Benchmark load balancing

[atoniolo76]

Create infrastructure for clusters, load balancing, tokenizers and more. Overhaul the existing db system with stateless calls from lambda's backend. Add a bunch of commands for interacting with various components specific to GORGO load balancing. Add policies such as prefix-tree and least-load for inference users. Integrate @Orgo as a provider.

[Copilot]

Pull request overview

This PR introduces a comprehensive load balancing infrastructure for distributed GPU cluster management. It adds event-driven tracing (Perfetto-compatible), tokenizer sidecar integration (Rust), SGLang cluster management, and multiple load balancing policies (GORGO, prefix-tree, least-loaded). The PR also refactors instance state management to use Lambda API as the source of truth instead of local database storage.

Changes:

• Added distributed tracing system with Perfetto format support
• Implemented Rust tokenizer sidecar with Unix socket communication
• Created cluster management infrastructure for SGLang deployments
• Added load balancing policies and configuration system
• Removed local DB dependency for instance state, using Lambda API instead
• Added comprehensive benchmarking tools using WildChat-1M dataset

Reviewed changes

Copilot reviewed 39 out of 42 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
pkg/trace/trace.go	New event-driven tracing system (Perfetto format)
pkg/cluster/trace.go	Duplicate of pkg/trace/trace.go
pkg/tokenizer/*.go	Tokenizer sidecar management and client
pkg/tokenizer/main.rs	Rust tokenizer service with Unix socket
pkg/sglang/sglang.go	SGLang Docker deployment and diagnostics
pkg/cluster/*.go	Cluster management, metrics, build/deploy
pkg/config/constants.go	Centralized configuration constants
pkg/remote/client.go	Refactored SSH key lookup from Lambda API
cmd/*.go	New commands for cluster, tokenizer, LB management
benchmark/*.py	Geo-distributed benchmarking tools
go.mod	Added tokenizers dependency (with conflicts)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The tokenizer sidecar uses expect() for error handling in several places (lines 52, 59, 63, 68, 86, 107, 111, 115), which will panic the entire process if the operation fails. For a production service, these should use proper error handling with ? operator or unwrap_or_else() with logging to allow graceful degradation rather than crashing.

[Copilot]

The RemoveInstanceFromConfig function is deprecated but returns no error and does nothing. Callers expecting this function to clean up instance state will silently fail. Consider either removing this function entirely or returning an error indicating it's no longer supported to make the deprecation explicit.

[Copilot]

The pkg/cluster/tokenizer.go file has a potential race condition. The tokenizerAvailable flag is read without lock on line 94 and checked again on line 102-103, but another goroutine could modify it between these checks. The reconnection goroutine spawned on line 99 should be synchronized to prevent multiple concurrent reconnection attempts.

[Copilot]

The pkg/trace/trace.go and pkg/cluster/trace.go files are identical duplicates (573 lines each). This violates the DRY principle and creates maintenance burden. One should be removed and the other should be imported where needed.

[Copilot]

In the Rust tokenizer sidecar, the socket permissions are set to 0o777 (world-readable/writable). This is a security risk as any user on the system can connect to the tokenizer socket and potentially cause denial of service or other issues. Consider using more restrictive permissions like 0o660 and ensuring proper group ownership.

[Copilot]

Variable status is not used.

[Copilot]

Variable error_msg is not used.

Suggested change

	self.logger.error(f"[{request_id}] Request failed: {e}")
	return web.json_response(
	{"error": {"message": str(e), "type": "server_error"}},
	self.logger.error(f"[{request_id}] Request failed: {error_msg}")
	return web.json_response(
	{"error": {"message": error_msg, "type": "server_error"}},

[Copilot]

Import of 'Optional' is not used.

Suggested change

	from typing import Dict, List, Tuple, Optional
	from typing import Dict, List, Tuple

[Copilot]

Import of 'Optional' is not used.
Import of 'List' is not used.

Suggested change

	from typing import Any, Dict, List, Optional, Tuple
	from typing import Any, Dict, Tuple

[Copilot]

The use of eval $GUIDELLM_CMD with command-line-controlled variables like PROFILE, RATE, DURATION, and OUTPUT_DIR creates a command injection risk: a crafted argument (for example, --profile 'poisson; rm -rf ~') would cause arbitrary shell commands to execute in the context of whoever runs this script. To prevent this, avoid eval entirely and invoke guidellm directly using a properly quoted argument list (e.g., building an array and calling it without eval) so user-supplied values cannot break out of their argument positions.

