oxidecomputer
diff --git a/‎nexus-config/src/nexus_config.rs‎
Lines changed: 20 additions & 0 deletions b/‎nexus-config/src/nexus_config.rs‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎nexus/external-api/output/nexus_tags.txt‎
Lines changed: 12 additions & 15 deletions b/‎nexus/external-api/output/nexus_tags.txt‎
Lines changed: 12 additions & 15 deletions
diff --git a/‎nexus/external-api/src/lib.rs‎
Lines changed: 12 additions & 12 deletions b/‎nexus/external-api/src/lib.rs‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎nexus/src/app/background/init.rs‎
Lines changed: 3 additions & 0 deletions b/‎nexus/src/app/background/init.rs‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎nexus/src/app/background/tasks/multicast/mod.rs‎
Lines changed: 11 additions & 0 deletions b/‎nexus/src/app/background/tasks/multicast/mod.rs‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎nexus/src/app/instance.rs‎
Lines changed: 18 additions & 7 deletions b/‎nexus/src/app/instance.rs‎
Lines changed: 18 additions & 7 deletions
diff --git a/‎nexus/src/app/mod.rs‎
Lines changed: 15 additions & 0 deletions b/‎nexus/src/app/mod.rs‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎nexus/src/app/sagas/instance_create.rs‎
Lines changed: 17 additions & 0 deletions b/‎nexus/src/app/sagas/instance_create.rs‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎nexus/src/app/sagas/instance_delete.rs‎
Lines changed: 8 additions & 0 deletions b/‎nexus/src/app/sagas/instance_delete.rs‎
Lines changed: 8 additions & 0 deletions
@@ -853,6 +853,22 @@ impl Default for MulticastGroupReconcilerConfig {
     }
 }
 
+/// TODO: remove this when multicast is implemented end-to-end.
+#[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
+pub struct MulticastConfig {
+    /// Whether multicast functionality is enabled or not.
+    ///
+    /// When false, multicast API calls remain accessible but no actual
+    /// multicast operations occur (no switch programming, reconciler disabled).
+    /// Instance sagas will skip multicast operations. This allows gradual
+    /// rollout and testing of multicast configuration.
+    ///
+    /// Default: false (experimental feature, disabled by default)
+    #[serde(default)]
+    pub enabled: bool,
+}
+
+
 /// Configuration for a nexus server
 #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
 pub struct PackageConfig {
@@ -884,6 +900,9 @@ pub struct PackageConfig {
     pub initial_reconfigurator_config: Option<ReconfiguratorConfig>,
     /// Background task configuration
     pub background_tasks: BackgroundTaskConfig,
+    /// Multicast feature configuration
+    #[serde(default)]
+    pub multicast: MulticastConfig,
     /// Default Crucible region allocation strategy
     pub default_region_allocation_strategy: RegionAllocationStrategy,
 }
@@ -1382,6 +1401,7 @@ mod test {
                                 period_secs: Duration::from_secs(60),
                             },
                     },
+                    multicast: MulticastConfig { enabled: false },
                     default_region_allocation_strategy:
                         crate::nexus_config::RegionAllocationStrategy::Random {
                             seed: Some(0)
 
