[pve-devel] Feature Request: Add SPAN / RSPAN / ERSPAN Traffic Mirroring Support in PVE WebUI

[zs at zslab.cn]

Dear Proxmox VE Development Team,

Greetings!

First of all, thank you very much for your continued efforts and improvements to Proxmox VE. It has become an essential tool in our daily virtualization environment, offering great stability, usability, and functionality.

I'm writing to submit a feature request: **Could the PVE WebUI support SPAN (local traffic mirroring) and ERSPAN (remote traffic mirroring) functionality?**

Currently, we implement traffic mirroring manually via `nftables`, as shown below:

nft add table netdev mirror_span
nft add chain netdev mirror_span tap110i0_ingress \
'{ type filter hook ingress device "tap110i0" priority 0; }'
nft add chain netdev mirror_span tap110i0_egress \
'{ type filter hook egress device "tap110i0" priority 0; }'
nft add rule netdev mirror_span tap110i0_ingress dup to tap141i1
nft add rule netdev mirror_span tap110i0_egress dup to tap141i1

For remote ERSPAN, we combine `nftables` with `gretap` tunnels. However, due to issues such as VM shutdown or restart disrupting the mirroring session, we also rely on custom shell scripts and hooks to maintain stability.

We understand this is not a trivial feature, but traffic mirroring is critical in use cases such as network monitoring and security analysis. A built-in, user-friendly WebUI interface for configuring SPAN / ERSPAN would significantly improve usability and reduce the risks of manual configuration.

We'd be happy to provide feedback or help with testing. If needed, we can also share our current implementation and scripts for reference.

Thank you again for your contributions to the community and to PVE users around the world. Regardless of whether this request is accepted, we will continue to support Proxmox VE.




Best regards, 
Zhang Sheng 
Email: zs at zslab.cn