Do We Need Another OO RPC Mechanism?

Paul68 queries: "I am looking for an RPC mechanism for a project. Granted, there are many to choose from, yet there seem none that meet my requirements! When one has toyed with the requirements the solution generaly becomes obvious. So, yeah sure, I can set out and create the next RPC mechanism, but it is a lot of hassle. But does the world need yet another OORPC, or have I simply not looked in the right corners?"

"My requirements are:

1. object oriented
2. extensible
3. platform independent
4. supports signatures for integrity and sender checking
5. supports privacy of the message contents (i.e. encryption)
6. time sensitive: I should be able to detect a dead server and do failover while the user is waiting for the response
7. bandwidth efficient, as I am looking to deploy it in wireless environments

Now #1-3 are no problem, #4 and #5 can be found, and #7 rules out anything XML-based. #6 seems to be the killer, as this rules out anything over TCP, and at that point the list gets pretty short.

Does anyone have any options that I may have missed?"

It's time to stop

And ask yourself, "What am I really trying to do?"

Re:It's time to stop

[mystran]

Well, I've done CORBA for work, play'ed around with all kinds of other RPC systems, programmed with a quite a lot of languages, and after some hobby research and all kinds of strange projects, I've come to the following conclusion personally:

There is one good RPC system, and it's called HTTP. It works wonderfully when you can generate stuff from a database into some text-representation.

There are a lot of bad ones, which mostly have the same thing in common: It is NOT a good idea to make a remote resource act like an object. It just doesn't work well. To get an impression that it works well, you need a huge bloated library, so you can pretend that everything works, until your network breaks and you have to deal with all the shit yourself anyway, but now add the complexity of the RPC system to the mix.

The thing is, when you design to work with a very simple system, either HTTP or something similar built on top of TCP directly, you end up with design, where the network is a natural part of the system. When you build something on top of a generic RPC system, you just add a layer of indirectness, which makes a good design much harder to get. In addition, when you restructure your data into text-representation (or other simple representation), you usually end up doing it in the right place, because it's usually the only place where such representation can be handled in a sane way.

That's my 1 cent about RPC. The other 1 cent deals with objects. Objects are nice, if you don't have 1) database or 2) proper functions. When you have a (relational) database, you end up with something like objects anyway, when you build a good database access layer. For many things this is what you would want to do anyway, with the added benefit that you never need to care about object references. You just tell the system how to find/alter what you need.

For the functions, as soon as you have first-class functions, objects no longer make much sense, as it takes about 15 seconds to build an object system on top of these functions. Most of the time you don't want object anyway, as you usually want functions and data instead. Learn LISP. It is more useful today than ever before. If there's something wrong with existing dialects, then help build a better one.

As for your requirements: You could use TCP directly, but you need encryption, so add ssl or something. Authenticate the connection or something, the encryption should handle rest of the integrity (this is pretty much a cipher question). Build a simple protocol with no tweaks and leave the extensibility there. If you want, you could send XML anyway, if you use zlib or something to compress it. Depending on your data, it might be the easiest thing to parse anyway. Separate the protocol layer, have it timeout and catch TCP failures, and automatically reconnect (same or other server), and you have the time-sensitivity. If you need more, send requests to multiple servers, and handle them with the one that answers first. Aim for stateless protocol, and it becomes easier. TCP and SSL are pretty platform independent, so unless your protocol is really bad that shouldn't be a problem. Now, you basicly want this all for every application in existence.

Forget the objects, they just make life a lot harder. Use cookies and numerical identifiers if you really need to. A lot of things look like they needed OO-RPC, but to this day I've not seen a single one where it really made sense. Doesn't even speedup development in the long run..

Re:It's time to stop

[duffbeer703]

The AC speaks the truth.

A million years ago, a caveman spent alot of time developing the wheel. Don't replicate his work. You're likely to make lots of mistakes when you reimplement RPC or yet another master framework product, particularly with the encryption and signing part.

I know of people working on a similar project using Java Jini. Check it out.

Also, base your decision on the actual architecture of your application, not the buzzword-compliance of the glossy brochure or website.

