[multicast] Drop (m)vlan from multicast groups

Egress multicast (instances sending to external receivers) is not in
MVP scope, so the MVLAN field for VLAN-tagged upstream traffic is
unnecessary, as it probably won't be attached specifically to a group,
and is worth revisiting.

Changes:
  - Drop mvlan column from multicast_group table (schema v213)
  - Remove mvlan from Rust structs, SQL queries, and API views
  - Add TODO scope documentation

When egress support lands, VLAN tagging will be reintroduced with
proper uplink port configuration.

Author: zeeshanlakhani

nexus/db-model/src/multicast_group.rs

@@ -91,7 +91,6 @@ use nexus_db_schema::schema::{
 use nexus_types::external_api::views;
 use nexus_types::identity::Resource as IdentityResource;
 use omicron_common::api::external::{self, IdentityMetadata};
-use omicron_common::vlan::VlanID;
 use omicron_uuid_kinds::SledKind;
 
 use crate::typed_uuid::DbTypedUuid;
@@ -180,28 +179,6 @@ pub struct ExternalMulticastGroup {
     /// Source IP addresses for Source-Specific Multicast (SSM).
     /// Empty array means any source is allowed.
     pub source_ips: Vec<IpNetwork>,
-    /// Multicast VLAN (MVLAN) for egress multicast traffic to upstream networks.
-    ///
-    /// When specified, this VLAN ID is passed to switches (via DPD) as part of
-    /// the `ExternalForwarding` configuration to tag multicast packets leaving
-    /// the rack. This enables multicast traffic to traverse VLAN-segmented
-    /// upstream networks (e.g., peering with external multicast sources/receivers
-    /// on specific VLANs).
-    ///
-    /// The MVLAN value is sent to switches during group creation/updates and
-    /// controls VLAN tagging for egress traffic only; it does not affect ingress
-    /// multicast traffic received by the rack. Switch port selection for egress
-    /// traffic remains pending (see TODOs in `nexus/src/app/multicast/dataplane.rs`).
-    ///
-    /// Valid range when specified: 2-4094 (IEEE 802.1Q; Dendrite requires >= 2).
-    ///
-    /// Database Type: i16 (INT2) - this field uses `i16` (INT2) for storage
-    /// efficiency, unlike other VLAN columns in the schema which use `SqlU16`
-    /// (forcing INT4). Direct `i16` is appropriate here since VLANs fit in
-    /// INT2's range.
-    ///
-    /// TODO(multicast): Remove mvlan field - being deprecated from multicast groups
-    pub mvlan: Option<i16>,
     /// Associated underlay group for NAT.
     /// Initially None in ["Creating"](MulticastGroupState::Creating) state,
     /// populated by reconciler when group becomes ["Active"](MulticastGroupState::Active).
@@ -300,32 +277,19 @@ pub struct MulticastGroupMember {
 
 // Conversions to external API views
 
-impl TryFrom<ExternalMulticastGroup> for views::MulticastGroup {
-    type Error = external::Error;
-
-    fn try_from(group: ExternalMulticastGroup) -> Result<Self, Self::Error> {
-        let mvlan = group
-            .mvlan
-            .map(|vlan| VlanID::new(vlan as u16))
-            .transpose()
-            .map_err(|e| {
-                external::Error::internal_error(&format!(
-                    "invalid VLAN ID: {e:#}"
-                ))
-            })?;
-
-        Ok(views::MulticastGroup {
+impl From<ExternalMulticastGroup> for views::MulticastGroup {
+    fn from(group: ExternalMulticastGroup) -> Self {
+        views::MulticastGroup {
             identity: group.identity(),
             multicast_ip: group.multicast_ip.ip(),
             source_ips: group
                 .source_ips
                 .into_iter()
                 .map(|ip| ip.ip())
                 .collect(),
-            mvlan,
             ip_pool_id: group.ip_pool_id,
             state: group.state.to_string(),
-        })
+        }
     }
 }
 