@@ -49,6 +49,18 @@ affinity_group_member_list               GET      /v1/affinity-groups/{affinity_
 affinity_group_update                    PUT      /v1/affinity-groups/{affinity_group}
 affinity_group_view                      GET      /v1/affinity-groups/{affinity_group}
 instance_affinity_group_list             GET      /v1/instances/{instance}/affinity-groups
+instance_multicast_group_join            PUT      /v1/instances/{instance}/multicast-groups/{multicast_group}
+instance_multicast_group_leave           DELETE   /v1/instances/{instance}/multicast-groups/{multicast_group}
+instance_multicast_group_list            GET      /v1/instances/{instance}/multicast-groups
+lookup_multicast_group_by_ip             GET      /v1/system/multicast-groups/by-ip/{address}
+multicast_group_create                   POST     /v1/multicast-groups
+multicast_group_delete                   DELETE   /v1/multicast-groups/{multicast_group}
+multicast_group_list                     GET      /v1/multicast-groups
+multicast_group_member_add               POST     /v1/multicast-groups/{multicast_group}/members
+multicast_group_member_list              GET      /v1/multicast-groups/{multicast_group}/members
+multicast_group_member_remove            DELETE   /v1/multicast-groups/{multicast_group}/members/{instance}
+multicast_group_update                   PUT      /v1/multicast-groups/{multicast_group}
+multicast_group_view                     GET      /v1/multicast-groups/{multicast_group}
 probe_create                             POST     /experimental/v1/probes
 probe_delete                             DELETE   /experimental/v1/probes/{probe}
 probe_list                               GET      /experimental/v1/probes
@@ -96,9 +108,6 @@ instance_ephemeral_ip_attach             POST     /v1/instances/{instance}/exter
 instance_ephemeral_ip_detach             DELETE   /v1/instances/{instance}/external-ips/ephemeral
 instance_external_ip_list                GET      /v1/instances/{instance}/external-ips
 instance_list                            GET      /v1/instances
-instance_multicast_group_join            PUT      /v1/instances/{instance}/multicast-groups/{multicast_group}
-instance_multicast_group_leave           DELETE   /v1/instances/{instance}/multicast-groups/{multicast_group}
-instance_multicast_group_list            GET      /v1/instances/{instance}/multicast-groups
 instance_network_interface_create        POST     /v1/network-interfaces
 instance_network_interface_delete        DELETE   /v1/network-interfaces/{interface}
 instance_network_interface_list          GET      /v1/network-interfaces
@@ -122,18 +131,6 @@ API operations found with tag "metrics"
 OPERATION ID                             METHOD   URL PATH
 silo_metric                              GET      /v1/metrics/{metric_name}
 
-API operations found with tag "multicast-groups"
-OPERATION ID                             METHOD   URL PATH
-lookup_multicast_group_by_ip             GET      /v1/system/multicast-groups/by-ip/{address}
-multicast_group_create                   POST     /v1/multicast-groups
-multicast_group_delete                   DELETE   /v1/multicast-groups/{multicast_group}
-multicast_group_list                     GET      /v1/multicast-groups
-multicast_group_member_add               POST     /v1/multicast-groups/{multicast_group}/members
-multicast_group_member_list              GET      /v1/multicast-groups/{multicast_group}/members
-multicast_group_member_remove            DELETE   /v1/multicast-groups/{multicast_group}/members/{instance}
-multicast_group_update                   PUT      /v1/multicast-groups/{multicast_group}
-multicast_group_view                     GET      /v1/multicast-groups/{multicast_group}
-
 API operations found with tag "policy"
 OPERATION ID                             METHOD   URL PATH
 system_policy_update                     PUT      /v1/system/policy
 
@@ -1029,7 +1029,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = GET,
         path = "/v1/multicast-groups",
-        tags = ["multicast-groups"],
+        tags = ["experimental"],
     }]
     async fn multicast_group_list(
         rqctx: RequestContext<Self::Context>,
@@ -1040,7 +1040,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = POST,
         path = "/v1/multicast-groups",
-        tags = ["multicast-groups"],
+        tags = ["experimental"],
     }]
     async fn multicast_group_create(
         rqctx: RequestContext<Self::Context>,
@@ -1052,7 +1052,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = GET,
         path = "/v1/multicast-groups/{multicast_group}",
-        tags = ["multicast-groups"],
+        tags = ["experimental"],
     }]
     async fn multicast_group_view(
         rqctx: RequestContext<Self::Context>,
@@ -1064,7 +1064,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = PUT,
         path = "/v1/multicast-groups/{multicast_group}",
-        tags = ["multicast-groups"],
+        tags = ["experimental"],
     }]
     async fn multicast_group_update(
         rqctx: RequestContext<Self::Context>,
@@ -1077,7 +1077,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = DELETE,
         path = "/v1/multicast-groups/{multicast_group}",
-        tags = ["multicast-groups"],
+        tags = ["experimental"],
     }]
     async fn multicast_group_delete(
         rqctx: RequestContext<Self::Context>,
@@ -1089,7 +1089,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = GET,
         path = "/v1/system/multicast-groups/by-ip/{address}",
-        tags = ["multicast-groups"],
+        tags = ["experimental"],
     }]
     async fn lookup_multicast_group_by_ip(
         rqctx: RequestContext<Self::Context>,
@@ -1100,7 +1100,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = GET,
         path = "/v1/multicast-groups/{multicast_group}/members",
-        tags = ["multicast-groups"],
+        tags = ["experimental"],
     }]
     async fn multicast_group_member_list(
         rqctx: RequestContext<Self::Context>,
@@ -1112,7 +1112,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = POST,
         path = "/v1/multicast-groups/{multicast_group}/members",
-        tags = ["multicast-groups"],
+        tags = ["experimental"],
     }]
     async fn multicast_group_member_add(
         rqctx: RequestContext<Self::Context>,
@@ -1125,7 +1125,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = DELETE,
         path = "/v1/multicast-groups/{multicast_group}/members/{instance}",
-        tags = ["multicast-groups"],
+        tags = ["experimental"],
     }]
     async fn multicast_group_member_remove(
         rqctx: RequestContext<Self::Context>,
@@ -2350,7 +2350,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = GET,
         path = "/v1/instances/{instance}/multicast-groups",
-        tags = ["instances"],
+        tags = ["experimental"],
     }]
     async fn instance_multicast_group_list(
         rqctx: RequestContext<Self::Context>,
@@ -2365,7 +2365,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = PUT,
         path = "/v1/instances/{instance}/multicast-groups/{multicast_group}",
-        tags = ["instances"],
+        tags = ["experimental"],
     }]
     async fn instance_multicast_group_join(
         rqctx: RequestContext<Self::Context>,
@@ -2377,7 +2377,7 @@ pub trait NexusExternalApi {
     #[endpoint {
         method = DELETE,
         path = "/v1/instances/{instance}/multicast-groups/{multicast_group}",
-        tags = ["instances"],
+        tags = ["experimental"],
     }]
     async fn instance_multicast_group_leave(
         rqctx: RequestContext<Self::Context>,
 
