vxlan vtep no longer working in 1.18, arp broken?

[machgo]

Is there an existing issue for this?

• I have searched the existing issues

Version

equal or higher than v1.18.7 and lower than v1.19.0

What happened?

Hello everyone,
I'm trying to get the vxlan vtep working on a standard ubuntu server. I'm using the example in the official docs.
After the setup, I'm trying to ping a pod inside the cluster from the external vtep server. But it fails. When debugging with tcpdump, I've discovered that I get a zero mac response from cilium:

82:36:4c:98:2e:56 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.0.0.32 tell 10.1.1.1, length 28
06:28:12.614902 bc:24:11:90:16:69 > bc:24:11:46:01:6f, ethertype IPv4 (0x0800), length 92: 192.168.0.55.46131 > 192.168.0.52.8472: OTV, flags [I] (0x08), overlay 0, instance 2
00:00:00:00:00:00 > 82:36:4c:98:2e:56, ethertype ARP (0x0806), length 42: Reply 10.0.0.32 is-at 00:00:00:00:00:00, length 28

When trying the same setup with cilium 1.17.13, everything works and I get correct MAC-addresses inside the arp response

82:36:4c:98:2e:56 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.0.0.26 tell 10.1.1.1, length 28
06:21:47.340457 bc:24:11:90:16:69 > bc:24:11:46:01:6f, ethertype IPv4 (0x0800), length 92: 192.168.0.55.46131 > 192.168.0.52.8472: OTV, flags [I] (0x08), overlay 0, instance 2
5a:e2:cf:f9:a1:4b > 82:36:4c:98:2e:56, ethertype ARP (0x0806), length 42: Reply 10.0.0.26 is-at 5a:e2:cf:f9:a1:4b, length 28

How can we reproduce the issue?

Install Cilium 1.18.7
Setup VTEP on external linux vm like described in the docs https://docs.cilium.io/en/latest/network/vtep/
Try to ping a pod

Cilium Version

1.18.7

Kernel Version

6.8.0-100-generic

Kubernetes Version

1.35.1

Regression

works fine on 1.17.13

Sysdump

cilium-sysdump-20260220-063821.zip

Relevant log output

Anything else?

No response

Cilium Users Document

• Are you a user of Cilium? Please add yourself to the Users doc

Code of Conduct

• I agree to follow this project's Code of Conduct

[akos011221]

Hi, I could reproduce the issue on 1.18.7. It seems that the Overlay eBPF program doesn't load any MAC address, so it is defaulting to zeroes:

→ cilium kubectl -n kube-system exec ds/cilium -- bpftool map dump id 343
[{
        "value": {
            ".rodata.config": [{
                    "__config_identity_length": 16
                },{
                    "__config_device_mtu": 1500
                },{
                    "__config_interface_mac": {
                        "addr": [0,0,0,0,0,0
                        ],
                        "pad": 0
                    }
                },{

→ vtep ping 10.0.0.206
PING 10.0.0.206 (10.0.0.206) 56(84) bytes of data.
From 10.1.1.1 icmp_seq=1 Destination Host Unreachable
From 10.1.1.1 icmp_seq=2 Destination Host Unreachable
From 10.1.1.1 icmp_seq=3 Destination Host Unreachable

ARP, Reply 10.0.0.206 is-at 00:00:00:00:00:00, length 28
19:43:59.197436 IP 172.18.0.1.42670 > 172.18.0.2.8472: OTV, flags [I] (0x08), overlay 0, instance 2
ARP, Request who-has 10.0.0.206 tell 10.1.1.1, length 28
19:43:59.197600 IP 172.18.0.2.42670 > 172.18.0.1.8472: OTV, flags [I] (0x08), overlay 0, instance 2
ARP, Reply 10.0.0.206 is-at 00:00:00:00:00:00, length 28`

Then I've made the modification in #44513 to populate the InterfaceMAC field of the NewBPFOverlay struct and it started working:

→ cilium kubectl -n kube-system exec ds/cilium -- bpftool map dump id 509 | grep -A5 mac
                    "__config_interface_mac": {
                        "addr": [190,221,204,242,118,155
                        ],
                        "pad": 170935181958590
                    }
                },{

→ vtep ping 10.0.0.206
PING 10.0.0.206 (10.0.0.206) 56(84) bytes of data.
64 bytes from 10.0.0.206: icmp_seq=1 ttl=64 time=0.325 ms
64 bytes from 10.0.0.206: icmp_seq=2 ttl=64 time=0.225 ms
64 bytes from 10.0.0.206: icmp_seq=3 ttl=64 time=0.200 ms
64 bytes from 10.0.0.206: icmp_seq=4 ttl=64 time=0.218 ms
64 bytes from 10.0.0.206: icmp_seq=5 ttl=64 time=0.108 ms