[pve-devel] Feature Request: Add SPAN / RSPAN / ERSPAN Traffic Mirroring Support in PVE WebUI

Stefan Hanreich s.hanreich at proxmox.com
Tue Jul 29 19:12:12 CEST 2025 


On 7/29/25 2:42 PM, zs at zslab.cn wrote:
> Dear Proxmox VE Development Team,
> 
> Greetings!
> 
> First of all, thank you very much for your continued efforts and improvements to Proxmox VE. It has become an essential tool in our daily virtualization environment, offering great stability, usability, and functionality.
> 
> I'm writing to submit a feature request: **Could the PVE WebUI support SPAN (local traffic mirroring) and ERSPAN (remote traffic mirroring) functionality?**
> 
> Currently, we implement traffic mirroring manually via `nftables`, as shown below:
> 
> nft add table netdev mirror_span
> nft add chain netdev mirror_span tap110i0_ingress \
> '{ type filter hook ingress device "tap110i0" priority 0; }'
> nft add chain netdev mirror_span tap110i0_egress \
> '{ type filter hook egress device "tap110i0" priority 0; }'
> nft add rule netdev mirror_span tap110i0_ingress dup to tap141i1
> nft add rule netdev mirror_span tap110i0_egress dup to tap141i1
> 
> For remote ERSPAN, we combine `nftables` with `gretap` tunnels. However, due to issues such as VM shutdown or restart disrupting the mirroring session, we also rely on custom shell scripts and hooks to maintain stability.
> 
> We understand this is not a trivial feature, but traffic mirroring is critical in use cases such as network monitoring and security analysis. A built-in, user-friendly WebUI interface for configuring SPAN / ERSPAN would significantly improve usability and reduce the risks of manual configuration.
> 
> We'd be happy to provide feedback or help with testing. If needed, we can also share our current implementation and scripts for reference.
> 
> Thank you again for your contributions to the community and to PVE users around the world. Regardless of whether this request is accepted, we will continue to support Proxmox VE.

Hi!

There is already an ongoing discussion about port mirroring in our
Bugzilla [1] - which seems to be what you're looking for. Please join
the discussion there and give your input on the topic!

Kind Regards
Stefan

[1] https://bugzilla.proxmox.com/show_bug.cgi?id=6150

More information about the pve-devel mailing list