@@ -367,7 +331,6 @@ pub struct IncompleteExternalMulticastGroup {
     // Optional address requesting that a specific multicast IP address be
     // allocated or provided
     pub explicit_address: Option<IpNetwork>,
-    pub mvlan: Option<i16>,
     pub vni: Vni,
     pub tag: Option<String>,
 }
@@ -381,7 +344,6 @@ pub struct IncompleteExternalMulticastGroupParams {
     pub ip_pool_id: Uuid,
     pub explicit_address: Option<IpAddr>,
     pub source_ips: Vec<IpNetwork>,
-    pub mvlan: Option<i16>,
     pub vni: Vni,
     pub tag: Option<String>,
 }
@@ -397,7 +359,6 @@ impl IncompleteExternalMulticastGroup {
             ip_pool_id: params.ip_pool_id,
             source_ips: params.source_ips,
             explicit_address: params.explicit_address.map(|ip| ip.into()),
-            mvlan: params.mvlan,
             vni: params.vni,
             tag: params.tag,
         }

nexus/db-model/src/schema_versions.rs

@@ -16,7 +16,7 @@ use std::{collections::BTreeMap, sync::LazyLock};
 ///
 /// This must be updated when you change the database schema.  Refer to
 /// schema/crdb/README.adoc in the root of this repository for details.
-pub const SCHEMA_VERSION: Version = Version::new(212, 0, 0);
+pub const SCHEMA_VERSION: Version = Version::new(213, 0, 0);
 
 /// List of all past database schema versions, in *reverse* order
 ///
@@ -28,6 +28,7 @@ static KNOWN_VERSIONS: LazyLock<Vec<KnownVersion>> = LazyLock::new(|| {
         // |  leaving the first copy as an example for the next person.
         // v
         // KnownVersion::new(next_int, "unique-dirname-with-the-sql-files"),
+        KnownVersion::new(213, "multicast-drop-mvlan"),
         KnownVersion::new(212, "multicast-member-ip-and-indexes"),
         KnownVersion::new(211, "blueprint-sled-config-subnet"),
         KnownVersion::new(210, "one-big-ereport-table"),

nexus/db-queries/src/db/datastore/multicast/groups.rs

@@ -34,7 +34,6 @@ use omicron_common::api::external::{
     IdentityMetadataCreateParams, ListResultVec, LookupResult, LookupType,
     ResourceType, UpdateResult,
 };
-use omicron_common::vlan::VlanID;
 use omicron_uuid_kinds::{GenericUuid, MulticastGroupUuid};
 
 use crate::authz;
@@ -56,7 +55,6 @@ pub(crate) struct MulticastGroupAllocationParams {
     pub ip: Option<IpAddr>,
     pub pool: Option<authz::IpPool>,
     pub source_ips: Option<Vec<IpAddr>>,
-    pub mvlan: Option<VlanID>,
 }
 
 impl DataStore {
@@ -165,7 +163,6 @@ impl DataStore {
                 ip: params.multicast_ip,
                 pool: authz_pool,
                 source_ips: params.source_ips.clone(),
-                mvlan: params.mvlan,
             },
         )
         .await
@@ -405,7 +402,6 @@ impl DataStore {
                 ip_pool_id: authz_pool.id(),
                 explicit_address: params.ip,
                 source_ips: source_ip_networks,
-                mvlan: params.mvlan.map(|vlan_id| u16::from(vlan_id) as i16),
                 vni,
                 // Set DPD tag to the group UUID to ensure uniqueness across lifecycle.
                 // This prevents tag collision when group names are reused.
@@ -767,7 +763,6 @@ mod tests {
             },
             multicast_ip: None,
             source_ips: None,
-            mvlan: None,
         };
         datastore
             .multicast_group_create(&opctx, &params1, Some(authz_pool.clone()))
@@ -782,7 +777,6 @@ mod tests {
             },
             multicast_ip: None,
             source_ips: None,
-            mvlan: None,
         };
         datastore
             .multicast_group_create(&opctx, &params2, Some(authz_pool.clone()))
@@ -797,7 +791,6 @@ mod tests {
             },
             multicast_ip: None,
             source_ips: None,
-            mvlan: None,
         };
         let result3 = datastore
             .multicast_group_create(&opctx, &params3, Some(authz_pool.clone()))
@@ -870,7 +863,6 @@ mod tests {
             },
             multicast_ip: None,
             source_ips: None,
-            mvlan: None,
         };
 