Re:It's time to stop

[marcello_dl]

There is one good RPC system, and it's called HTTP. It works wonderfully when you can generate stuff from a database into some text-representation.

The people behind REST seem to agree with you, I think.

Does 7 really rule out XML?

[forsetti]

How much overhead do you expect XML to incur? Or more importantly, what do you expect your data/(data + XML) ratio to be? With large amounts of data, the relative amount of XML is relatively small.

Of course, if you are sending many packets, each with small amounts of data, perhaps strewn across many XML tag sets, then the XML "noise" ratio may be high. How about gzipped XML-RPC ?

Re:Does 7 really rule out XML?

[kaisyain]

And even if it does rule out XML per se, what's wrong with binary XML?

Re:Does 7 really rule out XML?

[RevAaron]

binary XML? Is that like "wireless DSL" I've heard advertised in my area?

Re:Does 7 really rule out XML?

[noselasd]

When I experimented with SOAP, it was around 60% metadata, and the bytes sent by the protocol were 600% more than the equivialent done with SunRPC.
(That was for one particular application, others will vary.)

Re:Does 7 really rule out XML?

[RevAaron]

I concurr- I never saw what was wrong with just using gzipped XML-RPC or SOAP. Apache mod and everything, almost no setup involved.

Something XML-RPC (SOAP) doesn't have

[SteveX]

...that bugs me is that there's no way to make a call that will return multiple pieces of data over a long period. Like, I want to connect to a server and say "tell me every time the price of IBM stock changes". I can use SOAP for most of a trader type UI but for streaming the data back to the client, you have to use another protocol (unless I'm missing something).

The dude asking the quesiton here is, I think, a little too worried about overhead - the overhead of XML is fairly tiny, and the overhead of TCP/IP isn't that great either - if both of those really are too much then you're probably on your own as there isn't likely to be a "general purpose" solution that will work for you.

- Steve

Re:Something XML-RPC (SOAP) doesn't have

[ZeroLogic]

What you are looking for is more along the lines of an asynchronous publish subscribe style architecture such as JMS, MQSeries, or Tibco.

SOAP is designed for easy synchronous communication, and while you can fake synchronous over asynchronous, it can be more challenging to go the other way.

Re:Something XML-RPC (SOAP) doesn't have

[ThenAgain]

I once implemented a web interface that used XML-RPC to communicate with a search engine back-end. Each request lived in a state machine on the server. When the server received a request it would start processing and if it took more than a few seconds it would return an object with a status report and a request ID. The client would send a browser meta-refresh that would check on the status of the request every few seconds until it was done or returned an error.

If you're looking for something closer to real-time (a way for the server to initiate contact with the client) check out the BEEP protocol.

From the BEEP web page:
BEEP is a turbocharger for Internet applications that offers advanced features such as:

• a standard application layer that supports dynamic, pluggable application "profiles" (protocols)
• peer-to-peer, client-server, or server-to-server capabilities
• multiple channels over a single authenticated session
• support for arbitrary MIME payloads, including XML

Re:Something XML-RPC (SOAP) doesn't have

[Anm]

Grid services, which extend SOAP based web services, does provide for this sort of subscriber model.

Check out: http://www.globus.org/ogsa/ and the globus toolkit.

Anm

Re:Something XML-RPC (SOAP) doesn't have

[Doomdark]

As for overhead, I'm in agreement there: the overhead of TCP/IP is definitely minimal compared to the cost of marshalling RPC data to begin with. TCP/IP can be tuned anyway, and it'll almost certainly be faster and more robust than something that tries to reinvent it over UDP.

Perhaps I misread original points, but it seemed like he wasn't so much worried about overhead, but about time-sensitivity aspect. TCP tries really hard to get all the data get through (with re-sends etc), without worrying at all about delays. It's good for bulk transfers, and things that simply have to get through, but for real-time (or in general time sensitive) data it's pretty useless to get anything that is late. And worse, since there's no way to really know what's going on (from TCP POV, "app shouldn't care"), it's difficult for the app to try to failover or other sensible action to resolve the (likely transient) problem.

