Why am I seeing ARP requests for addresses outside of subnet

Question

In my home network I have a router running Linux, with several VLANs coming into the same physical interface. This is what things look like on the router:

➜ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: wan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 7c:83:34:be:b0:9b brd ff:ff:ff:ff:ff:ff
    altname enp1s0
    inet 80.x.x.x/20 metric 1024 brd x.x.x.255 scope global dynamic wan0
       valid_lft 67664sec preferred_lft 67664sec
    inet6 x:x:x:7000:1a86:1082:f9e:41bf/64 scope global temporary dynamic
       valid_lft 82400sec preferred_lft 22122sec
    inet6 x:x:x:a839:e160:a5b4:8601:7da8/64 scope global temporary dynamic
       valid_lft 85823sec preferred_lft 3023sec
    inet6 x:x:x:7000:8916:b7a2:bfc:3a40/64 scope global temporary deprecated dynamic
       valid_lft 82400sec preferred_lft 0sec
    inet6 x:x:x:a839:3546:462d:74e4:e284/64 scope global temporary deprecated dynamic
       valid_lft 85823sec preferred_lft 0sec
    inet6 x:x:x:7000:aef4:f2a8:62bc:8d8d/64 scope global temporary deprecated dynamic
       valid_lft 82400sec preferred_lft 0sec
    inet6 x:x:x:7000:7e83:34ff:febe:b09b/64 metric 256 scope global dynamic mngtmpaddr
       valid_lft 82400sec preferred_lft 68000sec
    inet6 x:x:x:a839:7c6d:b30d:b272:aebf/64 scope global temporary deprecated dynamic
       valid_lft 85823sec preferred_lft 0sec
    inet6 x:x:x:a839:7e83:34ff:febe:b09b/64 scope global dynamic mngtmpaddr noprefixroute
       valid_lft 85823sec preferred_lft 3023sec
    inet6 fe80::7e83:34ff:febe:b09b/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
3: lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 7c:83:34:be:b0:9c brd ff:ff:ff:ff:ff:ff
    altname enp2s0
    inet 10.0.0.254/24 brd 10.0.0.255 scope global lan0
       valid_lft forever preferred_lft forever
    inet6 x:x:x:7001:3d40:df56:2ca8:e57/64 scope global temporary dynamic
       valid_lft 82400sec preferred_lft 63479sec
    inet6 x:x:x:7001:e887:62d5:fd5c:1183/64 scope global temporary deprecated dynamic
       valid_lft 82400sec preferred_lft 0sec
    inet6 x:x:x:7001:7e83:34ff:febe:b09c/64 metric 256 scope global dynamic mngtmpaddr
       valid_lft 82400sec preferred_lft 68000sec
    inet6 fe80::1/64 scope link
       valid_lft forever preferred_lft forever
    inet6 fe80::7e83:34ff:febe:b09c/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
5: guest@lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 7c:83:34:be:b0:9c brd ff:ff:ff:ff:ff:ff
    inet 10.0.20.254/24 brd 10.0.20.255 scope global guest
       valid_lft forever preferred_lft forever
    inet6 x:x:x:7020:384c:ffca:2bb7:af47/64 scope global temporary dynamic
       valid_lft 82400sec preferred_lft 64243sec
    inet6 x:x:x:7020:6f98:4139:a482:f1eb/64 scope global temporary deprecated dynamic
       valid_lft 82400sec preferred_lft 0sec
    inet6 x:x:x:7020:7e83:34ff:febe:b09c/64 metric 256 scope global dynamic mngtmpaddr
       valid_lft 82400sec preferred_lft 68000sec
    inet6 fe80::1/64 scope link
       valid_lft forever preferred_lft forever
    inet6 fe80::7e83:34ff:febe:b09c/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
6: iot@lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 7c:83:34:be:b0:9c brd ff:ff:ff:ff:ff:ff
    inet 10.0.10.254/24 brd 10.0.10.255 scope global iot
       valid_lft forever preferred_lft forever
    inet6 x:x:x:7010:e395:3d0:37d9:2be/64 scope global temporary dynamic
       valid_lft 82400sec preferred_lft 63524sec
    inet6 x:x:x:7010:5ccf:38dc:555e:a054/64 scope global temporary deprecated dynamic
       valid_lft 82400sec preferred_lft 0sec
    inet6 x:x:x:7010:7e83:34ff:febe:b09c/64 metric 256 scope global dynamic mngtmpaddr
       valid_lft 82400sec preferred_lft 68000sec
    inet6 fe80::1/64 scope link
       valid_lft forever preferred_lft forever
    inet6 fe80::7e83:34ff:febe:b09c/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
7: management@lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 7c:83:34:be:b0:9c brd ff:ff:ff:ff:ff:ff
    inet 10.0.30.254/24 brd 10.0.30.255 scope global management
       valid_lft forever preferred_lft forever
    inet6 x:x:x:7030:2e30:b0b1:8c51:a572/64 scope global temporary dynamic
       valid_lft 82400sec preferred_lft 63118sec
    inet6 x:x:x:7030:a321:4fcd:7e25:c127/64 scope global temporary deprecated dynamic
       valid_lft 82400sec preferred_lft 0sec
    inet6 x:x:x:7030:7e83:34ff:febe:b09c/64 metric 256 scope global dynamic mngtmpaddr
       valid_lft 82400sec preferred_lft 68000sec
    inet6 fe80::1/64 scope link
       valid_lft forever preferred_lft forever
    inet6 fe80::7e83:34ff:febe:b09c/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

➜ ip r
default via 80.x.x.x dev wan0 proto dhcp src x.x.x.x metric 1024
10.0.0.0/24 dev lan0 proto kernel scope link src 10.0.0.254
10.0.10.0/24 dev iot proto kernel scope link src 10.0.10.254
10.0.20.0/24 dev guest proto kernel scope link src 10.0.20.254
10.0.30.0/24 dev management proto kernel scope link src 10.0.30.254
80.x.x.x/20 dev wan0 proto kernel scope link src 80.x.x.x metric 1024
80.x.x.x dev wan0 proto dhcp scope link src 80.x.x.x metric 1024

Everything works well on the guest and iot VLANs, the problem is with the management one.

