Pim van Pelt
224167ce39
Checker / reload:
- Reload's update-in-place branch now mirrors b.Address onto the
runtime health.Backend. Without this, GetBackend kept returning
the pre-reload address indefinitely after a config edit that
touched addresses but not healthcheck settings — the VPP sync
path reads cfg.Backends directly so the dataplane moved on
while the gRPC and SPA view stayed wedged on the old IPv4/IPv6.
Sync (internal/vpp/lbsync.go):
- reconcileVIP now detects encap mismatch in addition to
src-ip-sticky mismatch and takes the full tear-down / re-add
path via a new shared recreateVIP helper. Triggered when every
backend flips address family (gre4 <-> gre6) and the existing
VIP can no longer accept new ASes — previously the sync wedged
with 'Invalid address family' until a full maglevd restart.
- setASWeight is issued whenever the state machine requests
flush (a.Flush=true), not only on the weight-value transition
edge. Fixes the case where a backend reached StateDisabled
after its effective weight had already been drained to 0 by
pool failover — the sticky-cache entries pointing at it were
previously never cleared.
maglev-frontend:
- signal.Ignore(SIGHUP) so a controlling-terminal disconnect
doesn't kill the daemon.
- debian/vpp-maglev.service grants CAP_SYS_ADMIN in addition to
CAP_NET_RAW so setns(CLONE_NEWNET) can join the healthcheck
netns. Comment documents the 'operation not permitted' symptom
and notes the knob can be dropped if the deployment doesn't use
the 'netns:' healthcheck option.
LB plugin counters (internal/vpp/lbstats.go + friends):
- Fix the VIP counter regex: the LB plugin registers
vlib_simple_counter_main_t names without a leading '/'
(vlib_validate_simple_counter in counter.c:50 uses cm->name
verbatim; only entries that set cm->stat_segment_name get a
slash). first/next/untracked/no-server now read through as
live values instead of zero.
- Drop the per-backend FIB counter block end-to-end (proto,
grpcapi, metrics, vpp.Client, lbstats, maglevc). Traced from
lb/node.c:558 into ip{4,6}_forward.h:141 — the LB plugin
forwards by writing adj_index[VLIB_TX] directly and bypassing
ip{4,6}_lookup_inline, which is the only path that increments
lbm_to_counters. The backend's FIB load_balance stats_index
literally never ticks for LB-forwarded traffic, so the column
was always zero and misleading. docs/implementation/TODO
records the full investigation and the recommended upstream
path (new lb_as_stats_dump API message) for when we're ready
to carry that VPP patch.
- maglevc show vpp lb counters: plain-text tabular headers.
label() wraps strings in ANSI escapes (~11 bytes of overhead),
but tabwriter counts bytes, not rendered width — so a header
row with label()'d cells and data rows with plain cells drifts
column alignment on every row. color.go comment now spells
out the constraint: label() only works when column N is
wrapped identically in every row (key-value layouts are fine,
multi-column tables with header-only labelling are not).
SPA:
- stores/scope.ts is cookie-backed (maglev_scope, 1 year,
SameSite=Lax). App.tsx hydrates from the cookie then validates
against the fetched snapshots: a cookie referencing a maglevd
that no longer exists falls through to snaps[0] instead of
leaving the user on a ghost selection.
- components/Flash.tsx wraps props.value in createMemo. Solid's
on() fires its callback on every dep notification, not on
value change — source is right in solid-js/dist/solid.js:460,
no equality check. Without the memo, flipping scope between
two 'connected' maglevds (or any other cross-store reactive
re-eval that doesn't actually change the concrete string)
replays the animation every time. createMemo's default ===
dedupe fixes it in one place for every Flash consumer,
superseding the local createMemo workaround we'd added in
BackendRow earlier.
vpp-maglev
Health checker, gRPC control plane, CLI, and web dashboard for the VPP
lb (load-balancer) plugin. Runs as a set of three binaries under one
Debian package:
maglevd— the long-running health-checker daemon. Probes backends (HTTP, TCP, ICMP), tracks their aggregate state, programs the VPP dataplane via thelbplugin binary API, and exposes everything over a gRPC API + Prometheus/metricsendpoint.maglevc— the interactive CLI client. Tab-completing shell with inline help; also runs one-shot commands for scripting.maglevd-frontend— optional web dashboard. One binary with the SolidJS SPA embedded via//go:embed; connects to one or more maglevds over gRPC and serves a live HTTP view (read-only/view/and optional basic-auth/admin/).
Build and install
make # builds build/<arch>/{maglevd,maglevc,maglevd-frontend}
make test # runs all tests
make pkg-deb # creates a Debian package for amd64 and arm64
Requires Go 1.25+ and (for make proto) protoc with protoc-gen-go
and protoc-gen-go-grpc. The SolidJS bundle under
cmd/frontend/web/ is built automatically via make through the
maglevd-frontend-web target, which needs npm.
Produces vpp-maglev_<version>_amd64.deb and
vpp-maglev_<version>_arm64.deb in the build/ directory by
cross-compiling with GOOS=linux GOARCH=<arch>. Requires dpkg-deb
(available on any Debian/Ubuntu host). The installed binaries report
the exact git commit via maglevd --version (and similarly for
maglevc / maglevd-frontend).
Running
After installing, maglevd is enabled automatically but
maglevd-frontend is not — it's opt-in, so the web dashboard
doesn't surprise anyone who just wanted the daemon:
# edit /etc/vpp-maglev/maglev.yaml, then:
systemctl enable --now vpp-maglev
# optional: web dashboard. Edit /etc/default/vpp-maglev to set
# MAGLEV_FRONTEND_ARGS and (optionally) MAGLEV_FRONTEND_USER /
# MAGLEV_FRONTEND_PASSWORD for /admin/ access, then:
systemctl enable --now vpp-maglev-frontend
Or run the components by hand:
maglevd --config /etc/vpp-maglev/maglev.yaml --grpc-addr :9090
maglevd --version # print version and exit
maglevc --server localhost:9090 # interactive shell
maglevc show frontends # one-shot
maglevc -color=false show backends # one-shot, no ANSI color
maglevc set backend nginx0-ams pause
maglevd-frontend -server localhost:9090 -listen :8080
Send SIGHUP to maglevd to reload config without restarting.
maglevd requires CAP_NET_RAW for ICMP health checks.
Every flag on every binary also has an environment-variable
equivalent (e.g. MAGLEV_CONFIG, MAGLEV_GRPC_ADDR,
MAGLEV_SERVERS, MAGLEV_LISTEN, MAGLEV_LOG_LEVEL) so all three
programs can be driven entirely via env in containerized
deployments.
Documentation
- A minimal configuration file in debian/maglev.yaml shows every knob.
- docs/user-guide.md — flags, signals, and
maglevccommand reference. - docs/config-guide.md — full YAML reference.
- docs/healthchecks.md — health state machine, probe scheduling, rise/fall semantics.
- Manpages:
maglevd(8),maglevc(1),maglevd-frontend(8).
Docker
docker build -t maglevd .
docker run --cap-add NET_RAW -v /etc/vpp-maglev:/etc/vpp-maglev maglevd