VM with tap flow lost connection if tap flow port is on provider network

Thanks for reporting, I check this issue.

I was able tot reproduce this issue.
By providernet you mean:

openstack network create my_provider_net --provider-network-type flat --provider-physical-network physnet1 ?

Removing the flow action normal seems to be working also, thanks for proposing it.

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tap-as-a-service/+/894539

As I wrote to the comment on the patch, your idea to change Normal action to output:tap-xy is working with the provider nets, the issue is on the other hand destroys the other usecase where we have non-provider networks (like vxlan or similar). so I have to dig a little more, if you have an idea for that also , don't hesitate :-)

Thanks for taking the time to address this issue.
I have now identified the problem related to non-provider networks. I will carefully examine the code to devise a method for performing a check on the network type before creating the flow, to determine whether the port belongs to a provider or non-provider network.

Investigating a solution to the problem, I believe I have reached something concrete. In the `create_tap_flow` function ( https://github.com/openstack/tap-as-a-service/blob/master/neutron_taas/services/taas/drivers/linux/ovs_taas.py#L324 ), the `port` object is used, which contains the `network_id` attribute. As we need to determine whether we are in a provider network or not in order to create one flow or another, we can use this `network_id` to query the Neutron DB and perform the validation.
In the Neutron DB, I see the networksegments(id, network_id, network_type, physical_network, ...) table, and by using the `physical_network` field, we can determine whether the network is of provider or non-provider type.
The `network_type` field will also be useful because I have noticed that when the provider network is of type VLAN, a `strip_vlan` action is required as the first step in the flow for it to work correctly.

If I'm not leaving anything out, with these changes, we can enable TAAS for both provider and non-provider networks. I hope you can review and validate what I have mentioned.

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tap-as-a-service/+/896515

After the last comment we decided to propose the patch with the changes needed to enables the mirroring in external network without breaking the internal network setup. You can check the changes that we propose here https://review.opendev.org/c/openstack/tap-as-a-service/+/896515.

Change abandoned by "Lajos Katona <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/tap-as-a-service/+/894539
Reason: https://review.opendev.org/c/openstack/tap-as-a-service/+/896515 is a better approach

The changes on https://review.opendev.org/c/openstack/tap-as-a-service/+/896515 were tested successfully on TAAS with mirror with external network of type VLAN and FLAT, and also tested with internal networks of type VXLAN.

Thanks, beginning of next week I will also test and review it

Reviewed: https://review.opendev.org/c/openstack/tap-as-a-service/+/896515
Committed: https://opendev.org/openstack/tap-as-a-service/commit/b6eaef52ab4c21040ab3927053320851954da860
Submitter: "Zuul (22348)"
Branch: master

commit b6eaef52ab4c21040ab3927053320851954da860
Author: Felipe Figueroa <email address hidden>
Date: Tue Sep 26 12:22:58 2023 +0000

    Enables external network mirroring

    Change-Id: I95434982c8b8988a7c0d63af8350ad0d40554231
    Signed-off-by: FelipeAFV <email address hidden>
    Related-Bug: #2034445