That network has no other devices currently, but when I connect my laptop to it, by creating an interface with the right VLAN ID, I start seeing ARP requests for public IPs that are obviously outside of the subnet.

This is the laptop's network config:

➜ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
    link/ether f4:4d:ad:02:ac:fd brd ff:ff:ff:ff:ff:ff
    altname enp0s20f0u1u2u1
    inet 10.0.0.55/24 metric 1024 brd 10.0.0.255 scope global dynamic lan0
       valid_lft 4768sec preferred_lft 4768sec
    inet6 x:x:x:7001:9667:e56d:71b:9ec8/64 scope global temporary dynamic
       valid_lft 3445sec preferred_lft 1645sec
    inet6 x:x:x:7001:f64d:adff:fe02:acfd/64 scope global dynamic mngtmpaddr noprefixroute
       valid_lft 3445sec preferred_lft 1645sec
       valid_lft 3445sec preferred_lft 1645sec
    inet6 fe80::f64d:adff:fe02:acfd/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
3: lan1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq state DOWN group default qlen 1000
    link/ether 0c:37:96:96:28:5d brd ff:ff:ff:ff:ff:ff
    altname enp0s20f0u1u3i5
4: wifi0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether de:5f:48:3b:4a:ee brd ff:ff:ff:ff:ff:ff permaddr 7c:b5:66:65:be:72
    altname wlp1s0
5: management@lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f4:4d:ad:02:ac:fd brd ff:ff:ff:ff:ff:ff
    inet 10.0.30.63/24 metric 2048 brd 10.0.30.255 scope global dynamic management
       valid_lft 4764sec preferred_lft 4764sec
    inet6 x:x:x:7030:a44f:5260:dda1:efdd/64 scope global temporary dynamic
       valid_lft 3282sec preferred_lft 1482sec
    inet6 x:x:x:7030:f64d:adff:fe02:acfd/64 scope global dynamic mngtmpaddr noprefixroute
       valid_lft 3282sec preferred_lft 1482sec
    inet6 fe80::f64d:adff:fe02:acfd/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
6: ztzlggwhus: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq state UNKNOWN group default qlen 1000
    link/ether x:x:x:x:x:x brd ff:ff:ff:ff:ff:ff
    inet 172.26.x.x/16 brd 172.26.255.255 scope global ztzlggwhus
       valid_lft forever preferred_lft forever
    inet6 x:x:x:x:x:x:x:x:x:x:x:x:x:x:x:x/88 scope global
       valid_lft forever preferred_lft forever
    inet6 x:x:x::1/40 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::x:x:x/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

➜ ip r
default via 10.0.0.254 dev lan0 proto dhcp src 10.0.0.55 metric 1024
10.0.0.0/24 dev lan0 proto kernel scope link src 10.0.0.55 metric 1024
10.0.0.254 dev lan0 proto dhcp scope link src 10.0.0.55 metric 1024
10.0.30.0/24 dev management proto kernel scope link src 10.0.30.63 metric 2048
172.26.x.x/16 dev ztzlggwhus proto kernel scope link src 172.26.x.x

When I run tcpdump on the management interface from either the router or the laptop, I see normal IPv6 NDP packets, and then a whole bunch of ARP requests like this:

➜ sudo tcpdump -s 1500 -i management -nn -vv
tcpdump: listening on management, link-type EN10MB (Ethernet), snapshot length 1500 bytes
00:29:12.774606 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 201.206.191.36 tell 10.0.30.63, length 28
00:29:12.775206 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 50.7.252.138 tell 10.0.30.63, length 28
00:29:12.775291 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 103.195.103.66 tell 10.0.30.63, length 28
00:29:12.775434 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 84.17.53.155 tell 10.0.30.63, length 28
00:29:12.775633 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 104.194.8.134 tell 10.0.30.63, length 28
00:29:13.792744 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 104.194.8.134 tell 10.0.30.63, length 28
00:29:13.792774 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 84.17.53.155 tell 10.0.30.63, length 28
00:29:13.792779 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 103.195.103.66 tell 10.0.30.63, length 28
00:29:13.792784 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 50.7.252.138 tell 10.0.30.63, length 28
00:29:13.792788 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 201.206.191.36 tell 10.0.30.63, length 28
00:29:14.816739 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 201.206.191.36 tell 10.0.30.63, length 28
00:29:14.816779 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 50.7.252.138 tell 10.0.30.63, length 28
00:29:14.816784 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 103.195.103.66 tell 10.0.30.63, length 28
00:29:14.816788 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 84.17.53.155 tell 10.0.30.63, length 28
00:29:14.816792 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 104.194.8.134 tell 10.0.30.63, length 28
00:29:17.780657 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 70.57.30.7 tell 10.0.30.63, length 28
00:29:18.784750 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 70.57.30.7 tell 10.0.30.63, length 28
00:29:19.808723 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 70.57.30.7 tell 10.0.30.63, length 28
^C
18 packets captured
18 packets received by filter
0 packets dropped by kernel

Which I find very strange since those addresses are clearly outside of the subnet and so I would have expected that for any requests to those addresses, the kernel would simply forward the packet to the default gateway (10.0.0.254 on lan0) and not even try to send it out on the management interface.

So I'm trying to understand why these weird ARP requests for addresses outside of the subnet are being sent, and whether I have configured something wrongly.