
it to the list (cf., rfc3205).

certainly, there's a lot we can agree on with respect to the political
front, so i'll just focus on the part we don't agree on.

the actual consumer for beep is the ietf. there used to be this joke
that the apps area invented cloning, because all working groups formed
argued exactly the same issues, over and over and over again, regardless
of the problem to be solved.

with beep, no one gets to argue those things any more (e.g., how to
frame packets), instead they get to go off and presumably argue things
specific to their application domain. (if folks want to understand the
reasoning behind this, check out rfc3117.)

the sacred working group, that you're so pissed off about me cutting
into, is a perfect example. a bunch of guys focused on security issues,
trying to write an application protocol. sorry, wrong skill set.

contrary to popular belief, i don't need to go looking for trouble. in
this case, it was a couple of ADs leaving an early sacred meeting,
shaking their heads, and then asking me to beat some sense into some
folks.

if you're unhappy that i stuck my nose in your business, then all
i can suggest is you get more clueful in the application design space,
so "the management" doesn't feel they have to go out and get you
help. particularly help that you don't like, and especially help that
would rather be doing other things with other people.

beep isn't research. it's a "best hits" collection of stuff dating back
to 1981 that's known to actually work. the only new part of beep is that
it got integrated into one coherent spec. and that's the reason that the
iesg approved it after only a year. they were familar with what it did,
how it worked, and they had a problem.

of course, you are perfectly free to attribute this to an "old boys
network" (i'm sure allison would appreciate that). when i find the
actual "right wing conspiracy", i'll be sure to sign up. it will
certainly reduce my frustration in dealing with the 100's of procedural
hurdles that get thrown in my way at the ietf.

finally, as far as web services go, well, let's just say that those guys
could learn a lot from what xerox did back in the early 80's. in a few
years, they may actually have something that works half as well as what
xerox did... /mtr

Re:Not so impressed

[Twylite]

I'm sorry, but I can't buy much of this at all.

BEEP is a ridiculous waste of time which equates to XML-encoded-TCP over TCP/IP. The many unsubtle problems that causes should be obvious; if they aren't, here are some:

• Multiple channels to a single endpoint: typically not useful without routing; few protocols require multiple data bands, and those that do usually require QOS in at least one band, in which case you want separate TCP/IP connections where QOS will (hopefully) be supported by routers between you and the server.
• XML protocol headers: Adds a massive amount of bandwidth and processing overhead, which achieve little if any benefit over a binary encoding. Contrary to popular bullshit, XML is not human readable (as if computers care about that), is not fast/efficient and is not programmatically simple to decode (2 grammars, 2 character encodings, 5 syntactically different data classes, and 2 orthogonal data models all in once specification with more BNF rules than C++!). The XML spec. states explicitly "Terseness is of minimal importance..." - certainly NOT what you want to use as header data on packets in a communication channel.
• Security: BEEP proides just another mechanism for hiding attacks, and requires a new application level firewall which must feature a full XML parser (in order to monitor and firewall individual channels within the protocol). Not only that ... you think that Unicode attacks are bad? With several years of development behind them, MS XML parser and Xerces STILL aren't fully XML 1.0 compilant -- how many security compromises do you think may be present with all the encodings XML supports, and how many will be present in the hundreds of less mature products?

You point out that SGML is a bad thing for encoding "at that level", but in the same breath say that XML is a good thing. Since XML is SGML-compatible, and largely employs the same syntax (but doesn't allow SGML short-cuts like leaving out closing tags), I fail to follow your argument.

And in your musings about the IETF, has it ever struck you that maybe the IETF also think that adding an incomprehensibly slow transport layer on top of an existing and widely supported transport layer is a shit idea? BEEP is NOT an application level protocol, even if it wants to claim to be one.

Re:Not so impressed

[zoydoid]

sorry, but BEEP only specifies XML for use on the control channel, that is setting up and tearing down the initial connection and any new channels. an ad hoc parser is sufficient for this purpose. any application layered over BEEP is free to use whatever data format it wants.

Re:Not so impressed

[Zeinfeld]

second, i have to praise this post for the way it seemlessly blends a little bit of truth, a little bit of wisdom, along with a healthy amount of ignorance and untruth. (my favorite untruth: marshall as the OSI guy. the actual truth: marshall killed OSI in the IETF on November 4th, 1993 with the "roadkill in motion" speech.)