@@ -1001,6 +1001,7 @@ impl BackgroundTasksInitializer {
                 datastore.clone(),
                 resolver.clone(),
                 sagas.clone(),
+                args.multicast_enabled,
             )),
             opctx: opctx.child(BTreeMap::new()),
             watchers: vec![],
@@ -1033,6 +1034,8 @@ pub struct BackgroundTasksData {
     pub datastore: Arc<DataStore>,
     /// background task configuration
     pub config: BackgroundTaskConfig,
+    /// whether multicast functionality is enabled (or not)
+    pub multicast_enabled: bool,
     /// rack identifier
     pub rack_id: Uuid,
     /// nexus identifier
 
@@ -140,13 +140,16 @@ pub(crate) struct MulticastGroupReconciler {
     member_concurrency_limit: usize,
     /// Maximum number of groups to process concurrently.
     group_concurrency_limit: usize,
+    /// Whether multicast functionality is enabled (or not).
+    enabled: bool,
 }
 
 impl MulticastGroupReconciler {
     pub(crate) fn new(
         datastore: Arc<DataStore>,
         resolver: Resolver,
         sagas: Arc<dyn StartSaga>,
+        enabled: bool,
     ) -> Self {
         Self {
             datastore,
@@ -159,6 +162,7 @@ impl MulticastGroupReconciler {
             cache_ttl: Duration::from_secs(3600), // 1 hour - refresh topology mappings regularly
             member_concurrency_limit: 100,
             group_concurrency_limit: 100,
+            enabled,
         }
     }
 
@@ -178,6 +182,13 @@ impl BackgroundTask for MulticastGroupReconciler {
         opctx: &'a OpContext,
     ) -> BoxFuture<'a, serde_json::Value> {
         async move {
+            if !self.enabled {
+                info!(opctx.log, "multicast group reconciler not enabled");
+                let mut status = MulticastGroupReconcilerStatus::default();
+                status.disabled = true;
+                return json!(status);
+            }
+
             trace!(opctx.log, "multicast group reconciler activating");
             let status = self.run_reconciliation_pass(opctx).await;
 
 
@@ -363,6 +363,15 @@ impl super::Nexus {
     ) -> Result<(), Error> {
         let instance_id = authz_instance.id();
 
+        // Check if multicast is enabled - if not, skip all multicast operations
+        if !self.multicast_enabled() {
+            debug!(opctx.log,
+                   "multicast not enabled, skipping multicast group changes";
+                   "instance_id" => %instance_id,
+                   "requested_groups_count" => multicast_groups.len());
+            return Ok(());
+        }
+
         debug!(
             opctx.log,
             "processing multicast group changes";
@@ -948,13 +957,15 @@ impl super::Nexus {
             .await?;
 