         let group_default = datastore
@@ -895,7 +887,6 @@ mod tests {
             },
             multicast_ip: None,
             source_ips: None,
-            mvlan: None,
         };
         let group_explicit = datastore
             .multicast_group_create(&opctx, &params_explicit, None)
@@ -1022,7 +1013,6 @@ mod tests {
             },
             multicast_ip: Some("224.1.3.3".parse().unwrap()),
             source_ips: None,
-            mvlan: None,
         };
 
         let external_group = datastore
@@ -1119,7 +1109,6 @@ mod tests {
             },
             multicast_ip: Some("224.3.1.5".parse().unwrap()),
             source_ips: None,
-            mvlan: None,
         };
 
         let group = datastore
@@ -1584,7 +1573,6 @@ mod tests {
             },
             multicast_ip: Some("224.3.1.5".parse().unwrap()),
             source_ips: None,
-            mvlan: None,
         };
 
         let group = datastore
@@ -1716,7 +1704,6 @@ mod tests {
             },
             multicast_ip: None, // Let it allocate from pool
             source_ips: None,
-            mvlan: None,
         };
         let group = datastore
             .multicast_group_create(
@@ -1928,7 +1915,6 @@ mod tests {
             },
             multicast_ip: Some(target_ip),
             source_ips: None,
-            mvlan: None,
         };
 
         let group1 = datastore
@@ -1955,7 +1941,6 @@ mod tests {
             },
             multicast_ip: Some(target_ip),
             source_ips: None,
-            mvlan: None,
         };
 
         let group2 = datastore
@@ -2040,7 +2025,6 @@ mod tests {
             },
             multicast_ip: None,
             source_ips: None,
-            mvlan: None,
         };
 
         let group1 = datastore
@@ -2057,7 +2041,6 @@ mod tests {
             },
             multicast_ip: None,
             source_ips: None,
-            mvlan: None,
         };
 
         let result2 = datastore
@@ -2087,7 +2070,6 @@ mod tests {
             },
             multicast_ip: None,
             source_ips: None,
-            mvlan: None,
         };
 
         let group3 = datastore
@@ -2173,7 +2155,6 @@ mod tests {
             },
             multicast_ip: None,
             source_ips: None,
-            mvlan: None,
         };
 
         let group = datastore
@@ -2300,7 +2281,6 @@ mod tests {
                 "10.0.0.1".parse().unwrap(),
                 "10.0.0.2".parse().unwrap(),
             ]),
-            mvlan: None,
         };
 
         let group = datastore
@@ -2407,7 +2387,6 @@ mod tests {
             },
             multicast_ip: Some("224.100.20.10".parse().unwrap()),
             source_ips: None,
-            mvlan: None,
         };
 
         let params_2 = MulticastGroupCreate {
@@ -2417,7 +2396,6 @@ mod tests {
             },
             multicast_ip: Some("224.100.20.11".parse().unwrap()),
             source_ips: None,
-            mvlan: None,
         };
 
         let params_3 = MulticastGroupCreate {
@@ -2427,7 +2405,6 @@ mod tests {
             },
             multicast_ip: Some("224.100.20.12".parse().unwrap()),
             source_ips: None,
-            mvlan: None,
         };
 
         // Create groups (all are fleet-scoped)
@@ -2535,7 +2512,6 @@ mod tests {
             },
             multicast_ip: Some("224.100.30.5".parse().unwrap()),
             source_ips: None,
-            mvlan: None,
         };
 
         // Create group - starts in "Creating" state

nexus/db-queries/src/db/datastore/multicast/members.rs

@@ -926,7 +926,6 @@ mod tests {
             multicast_ip: Some("224.10.1.6".parse().unwrap()),
             source_ips: None,
             // Pool resolved via authz_pool argument to datastore call
-            mvlan: None,
         };
 
         let creating_group = datastore

nexus/db-queries/src/db/pub_test_utils/multicast.rs

@@ -194,7 +194,6 @@ pub async fn create_test_group_with_state(
         },
         multicast_ip: Some(multicast_ip.parse().unwrap()),
         source_ips: None,
-        mvlan: None,
     };
 
     let group = datastore

nexus/db-queries/src/db/queries/external_multicast_group.rs

@@ -118,10 +118,6 @@ impl NextExternalMulticastGroup {
         }
         out.push_sql("]::inet[] AS source_ips, ");
 