Ah so you are claiming that the Marshall Rose who wrote The Open Book : A Practical Perspective on Osi is a different Marshall T. Rose. No sorry, Marshall you made a major technical contribution to OSI, or at least he claimed to have done so on the jacket cover of the copy I read. You did not 'kill it' at the IETF, OSI was killed in the marketplace long before 1993. The speech had the impact it did precisely because you knew the OSI stack.

on the technical front: the beep specs use DTD not schema -- there aren't any schema fragments in either rfc3080 or rfc3081

Well Duuuhhh read what I wrote. I checked the RFC just before posting and saw that. Schema may be 'ugly' as you put it, but none of the major XML programming platforms are based on DTDs, they are all based on schema. And BEEP is dead at Microsoft, Sun and IBM without schema, cold stone Deeeeeeaaaaadddd.

with beep, no one gets to argue those things any more (e.g., how to frame packets), instead they get to go off and presumably argue things specific to their application domain. (if folks want to understand the reasoning behind this, check out rfc3117.)

No, we have a five minute argument on whether to use BEEP or not, reject it and carry on.

the sacred working group, that you're so pissed off about me cutting into, is a perfect example. a bunch of guys focused on security issues, trying to write an application protocol. sorry, wrong skill set.

I wrote a fair bit of HTTP, I don't think that you have the right to go arround saying who is and who is not competent to write application protocols. If you want to get into a reputaion war you are going to loose this one. I think that BEEP is very naive when it comes to the problems that arose when it came to layering application protocols on it. I suspect that like LDAP and X500, by the time BEEP has been extended enough to be useful it will look like HTTP.

if you're unhappy that i stuck my nose in your business, then all i can suggest is you get more clueful in the application design space, so "the management" doesn't feel they have to go out and get you help. particularly help that you don't like, and especially help that would rather be doing other things with other people

I only attended the one SACRED meeting and your comment on 'the management' is quite illustrative of the George W. Bush style crony-standards process the IETF is becomming notorious for.

finally, as far as web services go, well, let's just say that those guys could learn a lot from what xerox did back in the early 80's. in a few years, they may actually have something that works half as well as what xerox did... /mtr

Standard old fart response 'we did it all twenty years ago sonny', 'and we did it better'. Yeah and you should have seen the anti-gravity machines we made twenty years ago.

I don't much care for the arrogance of the IETF 'management' as you call them. I certainly don't appreciate folk who think that they have the right to make the type of off-hand blanket pronouncements on other people's work that you and they make habittually without backing it up. Your Xerox comment is absolutely typical of IETF old fartism, you want to have the right to be dismissive, you don't have the technical arguments on your side. So instead of detailing a real technical issue you allude to an earlier system, the more obscure the better. The message: 'I am too important to have to justify my comments but I believe that you are not competent to work on this problem'.

Your comment on Web services only illustrates that you really don't understand what is going on, what people are trying to achieve or why previous efforts such as CORBA failled. I am not going to explain why or how Web Services are different because I am faaaar toooo important. I may not be old enough to have achieve old fart status but I can certainly play the part on the net.

Still you are right on one battle, if the IETF is to regain some relevance at the upper end of the protocol stack adopting XML as the way to author RFCs is the only way forward. However the IETF is going to have to do a lot more than produce its documents in a format that does not look like utter crap from a teletype before I am going to take any standards there. I want a genuinely open and geuinely transparent process. I want standards groups to complete in 18 months, not 10 years - and yes it is possible, the SAML group I was a member of developed the basic specs which have been adopted as the basis for liberty in 18 months.

Annoyed

[KidSock]

Well thanks. Now I'm ticked. The ./ post made this sound very interesting taking about framing and low level down to the metal "network programming". So I followed the links. I get 5 minutes into the spec and what do I find? It's another telnet based protocol that is largely XML. I'm going to puke if I see another stupid XML networking protocol. I can't believe I'm the only one who sees how stupid it is to format all network traffic in a verbose text format like XML. Here's 448 byte "hello" example.


C: MSG 0 1 . 52 158
C: Content-Type: application/beep+xml
C:
C: <start number='1'>
C: <profile uri='http://iana.org/beep/TLS'>
C: <![CDATA[<ready />]]>
C: </profile>
C: </start>
C: END
S: RPY 0 1 . 110 121
S: Content-Type: application/beep+xml
S:
S: <profile uri='http://iana.org/beep/TLS'>
S: <![CDATA[<proceed />]]>
S: </profile>
S: END