* [pve-devel] Feature Request: Add SPAN / RSPAN / ERSPAN Traffic Mirroring Support in PVE WebUI
@ 2025-07-26 11:43 zs
2025-07-29 17:12 ` Stefan Hanreich
0 siblings, 1 reply; 3+ messages in thread
From: zs @ 2025-07-26 11:43 UTC (permalink / raw)
To: pve-devel; +Cc: support
Dear Proxmox VE Development Team,
Greetings!
First of all, thank you very much for your continued efforts and improvements to Proxmox VE. It has become an essential tool in our daily virtualization environment, offering great stability, usability, and functionality.
I'm writing to submit a feature request: **Could the PVE WebUI support SPAN (local traffic mirroring) and ERSPAN (remote traffic mirroring) functionality?**
Currently, we implement traffic mirroring manually via `nftables`, as shown below:
nft add table netdev mirror_span
nft add chain netdev mirror_span tap110i0_ingress \
'{ type filter hook ingress device "tap110i0" priority 0; }'
nft add chain netdev mirror_span tap110i0_egress \
'{ type filter hook egress device "tap110i0" priority 0; }'
nft add rule netdev mirror_span tap110i0_ingress dup to tap141i1
nft add rule netdev mirror_span tap110i0_egress dup to tap141i1
For remote ERSPAN, we combine `nftables` with `gretap` tunnels. However, due to issues such as VM shutdown or restart disrupting the mirroring session, we also rely on custom shell scripts and hooks to maintain stability.
We understand this is not a trivial feature, but traffic mirroring is critical in use cases such as network monitoring and security analysis. A built-in, user-friendly WebUI interface for configuring SPAN / ERSPAN would significantly improve usability and reduce the risks of manual configuration.
We'd be happy to provide feedback or help with testing. If needed, we can also share our current implementation and scripts for reference.
Thank you again for your contributions to the community and to PVE users around the world. Regardless of whether this request is accepted, we will continue to support Proxmox VE.
Best regards,
Zhang Sheng
Email: zs@zslab.cn
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [pve-devel] Feature Request: Add SPAN / RSPAN / ERSPAN Traffic Mirroring Support in PVE WebUI
2025-07-26 11:43 [pve-devel] Feature Request: Add SPAN / RSPAN / ERSPAN Traffic Mirroring Support in PVE WebUI zs
@ 2025-07-29 17:12 ` Stefan Hanreich
0 siblings, 0 replies; 3+ messages in thread
From: Stefan Hanreich @ 2025-07-29 17:12 UTC (permalink / raw)
To: Proxmox VE development discussion, zs; +Cc: support
On 7/29/25 2:42 PM, zs@zslab.cn wrote:
> Dear Proxmox VE Development Team,
>
> Greetings!
>
> First of all, thank you very much for your continued efforts and improvements to Proxmox VE. It has become an essential tool in our daily virtualization environment, offering great stability, usability, and functionality.
>
> I'm writing to submit a feature request: **Could the PVE WebUI support SPAN (local traffic mirroring) and ERSPAN (remote traffic mirroring) functionality?**
>
> Currently, we implement traffic mirroring manually via `nftables`, as shown below:
>
> nft add table netdev mirror_span
> nft add chain netdev mirror_span tap110i0_ingress \
> '{ type filter hook ingress device "tap110i0" priority 0; }'
> nft add chain netdev mirror_span tap110i0_egress \
> '{ type filter hook egress device "tap110i0" priority 0; }'
> nft add rule netdev mirror_span tap110i0_ingress dup to tap141i1
> nft add rule netdev mirror_span tap110i0_egress dup to tap141i1
>
> For remote ERSPAN, we combine `nftables` with `gretap` tunnels. However, due to issues such as VM shutdown or restart disrupting the mirroring session, we also rely on custom shell scripts and hooks to maintain stability.
>
> We understand this is not a trivial feature, but traffic mirroring is critical in use cases such as network monitoring and security analysis. A built-in, user-friendly WebUI interface for configuring SPAN / ERSPAN would significantly improve usability and reduce the risks of manual configuration.
>
> We'd be happy to provide feedback or help with testing. If needed, we can also share our current implementation and scripts for reference.
>
> Thank you again for your contributions to the community and to PVE users around the world. Regardless of whether this request is accepted, we will continue to support Proxmox VE.
Hi!
There is already an ongoing discussion about port mirroring in our
Bugzilla [1] - which seems to be what you're looking for. Please join
the discussion there and give your input on the topic!
Kind Regards
Stefan
[1] https://bugzilla.proxmox.com/show_bug.cgi?id=6150
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] Feature Request: Add SPAN / RSPAN / ERSPAN Traffic Mirroring Support in PVE WebUI
@ 2025-07-26 11:33 zs
0 siblings, 0 replies; 3+ messages in thread
From: zs @ 2025-07-26 11:33 UTC (permalink / raw)
To: pve-devel
Dear Proxmox VE Development Team,
Greetings!
First of all, thank you very much for your continued efforts and improvements to Proxmox VE. It has become an essential tool in our daily virtualization environment, offering great stability, usability, and functionality.
I'm writing to submit a feature request: **Could the PVE WebUI support SPAN (local traffic mirroring) and ERSPAN (remote traffic mirroring) functionality?**
Currently, we implement traffic mirroring manually via `nftables`, as shown below:
nft add table netdev mirror_span
nft add chain netdev mirror_span tap110i0_ingress \
'{ type filter hook ingress device "tap110i0" priority 0; }'
nft add chain netdev mirror_span tap110i0_egress \
'{ type filter hook egress device "tap110i0" priority 0; }'
nft add rule netdev mirror_span tap110i0_ingress dup to tap141i1
nft add rule netdev mirror_span tap110i0_egress dup to tap141i1
For remote ERSPAN, we combine `nftables` with `gretap` tunnels. However, due to issues such as VM shutdown or restart disrupting the mirroring session, we also rely on custom shell scripts and hooks to maintain stability.
We understand this is not a trivial feature, but traffic mirroring is critical in use cases such as network monitoring and security analysis. A built-in, user-friendly WebUI interface for configuring SPAN / ERSPAN would significantly improve usability and reduce the risks of manual configuration.
We'd be happy to provide feedback or help with testing. If needed, we can also share our current implementation and scripts for reference.
Thank you again for your contributions to the community and to PVE users around the world. Regardless of whether this request is accepted, we will continue to support Proxmox VE.
Best regards,
Zhang Sheng
Email: zs@zslab.cn
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-07-29 17:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-07-26 11:43 [pve-devel] Feature Request: Add SPAN / RSPAN / ERSPAN Traffic Mirroring Support in PVE WebUI zs
2025-07-29 17:12 ` Stefan Hanreich
-- strict thread matches above, loose matches on Subject: below --
2025-07-26 11:33 zs
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.