Trying to figure out information about why and how data just isn't getting back, via socket (or whatever) API is next to impossible... thus, protocols such as RTP were developed. It's been a while since I followed what was happening there, but there was definite need for something that would give better control over timing information; at the very least for apps to be able to find out if there are timing problems, and do the right thing whatever it is (mark server as likely being down, find alternatives etc).

As to overhead, I'd agree; esp. due to HTTP being so ubiquitous, all stacks are ridiculously optimized, and handle "non-optimal" usage of TCP (simple request-reply) rather fine, all things considered.

You don't mention...

[ThenAgain]

what you've already looked at. Whenever I've been tempted to implement my own RPC mechanism I've found that XML-RPC meets my needs perfectly.

It's easily capable of representing objects, platform independent, encryptable (via SSL), compressable (via gzip [and probably SSL as well]), and textual.

The advantages of being textual in your protocols is well laid out in Eric Raymond's book The Art of Unix Programming. He even treats it as a case study.

Re:Extensible?

[Gyler+St.+James]

Definition from dictionary.com: 1. Capable of being extended or protruded: an extensible tongue; extensible tables. 2. Computer Science. Of or relating to a programming language or a system that can be modified by changing or adding features.

NML

[kinema]

You might want to take a look at the Neutral Message Language, NML. Developed at the Intelligent Systems Division of the National Instute of Standards and Technology is was intended from the start for use in real-time/time critical situations. I know that it currently has support cor C, C++ and Java.

Does 6 rule out TCP?

[jrstewart]

I think you'll find that in practice a UDP-based solution isn't going to make your life any easier than TCP. You may want to use TCP in conjunction with an external timer to fail the connection well before TCP gives up though. If you tend to do multiple RPCs to the same host the overhead of TCP should be minimal, and you get a lot of functionality (retries, backoff, etc.) for free. There's RFCs for transactional TCP which solves some of the overhead problems for small exchanges but I don't think they're widely implemented.

If you do end up writing your own UDP-based protocol, take some time to study TCP as well as other UDP based protocols and make sure you write something network friendly. There are a lot of naive protocols which fail spectacularly in less-than-perfect conditions.

#6 is not a killer

Just because TCP provides a sequenced, reliable byte stream with no need to transfer data past connection setup does not mean you can't use it to implement your application level requirements. Simply implement a null request with the client demanding a response within X seconds or you declare the peer dead (or effectively dead) and try another (yes this is a little simplistic and can result in livelock under heavy load but adaption, making X depend upon the peer's load and possibly dynamically measured response time, can help here).

RPC is rarely worth the trouble.

[tyrecius]

RPC causes untold security/authentication headaches and is often hard to program with besides.

See ESR

Try Twisted maybe

[LesFerg]

If you arent scared of 'scripting' languages,
http://www.twistedmatrix.com/products/ twisted

Haven't used it myself yet, but from the specs it seems to cover everything you could need.

Clue

[Markus+Registrada]

The number of different RPC mechanisms extant should be a clue that

• none of them are really satisfactory (else people wouldn't feel compelled to keep inventing new ones), and
• they don't really work out, in practice (else people would be satisfied with one of them).

The problem with RPC is that, to be useful at all, it has to be used where the function-call abstraction fails. In inter-process communication and (more so) in network communications, there are too many failure modes that just don't fit that abstraction, but that a reliable application needs to handle anyway.

The whole point of RPC is supposed to be that the code invoking them looks just like regular function calls. To be reliable, though, they need to be decorated with so much error handling junk that any such benefit is usually lost. You're better off with explicit message passing and a documented wire protocol. You need the latter anyway to have a debuggable application.

Take a look at CORBA

[(H)elix1]

It has been a long time for me, but CORBA might fit the bill.

SunRPC ;)

[noselasd]

Well I reccomend the good old time SunRPC.
It doesnt have 1. though that depends on what you mean by
"object oriented". I sense you want do export your C++ objects ;) There are other ways of doing OO..
It is somewhat lacking in 4 and 5 , though GSS-RPC will give you both. It is also not that difficult to implement authentication providers for sunrpc.. And for those that hate the portmapper, you don't have to use it. Another + is that it's small and fast. And you can do rpc over unix domain sockets, easing the pain to create custom protocols for interproces communication on the local box.