-        // MVLAN for external uplink forwarding
-        out.push_bind_param::<sql_types::Nullable<sql_types::Int2>, Option<i16>>(&self.group.mvlan)?;
-        out.push_sql(" AS mvlan, ");
-
         out.push_bind_param::<sql_types::Nullable<sql_types::Uuid>, Option<Uuid>>(&None)?;
         out.push_sql(" AS underlay_group_id, ");
 
@@ -274,10 +270,10 @@ impl QueryFragment<Pg> for NextExternalMulticastGroup {
         out.push_sql("INSERT INTO ");
         schema::multicast_group::table.walk_ast(out.reborrow())?;
         out.push_sql(
-            " (id, name, description, time_created, time_modified, time_deleted, ip_pool_id, ip_pool_range_id, vni, multicast_ip, source_ips, mvlan, underlay_group_id, tag, state, version_added, version_removed)
-             SELECT id, name, description, time_created, time_modified, time_deleted, ip_pool_id, ip_pool_range_id, vni, multicast_ip, source_ips, mvlan, underlay_group_id, tag, state, version_added, version_removed FROM next_external_multicast_group
+            " (id, name, description, time_created, time_modified, time_deleted, ip_pool_id, ip_pool_range_id, vni, multicast_ip, source_ips, underlay_group_id, tag, state, version_added, version_removed)
+             SELECT id, name, description, time_created, time_modified, time_deleted, ip_pool_id, ip_pool_range_id, vni, multicast_ip, source_ips, underlay_group_id, tag, state, version_added, version_removed FROM next_external_multicast_group
                 WHERE NOT EXISTS (SELECT 1 FROM previously_allocated_group)
-                RETURNING id, name, description, time_created, time_modified, time_deleted, ip_pool_id, ip_pool_range_id, vni, multicast_ip, source_ips, mvlan, underlay_group_id, tag, state, version_added, version_removed",
+                RETURNING id, name, description, time_created, time_modified, time_deleted, ip_pool_id, ip_pool_range_id, vni, multicast_ip, source_ips, underlay_group_id, tag, state, version_added, version_removed",
         );
         out.push_sql("), ");
 
@@ -288,9 +284,9 @@ impl QueryFragment<Pg> for NextExternalMulticastGroup {
 
         // Return either the newly inserted or previously allocated group
         out.push_sql(
-            "SELECT id, name, description, time_created, time_modified, time_deleted, ip_pool_id, ip_pool_range_id, vni, multicast_ip, source_ips, mvlan, underlay_group_id, tag, state, version_added, version_removed FROM previously_allocated_group
+            "SELECT id, name, description, time_created, time_modified, time_deleted, ip_pool_id, ip_pool_range_id, vni, multicast_ip, source_ips, underlay_group_id, tag, state, version_added, version_removed FROM previously_allocated_group
             UNION ALL
-            SELECT id, name, description, time_created, time_modified, time_deleted, ip_pool_id, ip_pool_range_id, vni, multicast_ip, source_ips, mvlan, underlay_group_id, tag, state, version_added, version_removed FROM multicast_group",
+            SELECT id, name, description, time_created, time_modified, time_deleted, ip_pool_id, ip_pool_range_id, vni, multicast_ip, source_ips, underlay_group_id, tag, state, version_added, version_removed FROM multicast_group",
         );
 
         Ok(())

nexus/db-schema/src/schema.rs

@@ -2773,7 +2773,6 @@ table! {
         vni -> Int4,
         multicast_ip -> Inet,
         source_ips -> Array<Inet>,
-        mvlan -> Nullable<Int2>,
         underlay_group_id -> Nullable<Uuid>,
         tag -> Nullable<Text>,
         state -> crate::enums::MulticastGroupStateEnum,