From: "zs@zslab.cn" <zs@zslab.cn>
To: "pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
Subject: [pve-devel] Feature Request: Add SPAN / RSPAN / ERSPAN Traffic Mirroring Support in PVE WebUI
Date: Sat, 26 Jul 2025 19:33:02 +0800 [thread overview]
Message-ID: <202507261933022156121@zslab.cn> (raw)
Dear Proxmox VE Development Team,
Greetings!
First of all, thank you very much for your continued efforts and improvements to Proxmox VE. It has become an essential tool in our daily virtualization environment, offering great stability, usability, and functionality.
I'm writing to submit a feature request: **Could the PVE WebUI support SPAN (local traffic mirroring) and ERSPAN (remote traffic mirroring) functionality?**
Currently, we implement traffic mirroring manually via `nftables`, as shown below:
nft add table netdev mirror_span
nft add chain netdev mirror_span tap110i0_ingress \
'{ type filter hook ingress device "tap110i0" priority 0; }'
nft add chain netdev mirror_span tap110i0_egress \
'{ type filter hook egress device "tap110i0" priority 0; }'
nft add rule netdev mirror_span tap110i0_ingress dup to tap141i1
nft add rule netdev mirror_span tap110i0_egress dup to tap141i1
For remote ERSPAN, we combine `nftables` with `gretap` tunnels. However, due to issues such as VM shutdown or restart disrupting the mirroring session, we also rely on custom shell scripts and hooks to maintain stability.
We understand this is not a trivial feature, but traffic mirroring is critical in use cases such as network monitoring and security analysis. A built-in, user-friendly WebUI interface for configuring SPAN / ERSPAN would significantly improve usability and reduce the risks of manual configuration.
We'd be happy to provide feedback or help with testing. If needed, we can also share our current implementation and scripts for reference.
Thank you again for your contributions to the community and to PVE users around the world. Regardless of whether this request is accepted, we will continue to support Proxmox VE.
Best regards,
Zhang Sheng
Email: zs@zslab.cn
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next reply other threads:[~2025-07-29 12:41 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-26 11:33 zs [this message]
2025-07-26 11:43 zs
2025-07-29 17:12 ` Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202507261933022156121@zslab.cn \
--to=zs@zslab.cn \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.