#6

[sohp]

Effective dead connection detection and failover is a Hard Problem in general. Asking for a general-purpose RPC mechanism that solves this problem is asking quite a lot. Perhaps it would be worth re-examining the requirements for the system that lead to asking for failover, and considering what other solutions to those requirement there might be other than robust failover.

The problem is your requirements

[mnmn]

RPCs are inherently insecure and introduces a balancing act of keeping the algorithms secure while keeping an eye on inputs and making sure nothing gets memory-leaked.

All this overhead also will take resources. So whats is it exactly youre working on that needs RPCs? Most networked applications Ive seen doesnt need RPCs, especially ones that are secure and efficient.

Message Queuing Server?

[psykocrime]

You could probably implement what you want using
some type of message queuing server, like IBM Websphere MQ, or equivelant.

As a mental exercise, and to make sure I'm not talking out my ass, let's run down your list of requirements:

equirements are:


1. object oriented


Well, in the case of Websphere MQ, I'd say "yes" to this one, at least partially. There is a C++ based client library, IIRC, a (IBM specific) Java client library, and a JMS client. And even if the client libraries weren't OO, you could write OO wrappers for procedural calls more easily than writing your own RPC mechanism from scratch, I think.


2. extensible


Check. If you use pub/sub messaging instead of point to point messaging, even more so. And if you use a message type (MapMessage in JMS) that is based on name / value pairs, it's easy to extend your messages without breaking backwards compatibility.


3. platform independent


Not completely, but with both Java and C++ clients available, you should be able to support most everything.


4. supports signatures for integrity and sender checking


Not sure if it has native support for signatures, but a signature can always be added to a message as a property.

5. supports privacy of the message contents (i.e. encryption)


Again, using Websphere MQ as an example, it does support the use of SSL for communications, if that helps meet your requirements.


6. time sensitive: I should be able to detect a dead server and do failover while the user is waiting for the response


You're right, that's the tricky one. I think there are ways to achieve this goal using message passing servers, but it might take some work.


7. bandwidth efficient, as I am looking to deploy it in wireless environments


I think this requirement is met as well. Most messaging products support a message type that is nothing more than a stream of bytes that you interpret as you will... and even if you use a slightly move involved message type (MapMessage or StreamMessage to use JMS types as examples) you're still not carrying a lot of overhead.


Now #1-3 are no problem, #4 and #5 can be found, and #7 rules out anything XML-based. #6 seems to be the killer, as this rules out anything over TCP, and at that point the list gets pretty short.


Depending on just how "time sensitive" #6 really is, I do think you could come up with a solution using a message passing server. If you're able to use Java for the clients, JMS makes doing an RPC style messaging very easy, using the QueueRequestor and TopicRequestor interfaces. And even if you can't use Java, it shouldn't be to hard to cook up your own request / reply mechanism, built on top of the messaging system.

Messaging

[kruntiform]

I think that messaging is nearly always a better solution than RPC, especially for wireless where the network might not be very reliable. I've been playing with Spread recently. It looks pretty good.

binary RPC

[Ooobles]

It's true. There has been very little research done in RPC mechanisms. In November I attended three different conferences (two on distributed computing) to see what work was being done. Most research is in either building on top of CORBA or XML and web services. Infact, I was disapointed at the lack of research in the low level guts of RPC mechanisms.

The reason I attended the conferences is that I have spent a lot of time developing a binary RPC mechanism. The method I use can be used in messages (eg MQSeries) or over TCP or UDP or whatever other connection mechanism you feel like.

It fulfills:
1. object oriented
Its currently implemented in java, and allows basic data types, objects and streams to be sent between client and server.
2. extensible
Any object can be sent between client and server, and the programming paradigm is simple.
3. platform independent
Currently written in java, with implementation for
C++ and .Net on the todo list.
4. supports signatures..
Not yet. This is an additional layer which could be quickly added into the communication stack. I haven't had a need for it yet, so haven't been interested in implementing anything like it.
5. privacy
as above. Simple solution is to use SSL as the connection layer.
6. time sensitive
simple timeouts are easy to implement, however this hints at other issues which is a big can of worms. ie Was the task completed on the server?
7. bandwidth efficency
pure binary with very small overhead

The negatives are that its not available yet. We are currently working out licensing issues. Sorry, this isn't open source. More information will be made available over the next month or two.