Suggested change

	# Build GuideLLM command
	GUIDELLM_CMD="guidellm benchmark \
	--target http://localhost:$PROXY_PORT/v1 \
	--profile $PROFILE \
	--max-seconds $DURATION \
	--data $SCRIPT_DIR/wildchat_guidellm.jsonl \
	--data-column-mapper '{\"text_column\": \"prompt\"}' \
	--output-path $OUTPUT_DIR"
	# Add rate for profiles that need it
	if [ "$PROFILE" = "poisson" ] || [ "$PROFILE" = "constant" ] || [ "$PROFILE" = "concurrent" ] || [ "$PROFILE" = "throughput" ]; then
	GUIDELLM_CMD="$GUIDELLM_CMD --rate $RATE"
	fi
	echo "Running: $GUIDELLM_CMD"
	echo ""
	eval $GUIDELLM_CMD
	# Build GuideLLM command as an argument array to avoid command injection
	GUIDELLM_ARGS=(
	benchmark
	--target "http://localhost:$PROXY_PORT/v1"
	--profile "$PROFILE"
	--max-seconds "$DURATION"
	--data "$SCRIPT_DIR/wildchat_guidellm.jsonl"
	--data-column-mapper '{"text_column": "prompt"}'
	--output-path "$OUTPUT_DIR"
	)
	# Add rate for profiles that need it
	if [ "$PROFILE" = "poisson" ] || [ "$PROFILE" = "constant" ] || [ "$PROFILE" = "concurrent" ] || [ "$PROFILE" = "throughput" ]; then
	GUIDELLM_ARGS+=( --rate "$RATE" )
	fi
	# Show the command being run
	printf 'Running: guidellm'
	for arg in "${GUIDELLM_ARGS[@]}"; do
	printf ' %q' "$arg"
	done
	printf '\n\n'
	guidellm "${GUIDELLM_ARGS[@]}"

[atoniolo76]

Sounds good, thanks copilot. 1. Get rid of the entire benchmark folder for this PR 2. Productionize the tokenizer policies. Add graceful error handling, restrict socket access from local processes only, and fix the race condition from two concurrent requests connecting. 3. get rid of remove instance from config

