Null MAC leaking into peering fabric

Hi there,
So I am currently running vyos 1.2.1 - and are currently getting into a little bit of trouble with our IX (SIX in seattle). It seems some packets are originating from our vyos router with a null mac (mac of 00:00:00:00:00:00)

Just curious if this has been seen before; if there is a known workaround; if this is a bug upstream… any ideas how to fix this would be appreciated.

An example violation report:

04:29:53 a7512 Acl: 9667273: %ACL-6-MACACCESS: list Emerald_Onion
Ethernet7/46 denied 0800 00:00:00:00:00:00 -> 00:00:00:00:00:00 udp
23.129.64.20(37407) -> 37.10.63.170(53)

Hi!

vyos should not craft any packets with 00:00:00:00:00:00 as src or dst, do you see these packets on a local tcpdudmp? could you also capture a pcap with the packet in? i’ve been monitoring my systems now, but cant see the issue here.

This might be a driver issue or a configuration issue, could you provide the output of the command ip link

to check for packets locally with tcpdump you could use tcpdump -evvvni ethX 'ether host 00:00:00:00:00:00'

thanks for your help @runar
I dont have a capture personally - although the SIX is sending me emails whenever they capture one The interface in question is eth3. Ill run a capture today to see if I can get one (I did try last night with no success).

ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group default qlen 1000
link/ether 3c:fd:fe:9d:67:f9 brd ff:ff:ff:ff:ff:ff
alias Failover Bond
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group default qlen 1000
link/ether 3c:fd:fe:9d:67:f9 brd ff:ff:ff:ff:ff:ff
alias Failover Bond
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 3c:fd:fe:9d:67:fa brd ff:ff:ff:ff:ff:ff
alias HE Transit
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 3c:fd:fe:9d:67:fb brd ff:ff:ff:ff:ff:ff
alias SIX Peering
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 3c:fd:fe:9d:67:f9 brd ff:ff:ff:ff:ff:ff
alias Bonded LAN

I will also add this - while its not a capture; it is a larger list provided to us:

Jun 13 04:29:53 a7512 Acl: 9667273: %ACL-6-MACACCESS: list Emerald_Onion Ethernet7/46 denied 0800 00:00:00:00:00:00 -> 00:00:00:00:00:00 udp 23.129.64.20(37407) -> 37.10.63.170(53)

Jun 12 23:49:46 a7512 Acl: 9657762: %ACL-6-MACACCESS: list Emerald_Onion Ethernet7/46 denied 0800 00:00:00:00:00:00 -> 00:00:00:00:00:00 udp 23.129.64.20(35525) -> 216.152.176.1(53)

Jun 13 02:20:27 a7512 Acl: 9662920: %ACL-6-MACACCESS: list Emerald_Onion Ethernet7/46 denied 0800 00:00:00:00:00:00 -> 00:00:00:00:00:00 tcp 23.129.64.188(443) -> 51.38.164.157(41246)

Jun 13 02:04:06 a7512 Acl: 9662324: %ACL-6-MACACCESS: list Emerald_Onion Ethernet7/46 denied 0800 00:00:00:00:00:00 -> 00:00:00:00:00:00 tcp 23.129.64.167(35819) -> 37.187.102.167(61262)

Jun 13 02:20:21 a7512 Acl: 9662913: %ACL-6-MACACCESS: list Emerald_Onion Ethernet7/46 denied 0800 00:00:00:00:00:00 -> 00:00:00:00:00:00 tcp 23.129.64.192(53075) -> 23.198.151.230(443)

Jun 13 02:20:25 a7512 Acl: 9662916: %ACL-6-MACACCESS: list Emerald_Onion Ethernet7/46 denied 0800 00:00:00:00:00:00 -> 00:00:00:00:00:00 tcp 23.129.64.200(443) -> 54.38.73.16(37354)

Jun 13 02:20:25 a7512 Acl: 9662917: %ACL-6-MACACCESS: list Emerald_Onion Ethernet7/46 denied 0800 00:00:00:00:00:00 -> 00:00:00:00:00:00 tcp 23.129.64.190(443) -> 91.121.19.195(42583)

Jun 13 02:20:26 a7512 Acl: 9662919: %ACL-6-MACACCESS: list Emerald_Onion Ethernet7/46 denied 0800 00:00:00:00:00:00 -> 00:00:00:00:00:00 tcp 23.129.64.158(443) -> 217.182.198.95(19465)

Jun 13 02:20:27 a7512 Acl: 9662920: %ACL-6-MACACCESS: list Emerald_Onion Ethernet7/46 denied 0800 00:00:00:00:00:00 -> 00:00:00:00:00:00 tcp 23.129.64.188(443) -> 51.38.164.157(41246)