A small hint at what Colony can do is at www.livemedia.com.au

CORBA or RMI/IIOP

[Hard_Code]

CORBA fulfills essentially what you describe (not sure about #4). However, the CORBA spec is fairly large and baroque, so you are going to eat some overhead in complexity (not necessarily performance!) if you choose CORBA.

RMI is also a nice spec. Contrary to popular belief RMI is not a wire protocol but simply a spec for an RPC interface. The standard implementation uses a specific wire protocol and is tied to Java. However, RMI/IIOP also comes standard and is transparently interoperable with CORBA. I'm sure if you wanted to you could write your own transport implementation.

XML-RPC and SOAP are not really OO RPC mechanisms (despite SOAP containing the word "object" in it). SOAP is a bloated compromise spec created by committee by a few large players in the industry to satisfy all their requirements, and hence does not really enforce any sort of object or typing system. Already I see people addled by XML-think outright proposing this protocols. If it fits your project go for it, but XML is not the panacea people think it is.

Re:CORBA or RMI/IIOP

[joonasl]

XML-RPC and SOAP are not really OO RPC mechanisms (despite SOAP containing the word "object" in it).

Actually it doesn't contain the word "object" anymore, since W3 realized that the original name "Simple Object Access Protocol" was a bit misleading and the newest version of the spec does not expand the acronum anymore. So now SOAP is just SOAP :)

Endian-ness

[Nynaeve]

Keep in mind that if you are truly cross platform and your communications are pure binary, then endian-ness will be an issue. I had to deal with this once when passing messages from a MIPS SGI to an x86 PC.

It can be a real pain when the underlying communication protocol blindly assumes endian-ness is the same on every machine. I prefer text-based protocols because they alleviate that problem.

CORBA

[BeerMilkshake]

I am a big fan of CORBA, though I admit it has some issues.

> 1. object oriented

CORBA is definitely object-oriented. Much better than XML and SOAP (SOAP is -NOT- OO at all). I love the fact that once you have a reference to an object, it does not matter where that object is.

> 2. extensible

Yes. There are many useful (and optional) services available for CORBA. You don't pay for what you don't use with CORBA, so if you don't require a Naming Service or a Transaction Service, you don't have to include it.

> 3. platform independent

This is where CORBA wins. It is platform, language and network agnostic. I don't pay attention to new technologies unless they have a way to interface with CORBA.

> 4. supports signatures for integrity and
> sender checking

Some ORBs can do CORBA over SSL for security, which can include certificate-checking if you wish.

> 5. supports privacy of the message contents
> (i.e. encryption)

See previous comment.

> 6. time sensitive: I should be able to detect
> a dead server and do failover while the
> user is waiting for the response

Yes, CORBA calls will fail with a COMMUNICATIONS_EXCEPTION, which you can catch and take action. Some ORBs let you configure the timeout.

> 7. bandwidth efficient, as I am looking to
> deploy it in wireless environments

CORBA is binary and fairly BW-efficient. Again, you don't pay for what you don't need.

On the downside of CORBA, there are issues with:

- complexity. It is definitely not for the beginner and has a large initial learning curve. If you write client-side stuff, it is heaven. If you write server-side stuff, prepare yourself. If you want to do CORBA-compliant fault tolerance or security, don't call me :)

- penetration. Not all ORB providers implement all the nifty services. Finding an ORB for your environment that provides what you need can be tricky (e.g. POA, Portable Interceptors)

- mindshare. So many people pushing alternate technologies with a few useful features and a promise of equalling CORBA, if only they get enough interest.

- Openness. The OMG process is lengthy and can only be crafted by consortium members. Maybe a W3C-style process would make it evolve more rapidly and get implemented quicker ?!?