         // Update multicast member state for this instance to "Left" and clear
-        // `sled_id`
-        self.db_datastore
-            .multicast_group_members_detach_by_instance(
-                opctx,
-                authz_instance.id(),
-            )
-            .await?;
+        // `sled_id` - only if multicast is enabled
+        if self.multicast_enabled() {
+            self.db_datastore
+                .multicast_group_members_detach_by_instance(
+                    opctx,
+                    authz_instance.id(),
+                )
+                .await?;
+        }
 
         // Activate multicast reconciler to handle switch-level changes
         self.background_tasks.task_multicast_group_reconciler.activate();
 
@@ -224,6 +224,9 @@ pub struct Nexus {
     /// The tunable parameters from a configuration file
     tunables: Tunables,
 
+    /// Whether multicast functionality is enabled - used by sagas and API endpoints to check if multicast operations should proceed
+    multicast_enabled: bool,
+
     /// Operational context used for Instance allocation
     opctx_alloc: OpContext,
 
@@ -500,6 +503,13 @@ impl Nexus {
             timeseries_client,
             webhook_delivery_client,
             tunables: config.pkg.tunables.clone(),
+            // Whether multicast functionality is enabled.
+            // This is used by instance-related sagas and API endpoints to check
+            // if multicast operations should proceed.
+            //
+            // NOTE: This is separate from the RPW reconciler timing config, which
+            // only controls how often the background task runs.
+            multicast_enabled: config.pkg.multicast.enabled,
             opctx_alloc: OpContext::for_background(
                 log.new(o!("component" => "InstanceAllocator")),
                 Arc::clone(&authz),
@@ -600,6 +610,7 @@ impl Nexus {
                     opctx: background_ctx,
                     datastore: db_datastore,
                     config: task_config.pkg.background_tasks,
+                    multicast_enabled: task_config.pkg.multicast.enabled,
                     rack_id,
                     nexus_id: task_config.deployment.id,
                     resolver,
@@ -651,6 +662,10 @@ impl Nexus {
         &self.authz
     }
 
+    pub fn multicast_enabled(&self) -> bool {
+        self.multicast_enabled
+    }
+
     pub(crate) async fn wait_for_populate(&self) -> Result<(), anyhow::Error> {
         let mut my_rx = self.populate_status.clone();
         loop {
 
@@ -1006,6 +1006,15 @@ async fn sic_join_instance_multicast_group(
     );
     let instance_id = repeat_saga_params.instance_id;
 
+    // Check if multicast is enabled
+    if !osagactx.nexus().multicast_enabled() {
+        debug!(osagactx.log(),
+               "multicast not enabled, skipping multicast group member attachment";
+               "instance_id" => %instance_id,
+               "group_name_or_id" => ?group_name_or_id);
+        return Ok(Some(()));
+    }
+
     // Look up the multicast group by name or ID using the existing nexus method
     let multicast_group_selector = params::MulticastGroupSelector {
         project: Some(NameOrId::Id(saga_params.project_id)),
@@ -1075,6 +1084,14 @@ async fn sic_join_instance_multicast_group_undo(
         return Ok(());
     };
 
+    // Check if multicast is enabled - if not, no cleanup needed since we didn't attach
+    if !osagactx.nexus().multicast_enabled() {
+        debug!(osagactx.log(),
+               "multicast not enabled, skipping multicast group member undo";
+               "group_name_or_id" => ?group_name_or_id);
+        return Ok(());
+    }
+
     // Look up the multicast group by name or ID using the existing nexus method
     let multicast_group_selector = params::MulticastGroupSelector {
         project: Some(NameOrId::Id(saga_params.project_id)),
 
@@ -150,6 +150,14 @@ async fn sid_leave_multicast_groups(
 
     let instance_id = params.authz_instance.id();
 
+    // Check if multicast is enabled - if not, no members exist to remove
+    if !osagactx.nexus().multicast_enabled() {
+        debug!(osagactx.log(),
+               "multicast not enabled, skipping multicast group member removal";
+               "instance_id" => %instance_id);
+        return Ok(());
+    }
+
     // Mark all multicast group memberships for this instance as deleted
     datastore
         .multicast_group_members_mark_for_removal(&opctx, instance_id)