…

On Wed, Jan 28, 2026 at 9:24 PM Copilot ***@***.***> wrote: ***@***.**** commented on this pull request. Pull request overview This PR introduces a comprehensive load balancing infrastructure for distributed GPU cluster management. It adds event-driven tracing (Perfetto-compatible), tokenizer sidecar integration (Rust), SGLang cluster management, and multiple load balancing policies (GORGO, prefix-tree, least-loaded). The PR also refactors instance state management to use Lambda API as the source of truth instead of local database storage. *Changes:* - Added distributed tracing system with Perfetto format support - Implemented Rust tokenizer sidecar with Unix socket communication - Created cluster management infrastructure for SGLang deployments - Added load balancing policies and configuration system - Removed local DB dependency for instance state, using Lambda API instead - Added comprehensive benchmarking tools using WildChat-1M dataset Reviewed changes Copilot reviewed 39 out of 42 changed files in this pull request and generated 12 comments. Show a summary per file File Description pkg/trace/trace.go New event-driven tracing system (Perfetto format) pkg/cluster/trace.go Duplicate of pkg/trace/trace.go pkg/tokenizer/*.go Tokenizer sidecar management and client pkg/tokenizer/main.rs Rust tokenizer service with Unix socket pkg/sglang/sglang.go SGLang Docker deployment and diagnostics pkg/cluster/*.go Cluster management, metrics, build/deploy pkg/config/constants.go Centralized configuration constants pkg/remote/client.go Refactored SSH key lookup from Lambda API cmd/*.go New commands for cluster, tokenizer, LB management benchmark/*.py Geo-distributed benchmarking tools go.mod Added tokenizers dependency (with conflicts) ------------------------------ 💡 Add Copilot custom instructions <http:///atoniolo76/gotoni/new/main/.github/instructions?filename=*.instructions.md> for smarter, more guided reviews. Learn how to get started <https://docs.github.com/en/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot> . ------------------------------ In pkg/tokenizer/main.rs <#4 (comment)>: > + .expect("Failed to download tokenizer.json"); + + if !response.status().is_success() { + panic!("Failed to download tokenizer: HTTP {}", response.status()); + } + + let bytes = response.bytes().await + .expect("Failed to read tokenizer bytes"); + + // Cache the tokenizer + std::fs::write(TOKENIZER_CACHE_PATH, &bytes) + .expect("Failed to cache tokenizer"); + + println!("Tokenizer cached to: {}", TOKENIZER_CACHE_PATH); + + Tokenizer::from_bytes(&bytes) + .expect("Failed to parse tokenizer.json") +} + +#[tokio::main] +async fn main() { + println!("Loading tokenizer model: {}", MODEL_ID); + + // Load the Mistral tokenizer + let tokenizer: Arc<Tokenizer> = Arc::new(load_or_download_tokenizer().await); + println!("Tokenizer loaded successfully"); + + // Build the router with shared state + let tk_for_count = Arc::clone(&tokenizer); + + let app = Router::new() + .route("/count", post(move |Json(payload): Json<TokenizeRequest>| { + let tk: Arc<Tokenizer> = Arc::clone(&tk_for_count); + async move { + let encoding = tk.encode(payload.text, false).expect("Tokenization failed"); + Json(TokenizeResponse { + count: encoding.get_ids().len(), + }) + } + })) + .route("/health", get(|| async { + Json(HealthResponse { + status: "ok".to_string(), + model: MODEL_ID.to_string(), + }) + })); + + // Unix Domain Socket path + let socket_path = "/tmp/tokenizer.sock"; + + // Clean up old socket if it exists + let _ = std::fs::remove_file(socket_path); + + println!("Starting tokenizer sidecar on {}", socket_path); + + let listener = UnixListener::bind(socket_path).expect("Failed to bind to socket"); + + // Make socket world-readable/writable + std::fs::set_permissions(socket_path, std::fs::Permissions::from_mode(0o777)) + .expect("Failed to set socket permissions"); + + // Serve using hyper with Unix socket + loop { + let (stream, _) = listener.accept().await.expect("Accept failed"); The tokenizer sidecar uses expect() for error handling in several places (lines 52, 59, 63, 68, 86, 107, 111, 115), which will panic the entire process if the operation fails. For a production service, these should use proper error handling with ? operator or unwrap_or_else() with logging to allow graceful degradation rather than crashing. ------------------------------ In pkg/remote/client.go <#4 (comment)>: > +// RemoveInstanceFromConfig removes an instance from the config +// Deprecated: Instance state is now managed by Lambda API, not local DB. +// This function is kept for backwards compatibility but does nothing meaningful. +func RemoveInstanceFromConfig(instanceID string) error { + // Instance state is managed by Lambda API, not local DB + // No action needed - when an instance is terminated via Lambda API, + // it will no longer appear in ListRunningInstances + return nil } The RemoveInstanceFromConfig function is deprecated but returns no error and does nothing. Callers expecting this function to clean up instance state will silently fail. Consider either removing this function entirely or returning an error indicating it's no longer supported to make the deprecation explicit. ------------------------------ In pkg/cluster/tokenizer.go <#4 (comment)>: > + tokenizerMu.RLock() + available := tokenizerAvailable + tokenizerMu.RUnlock() + + if !available { + // Try to reconnect periodically + go func() { + tokenizerMu.Lock() + defer tokenizerMu.Unlock() + if !tokenizerAvailable { + tokenizerAvailable = checkTokenizerHealth() + } + }() + return fallbackTokenCount(text) The pkg/cluster/tokenizer.go file has a potential race condition. The tokenizerAvailable flag is read without lock on line 94 and checked again on line 102-103, but another goroutine could modify it between these checks. The reconnection goroutine spawned on line 99 should be synchronized to prevent multiple concurrent reconnection attempts. ------------------------------ In pkg/cluster/trace.go <#4 (comment)>: > + +// TraceGORGODecision records GORGO's routing decision with cost calculation +func (t *Tracer) TraceGORGODecision(requestID string, decision string, metadata map[string]interface{}) { + if !t.IsActive() { + return + } + + args := map[string]interface{}{ + "request_id": requestID, + "decision": decision, + } + for k, v := range metadata { + args[k] = v + } + + t.recordEvent(TraceEvent{ + Name: "gorgo_decision", + Cat: "gorgo", + Ph: "i", + Tid: hashString(requestID) % 1000, + Args: args, + }) +} + +// ===================================================== +// DISTRIBUTED TRACING - Receive events from other nodes +// ===================================================== + +// ReceiveRemoteEvents merges trace events from a forwarded request +func (t *Tracer) ReceiveRemoteEvents(events []TraceEvent) { + if !t.IsActive() { + return + } + + t.sessionMu.RLock() + session := t.session + t.sessionMu.RUnlock() + + if session == nil { + return + } + + session.remoteEventsMu.Lock() + session.remoteEvents = append(session.remoteEvents, events...) + session.remoteEventsMu.Unlock() +} + +// GetTraceHeaders returns headers to propagate trace context +func (t *Tracer) GetTraceHeaders(requestID string) map[string]string { + if !t.IsActive() { + return nil + } + + t.sessionMu.RLock() + defer t.sessionMu.RUnlock() + + if t.session == nil { + return nil + } + + return map[string]string{ + "X-Trace-ID": t.session.ID, + "X-Trace-Request": requestID, + "X-Trace-Origin": t.nodeID, + } +} + +// ===================================================== +// INTERNAL HELPERS +// ===================================================== + +func (t *Tracer) recordEvent(event TraceEvent) { + t.sessionMu.RLock() + session := t.session + t.sessionMu.RUnlock() + + if session == nil || !session.active.Load() { + return + } + + // Set timestamp relative to trace start + event.Ts = time.Since(session.StartTime).Microseconds() + event.Pid = t.nodePID + + session.eventsMu.Lock() + session.events = append(session.events, event) + session.eventsMu.Unlock() +} + +// hashString creates a simple hash for consistent thread IDs +func hashString(s string) int { + h := 0 + for _, c := range s { + h = 31*h + int(c) + } + if h < 0 { + h = -h + } + return h +} The pkg/trace/trace.go and pkg/cluster/trace.go files are identical duplicates (573 lines each). This violates the DRY principle and creates maintenance burden. One should be removed and the other should be imported where needed. ------------------------------ In pkg/tokenizer/main.rs <#4 (comment)>: > + std::fs::set_permissions(socket_path, std::fs::Permissions::from_mode(0o777)) + .expect("Failed to set socket permissions"); In the Rust tokenizer sidecar, the socket permissions are set to 0o777 (world-readable/writable). This is a security risk as any user on the system can connect to the tokenizer socket and potentially cause denial of service or other issues. Consider using more restrictive permissions like 0o660 and ensuring proper group ownership. ------------------------------ In benchmark/geo_proxy.py <#4 (comment)>: > + ) + await response.prepare(request) + + # Stream response chunks + first_chunk = True + async for chunk in resp.content.iter_any(): + if first_chunk: + ttft = time.time() - start_time + first_chunk = False + await response.write(chunk) + total_tokens += 1 # Approximate + + await response.write_eof() + + except asyncio.TimeoutError: + status = "timeout" Variable status is not used. ------------------------------ In benchmark/geo_proxy.py <#4 (comment)>: > + await response.write(chunk) + total_tokens += 1 # Approximate + + await response.write_eof() + + except asyncio.TimeoutError: + status = "timeout" + error_msg = f"Request timed out after {REQUEST_TIMEOUT}s" + self.logger.error(f"[{request_id}] {error_msg}") + return web.json_response( + {"error": {"message": error_msg, "type": "timeout_error"}}, + status=504 + ) + + except Exception as e: + status = "error" Variable status is not used. ------------------------------ In benchmark/geo_proxy.py <#4 (comment)>: > + self.logger.error(f"[{request_id}] Request failed: {e}") + return web.json_response( + {"error": {"message": str(e), "type": "server_error"}}, Variable error_msg is not used. ⬇️ Suggested change - self.logger.error(f"[{request_id}] Request failed: {e}") - return web.json_response( - {"error": {"message": str(e), "type": "server_error"}}, + self.logger.error(f"[{request_id}] Request failed: {error_msg}") + return web.json_response( + {"error": {"message": error_msg, "type": "server_error"}}, ------------------------------ In benchmark/analyze_trace.py <#4 (comment)>: > +Usage: + # Fetch and analyze trace from a running LB + curl http://192.9.140.201:8000/lb/trace/stop | python analyze_trace.py + + # Analyze a saved trace file + python analyze_trace.py trace.json + + # Or use the built-in fetch + python analyze_trace.py --fetch http://192.9.140.201:8000 +""" + +import json +import sys +import argparse +from collections import defaultdict +from typing import Dict, List, Tuple, Optional Import of 'Optional' is not used. ⬇️ Suggested change -from typing import Dict, List, Tuple, Optional +from typing import Dict, List, Tuple ------------------------------ In benchmark/geo_proxy.py <#4 (comment)>: > +Usage: + python geo_proxy.py [--port 9000] [--lookup-file wildchat_location_lookup.json] + +Then point GuideLLM at: + guidellm benchmark --target http://localhost:9000/v1 ... +""" +import argparse +import asyncio +import hashlib +import json +import logging +import math +import time +import uuid +from pathlib import Path +from typing import Any, Dict, List, Optional, Tuple Import of 'Optional' is not used. Import of 'List' is not used. ⬇️ Suggested change -from typing import Any, Dict, List, Optional, Tuple +from typing import Any, Dict, Tuple ------------------------------ In benchmark/run_guidellm_geo.sh <#4 (comment)>: > +# Build GuideLLM command +GUIDELLM_CMD="guidellm benchmark \ + --target http://localhost:$PROXY_PORT/v1 \ + --profile $PROFILE \ + --max-seconds $DURATION \ + --data $SCRIPT_DIR/wildchat_guidellm.jsonl \ + --data-column-mapper '{\"text_column\": \"prompt\"}' \ + --output-path $OUTPUT_DIR" + +# Add rate for profiles that need it +if [ "$PROFILE" = "poisson" ] || [ "$PROFILE" = "constant" ] || [ "$PROFILE" = "concurrent" ] || [ "$PROFILE" = "throughput" ]; then + GUIDELLM_CMD="$GUIDELLM_CMD --rate $RATE" +fi + +echo "Running: $GUIDELLM_CMD" +echo "" + +eval $GUIDELLM_CMD The use of eval $GUIDELLM_CMD with command-line-controlled variables like PROFILE, RATE, DURATION, and OUTPUT_DIR creates a command injection risk: a crafted argument (for example, --profile 'poisson; rm -rf ~') would cause arbitrary shell commands to execute in the context of whoever runs this script. To prevent this, avoid eval entirely and invoke guidellm directly using a properly quoted argument list (e.g., building an array and calling it without eval) so user-supplied values cannot break out of their argument positions. ⬇️ Suggested change -# Build GuideLLM command -GUIDELLM_CMD="guidellm benchmark \ - --target http://localhost:$PROXY_PORT/v1 \ - --profile $PROFILE \ - --max-seconds $DURATION \ - --data $SCRIPT_DIR/wildchat_guidellm.jsonl \ - --data-column-mapper '{\"text_column\": \"prompt\"}' \ - --output-path $OUTPUT_DIR" - -# Add rate for profiles that need it -if [ "$PROFILE" = "poisson" ] || [ "$PROFILE" = "constant" ] || [ "$PROFILE" = "concurrent" ] || [ "$PROFILE" = "throughput" ]; then - GUIDELLM_CMD="$GUIDELLM_CMD --rate $RATE" -fi - -echo "Running: $GUIDELLM_CMD" -echo "" - -eval $GUIDELLM_CMD +# Build GuideLLM command as an argument array to avoid command injection +GUIDELLM_ARGS=( + benchmark + --target "http://localhost:$PROXY_PORT/v1" + --profile "$PROFILE" + --max-seconds "$DURATION" + --data "$SCRIPT_DIR/wildchat_guidellm.jsonl" + --data-column-mapper '{"text_column": "prompt"}' + --output-path "$OUTPUT_DIR" +) + +# Add rate for profiles that need it +if [ "$PROFILE" = "poisson" ] || [ "$PROFILE" = "constant" ] || [ "$PROFILE" = "concurrent" ] || [ "$PROFILE" = "throughput" ]; then + GUIDELLM_ARGS+=( --rate "$RATE" ) +fi + +# Show the command being run +printf 'Running: guidellm' +for arg in "${GUIDELLM_ARGS[@]}"; do + printf ' %q' "$arg" +done +printf '\n\n' + +guidellm "${GUIDELLM_ARGS[@]}" — Reply to this email directly, view it on GitHub <#4 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKPYOD5UGWICIQS2MALIVED4JFVNJAVCNFSM6AAAAACTIBXQFSVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTOMRQGE3TMMBYG4> . You are receiving this because you authored the thread.Message ID: ***@***.***>